WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:
Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users
COURSE of the MONTH
11 days, 22 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
CIsco Point to Point T1 Issues
Posted on 2011-03-04
I am having some trouble with a point to point t1. From the main location I can get to the remote location. But from the remote location I am unable to get to the main location.
Main (10.10.0.0/20) <---> PTP (192.168.10.1<>192.168.10.
The Main Router is a Cisco 2811 and the Remote Router is a Cisco 1841
Any help is greatly appreciated.
Thanks
Main Router Config
Current configuration : 1588 bytes
!
! Last configuration change at 16:35:16 UTC Fri Mar 4 2011 by esd101
! NVRAM config last updated at 16:21:31 UTC Fri Mar 4 2011 by esd101
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MainRouter
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 password
!
no aaa new-model
dot11 syslog
!
ip cef
!
ip domain name domain.net
!
multilink bundle-name authenticated
!
username user privilege 15 secret 5 password
!
interface FastEthernet0/0
ip address 10.10.3.1 255.255.240.0
ip nbar protocol-discovery
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description Your WAN Interface to the Internet running at 1544
bandwidth 1544
ip address 192.168.10.1 255.255.255.0
encapsulation ppp
!
ip default-gateway 10.10.2.2
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.10.2.2
ip route 10.10.6.0 255.255.255.0 192.168.10.2
ip route 192.168.10.2 255.255.255.255 10.10.2.2
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
!
snmp-server community public RW
snmp-server host 10.10.10.80 a
!
control-plane
!
line con 0
login local
line aux 0
exec-timeout 0 0
transport preferred none
transport output none
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178528
ntp server 131.107.13.100
!
end
Remote Router Config
Current configuration : 4068 bytes
!
! Last configuration change at 09:22:09 pst Wed Mar 2 2011 by User
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RemoteRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 password
!
aaa new-model
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
clock timezone pst -8
clock summer-time cdt recurring
ip cef
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.6.1 10.10.6.49
ip dhcp excluded-address 10.10.6.100 10.10.6.130
ip dhcp excluded-address 10.10.6.200 10.10.6.254
!
ip dhcp pool Remote
network 10.10.6.0 255.255.255.0
domain-name domain.net
dns-server 10.10.6.2 10.10.10.20
default-router 10.10.6.1
netbios-name-server 10.10.6.2
lease 100
!
ip flow-cache timeout active 1
ip domain name domain.net
ip name-server 10.10.10.20
!
username user privilege 15 secret 5 password
!
interface FastEthernet0/0
description connected to EthernetLAN$ETH-LAN$
ip address 10.10.6.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description $ES_LAN$
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description Your WAN Interface to the Internet running at 1544
bandwidth 1544
ip address 192.168.10.2 255.255.255.0
ip nbar protocol-discovery
ip flow ingress
ip flow egress
encapsulation ppp
service-module t1 remote-alarm-enable
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.10.1
ip flow-export source FastEthernet0/0
ip flow-export version 9
ip flow-export destination 10.10.10.155 9996
ip flow-top-talkers
top 5
sort-by bytes
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.0.0 0.0.255.255
snmp-server community public RW
snmp-server host 10.10.10.80 a
!
control-plane
!
banner motd ^C^C
!
line con 0
line aux 0
line vty 0 4
login authentication local
transport input ssh
line vty 5 15
transport input none
!
scheduler allocate 20000 1000
ntp clock-period 17178412
ntp server 131.107.13.100
end
Main (10.10.0.0/20) <---> PTP (192.168.10.1<>192.168.10.
The Main Router is a Cisco 2811 and the Remote Router is a Cisco 1841
Any help is greatly appreciated.
Thanks
Main Router Config
Current configuration : 1588 bytes
!
