• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1275
  • Last Modified:

can I have same network(10.10.0.0/16 and 10.10.48.0/24) behind 2 Cisco 2811 connected by T1 ?

I do have two 2811 Cisco connected over T1.
"Main" network behind one of those "2811central" is 10.10.0.0/16.
I would like to have total  four "remote" networks to be as 10.10.48.0/24,10.10.80/24,10.10.50.0/24, 10.10.70.0/24. behind 4 "remote 2811" cisco routers.
But becouse 10.10.0.0/16 and 10.10.48.0/24  is "overlapping" , I dont have access from one network to other,
This way "SNMP' SolarWinds, can discover all network with no problem, and also it should be looks like everything is on same LAN.
So fur, was able access any networks from each 2811, but not from network-to network.Not sure if it is possible(if I'll make "remote" network  as 10.12.0.0/16- no problem, but not 10.10.48.0/24).
Thank you.
0
dkarpekin
Asked:
dkarpekin
  • 10
  • 8
1 Solution
 
mikecrCommented:
It doesn't matter what subnet mask you use on your internal network, the most specific route wins. Just add specific routes to your core system to point to your router for those networks or use EIGRP.

config t
eigrp 500
network 10.10.0.0 0.0.255.255
no auto-summary

The EIGRP config will, since your using the no auto-summary, send specific routes back to the main network router. Use EIGRP on your core switch to talk to the routers and it should work fine.
0
 
dkarpekinAuthor Commented:
for some reasons, I can't make it work yet.
Everything is pingable from routers itself, but not from "central PC" on one enf to "remote PC" on other end.
Only from "remote " PC 10.10.48.2/24 gateway 10.10.48.1 I can ping "central 2811" FE0/0 10.10.21.180, but not "central PC" 10.10.10.5/16 gateway 10.10.21.180.
And central PC cannot ping eaither "remote" FE0/1 10.10.48.1/24 or "remote PC" 10.10.48.2/24, kind of one-way portional ping.

!This is the running config of the "central" router: 10.10.21.180
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname NYBW
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
no logging buffered
logging console critical

!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
!
!
no ip bootp server
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!

 log config
  hidekeys
!
!
ip tcp synwait-time 10
!
!
!
!
interface FastEthernet0/0   ----------------"main LAN with PC 10.10.10.5 behind"
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
 ip address 10.10.21.180 255.255.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/1/0
 ip address 172.16.0.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip route-cache flow
 service-module t1 clock source internal
 service-module t1 remote-alarm-enable
!
interface Serial0/3/0
 ip address 172.16.0.5 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip route-cache flow
 service-module t1 clock source internal
!
router eigrp 1
 network 10.10.48.0 0.0.0.255
 network 10.10.80.0 0.0.0.255
 network 10.10.0.0 0.0.255.255
 network 172.16.0.0 0.0.0.3
 network 172.16.0.4 0.0.0.3
 no auto-summary
!
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 10.10.0.0 0.0.255.255
access-list 190 remark permit IPSec VPN pass-through, IPSec NATT
access-list 190 remark SDM_ACL Category=2
access-list 190 permit esp any any
access-list 190 permit ahp any any
access-list 190 permit udp any any eq isakmp
access-list 190 permit udp any any eq non500-isakmp
access-list 190 permit udp any any eq 10000
access-list 190 permit tcp any any eq 10000

no cdp run
!

control-plane

line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 20000 1000

!
webvpn cef
!
end


!This is the running config of the "remote" router: 10.10.48.1
!----------------------------------------------------------------------------
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cleveland
!
boot-start-marker
boot-end-marker
!
no logging buffered

!
no aaa new-model
!
!
ip cef
!
!
ip domain name yourdomain.com
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!

 log config
  hidekeys

!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description $ETH-LAN$
 ip address 10.10.48.1 255.255.254.0
 ip nbar protocol-discovery
 duplex full
 speed auto
 no mop enabled
!
interface Serial0/0/0
 ip address 172.16.0.6 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
!
!
router eigrp 1
 network 10.10.48.0 0.0.0.255
 network 10.10.80.0 0.0.0.255
 network 10.10.0.0 0.0.255.255
 network 172.16.0.0 0.0.0.3
 network 172.16.0.4 0.0.0.3
 no auto-summary
!
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!

!
control-plane
!

