We help IT Professionals succeed at work.

Multiple Routers

aclaus225
aclaus225 asked
on
I have a Cisco 871 router and a little Peplink 30 router, if you can even call that a router.  I am using the Peplink because I have multiple WANS and I wanted to link them together.  The way that I have it set up is that the Cisco is still configured with the outside IP of one of the connections.  I have also configured NATs on the router to service RDP, HTTP and HTTPS.  However, these do not seem to work anymore since I plug into the Peplink.  I have tried to configure these on the peplink but they also do not connect in there.  I have verified DNS just in case that was a problem, but it does not.  Does anyone have any ideas?  
Comment
Watch Question

Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
plase show the configs

Author

Commented:
Alright, so the thing is, I know the config on the Cisco router is correct.  It has always been the same and never changed.  It is found below.  I am not sure how to provide you with the config from the other router, as it will export a .conf file, but I cannot get any program that can make any logic of it.  
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.100.60 80 174.77.164.83 80 extendable
ip nat inside source static tcp 192.168.100.60 443 174.77.164.83 443 extendable
 --More--         ip nat inside source static tcp 192.168.100.72 3389 174.77.164.83 3389 extendable
ip nat inside source static tcp 192.168.100.160 21 174.77.164.84 21 extendable
ip nat inside source static tcp 192.168.100.160 80 174.77.164.84 80 extendable
ip nat inside source static tcp 192.168.100.160 443 174.77.164.84 443 extendable
ip nat inside source static tcp 192.168.100.160 3389 174.77.164.84 3389 extendable
ip nat inside source static tcp 192.168.100.28 3389 174.77.164.85 3389 extendable
!

Open in new window

Author

Commented:
Just to be clear, the port on the Cisco is configured to the external IP of the WAN.  The WAN port of the Peplink that is plugged into this is configured with a private IP address.  Do I need to write some sort of command to forward all those nats through the one IP address?  

Commented:

Does it look like this:

  192.168.100.28 -- Peplink -- Cisco -- Internet?

If so, what IP addresses do you have on the Cisco and internal facing interfaces of the peplink?  And what IP do you have on the inside interface of the Cisco?

Author

Commented:
The Cisco was facing the internet, with the peplink right inside of it.  The Cisco's internal IP was 192.168.100.1 and I hard coded the peplink link to 192.168.100.3.  

Commented:

I still need to know where 192.168.100.28 is in relation to the peplink and the Cisco.

You seem to be saying that the peplink and the servers are on the same network as the inside of the Cisco.

In which case the peplink does not get involved in traffic from the Cisco to the 100.28 server.

Author

Commented:
Muff,


What I am saying is the Cisco router is on the outside.  One of the Cisco LAN ports is plugged into a WAN port on the Peplink.  The peplink's LAN port is where the switches are connected for my network.  So, everything goes through the Peplink.  

Commented:

So it is like you have the WAN port IP address and the internal address on the same subnet.

If the Peplink has a WAN ports and LAN ports, then it is a router, which means the IP addressing on either side (WAN and LAN) cannot be in the same subnet.

So a packet comes from the Cisco destined for 192.168.100.28, the cisco will ask out of its inside interface who has that address, because it has a local interface in that subnet.  The only other thing that is on that subnet is 192.168.100.3  - the Peplink.  All the real 192.168.100.x devices are on the other side of the peplink and so never see the request from Cisco asking who has the .28 address. So the packet is discarded.

There are two options - either plug the Cisco into one of the LAN ports of the peplink, so that they all are on the same network - so effectively the Peplink is just used as a switch for 192.168.100.x rather than a router, or use a different network between the Cisco and peplink, leaving the peplink as a router for this subnet:

So the Cisco would become 192.168.101.1, the peplink WAN port becomes 192.168.101.2.  On the Cisco you add a route for 192.168.100.0/24 to 192.168.101.2 and the default route on the peplink is 192.168.101.1


Author

Commented:
Is it possible to just plug a LAN port from the Cisco into a LAN port on the peplink and get them talking?  I am thinking about completely splitting these two apart, since I have more than one internet connection, but I want them to still be able to communicate to each other.  Do I then need to buy more equipment to get this done or will it suffice to just plug in ethernet to LAN switches on both sides?

Commented:

Yes, that was option 1.  

This question is important:  Is 192.168.100.3 on the WAN port of the Peplink?  If so, do you have another IP address on the LAN side of the Peplink?

Author

Commented:
192.168.100.3 is the address that I assigned to the WAN port of the Peplink that comes from the Cisco LAN port.  I cannot assign addresses to the LAN side of things, but use DHCP for all devices connected. Is there going to be some sort of problem?

Commented:
No that is fine - though it is unusual to not be able to assign an IP to the LAN side.

Ok, so change the IP address on the WAN port to something outside your address range (or disable the port if possible) and connect the Cisco to a LAN port.  Then it should work.

Author

Commented:
I planned on actually running one switch off the Cisco router and another switch off the Peplink router and only connecting them from LAN port to LAN port on each other's router.  