! Last configuration change at 16:35:16 UTC Fri Mar 4 2011 by esd101
! NVRAM config last updated at 16:21:31 UTC Fri Mar 4 2011 by esd101
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MainRouter
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 password
!
no aaa new-model
dot11 syslog
!
ip cef
!
ip domain name domain.net
!
multilink bundle-name authenticated
!
username user privilege 15 secret 5 password
!
interface FastEthernet0/0
ip address 10.10.3.1 255.255.240.0
ip nbar protocol-discovery
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description Your WAN Interface to the Internet running at 1544
bandwidth 1544
ip address 192.168.10.1 255.255.255.0
encapsulation ppp
!
ip default-gateway 10.10.2.2
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.10.2.2
ip route 10.10.6.0 255.255.255.0 192.168.10.2
ip route 192.168.10.2 255.255.255.255 10.10.2.2
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
!
snmp-server community public RW
snmp-server host 10.10.10.80 a
!
control-plane
!
line con 0
login local
line aux 0
exec-timeout 0 0
transport preferred none
transport output none
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178528
ntp server 131.107.13.100
!
end
Remote Router Config
Current configuration : 4068 bytes
!
! Last configuration change at 09:22:09 pst Wed Mar 2 2011 by User
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RemoteRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 password
!
aaa new-model
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
clock timezone pst -8
clock summer-time cdt recurring
ip cef
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.6.1 10.10.6.49
ip dhcp excluded-address 10.10.6.100 10.10.6.130
ip dhcp excluded-address 10.10.6.200 10.10.6.254
!
ip dhcp pool Remote
network 10.10.6.0 255.255.255.0
domain-name domain.net
dns-server 10.10.6.2 10.10.10.20
default-router 10.10.6.1
netbios-name-server 10.10.6.2
lease 100
!
ip flow-cache timeout active 1
ip domain name domain.net
ip name-server 10.10.10.20
!
username user privilege 15 secret 5 password
!
interface FastEthernet0/0
description connected to EthernetLAN$ETH-LAN$
ip address 10.10.6.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description $ES_LAN$
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description Your WAN Interface to the Internet running at 1544
bandwidth 1544
ip address 192.168.10.2 255.255.255.0
ip nbar protocol-discovery
ip flow ingress
ip flow egress
encapsulation ppp
service-module t1 remote-alarm-enable
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.10.1
ip flow-export source FastEthernet0/0
ip flow-export version 9
ip flow-export destination 10.10.10.155 9996
ip flow-top-talkers
top 5
sort-by bytes
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.0.0 0.0.255.255
snmp-server community public RW
snmp-server host 10.10.10.80 a
!
control-plane
!
banner motd ^C^C
!
line con 0
line aux 0
line vty 0 4
login authentication local
transport input ssh
line vty 5 15
transport input none
!
scheduler allocate 20000 1000
ntp clock-period 17178412
ntp server 131.107.13.100
end
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
2
- +1
7 Comments
on cisco router, default the ip address is considered classful, since 10.x.x.x is a A class, thus there will be one entry in the routing table for the whole 10.x.x.x network by default.
for the fix, add the following line to remote router
ip route 10.10.0.0 255.255.0.0 192.168.10.1
may be also
ip classless
sincerely
for the fix, add the following line to remote router
ip route 10.10.0.0 255.255.0.0 192.168.10.1
may be also
ip classless
sincerely
Active 1 day ago
There is no such thing as "classful" routing. We've been CIDR for too many years to count (though yes, on some older OS you have to specify 'ip classless').
You have two networks:
10.10.0.0/20
and
10.10.6.0/24
The problem is that 10.10.6.0/24 is part of the larger supernet 10.10.0.0/20. If you are not bridging, then you need to make the remote something greater than 15 (16 or larger).
You have two networks:
10.10.0.0/20
and
10.10.6.0/24
The problem is that 10.10.6.0/24 is part of the larger supernet 10.10.0.0/20. If you are not bridging, then you need to make the remote something greater than 15 (16 or larger).
Adding that route is incorrect.
The problem is that 10.10.3.0/20 (10.10.0.0-10.10.15.255) on the main router overlaps with 10.10.6.0/24 (10.10.6.0-10.10.6.255) on the remote router. It seems like your can contact the remote subnet, but there's actually something responding to those IPs on the LAN connected to main's Fa0/0.
Move the remote routers Fa0/0 IP outside of main's subnet and everything should work fine.
The problem is that 10.10.3.0/20 (10.10.0.0-10.10.15.255) on the main router overlaps with 10.10.6.0/24 (10.10.6.0-10.10.6.255) on the remote router. It seems like your can contact the remote subnet, but there's actually something responding to those IPs on the LAN connected to main's Fa0/0.
Move the remote routers Fa0/0 IP outside of main's subnet and everything should work fine.
