msebenick
asked on
Point to Point with two Cisco 1841's
Currently have a network structured like this:
Site A -------- Internet
|
Site B
Site A is using 192.168.53.0/24 internal network. Domain controller, DHCP server, DNS server, router to the internet and VOIP server are within this range.
Site A and Site B are connected with two Cisco 1841's that have WIC-1DSU-T1-V2 cards.
I'm basically trying to extend Site A's network and resources over to Site B, as if they were the same network. I want Site B to be able to use Site A's internet connection, DHCP server, join the domain controller, etc.
My current configuration for Site A is follows:
Current configuration : 3043 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Site A
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$lPyE$1r2gtETKs6uU8LHCiM
enable password 7 0822454308405C4E
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name yourdomain.com
login block-for 5 attempts 5 within 5
!
username cisco privilege 15 secret 5 $1$zS01$gbUmd6UFrRpPi01FRh
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 192.168.53.11 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
speed auto
full-duplex
no mop enabled
bridge-group 1
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 1
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
logging trap debugging
logging facility local2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol dec
banner login ^C^C
banner motd ^C^C
!
line con 0
exec-timeout 5 0
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
password 7 104D0014044E4B52
login authentication local_auth
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7 104D0014044E4B52
login authentication local_auth
transport input telnet
!
end
My current configuration for Site B is:
Current configuration : 3043 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Site A
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$lPyE$1r2gtETKs6uU8LHCiM
enable password 7 0822454308405C4E
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name yourdomain.com
login block-for 5 attempts 5 within 5
!
username cisco privilege 15 secret 5 $1$zS01$gbUmd6UFrRpPi01FRh
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 192.168.53.10 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
speed auto
full-duplex
no mop enabled
bridge-group 1
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 1
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
logging trap debugging
logging facility local2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol dec
banner login ^C^C
banner motd ^C^C
!
line con 0
exec-timeout 5 0
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
password 7 104D0014044E4B52
login authentication local_auth
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7 104D0014044E4B52
login authentication local_auth
transport input telnet
!
end
Site A's FastEthernet0/0 is plugged directly into the switch for the 192.168.53.0/24 network.
Any help would be greatly appreciated! This is 500 points as it is urgent. Thanks.
Site A -------- Internet
|
Site B
Site A is using 192.168.53.0/24 internal network. Domain controller, DHCP server, DNS server, router to the internet and VOIP server are within this range.
Site A and Site B are connected with two Cisco 1841's that have WIC-1DSU-T1-V2 cards.
I'm basically trying to extend Site A's network and resources over to Site B, as if they were the same network. I want Site B to be able to use Site A's internet connection, DHCP server, join the domain controller, etc.
My current configuration for Site A is follows:
Current configuration : 3043 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Site A
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$lPyE$1r2gtETKs6uU8LHCiM
enable password 7 0822454308405C4E
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name yourdomain.com
login block-for 5 attempts 5 within 5
!
username cisco privilege 15 secret 5 $1$zS01$gbUmd6UFrRpPi01FRh
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 192.168.53.11 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
speed auto
full-duplex
no mop enabled
bridge-group 1
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 1
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
logging trap debugging
logging facility local2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol dec
banner login ^C^C
banner motd ^C^C
!
line con 0
exec-timeout 5 0
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
password 7 104D0014044E4B52
login authentication local_auth
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7 104D0014044E4B52
login authentication local_auth
transport input telnet
!
end
My current configuration for Site B is:
Current configuration : 3043 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Site A
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$lPyE$1r2gtETKs6uU8LHCiM
enable password 7 0822454308405C4E
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name yourdomain.com
login block-for 5 attempts 5 within 5
!
username cisco privilege 15 secret 5 $1$zS01$gbUmd6UFrRpPi01FRh
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 192.168.53.10 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
speed auto
full-duplex
no mop enabled
bridge-group 1
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 1
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
logging trap debugging
logging facility local2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol dec
banner login ^C^C
banner motd ^C^C
!
line con 0
exec-timeout 5 0
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
password 7 104D0014044E4B52
login authentication local_auth
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7 104D0014044E4B52
login authentication local_auth
transport input telnet
!
end
Site A's FastEthernet0/0 is plugged directly into the switch for the 192.168.53.0/24 network.
