Solved

CIsco Point to Point T1 Issues

Posted on 2011-03-04
7
414 Views
Last Modified: 2012-05-11
I am having some trouble with a point to point t1.  From the main location I can get to the remote location.  But from the remote location I am unable to get to the main location.

Main (10.10.0.0/20) <---> PTP (192.168.10.1<>192.168.10.2) <---> Remote (10.10.6.0/24)
The Main Router is a Cisco 2811 and the Remote Router is a Cisco 1841

Any help is greatly appreciated.

Thanks

Main Router Config

Current configuration : 1588 bytes
!
! Last configuration change at 16:35:16 UTC Fri Mar 4 2011 by esd101
! NVRAM config last updated at 16:21:31 UTC Fri Mar 4 2011 by esd101
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MainRouter
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 password
!
no aaa new-model
dot11 syslog
!
ip cef
!
ip domain name domain.net
!
multilink bundle-name authenticated
!
username user privilege 15 secret 5 password
!
interface FastEthernet0/0
 ip address 10.10.3.1 255.255.240.0
 ip nbar protocol-discovery
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 description Your WAN Interface to the Internet running at 1544
 bandwidth 1544
 ip address 192.168.10.1 255.255.255.0
 encapsulation ppp
!
ip default-gateway 10.10.2.2
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.10.2.2
ip route 10.10.6.0 255.255.255.0 192.168.10.2
ip route 192.168.10.2 255.255.255.255 10.10.2.2
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
!
snmp-server community public RW
snmp-server host 10.10.10.80 a
!
control-plane
!
line con 0
 login local
line aux 0
 exec-timeout 0 0
 transport preferred none
 transport output none
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178528
ntp server 131.107.13.100
!
end


Remote Router Config

Current configuration : 4068 bytes
!
! Last configuration change at 09:22:09 pst Wed Mar 2 2011 by User
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RemoteRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 password
!
aaa new-model
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
clock timezone pst -8
clock summer-time cdt recurring
ip cef
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.6.1 10.10.6.49
ip dhcp excluded-address 10.10.6.100 10.10.6.130
ip dhcp excluded-address 10.10.6.200 10.10.6.254
!
ip dhcp pool Remote
   network 10.10.6.0 255.255.255.0
   domain-name domain.net
   dns-server 10.10.6.2 10.10.10.20
   default-router 10.10.6.1
   netbios-name-server 10.10.6.2
   lease 100
!
ip flow-cache timeout active 1
ip domain name domain.net
ip name-server 10.10.10.20
!
username user privilege 15 secret 5 password
!
interface FastEthernet0/0
 description connected to EthernetLAN$ETH-LAN$
 ip address 10.10.6.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description $ES_LAN$
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 description Your WAN Interface to the Internet running at 1544
 bandwidth 1544
 ip address 192.168.10.2 255.255.255.0
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 encapsulation ppp
 service-module t1 remote-alarm-enable
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.10.1
ip flow-export source FastEthernet0/0
ip flow-export version 9
ip flow-export destination 10.10.10.155 9996
ip flow-top-talkers
 top 5
 sort-by bytes
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.0.0 0.0.255.255
snmp-server community public RW
snmp-server host 10.10.10.80 a
!
control-plane
!
banner motd ^C^C
!
line con 0
line aux 0
line vty 0 4
 login authentication local
 transport input ssh
line vty 5 15
 transport input none
!
scheduler allocate 20000 1000
ntp clock-period 17178412
ntp server 131.107.13.100
end
0
Comment
Question by:ESD101
7 Comments
 
LVL 2

Expert Comment

by:mwblsz
Comment Utility
on cisco router, default the ip address is considered classful, since 10.x.x.x is a A class, thus there will be one entry in the routing table for the whole 10.x.x.x network by default.
for the fix, add the following line to remote router

ip route 10.10.0.0 255.255.0.0 192.168.10.1

may be also

ip classless

sincerely

0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
Comment Utility
There is no such thing as "classful" routing.  We've been CIDR for too many years to count (though yes, on some older OS you have to specify 'ip classless').

You have two networks:

   10.10.0.0/20
          and
   10.10.6.0/24

The problem is that 10.10.6.0/24 is part of the larger supernet 10.10.0.0/20.  If you are not bridging, then you need to make the remote something greater than 15 (16 or larger).
0
 
LVL 5

Expert Comment

by:group0
Comment Utility
Adding that route is incorrect.

The problem is that 10.10.3.0/20 (10.10.0.0-10.10.15.255) on the main router overlaps with 10.10.6.0/24 (10.10.6.0-10.10.6.255) on the remote router.  It seems like your can contact the remote subnet, but there's actually something responding to those IPs on the LAN connected to main's Fa0/0.

Move the remote routers Fa0/0 IP outside of main's subnet and everything should work fine.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:ESD101
Comment Utility
What do you mean by this and how would you bridge a PTP T1

If you are not bridging

0
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
You would change the interfaces from layer 3 (routing) to layer 2 (bridging).

I really wouldn't recommend it unless you really need it.

The problem is that 10.10.6.0/24 is part of 10.10.0.0/20.  Change your remote IPs to 10.10.16.0/24.  Specify the appropriate route statements and you should be fine.
0
 

Author Comment

by:ESD101
Comment Utility
With this T1 we are upgrading the MainRouter from a 2611 to the 2811.  The only reason I am adding this is that it works currently and now that you have explained it I am trying to understand why.

Building configuration...

Current configuration : 2613 bytes
!
! Last configuration change at 15:41:13 UTC Fri Mar 4 2011 by esd101
! NVRAM config last updated at 15:41:32 UTC Fri Mar 4 2011 by esd101
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MainRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 password
!
memory-size iomem 10
no aaa new-model
ip subnet-zero
ip cef
!
!
ip nbar port-map custom-02 udp 1300 1718 1719 1720 11720
ip nbar port-map custom-02 tcp 1300 1718 1719 1720 11000 11999
ip nbar port-map custom-01 udp 5060
ip nbar port-map custom-01 tcp 5060
ip domain name domain.net
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
username user privilege 15 secret 5 password
!
!
!
class-map match-any WebEmail
  match protocol http
  match protocol secure-http
  match protocol smtp
  match protocol pop3
  match protocol imap
  match protocol citrix
  match protocol dns
class-map match-any VoIP
  match protocol rtp
  match protocol custom-10
  match protocol custom-01
  match protocol custom-02
  match protocol rtspplayer
!
!
!
!
!
!
!
!
interface Ethernet0/0
 ip address 10.10.3.1 255.255.240.0
 ip nbar protocol-discovery
 half-duplex
!
interface Serial0/0
 ip address 192.168.10.1 255.255.255.0
 encapsulation ppp
!
interface Ethernet0/1
 no ip address
 shutdown
 half-duplex
!
interface Serial0/1
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
 half-duplex
!
interface Ethernet1/1
 no ip address
 shutdown
 half-duplex
!
interface Ethernet1/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet1/3
 no ip address
 shutdown
 half-duplex
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.2.2
ip route 10.10.6.0 255.255.255.0 192.168.10.2
!
!
access-list 23 permit 10.10.0.0 0.0.255.255
!
snmp-server community public RW
snmp-server host 10.10.10.80 a
!
!
!
!
!
line con 0
 login local
line aux 0
 exec-timeout 0 0
 modem InOut
 transport preferred none
 transport input all
 transport output all
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178378
ntp server 131.107.13.100
!
end
0
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
It works because of the static route:

  ip route 10.10.6.0 255.255.255.0 192.168.10.2
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now