!
line con 0
 login local
line aux 0
line vty 0 4
 privilege level 15
 password 123143
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 password 123143
 login local
 transport input telnet
!
scheduler allocate 20000 1000

!
webvpn cef
!
end


0
 
mikecrCommented:
Do "show ip eigrp topology" and "show ip eigrp route" from both routers and post it here. I think your EIGRP is not configured properly. If you take out the /24 networks in EIGRP and add 10.10.0.0 0.0.255.255 with no auto-summary it should work.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
dkarpekinAuthor Commented:
Did tryed without /24, exactly same result...............no ping between PC's across T1

----------------------------------central 2811 FE0/0 10.10.21.180------------------------------

NYBW#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.16.0.6              Se0/3/0           14 03:50:42    4   200  0  34
NYBW#show ip route 10.10.48.0
Routing entry for 10.10.48.0/23
  Known via "eigrp 1", distance 90, metric 2172416, type internal
  Redistributing via eigrp 1
  Last update from 172.16.0.6 on Serial0/3/0, 03:50:54 ago
  Routing Descriptor Blocks:
  * 172.16.0.6, from 172.16.0.6, 03:50:54 ago, via Serial0/3/0
      Route metric is 2172416, traffic share count is 1
      Total delay is 20100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

NYBW#show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(172.16.0.5)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 10.10.0.0/16, 1 successors, FD is 28160
        via Connected, FastEthernet0/0
P 10.10.48.0/23, 1 successors, FD is 2172416
        via 172.16.0.6 (2172416/28160), Serial0/3/0
P 172.16.0.4/30, 1 successors, FD is 2169856
        via Connected, Serial0/3/0
NYBW#ping 10.10.48.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.48.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
NYBW#ping 10.10.48.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.48.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
NYBW#exit

------------------------now same things, but no /24 sub EIGRP----------------------

show ipp  eigrp neighbors
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.16.0.6              Se0/3/0           12 03:58:59    4   200  0  34
NYBW#show ip route 10.10.48.0
Routing entry for 10.10.48.0/23
  Known via "eigrp 1", distance 90, metric 2172416, type internal
  Redistributing via eigrp 1
  Last update from 172.16.0.6 on Serial0/3/0, 03:59:12 ago
  Routing Descriptor Blocks:
  * 172.16.0.6, from 172.16.0.6, 03:59:12 ago, via Serial0/3/0
      Route metric is 2172416, traffic share count is 1
      Total delay is 20100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

NYBW#show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(172.16.0.5)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 10.10.0.0/16, 1 successors, FD is 28160
        via Connected, FastEthernet0/0
P 10.10.48.0/23, 1 successors, FD is 2172416
        via 172.16.0.6 (2172416/28160), Serial0/3/0
P 172.16.0.4/30, 1 successors, FD is 2169856
        via Connected, Serial0/3/0
NYBW#ping 10.10.48.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.48.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
NYBW#ping 10.10.48.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.48.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
NYBW#exit


----------------------------------------remote 2811 FE0/1 10.10.48.1------------------------------------

show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.16.0.5              Se0/0/0           14 03:53:44    2   200  0  41
Cleveland#show ip route 10.10.0.0
Routing entry for 10.10.0.0/16
  Known via "eigrp 1", distance 90, metric 2172416, type internal
  Redistributing via eigrp 1
  Last update from 172.16.0.5 on Serial0/0/0, 03:54:01 ago
  Routing Descriptor Blocks:
  * 172.16.0.5, from 172.16.0.5, 03:54:01 ago, via Serial0/0/0
      Route metric is 2172416, traffic share count is 1
      Total delay is 20100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

Cleveland#show ip route 10.10.48.0
Routing entry for 10.10.48.0/23
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Redistributing via eigrp 1
  Routing Descriptor Blocks:
  * directly connected, via FastEthernet0/1
      Route metric is 0, traffic share count is 1

Cleveland#ping 10.10.10.   21.180

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.21.180, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Cleveland#ping 10.10.10.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Cleveland#exit

-----------------------------now same thing no /24 sub EIGRP-------------------

show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.16.0.5              Se0/0/0           13 04:01:19    2   200  0  41
Cleveland#show ip route 10.10.0.0
Routing entry for 10.10.0.0/16
  Known via "eigrp 1", distance 90, metric 2172416, type internal
  Redistributing via eigrp 1
  Last update from 172.16.0.5 on Serial0/0/0, 04:01:37 ago
  Routing Descriptor Blocks:
  * 172.16.0.5, from 172.16.0.5, 04:01:37 ago, via Serial0/0/0
      Route metric is 2172416, traffic share count is 1
      Total delay is 20100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