Any help would be greatly appreciated! This is 500 points as it is urgent. Thanks.
ASKER
No luck with those changes
Can you post your output for the following on both routers?
show ip int br
show ip route
show ip int br
show ip route
I would suggest not bridging and just use routing.
Your primary issue is that the router at site A needs to be the default gateway for everyone at Site A. That router has a default gateway to the firewall for Internet access. I assume that today the firewall is actually the default gateway and will not 'bounce' traffic back to the 1841 for traffic destined to the other site.
Site A
ip address 192.168.53.11 255.255.255.0 <== make this the default gateway of local lan
no bridge-group 1
interface Serial0/0/0
ip address 192.168.54.1 255.255.255.0
no bridge-group 1
ip route 0.0.0.0 0.0.0.0 192.168.53.1 <== this is your firewall IP address
router eigrp 101
network 192.168.53.0
network 192.168.54.0
Site B
Interface fast 0/0
ip address 192.168.55.1 255.255.255.0 <== local default gateway
no bridge-group 1
ip helper-address 192.168.53.255 <== pass Netbios broadcasts
interface serial0/0/0
ip add 192.168.54.2 255.255.255.0
no bridge-group 1
ip route 0.0.0.0 0.0.0.0 192.168.54.1 <== SiteA serial IP
router eigrp 101
network 192.168.54.0
redistribute connected
!done
You can use your existing DHCP server by setting up a new scope for SiteB using 192.168.55.0
Site B users will get their IP addressing and other information from your DHCP server in site A
DHCP gives users in B the IP's of DNS/WINS/Proxy servers in site A and alocal default gateway. What else could you want?
No bridging required.
Your primary issue is that the router at site A needs to be the default gateway for everyone at Site A. That router has a default gateway to the firewall for Internet access. I assume that today the firewall is actually the default gateway and will not 'bounce' traffic back to the 1841 for traffic destined to the other site.
Site A
ip address 192.168.53.11 255.255.255.0 <== make this the default gateway of local lan
no bridge-group 1
interface Serial0/0/0
ip address 192.168.54.1 255.255.255.0
no bridge-group 1
ip route 0.0.0.0 0.0.0.0 192.168.53.1 <== this is your firewall IP address
router eigrp 101
network 192.168.53.0
network 192.168.54.0
Site B
Interface fast 0/0
ip address 192.168.55.1 255.255.255.0 <== local default gateway
no bridge-group 1
ip helper-address 192.168.53.255 <== pass Netbios broadcasts
interface serial0/0/0
ip add 192.168.54.2 255.255.255.0
no bridge-group 1
ip route 0.0.0.0 0.0.0.0 192.168.54.1 <== SiteA serial IP
router eigrp 101
network 192.168.54.0
redistribute connected
!done
You can use your existing DHCP server by setting up a new scope for SiteB using 192.168.55.0
Site B users will get their IP addressing and other information from your DHCP server in site A
DHCP gives users in B the IP's of DNS/WINS/Proxy servers in site A and alocal default gateway. What else could you want?
No bridging required.
ASKER
I had made several changes to the configuration and actually got the bridging to work! However, there seemed to be a lot of errors on the line and some packet loss. I tried doing a clear service-module on Site B, and it went through it's tests successfully then all of a sudden the Ser0/0/0 line and protocol both went down. The remote alarm light on the WIC card lit up. So the CD on the WIC is green, and the AL is orange. This is on both Site A and Site B now. Once the alarm came on, the bridge no longer worked. This is where I'm currently at.
