Solved

Cisco 861, E-line connectivity ant traffic from F4 to F0

Posted on 2011-03-17
14
659 Views
Last Modified: 2012-05-11
Hello Experts,
I have two customer locations that am trying to connect using E-line (Layer2) instead of leased line, am using two Cisco routers 861, I was able to create the connection and while am in the console mode I can ping both router and telnet them from each other, my problem is I can’t get the traffic from the Pcs behind each outer to see the other PCs behind the other routers.
“ can’t get the outside traffic to pass to the inside traffic, and vice versa”, here are my config files for both routers

------------------------------------Router1------------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
 login
!
scheduler max-task-time 5000
end

------------------------------------Router2------------------------------------------


version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 no ip address
!
interface Vlan10
 ip address 192.168.100.89 255.255.255.0
!
!
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
password $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
 login
!
scheduler max-task-time 5000
end



so from router 1 I can ping 192.168.200.2 put can’t ping 192.168.100.100 which is a Pc behind the router2.
Thank you very much in advance.
0
Comment
Question by:podium78
  • 8
  • 6
14 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 35157171
Most likely the PC's have a default route of something other than these routers and their default gateway doesn't have a route to the other subnet via the local router.  This may be problematic depending on what type of device is acting as the "default gateway".
0
 

Author Comment

by:podium78
ID: 35157266
thank you JFrederick for the swift reply,
I can't ping from the consol mode, not from the pc, if am in the consol mode of router1 and try to ping the pcs on the switch connected to router1, I get a reply but if I telnet to router 2 and ping the same pc from there I don't get reply.
so the problem is forwarding the traffic from F4 to F0 and vice versa.

thank you.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 35157343
Actually just noticed you are trying to use the same subnet in both sites.  Is this the intention?  It is best to use a different subnet in each location.  If you want true layer2 (one subnet in both sites), plug the connection into the LAN switches and trunk between the two (don't use the router).
0
 

Author Comment

by:podium78
ID: 35163145
well, in my case it’s not possible, the switches are normal ones and do not support trunking, I don't want to buy new switches.
I know for a fact that this is the way to do it, but am missing something in my configs, if you can help me to fix it within my scenario I will be very grateful.
thank you in advance.

0
 

Author Comment

by:podium78
ID: 35164454
I've check my config and reconfig the router, F4 was up but in my old post it showed that it was down also I removed Vlan10 and gave the ip address to Vlan1 and as far as I know F0-4 by default are on vlan1. I was reading on the net and I changed couple of things on the config especially on the "IP route" here are my configs again, please check them and if you see where I went wrong please advice.

----------------------------------------------main router------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.100.254
ip route 192.168.0.0 255.255.255.0 192.168.200.2
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end


----------------------------------------------------------Second Router--------------------------

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.89 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 35164539
Why are you trying to use the same subnet on both ends?  If this necessary?
0
 

Author Comment

by:podium78
ID: 35165502
ok, after doing the connection between the two sites, I am going to intall a domain controller on the main location, so it will be very helfull for me to have the same subnet but i could do without it.
but I don't think the problem is the subnet, becasue for example I can't ping a pc=192.168.100.100  which is connected to the switch of Router 1 from the consol from the Router 2 while I can ping Router1, and if am on the consol of Router1 I can ping that pc, so I didn't reach to the point to ping from a Pc on Router2 to a Pc on Router1.

thank you in advance.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:podium78
ID: 35166083
I changed the subnet on the second router but still no luck, here are the last configs

-------------------------------------------------Router1--------------------------------------------


version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.2
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password spider78
 login
!
scheduler max-task-time 5000
end--------------------------------------------------Router2--------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 ip address 192.168.0.200 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.0.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 35166124
Okay, so the PC's in site 2 have a default gateway of 192.168.0.200, right?

What is the default gateway of a PC in site 1?
0
 

Author Comment

by:podium78
ID: 35168311
No at the moment they don't have 192.168.0.200, they have the gatway of the other router used for internet which is 192.168.0.1, when I will be able to ping a PC on site one 192.168.100.x from within the second router I will change all the pc's gateways to 192.168.0.200.
 
PC in the main site has IP=192.168.100.x, mask= 255.255.255.0 gateway=192.168.100.254
PC in the second site has IP=192.168.0.x, mask= 255.255.255.0 gateway=192.168.0.1

I want to stress that I couldn't ping from the treminal consol of Router 2,befor to start changing IPs of the computers on site2.
I mean now am connecting to the router2 from the AUX
Router2> ping 192.168.0.1 (IP of internet router on this site)
!!!!! 100% success.
Router2> ping 192.168.200.1 (IP of wan interface of router1)
!!!!! 100% success.
Router2> ping 192.168.100.100 (Pc behind router1)
.....0% scucess
Router2> telent 192.168.200.1
..............ok
Router1> ping 192.168.100.100
!!!!! 100% success
Router1> ping 192.168.200.2
!!!!! 100% success
Router1> ping 192.168.0.1
.....0% scucess
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 35168348
Okay, so without changing gateways or adding routes to the default gateway, you can add a route to a test PC in site 1 and a test PC in site 2.

Site1 PC:

route add 192.168.0.0 mask 255.255.255.0 192.168.100.88

Site2 PC:

route add 192.168.100.0 mask 255.255.255.0 192.168.0.200

See if you can ping between the two test PC's after adding the route or from the router to those PC's.
0
 

Author Comment

by:podium78
ID: 35172260
Hi, I added the route but no luck, I can't even ping the WAN port of the router 1 from  a pc on site 1..
ping 192.168.100.88 ----> reply
ping 192.168.200.1-----> NO reply
ping 192.168.0.200--> No reply

and the same from site 2.

but now after I changed the subnet int two different ones I can ping the LAN port of each router from the other router, I could't do that before.

Router 1> ping 192.168.100.100 (PC on site 1)
!!!!! 100 Success.
Router 1> ping 192.168.100.88 (LAN ip of Router1)
!!!!! 100 Success.
Router 1> ping 192.168.200.2 (WAN ip of Router 2)
!!!!! 100 Success.
Router 1> ping 192.168.0.200 (LAN ip of Router 2)
!!!!! 100 Success.

and the same for router 2.
ok am not good in cisco OS, but I think there is something wrong in my config to forward traffic between site, if this was VPN it should work perfectly no?.
OK waiting your reply, and thank you in advance.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 35179846
Right, you won't be able to ping the other WAN port because the PC has no route to it.  You can add the same routes to the PC's but specify the 192.168.200.0/24 subnet.

So you add this to a PC in site 1 and you can't ping 192.168.0.200?

route add 192.168.0.0 mask 255.255.255.0 192.168.100.88
0
 

Author Comment

by:podium78
ID: 35205534
Hello,
Ok I reconfigured the routers without Router rip, just static route and now everything is ok, thank you very much.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now