Solved

Point to Point with two Cisco 1841's

Posted on 2006-06-17
8
2,271 Views
Last Modified: 2012-06-27
Currently have a network structured like this:

Site A -------- Internet
   |
Site B

Site A is using 192.168.53.0/24 internal network.  Domain controller, DHCP server, DNS server, router to the internet and VOIP server are within this range.  

Site A and Site B are connected with two Cisco 1841's that have WIC-1DSU-T1-V2 cards.  

I'm basically trying to extend Site A's network and resources over to Site B, as if they were the same network.  I want Site B to be able to use Site A's internet connection, DHCP server, join the domain controller, etc.  

My current configuration for Site A is follows:

Current configuration : 3043 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Site A
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$lPyE$1r2gtETKs6uU8LHCiMGYl0
enable password 7 0822454308405C4E
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name yourdomain.com
login block-for 5 attempts 5 within 5
!
username cisco privilege 15 secret 5 $1$zS01$gbUmd6UFrRpPi01FRhkEt.
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
 ip address 192.168.53.11 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 speed auto
 full-duplex
 no mop enabled
 bridge-group 1
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 bridge-group 1
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
logging trap debugging
logging facility local2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol dec
banner login ^C^C
banner motd ^C^C
!
line con 0
 exec-timeout 5 0
 login authentication local_auth
 transport output telnet
line aux 0
 exec-timeout 15 0
 login authentication local_auth
 transport output telnet
line vty 0 4
 access-class 23 in
 privilege level 15
 password 7 104D0014044E4B52
 login authentication local_auth
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 password 7 104D0014044E4B52
 login authentication local_auth
 transport input telnet
!
end

My current configuration for Site B is:

Current configuration : 3043 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Site A
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$lPyE$1r2gtETKs6uU8LHCiMGYl0
enable password 7 0822454308405C4E
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name yourdomain.com
login block-for 5 attempts 5 within 5
!
username cisco privilege 15 secret 5 $1$zS01$gbUmd6UFrRpPi01FRhkEt.
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
 ip address 192.168.53.10 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 speed auto
 full-duplex
 no mop enabled
 bridge-group 1
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 bridge-group 1
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
logging trap debugging
logging facility local2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol dec
banner login ^C^C
banner motd ^C^C
!
line con 0
 exec-timeout 5 0
 login authentication local_auth
 transport output telnet
line aux 0
 exec-timeout 15 0
 login authentication local_auth
 transport output telnet
line vty 0 4
 access-class 23 in
 privilege level 15
 password 7 104D0014044E4B52
 login authentication local_auth
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 password 7 104D0014044E4B52
 login authentication local_auth
 transport input telnet
!
end

Site A's FastEthernet0/0 is plugged directly into the switch for the 192.168.53.0/24 network.  

Any help would be greatly appreciated! This is 500 points as it is urgent.  Thanks.
0
Comment
Question by:msebenick
8 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 16928231
Having an interface with bridging enabled will not bridge if an IP address is assigned to it. Remove the IP address from the fa0/0 interface on both routers to allow them to bridge the traffic.

I also suggest changing from the DEC spanning tree to IEEE.

-----
bridge 1 protocol ieee
int f0/0
no ip address
-----

On both routers.


0
 

Author Comment

by:msebenick
ID: 16928331
No luck with those changes
0
 
LVL 10

Expert Comment

by:naveedb
ID: 16928554
Can you post your output for the following on both routers?

show ip int br
show ip route
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16929559
I would suggest not bridging and just use routing.
Your primary issue is that the router at site A needs to be the default gateway for everyone at Site A. That router has a default gateway to the firewall for Internet access. I assume that today the firewall is actually the default gateway and will not 'bounce' traffic back to the 1841 for traffic destined to the other site.