Cleveland#show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(172.16.0.6)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 10.10.0.0/16, 1 successors, FD is 2172416
        via 172.16.0.5 (2172416/28160), Serial0/0/0
P 10.10.48.0/23, 1 successors, FD is 28160
        via Connected, FastEthernet0/1
P 172.16.0.4/30, 1 successors, FD is 2169856
        via Connected, Serial0/0/0
Cleveland#pinf g 10.10.21.180

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.21.180, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Cleveland#ping 10.10.10.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Cleveland#exit
0
 
mikecrCommented:
Do a show ip route 10.10.10.0 from the router 10.10.48.1 and post it here. Your 10.10.21 and your 10.10.10.0 are on the same network which means you need to adjust EIGRP with a /16 for advertising purposes. Put the "auto-summary" command back on the 10.10.21 router in EIGRP to summarize everything going out. Put the same network 10.10.0.0 /16 on your remote router but use the "no auto-summary" command in eigrp. Remove all other 10. network statements from EIGRP. The do a "show ip route 10.10.10.0" from the 10.10.48 router and see if it shows up as being propogated by EIGRP with your next hop being the 10.10.21 router.
0
 
dkarpekinAuthor Commented:
By putting "auto-summary, or no auto -summary" into "central 2811" makes no effects on ping's.
But , by having "auto-summary" on "remote 2811", will prevent "remote PC' to ping a172.16.0.5 and 10.10.21.180.
On both 2811 I have EIGRP;
10.10.0.0/16
172.16.0.0/30
172.16.0.4/30

here is output:
 
----10.10.0.0  EIGRP in both, 10.10.21.180 "no auto-summary and 10.10.48.1 is "auto-summary"--

show ip route 10.10.10.0
Routing entry for 10.10.0.0/16
  Known via "eigrp 1", distance 90, metric 2172416, type internal
  Redistributing via eigrp 1
  Last update from 172.16.0.5 on Serial0/0/0, 00:02:12 ago
  Routing Descriptor Blocks:
  * 172.16.0.5, from 172.16.0.5, 00:02:12 ago, via Serial0/0/0
      Route metric is 2172416, traffic share count is 1
      Total delay is 20100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

Cleveland#show ip route 10.10.10.0
Routing entry for 10.10.0.0/16
  Known via "eigrp 1", distance 90, metric 2172416, type internal
  Redistributing via eigrp 1
  Last update from 172.16.0.5 on Serial0/0/0, 00:02:21 ago
  Routing Descriptor Blocks:
  * 172.16.0.5, from 172.16.0.5, 00:02:21 ago, via Serial0/0/0
      Route metric is 2172416, traffic share count is 1
      Total delay is 20100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

----10.10.0.0  EIGRP in both, 10.10.21.180 " auto-summary and 10.10.48.1 is "no auto-summary"--


Cleveland#show ip route 10.10.10.0
Routing entry for 10.0.0.0/8
  Known via "eigrp 1", distance 90, metric 2172416, type internal
  Redistributing via eigrp 1
  Last update from 172.16.0.5 on Serial0/0/0, 00:01:03 ago
  Routing Descriptor Blocks:
  * 172.16.0.5, from 172.16.0.5, 00:01:03 ago, via Serial0/0/0
      Route metric is 2172416, traffic share count is 1
      Total delay is 20100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

Cleveland#show ip route 10.10.10.0
Routing entry for 10.0.0.0/8
  Known via "eigrp 1", distance 90, metric 2172416, type internal
  Redistributing via eigrp 1
  Last update from 172.16.0.5 on Serial0/0/0, 00:01:12 ago
  Routing Descriptor Blocks:
  * 172.16.0.5, from 172.16.0.5, 00:01:12 ago, via Serial0/0/0
      Route metric is 2172416, traffic share count is 1
      Total delay is 20100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

Cleveland#
0
 
mikecrCommented:
I wanted to see if your EIGRP was working properly, that's why I had you change it. It is working good. Now, I want you to traceroute from the computer that can't reach the 10.10.48 network and post it here. Also do a "show ip interface fa0/0" on the 10.10.21 router and post it here.

