CBIA
asked on
Setting up a cisco 1600 router to allow traffic to 'pass through' so that I can graph SNMP
I have a strange scenario. We recently switched to a new dual T-1 connection in our office. The network hardware we use is a Sonicwall Firewall and a Cisco 2600. The problem I am facing is that I am not given access to the 2600 by the ISP. Even if I did have access, the running configuration gets flashed every hour, so my changes would not stick.
I do however, have a second Cisco router. The second router is a Cisco 1600. Is what I want to do is put the Cisco 1600 in between the Sonicwall firewall and the Cisco 2600. The Cisco 1600 in between will need to not interfere with the connection but rather just allow us to graph internet usage via SNMP.
How can I setup the Cisco 1600 to basically be a 'pass-through' and allow the Sonicwall to use multiple IP addresses and bandwidth etc? Below is a copy of the 1600's running configuration:
--------------------------
Building configuration...
Current configuration:
!
version 11.2
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname SNMP-Router
!
enable secret 5 $1$9rEL$aMsl8s4FRFgMnv.j2T
enable password 7 074B354D5C2E18111243
!
ip subnet-zero
no ip source-route
ip domain-name den.verio.net
ip name-server 209.162.64.15
ip name-server 207.159.5.10
!
interface Ethernet0
ip address 10.0.6.240 255.255.255.0
no ip directed-broadcast
!
interface Serial0
no ip address
!
interface Serial1
description External Interface For T1
ip address 207.159.9.146 255.255.255.252
no ip directed-broadcast
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1
snmp-server community public RO
!
line con 0
exec-timeout 10 20
password 7 06421B205E69080D0046
login
line vty 0 4
exec-timeout 10 20
password 7 03404F0A142820584B58
login
!
end
I do however, have a second Cisco router. The second router is a Cisco 1600. Is what I want to do is put the Cisco 1600 in between the Sonicwall firewall and the Cisco 2600. The Cisco 1600 in between will need to not interfere with the connection but rather just allow us to graph internet usage via SNMP.
How can I setup the Cisco 1600 to basically be a 'pass-through' and allow the Sonicwall to use multiple IP addresses and bandwidth etc? Below is a copy of the 1600's running configuration:
--------------------------
Building configuration...
Current configuration:
!
version 11.2
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname SNMP-Router
!
enable secret 5 $1$9rEL$aMsl8s4FRFgMnv.j2T
enable password 7 074B354D5C2E18111243
!
ip subnet-zero
no ip source-route
ip domain-name den.verio.net
ip name-server 209.162.64.15
ip name-server 207.159.5.10
!
interface Ethernet0
ip address 10.0.6.240 255.255.255.0
no ip directed-broadcast
!
interface Serial0
no ip address
!
interface Serial1
description External Interface For T1
ip address 207.159.9.146 255.255.255.252
no ip directed-broadcast
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1
snmp-server community public RO
!
line con 0
exec-timeout 10 20
password 7 06421B205E69080D0046
login
line vty 0 4
exec-timeout 10 20
password 7 03404F0A142820584B58
login
!
end
ASKER
This is what our ISP (XO) wanted us to do. We can have read-only SNMP activated on the Cisco 2600, but it voids our warranty for the hardware. Also, sonicwalls are not good for the kind fo reporting I want to do. I use Cacti to graph SNMP enabled devices, and would like to continue doing so. The sonicwall does not support all of the SNMP OID's I need.
So even if you cannot personally see the value, I would still like to know how to do it and give it a shot. =)
So even if you cannot personally see the value, I would still like to know how to do it and give it a shot. =)
You would still need to have 2x Ethernet ports on the router and you only have 1 Ethernet and 1 T1
You can't do it with what you have.
If you did have 2 Ethernet ports:
bridge 1 protocol ieee
bridge irb
interface Ether0
no ip address
bridge-group 1
interface Ether1
no ip address
bridge-group 1
interface BVI0
ip address 1.2.3.4 255.255.255.0 <== this is the IP you would use to monitor with snmp
The BVI ip address would have to be in the same IP subnet as your Sonicwall outside and the XO router Ethernet
You can't do it with what you have.