Config for Site A:
Current configuration : 3013 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Site A
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$lPyE$1r2gtETKs6uU8LHCiM
enable password 7 0822454308405C4E
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name yourdomain.com
login block-for 5 attempts 5 within 5
!
username cisco privilege 15 secret 5 $1$zS01$gbUmd6UFrRpPi01FRh
!
bridge irb
!
!
interface FastEthernet0/0
description LAN
no ip address
speed auto
full-duplex
no mop enabled
bridge-group 1
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
ip unnumbered FastEthernet0/0
bridge-group 1
!
interface BVI1
ip address 192.168.53.11 255.255.255.0
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
logging trap debugging
logging facility local2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^C^C
banner motd ^C^C
!
line con 0
exec-timeout 5 0
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
password 7 104D0014044E4B52
login authentication local_auth
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7 104D0014044E4B52
login authentication local_auth
transport input telnet
!
end
Configuration for Site B
Current configuration : 2199 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site B
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$uPM6$MPTj6HU578w2P.lLUP
enable password cisco
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
ip domain name yourdomain.com
!
username cisco privilege 15 secret 5 $1$DNJf$Fl.5F0zPDZPsEFblcz
!
bridge irb
!
!
interface FastEthernet0/0
description LAN
no ip address
speed auto
full-duplex
no mop enabled
bridge-group 1
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
bridge-group 1
!
interface BVI1
ip address 192.168.53.10 255.255.255.0
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
dialer-list 1 protocol ip permit
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^C^C
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password cisco
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password cisco
login local
transport input telnet
!
end
I've tried moving the WIC card to a different slot Ser0/0/1, tried different WIC cards, still the same alarm signal on both sides. Seems like the circuit is down, but the CD light is up and both line and prot are down/down. Smartjacks look fine on each side.
Config for Site A:
Current configuration : 3013 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Site A
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$lPyE$1r2gtETKs6uU8LHCiM
enable password 7 0822454308405C4E
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name yourdomain.com
login block-for 5 attempts 5 within 5
!
username cisco privilege 15 secret 5 $1$zS01$gbUmd6UFrRpPi01FRh
!
bridge irb
!
!
interface FastEthernet0/0
description LAN
no ip address
speed auto
full-duplex
no mop enabled
bridge-group 1
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
ip unnumbered FastEthernet0/0
bridge-group 1
!
interface BVI1
ip address 192.168.53.11 255.255.255.0
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
logging trap debugging
logging facility local2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^C^C
banner motd ^C^C
!
line con 0
exec-timeout 5 0
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
password 7 104D0014044E4B52
login authentication local_auth
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7 104D0014044E4B52
login authentication local_auth
transport input telnet
!
end
Configuration for Site B
Current configuration : 2199 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site B
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$uPM6$MPTj6HU578w2P.lLUP
enable password cisco
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
ip domain name yourdomain.com
!
username cisco privilege 15 secret 5 $1$DNJf$Fl.5F0zPDZPsEFblcz
!
bridge irb
!
!
interface FastEthernet0/0
description LAN
no ip address
speed auto
full-duplex
no mop enabled
bridge-group 1
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
bridge-group 1
!
interface BVI1
ip address 192.168.53.10 255.255.255.0
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
dialer-list 1 protocol ip permit
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^C^C
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password cisco
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password cisco
login local
transport input telnet
!
end
I've tried moving the WIC card to a different slot Ser0/0/1, tried different WIC cards, still the same alarm signal on both sides. Seems like the circuit is down, but the CD light is up and both line and prot are down/down. Smartjacks look fine on each side.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
BTW, I still strongly advise against bridging. There is no need for it unless you have some ancient application that is broadcast based, and it will decimate your network performance over that T1 that you are paying so much $ for.
Performance will increase 10-fold or better if you stick to routing.
Performance will increase 10-fold or better if you stick to routing.
ASKER
Strangely, the problem was one side had to specifically be site to line and the other internal for the clock source. Thanks for the great responses.
I also suggest changing from the DEC spanning tree to IEEE.
-----
bridge 1 protocol ieee
int f0/0
no ip address
-----
On both routers.