Some implementations of EIGRP have a bug in them, depending on the IOS, that causes route summarization not to happen. I wanted to make sure that you're route summarization is working. I have a feeling I might know what the problem is but I need a little more info.
0
 
dkarpekinAuthor Commented:
tracert will not go anywhere-all 30 "timed out", and will be same way for all ip , that is not pingable( I do belive becouse , when 2811 recived same 10.10.x.x it will not route, assuming , that is same LAN, and separation by /16 and /24 is not helping, but Ithought,it should.)Also I think, I should make same version on 10.10.21.180 same as on 10.10.48.1(behind this one , I can ping 10.10.21.180 at least)
here is output:
NYBW#show interface fastethernet 0/0
FastEthernet0/0 is up, line protocol is up
  Hardware is MV96340 Ethernet, address is 001b.2a9a.44d8 (bia 001b.2a9a.44d8)
  Description: $ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
  Internet address is 10.10.21.180/16
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 3000 bits/sec, 5 packets/sec
  5 minute output rate 2000 bits/sec, 3 packets/sec
     2356 packets input, 203429 bytes
     Received 740 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     1763 packets output, 129144 bytes, 0 underruns
 --More--              0 output errors, 0 collisions, 0 interface resets
 --More--              0 babbles, 0 late collision, 0 deferred
 --More--              0 lost carrier, 0 no carrier
 --More--              0 output buffer failures, 0 output buffers swapped out
NYBW#

Versions:

-------------10.10.21.180-------------------
NYBW#show version
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T
, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Mon 25-Jun-07 22:11 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

NYBW uptime is 24 minutes
System returned to ROM by power-on
System image file is "flash:c2800nm-advipservicesk9-mz.124-15.T.bin"

Cisco 2811 (revision 53.50) with 249856K/12288K bytes of memory.
Processor board ID xxxxxxxxxxxxxx
2 FastEthernet interfaces
2 Serial interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102
NYBW#

-------------------10.10.48.1-------------------
Cleveland#show version
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9_SNA-M), Version 12.4(
15)T, RELEASE SOFTWARE (fc3)

Compiled Mon 25-Jun-07 22:11 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Cleveland uptime is 25 minutes
System returned to ROM by power-on
System image file is "flash:c2800nm-adventerprisek9_sna-mz.124-15.T.bin"


Cisco 2811 (revision 53.50) with 249856K/12288K bytes of memory.
Processor board ID xxxxxxxxxxxx
2 FastEthernet interfaces
1 Serial interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Cleveland#
0
 
dkarpekinAuthor Commented:
just made them both  with c2800nm-adventerprisek9_sna-mz.124-15.T.bin

, but same thing.
Can you please advise what would be more appropriate IOS, in mine case, where central with main LAN behind, will provide access to 4 remote LAN, over T1?. no addtional stuff will not be need it.
0
 
mikecrCommented:
It looks like your EIGRP is working but I'm not sure why it's not pingable. Post your current configs again for your core site and the problem child site again so that I can look at them.
0
 
dkarpekinAuthor Commented:
With "child" site Ip as FE0/0-10.12.48.1/24 and PC 10.12.48.2/24 everything, just the way suppose to be(also will work just fine with "ip unnumbered" for all 4 WIc's in "central" 2811).
But wil not work, nommatter what I do, when it is on 10.10.48.0/24 network Ip's as 10.10.48.1/24 and 10.10.48.2/24.
Right now it is set "right way"-10.12.48.0/24 , i will change to 10.10.48.0/24 again, but I was thinking ,if I can send those files on e-mail(they will take a lot of space here, if you want both config for comparing, as wel if u would like to have "show tech" from both versin of config ,as well.
So please let me know, what u prefer, and I'll prepare them to send or posted here.
0
 
mikecrCommented:
I just need to see the running config on each router. The hosts that are on your network that are 10.10.10.x, do they set directly behind the router? If you do show ip route 10.10.10.x from the 10.10.48.x  router, you should see the next hop as being your central router, correct? And you said that you can ping 10.10.48.x from the central router, just not the 10.10.10.x pc, correct? There is something strange going on. We do another test. Create a loopback interface on the Central router and give it a 10.10.10.x ip address and see if you can ping it from the 10.10.48.x network. If you can, you may not have something configured properly setting behind the Central router.
0
 
dkarpekinAuthor Commented:
yes it is correct, PC's attached directly to 2811 FE.
Here is what Cisco just advise, as well 10.12.48.x/24 config- which is runnig just fine.I will change back to 10.10.48.x/24 and will post again with tests u mentioned.
Thanks for all the information. From the information that you provided
 me I can see the following:
PC ----- Remote2811 ---- Central2811 ----- PC
      FE0/1                        FE0/0