If you did have 2 Ethernet ports:
bridge 1 protocol ieee
bridge irb
interface Ether0
no ip address
bridge-group 1
interface Ether1
no ip address
bridge-group 1
interface BVI0
ip address 1.2.3.4 255.255.255.0 <== this is the IP you would use to monitor with snmp
The BVI ip address would have to be in the same IP subnet as your Sonicwall outside and the XO router Ethernet
ASKER
Thanks for your reply.
Now today I received a new Ethernet card to slip into the Cisco 1600. So I took out the Serial card and put in the ehternet and booted it up. However, I am seem to not be able to configure the card. Do I need to wipe the configuration clean adn start over to get Ethernet1 setup? If so, how exactly so I go about doing that?
Now today I received a new Ethernet card to slip into the Cisco 1600. So I took out the Serial card and put in the ehternet and booted it up. However, I am seem to not be able to configure the card. Do I need to wipe the configuration clean adn start over to get Ethernet1 setup? If so, how exactly so I go about doing that?
You might need to upgrade the IOS version to get the drivers for the Ethernet card
Post output of "show version"
Post output of "show version"
ASKER
Below is my the output from show version. FYI I wiped it out by doing the following:
write erase
reload
I will wait for your response before continuing.
Router>show version
Cisco Internetwork Operating System Software
IOS (tm) 1600 Software (C1600-NOSY-L), Version 12.2(6a), RELEASE SOFTW-LOSTCARR: Unit 0, lost
Compiled Sat 01-Dec-01 16:40 by pwade
00:47:01: %Q
Image text-base: 0x080530C4, data-base: 0x02005000eiver problem?
ROM: System Bootstrap, Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc
ROM: 1600 Software (C1600-BOOT-R), Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)
Router uptime is 3 minutes
System returned to ROM by reload
System image file is "flash:yes"
cisco 1601 (68360) processor (revision C) with 13824K/4608K bytes of memory.
Processor board ID 10598642, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
1 Serial(sync/async) network interface(s)
WIC T1-DSU
System/IO memory with parity disabled
2048K bytes of DRAM onboard 16384K bytes of DRAM on SIMM
System running from FLASH
7K bytes of non-volatile configuration memory.
16384K bytes of processor board PCMCIA flash (Read ONLY)
Configuration register is 0x2102
Router>
write erase
reload
I will wait for your response before continuing.
Router>show version
Cisco Internetwork Operating System Software
IOS (tm) 1600 Software (C1600-NOSY-L), Version 12.2(6a), RELEASE SOFTW-LOSTCARR: Unit 0, lost
Compiled Sat 01-Dec-01 16:40 by pwade
00:47:01: %Q
Image text-base: 0x080530C4, data-base: 0x02005000eiver problem?
ROM: System Bootstrap, Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc
ROM: 1600 Software (C1600-BOOT-R), Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)
Router uptime is 3 minutes
System returned to ROM by reload
System image file is "flash:yes"
cisco 1601 (68360) processor (revision C) with 13824K/4608K bytes of memory.
Processor board ID 10598642, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
1 Serial(sync/async) network interface(s)
WIC T1-DSU
System/IO memory with parity disabled
2048K bytes of DRAM onboard 16384K bytes of DRAM on SIMM
System running from FLASH
7K bytes of non-volatile configuration memory.
16384K bytes of processor board PCMCIA flash (Read ONLY)
Configuration register is 0x2102
Router>
If this is the module that you got, it will not work in the 1600
http://www.cisco.com/en/US/products/hw/routers/ps221/products_data_sheet09186a0080088714.html
http://www.cisco.com/en/US/products/hw/routers/ps221/products_data_sheet09186a0080088714.html
ASKER
Bad news, you are right, that is the card I got. (damn eBay!)
Good news, I won't continue to try to make it work. I will get a new card asap. Any recommendation for a product number?
Thank you again for all your help, if I could award 10,000 points I would!
Good news, I won't continue to try to make it work. I will get a new card asap. Any recommendation for a product number?
Thank you again for all your help, if I could award 10,000 points I would!
