Connecting multiple branch routers WAN interfaces to a single interface on a Cisco 3845 router
My problem is connecting our multiple branch routers WAN interfaces to a single interface on a Cisco 3845 router.
Our service provider brings in all connections to us as a single connection, and right now all of these connections are on a single VLAN on a 3750 switch. We would like to use a 3845 router for these connection as recommended by Cisco.
I have configured a primary ip address and used secondary ip addresses for each of the branch routers WAN addresses on the 3845. My problem is on the test branch router I get the following error message "IP_EIGRP: Neighbor 10.2.10.1 not on common sub-net for fastethernet 0/1 (10.2.60.2)" Which is the WAN address on the branch router. On the Core 3845 router I recieve these error messages "DUAL_5_NBRCHANGE-IP EIGRP Neighbor 10.2.60.2 Up" DUAL_5_NBRCHANGE-IP EIGRP Neighbor 10.2.60.2 down" this address is is the test routers WAN ip address.
Right now I do not have this configuration on any production networks as I need to be sure everything will work with out error messages or any other problems before it goes live.
I have included a PDF showing what I'm trying to accomplish
Any help willbe appreciated
Mossy
3845secondary.pdf
Our service provider brings in all connections to us as a single connection, and right now all of these connections are on a single VLAN on a 3750 switch. We would like to use a 3845 router for these connection as recommended by Cisco.
I have configured a primary ip address and used secondary ip addresses for each of the branch routers WAN addresses on the 3845. My problem is on the test branch router I get the following error message "IP_EIGRP: Neighbor 10.2.10.1 not on common sub-net for fastethernet 0/1 (10.2.60.2)" Which is the WAN address on the branch router. On the Core 3845 router I recieve these error messages "DUAL_5_NBRCHANGE-IP EIGRP Neighbor 10.2.60.2 Up" DUAL_5_NBRCHANGE-IP EIGRP Neighbor 10.2.60.2 down" this address is is the test routers WAN ip address.
Right now I do not have this configuration on any production networks as I need to be sure everything will work with out error messages or any other problems before it goes live.
I have included a PDF showing what I'm trying to accomplish
Any help willbe appreciated
Mossy
3845secondary.pdf
What type of service is this? It appears to be ethernet, but why is the provider telling you what IP addresses to use? And if it is ethernet, then all devices should have consistent IP addresses. Unless the provider is supporting 802.1q trunking.
ASKER
What we have now works as terminated into the 3750 switch but we are trying to use the 3845 router to eliminate that broadcast domain. I tried to create sub-interfaces on the 3845 3845 router with dot1q encapsulation and received the ""IP_EIGRP: Neighbor 10.2.60.1 not on common sub-net" error message and when I contacted Cisco TAC they informed me that I would need to put a switch between the branches and the Core3845 router to make sub-interfaces work. This is why I am trying to use the secondary interfaces. Another reason is we want to use the router to be able to route traffic to our core network and directly to the internet as needed. The PDF does not show all of this but its what we are working toward.
Thanks you for the suggestion
Thanks you for the suggestion
ASKER
To donjohnston, Our service provider does not tell us what IP's to use what they do is transparent to us. I am trying to reduce a large broadcast domain and use the router in future to route traffic not destined to our internal network directly to the internet. I will enclose a better diagram of our network with the router in place. Maybe I should include that we are a public library and have 10 branch library's and or HeadQuarters library.
Thanks for your help
basicnetwork610.pdf
Thanks for your help
basicnetwork610.pdf
Sorry. I misunderstood the diagram. I missed the period after "Service providers network".
Just create an IP network for the branch access network. Without trunking support, there's no way to segregate the traffic from your different branches over that network.
Just create an IP network for the branch access network. Without trunking support, there's no way to segregate the traffic from your different branches over that network.
if this is a metro type cloud, with SP's just handing off the cable, it will be ur responsibility to trunk it across the branch interface and HO router/switch using subinterfaces.
Best,
Best,
ASKER
surbabu140977, that is what I tries to do originally. I configured dot1q on a sub-interface for each branch network on the core-router(3845) I then received error messages about ; eigrp neighbor not on common sub-net. When I contacted Cisco there engineer said I should put a switch in between the branch router and the core-router. That way would need to configure vlan's for each branch WAN network. We don't have the money to spend to purchase another switch. I was hoping I would be able to use the router with secondary ip addresses on an interface to provide connectivity to the core -router/network. The one problem I have found with that is on secondary ip addresses Cisco does not allow egrip advertisements to propagate which leaves the branch networks unknown to the rest of the network. The more I get into this it seems the easiest way to do this will be to use sub-interfaces and put a switch in between the branches and the router like you suggest. I just will need to find another switch. I was hoping someone would say just configure eigrp with static routes and let her fly
i'll keep this open for another day but thanks for your help
i'll keep this open for another day but thanks for your help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
donjohnston, yes I know secondary address are not part of dot1Q trunk. It is just one thing we have tried. The reason we are trying to bring all of this traffic to the router instead of our core switch is to one reduce the load on the core switch and two have the ability of routing internet traffic from the branches directly to our PIX and its outside interface.
We are a public library and most of the traffic we see is port 80 web traffic if I can shunt that traffic away from our core network it should increase our internal security some what. We are using ACL's to keep patron traffic from accessing out internal network this should also reduce the likelihood of any other intrusions.
I have accepted your solution and yes I know it might be a little more work but once configured they should run without any problems. I will test your suggested configuration this weekend on and if it works will implement it later this month. Thank you for your help
We are a public library and most of the traffic we see is port 80 web traffic if I can shunt that traffic away from our core network it should increase our internal security some what. We are using ACL's to keep patron traffic from accessing out internal network this should also reduce the likelihood of any other intrusions.
I have accepted your solution and yes I know it might be a little more work but once configured they should run without any problems. I will test your suggested configuration this weekend on and if it works will implement it later this month. Thank you for your help
Sorry. I still don't get it. What kind of switch is your "core switch"? Generally speaking, switches will be able to handle significantly more traffic than routers. While the lower end multilayer switches may not support things like NAT and PBR, there's no reason why you can't setup a branch office access VLAN and have that go to your router.
Best,