Site A
 ip address 192.168.53.11 255.255.255.0  <== make this the default gateway of local lan
 no bridge-group 1

interface Serial0/0/0
  ip address 192.168.54.1 255.255.255.0
no bridge-group 1

ip route 0.0.0.0 0.0.0.0 192.168.53.1  <== this is your firewall IP address
router eigrp 101
 network 192.168.53.0
 network 192.168.54.0


Site B
 Interface fast 0/0
   ip address 192.168.55.1 255.255.255.0   <== local default gateway
   no bridge-group 1
   ip helper-address 192.168.53.255   <== pass Netbios broadcasts
 interface serial0/0/0
  ip add 192.168.54.2 255.255.255.0
  no bridge-group 1

ip route 0.0.0.0 0.0.0.0 192.168.54.1  <== SiteA serial IP
router eigrp 101
 network 192.168.54.0
 redistribute connected

!done
You can use your existing DHCP server by setting up a new scope for SiteB using 192.168.55.0
Site B users will get their IP addressing and other information from your DHCP server in site A
DHCP gives users in B the IP's of DNS/WINS/Proxy servers in site A and alocal default gateway. What else could you want?
No bridging required.


0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:msebenick
ID: 16929617
I had made several changes to the configuration and actually got the bridging to work! However, there seemed to be a lot of errors on the line and some packet loss.  I tried doing a clear service-module on Site B, and it went through it's tests successfully then all of a sudden the Ser0/0/0 line and protocol both went down.  The remote alarm light on the WIC card lit up.  So the CD on the WIC is green, and the AL is orange.  This is on both Site A and Site B now.  Once the alarm came on, the bridge no longer worked.  This is where I'm currently at.  

Config for Site A:

Current configuration : 3013 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Site A
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$lPyE$1r2gtETKs6uU8LHCiMGYl0
enable password 7 0822454308405C4E
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name yourdomain.com
login block-for 5 attempts 5 within 5
!
username cisco privilege 15 secret 5 $1$zS01$gbUmd6UFrRpPi01FRhkEt.
!
bridge irb
!
!
interface FastEthernet0/0
 description LAN
 no ip address
 speed auto
 full-duplex
 no mop enabled
 bridge-group 1
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/0/0
 ip unnumbered FastEthernet0/0
 bridge-group 1
!
interface BVI1
 ip address 192.168.53.11 255.255.255.0
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
logging trap debugging
logging facility local2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^C^C
banner motd ^C^C
!
line con 0
 exec-timeout 5 0
 login authentication local_auth
 transport output telnet
line aux 0
 exec-timeout 15 0
 login authentication local_auth
 transport output telnet
line vty 0 4
access-class 23 in
 privilege level 15
 password 7 104D0014044E4B52
 login authentication local_auth
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 password 7 104D0014044E4B52
 login authentication local_auth
 transport input telnet
!
end


Configuration for Site B

Current configuration : 2199 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site B
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$uPM6$MPTj6HU578w2P.lLUP0Eg1
enable password cisco
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
ip domain name yourdomain.com
!
username cisco privilege 15 secret 5 $1$DNJf$Fl.5F0zPDZPsEFblcz9si0
!
bridge irb
!
!
interface FastEthernet0/0
 description LAN
 no ip address
 speed auto
 full-duplex
 no mop enabled
 bridge-group 1
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 bridge-group 1
!
interface BVI1
 ip address 192.168.53.10 255.255.255.0
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
dialer-list 1 protocol ip permit
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^C^C
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 password cisco
 login local
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 password cisco
 login local
 transport input telnet
!
end

I've tried moving the WIC card to a different slot Ser0/0/1, tried different WIC cards, still the same alarm signal on both sides.  Seems like the circuit is down, but the CD light is up and both line and prot are down/down.  Smartjacks look fine on each side.  

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 16929633
If this is a point-point leased line then one of your routers needs to provide clocking...
Site A:
 interface serial 0/0/0
  service-module t1 clock source internal

Site B has default clock source line. By setting Site A to internal, it will become the clock source for siteB and they will syncronize.
Give that a whirl, clear counters on the interfaces "clear count interface serial0/0/0" (I think that's the correct syntax - close if not exact).
Using "show interface serial0/0/0" look for CRC and frame error counters. If you continue to get CRC errors, check your cabling carefully. Are you using tested/good CAT5 cables between the WIC module directly to the T1 smartjack box on the wall, or is this an extension line to another "biscuit" wall port?
 
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16929642
BTW, I still strongly advise against bridging. There is no need for it unless you have some ancient application that is broadcast based, and it will decimate your network performance over that T1 that you are paying so much $ for.
Performance will increase 10-fold or better if you stick to routing.

0
 

Author Comment

by:msebenick
ID: 16950999
Strangely, the problem was one side had to specifically be site to line and the other internal for the clock source.  Thanks for the great responses.  
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now