You could put a hub in between the Sonicwall and the 2600 router and hook up a NTOP PC to the hub
Put a 2nd NIC in the NTOP system to enable you to access the web interface from your LAN.
http://www.ntop.org
Put a 2nd NIC in the NTOP system to enable you to access the web interface from your LAN.
http://www.ntop.org
ASKER
Current configuration : 583 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname LightSaber
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
!
ip cef
!
!
bridge irb
!
!
interface Ethernet0
no ip address
half-duplex
bridge-group 1
!
interface FastEthernet0
no ip address
speed auto
bridge-group 1
!
interface BVI1
ip address 10.0.6.160 255.255.255.0
!
ip classless
no ip http server
!
snmp-server community public RO
bridge 1 protocol ieee
!
line con 0
line aux 0
line vty 0 4
login
!
end
I replaced the cisco 1600 and got a cisco 1700 on Ebay that work's with that WIC. I upgraded the IOS firmware and then configured according to what you gave me above.
This is my lab configuration setup. I have my PC placed behind the router, and the bridging is working great! The problem I am now having is that I cannot get to the BVI1 interface. No reply on ping and I cannot pull SNMP from it.
Any idea why they may be happening?
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname LightSaber
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
!
ip cef
!
!
bridge irb
!
!
interface Ethernet0
no ip address
half-duplex
bridge-group 1
!
interface FastEthernet0
no ip address
speed auto
bridge-group 1
!
interface BVI1
ip address 10.0.6.160 255.255.255.0
!
ip classless
no ip http server
!
snmp-server community public RO
bridge 1 protocol ieee
!
line con 0
line aux 0
line vty 0 4
login
!
end
I replaced the cisco 1600 and got a cisco 1700 on Ebay that work's with that WIC. I upgraded the IOS firmware and then configured according to what you gave me above.
This is my lab configuration setup. I have my PC placed behind the router, and the bridging is working great! The problem I am now having is that I cannot get to the BVI1 interface. No reply on ping and I cannot pull SNMP from it.
Any idea why they may be happening?
Is BVI1 on the same IP subnet as the outside of your sonicwall?
ISP router --> Eth0 bridged to Eth1 --> hub/swich -->Sonicwall
\
Your PC?
ISP router --> Eth0 bridged to Eth1 --> hub/swich -->Sonicwall
\
Your PC?
ASKER
I am actually just testing it within the network, so right now it looks like this:
ISP Router --> Sonicwall --> ESwitch --> Eth0 bridged to Eth1 --> My PC
I will be placing the router in the correct spot once I can confirm that it is operating correctly. My PC is on the same subnet and IP address range.
ISP Router --> Sonicwall --> ESwitch --> Eth0 bridged to Eth1 --> My PC
I will be placing the router in the correct spot once I can confirm that it is operating correctly. My PC is on the same subnet and IP address range.
So, you have a crossover cable from PC to router's E1?
PC's IP address is 10.0.6.xxx?
PC's IP address is 10.0.6.xxx?
ASKER
PC Address is 10.0.6.xxx
What do you mean by E1? Is that the auxilary port in the back?
This part of a cisco router is totally new to me, please excuse my uneducated venture to get this working right. =)
What do you mean by E1? Is that the auxilary port in the back?
This part of a cisco router is totally new to me, please excuse my uneducated venture to get this working right. =)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ahhhhhh.... I thought that E1 was somethign else
My workstation is gigabit so it takes advantage of autocrossover, so this is not a problem. So when the router is between my workstation and the switch, I can surf the internet and use resources just fine. I just cannot ping that 10.0.6.160 ip I gave the router. (Nor does SNMP work)
My workstation is gigabit so it takes advantage of autocrossover, so this is not a problem. So when the router is between my workstation and the switch, I can surf the internet and use resources just fine. I just cannot ping that 10.0.6.160 ip I gave the router. (Nor does SNMP work)
It doesn't have two Ethernet interfaces to bridge together. Even if it did it would not give you an accurate picture of the bandwidth of the T1s that you're using.
Either ask the ISP to provide you read-only SNMP access to the router, or ask them for on-demand useage statistics/graphs.
Else your sonicwall should be able to give you some reports of outside bandwidth use..