PC: 10.10.48.2 /30                            PC: 10.10.10.7 /16
DG: 10.10.48.1                                DG: 10.10.21.180

On Remote2811 you have:
router eigrp 1
 network 10.10.48.0 0.0.0.255
 network 10.10.80.0 0.0.0.255
 network 10.10.0.0 0.0.255.255
 network 172.16.0.0 0.0.0.3
 network 172.16.0.4 0.0.0.3
 no auto-summary

On Central2811:
router eigrp 1
 network 10.10.48.0 0.0.0.255
 network 10.10.80.0 0.0.0.255
 network 10.10.0.0 0.0.255.255
 network 172.16.0.0 0.0.0.3
 network 172.16.0.4 0.0.0.3
 no auto-summary

You're advertising the same networks on both devices. that's wrong.
 Also you have discontinuous networks on this design, so it would be very
 difficult to make this work.

configuration 10.12.48.x/224:
!This is the running config of the router: 10.10.21.180
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname NYBW
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
no logging buffered
logging console criticalenable secret 5 $1$luFl$WpOlQk97mrfY03NhvJpHy/
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
!
!
no ip bootp server
!
multilink bundle-name authenticated
!
voice-card 0
 no dspfarm

 log config
  hidekeys
!
ip tcp synwait-time 10
!
interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
 ip address 10.10.21.180 255.255.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/1/0
 ip address 172.16.0.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip route-cache flow
 service-module t1 clock source internal
 service-module t1 remote-alarm-enable
!
interface Serial0/3/0
 ip address 172.16.0.5 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip route-cache flow
 service-module t1 clock source internal
 no cdp enable
!
router eigrp 1
 passive-interface FastEthernet0/1
 network 10.10.0.0 0.0.255.255
 network 10.12.48.0 0.0.0.255
 network 10.12.80.0 0.0.0.255
 auto-summary
!
ip route 10.12.48.0 255.255.255.0 172.16.0.6 permanent
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 10.10.0.0 0.0.255.255
access-list 190 remark permit IPSec VPN pass-through, IPSec NATT
access-list 190 remark SDM_ACL Category=2
access-list 190 permit esp any any
access-list 190 permit ahp any any
access-list 190 permit udp any any eq isakmp
access-list 190 permit udp any any eq non500-isakmp
access-list 190 permit udp any any eq 10000
access-list 190 permit tcp any any eq 10000
no cdp run
!
end

!This is the running config of the router: 10.12.48.1
!----------------------------------------------------------------------------
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cleveland
!
boot-start-marker
boot-end-marker
!
no logging buffered

no aaa new-model
!
!
ip cef
!
ip domain name yourdomain.com
!
multilink bundle-name authenticated
!
voice-card 0
 no dspfarm

 log config
  hidekeys
!
interface FastEthernet0/1
 description $ETH-LAN$
 ip address 10.12.48.1 255.255.255.0
 ip nbar protocol-discovery
 duplex full
 speed auto
 no mop enabled
!
interface Serial0/0/0
 ip address 172.16.0.6 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
router eigrp 1
 network 10.10.0.0 0.0.255.255
 network 10.12.48.0 0.0.0.255
 network 10.12.80.0 0.0.0.255
 auto-summary
!
ip route 10.10.0.0 255.255.0.0 172.16.0.5
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
end