Active 1 day ago
You would change the interfaces from layer 3 (routing) to layer 2 (bridging).
I really wouldn't recommend it unless you really need it.
The problem is that 10.10.6.0/24 is part of 10.10.0.0/20. Change your remote IPs to 10.10.16.0/24. Specify the appropriate route statements and you should be fine.
I really wouldn't recommend it unless you really need it.
The problem is that 10.10.6.0/24 is part of 10.10.0.0/20. Change your remote IPs to 10.10.16.0/24. Specify the appropriate route statements and you should be fine.
With this T1 we are upgrading the MainRouter from a 2611 to the 2811. The only reason I am adding this is that it works currently and now that you have explained it I am trying to understand why.
Building configuration...
Current configuration : 2613 bytes
!
! Last configuration change at 15:41:13 UTC Fri Mar 4 2011 by esd101
! NVRAM config last updated at 15:41:32 UTC Fri Mar 4 2011 by esd101
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MainRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 password
!
memory-size iomem 10
no aaa new-model
ip subnet-zero
ip cef
!
!
ip nbar port-map custom-02 udp 1300 1718 1719 1720 11720
ip nbar port-map custom-02 tcp 1300 1718 1719 1720 11000 11999
ip nbar port-map custom-01 udp 5060
ip nbar port-map custom-01 tcp 5060
ip domain name domain.net
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
username user privilege 15 secret 5 password
!
!
!
class-map match-any WebEmail
match protocol http
match protocol secure-http
match protocol smtp
match protocol pop3
match protocol imap
match protocol citrix
match protocol dns
class-map match-any VoIP
match protocol rtp
match protocol custom-10
match protocol custom-01
match protocol custom-02
match protocol rtspplayer
!
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 10.10.3.1 255.255.240.0
ip nbar protocol-discovery
half-duplex
!
interface Serial0/0
ip address 192.168.10.1 255.255.255.0
encapsulation ppp
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Serial0/1
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
half-duplex
!
interface Ethernet1/1
no ip address
shutdown
half-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.2.2
ip route 10.10.6.0 255.255.255.0 192.168.10.2
!
!
access-list 23 permit 10.10.0.0 0.0.255.255
!
snmp-server community public RW
snmp-server host 10.10.10.80 a
!
!
!
!
!
line con 0
login local
line aux 0
exec-timeout 0 0
modem InOut
transport preferred none
transport input all
transport output all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178378
ntp server 131.107.13.100
!
end
Building configuration...
Current configuration : 2613 bytes
!
! Last configuration change at 15:41:13 UTC Fri Mar 4 2011 by esd101
! NVRAM config last updated at 15:41:32 UTC Fri Mar 4 2011 by esd101
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MainRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 password
!
memory-size iomem 10
no aaa new-model
ip subnet-zero
ip cef
!
!
ip nbar port-map custom-02 udp 1300 1718 1719 1720 11720
ip nbar port-map custom-02 tcp 1300 1718 1719 1720 11000 11999
ip nbar port-map custom-01 udp 5060
ip nbar port-map custom-01 tcp 5060
ip domain name domain.net
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
username user privilege 15 secret 5 password
!
!
!
class-map match-any WebEmail
match protocol http
match protocol secure-http
match protocol smtp
match protocol pop3
match protocol imap
match protocol citrix
match protocol dns
class-map match-any VoIP
match protocol rtp
match protocol custom-10
match protocol custom-01
match protocol custom-02
match protocol rtspplayer
!
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 10.10.3.1 255.255.240.0
ip nbar protocol-discovery
half-duplex
!
interface Serial0/0
ip address 192.168.10.1 255.255.255.0
encapsulation ppp
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Serial0/1
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
half-duplex
!
interface Ethernet1/1
no ip address
shutdown
half-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.2.2
ip route 10.10.6.0 255.255.255.0 192.168.10.2
!
!
access-list 23 permit 10.10.0.0 0.0.255.255
!
snmp-server community public RW
snmp-server host 10.10.10.80 a
!
!
!
!
!
line con 0
login local
line aux 0
exec-timeout 0 0
modem InOut
transport preferred none
transport input all
transport output all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178378
ntp server 131.107.13.100
!
end
Featured Post
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month11 days, 22 hours left to enroll
752 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.