Commented:
Sure - just remember that anything connected LAN to LAN, or on switches attached to LAN ports, must all be in the same address range.  Anything on WAN ports needs to be on a different address range to the LAN ports.

Author

Commented:
If I only have one DHCP server and I hard code nothing wouldn't that automatically make them on the same subnet?  

Commented:
It doesn't matter too much about how the addresses are allocated.

The important thing is the design of these devices.  If the peplink has a port that is defined as a WAN port and is distinct from LAN ports, then it is a router, and traffic can only get from the WAN side to the LAN side via routing.  And you cannot have the same network on both the LAN and WAN side.

The same applies to the Cisco.  On the wan side it is using 174... addresses and on the LAN side it is usng 192.168 addresses.

Author

Commented:
Alright, the computers are definitely able to communicate with each other across the two switches, but now how do I get them to use two different internet connections?  What I am looking to do is make them use the least hops to get to the internet.  I know that this would mean using two different gateways (Cisco is .1 and Peplink is .2).  If I hard code it I can get the computer to use .2 instead of .1 but is there any way to cause the computers to actually use the router that they are closest to in order to use the internet?  If I turned the DHCP on on the router wouldn't it take over all DHCP assigning?  

Commented:
Yes, if you have two dhcp servers running, essentially they would be randomly assigned - there may be a tiny margin of bias toward the "nearest" dhcp server just because the dhcp reply packets would get there from one dhcp server rather than another.

Realistically, if you are using two different internet connections, and wanted each device to choose the "nearest" one for performance reasons, the reality is the performance gains will be close to zero - certainly undetectable.  This is because the hop across the two routers internally (across 100Mb or 1000Mb links) is negligable compared to the latency introduced traversing internet routers - this is assuming the peplink and cisco are the two gateways and they are connected as described.

If you want to push traffic through one or the other, for load reasons - ie to avoid saturation of one link - then you would be better to identify which are the main candidates for sharing load.  For example, you may choose to have all user based traffic out one gateway, then all email out another.

This is easy - you make the network default gateway one of the routers, and then on the email server you set the default gateway to the other router.

Note that this would require that the peplink can have a lan address, which you suggested earlier that it couldn't.

Author

Commented:
Pretty much what I was looking to happen was have a specific group of people assigned to one gateway, since they are paying for that internet connection and another group is paying for the other connection.  I am guessing the only way to accomplish this, though, is to get the smaller group static ip addresses so that I can assign the smaller gateway to them.  

Commented:
Yes, or segregate the lan.

So have them on a separate switch with a seperate gateway, and route from one to the other, and two separate DHCP servers.

Are there services within the network that both groups would need to access?

Also, you mentioned WANs connected to the peplink - can you explain a bit more about this?  

You may have enough gear already to do this, depending on these answers.

Author

Commented:
I have my Cisco router, which is gateway .1 and my Peplink which is gateway .2.  Everyone needs access to the same folders on my network.  The way that the routers communicate to each other is through a cat 5 straight through cable that runs to LAN ports on both.  When I talked about WANS connected to the peplink I was referring to two internet connections that get the router out to the internet.  I also have one WAN on the Cisco which is just used for internet access.  

Commented:
Ok, so can you describe how you'd like to distribute traffic over these three Internet connections?

If the WAN on the Cisco is for internet traffic only, what is the intention (or current use) of the two Peplink internet connections?

Author

Commented:
This all started because of the departments decided to get their own internet connection but still share resources.  For all practical purposes that only thing the Peplink is used for is to reach the internet from that department's internet connection.  This currently is not being done because all traffic is going through the Cisco router, the other gateway.  The two internet connections that are going into the Peplink router really serve no purpose since I can't do anything with them.  I needed the ability to talk across both sides, so the two routers are linked together with a straight through cable from LAN to LAN.  The Cisco router is used to reach the internet, but also for internet services: FTP, HTTP, RDP.

Commented:
Ok, here is a possibility, tell me what you think.

The Cisco 871 can support multiple VLANs even with the basic firmware.  Basically you enable vlan2 and the last port fa3 becomes a separate vlan to the other three ports.

So what you can do is  
Commented:
Ooops.

What you can do is enable vlan2 so that port 0-2 are separate from 3.  Then plug the peplink into port 3.

On the LAN side of the peplink, enable the DHCP server with a different address range to the Cisco - lets say 192.168.101.0/24

Then make vlan2 192.168.101.2 on the cisco.  Make the peplink LAN side address be 192.168.101.1.  So the default route for anyone connected to the peplink would be 192.168.101.1 and for any one on the Cisco LAN their default route would be 192.168.100.whateveritisnow.

So the peplink is connected to the internet.  Anyone on the Peplink lan accessing an external address would to to their default gateway, and the peplink would go to its default gateway, which it out its local internet connection.

Anyone on the Cisco lan would go via their default gateway - the Cisco, which would go out its default gateway, which is its own local internet connection.

So that only leaves access between the two networks.  For this, you would need a static route on the peplink saying that 192.168.100.0/24 is accessible via 192.168.101.2 (the Cisco address of vlan2).  The Cisco is directly connected to 192.168.101.0/24 so wouldn't need a route.