0
 
mikecrCommented:
I just noticed that, Cisco is correct. You shouldn't be advertising the 10.10.48.x network on your Central router because that network doesn't exist on that router. Remove it from your EIGRP, the same way with the 10.10.80.x. Unless the network physically exists on that router, you shouldn't advertise it. Since your advertising a network that doesn't exist on your router, the return traffic from your 10.10.10.x subnet doesn't know how to get back to your 10.10.48.x subnet.
0
 
dkarpekinAuthor Commented:
here is output looks like under conifg(bellow).Also it is not possible to create "loopback-10.10.10.x" on "central", as it will "overlaps with FE0/0" . Deleted extra EIGRP networks  from both routers makes no diffrents to pings(everything pingable from both 2811, but not from PC's-only from "remote PC to 10.10.21.180)
It is defently problem with making 10.10.10.x/24 and 10.10.x.x/16 see each other , feels lie runnig out of the option here.
here is output looks like under conifg(bellow):
---------------10.10.48.1----------
show ip route 10.10.10.5
Routing entry for 10.10.0.0/16
  Known via "static", distance 1, metric 0
  Routing Descriptor Blocks:
  * 172.16.0.5
      Route metric is 0, traffic share count is 1

Cleveland#show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(172.16.0.6)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 10.10.48.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/1
Cleveland#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
Cleveland#ping 10.10.10.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Cleveland#ping 10.10.21.180
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.21.180, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Cleveland#
--------------------10.1021.180-------------------------------
show ip route 10.10.48.2
Routing entry for 10.10.48.0/24
  Known via "static", distance 1, metric 0
  Routing Descriptor Blocks:
  * 172.16.0.6, permanent
      Route metric is 0, traffic share count is 1

NYBW#show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(172.16.0.5)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 10.10.0.0/16, 1 successors, FD is 28160
        via Connected, FastEthernet0/0
NYBW#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
NYBW#ping 10.10.48.1 2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.48.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
NYBW#ping 10.10.48.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.48.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
NYBW#

!This is the running config of the router: 172.16.0.6
!----------------------------------------------------------------------------

interface FastEthernet0/1
 description $ETH-LAN$
 ip address 10.10.48.1 255.255.255.0
 ip nbar protocol-discovery
 duplex full
 speed auto
 no mop enabled
!
interface Serial0/0/0
 ip address 172.16.0.6 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
router eigrp 1
 network 10.10.48.0 0.0.0.255
 network 10.10.80.0 0.0.0.255
 network 10.10.0.0 0.0.255.255
 auto-summary
!
ip route 10.10.0.0 255.255.0.0 172.16.0.5
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000

!
end


!This is the running config of the router: 10.10.21.180
!----------------------------------------------------------------------------

interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
 ip address 10.10.21.180 255.255.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/1/0
 ip address 172.16.0.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip route-cache flow
 service-module t1 clock source internal
 service-module t1 remote-alarm-enable
!
interface Serial0/3/0
 ip address 172.16.0.5 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip route-cache flow
 service-module t1 clock source internal
 no cdp enable
!
!
router eigrp 1
 passive-interface FastEthernet0/1
 network 10.10.0.0 0.0.255.255
 no auto-summary
!
ip route 10.10.48.0 255.255.255.0 172.16.0.6 permanent
!
end


0
 
dkarpekinAuthor Commented:
P.S. in 10.10.48.1 only EIGRP 10.10.48.0 0.0.0255 , no auto-summary,is present-disregard other -was place in by mistake.
0
 
mikecrCommented:
Your missing the 172.16 networks in both EIGRP implementations unless you specifically took them out. Try this. On the remote routers, your eigrp config should look like:

router eigrp 1
network 10.10.48.0 0.0.0.255
network 172.16.0.0 0.0.255.255
no auto-summary

router eigrp 1
network 10.10.80.0 0.0.0.255
network 172.16.0.0 0.0.255.255
no auto-summary

On the Central router it should look:

router eigrp 1
network 10.10.0.0 0.0.31.255
network 172.16.0.0 0.0.255.255
no auto-summary

Let me know if that works. Everything should become routable. Slide the subnet mask back on your Central router to 10.10.21.180 255.255.224.0. Everything should start working hopefully.
0
 
dkarpekinAuthor Commented:
for some reason i could not achive result.
More likely that is not proper way to do it, as it will couse network "overlaping'.
In mentioned network topology, two networks to be connected by a router have to be on total diffrent subnet- like 10.10.10.1/24 and 10.10.11.1/24 , but not 10.10.10.1/24 and 10.10.10.1/28 - this will couse routing problem, as the Cisco interface with 10.10.10.1/24 will think ,that 10.10.10.1-14/28 is on 'local' subnet , and wil not route properly, regardless of "static" route to 10.10.10.1/28 network ,and other mentioned options.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 10
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now