Cisco, how to forward all from WAN to LAN and vice versa.

Hello Experts,
I have two customer locations that am trying to connect using E-line (Layer2) instead of leased line, am using two Cisco routers 861, I was able to create the connection and while am in the console mode I can ping both router and telnet them from each other, my problem is I can’t get the traffic from the Pcs behind each outer to see the other PCs behind the other routers.
“ can’t get the outside traffic to pass to the inside traffic, and vice versa”, here are my config files for both routers

------------------------------------Router1------------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
 login
!
scheduler max-task-time 5000
end

------------------------------------Router2------------------------------------------


version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 no ip address
!
interface Vlan10
 ip address 192.168.100.89 255.255.255.0
!
!
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
password $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
 login
!
scheduler max-task-time 5000
end



so from router 1 (from withing the consol mode) I can ping 192.168.200.2 put can’t ping 192.168.100.100 which is a Pc behind the router2.
Thank you very much in advance.
podium78Asked:
Who is Participating?
 
shubhanshu_jaiswalConnect With a Mentor Commented:
I guess you have same subnet defined for user segment at both the locations...so when the routing happens...Router thinks that the destination network is connected network and it is not routing...
0
 
Kruno DžoićSystem EngineerCommented:
router 2

interface FastEthernet4
 no ip address
shutdown
 duplex auto
 speed auto
0
 
Ernie BeekExpertCommented:
If it's a layer-2 connection, you don't really need routers. You could suffice with a layer 2 device: switch. Since both sides seem to be in the same ip range this could simplify things.
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
Istvan KalmarHead of IT Security Division Commented:
and you need to add the second router interfaces to VLAN 10:

interface FastEthernet0
 switchport access vlan 10
!
interface FastEthernet1
 switchport access vlan 10
!
interface FastEthernet2
 switchport access vlan 10
!
interface FastEthernet3
 switchport access vlan 10
0
 
podium78Author Commented:
thank you all for your replies.
1: @Jaisawl: the idea is to have layer2 connection so I need to have same subnet and it does work but am missing something.

2: @erniebeek: I tried conneect direcctly to the switches but it does not work, i have normal switches not cisco and am not going to buy new ones, again the way E-line work is with two routers I've seen it before but I don't know what am missing.

3:@M3rc74 and Ikalmar: I've check my config and reconfig the router, F4 was up but in my old post it showed that it was down also I removed Vlan10 and gave the ip address to Vlan1 and as far as I know F0-4 by default are on vlan1. I was reading on the net and I changed couple of things on the config especially on the "IP route" here are my configs again, please check them and if you see where I went wrong please advice.

----------------------------------------------main router------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.100.254
ip route 192.168.0.0 255.255.255.0 192.168.200.2
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end


----------------------------------------------------------Second Router--------------------------

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.89 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end
0
 
shubhanshu_jaiswalCommented:
are there any types of logs coming when you do terminal monitor...
0
 
Kruno DžoićSystem EngineerCommented:
for testing purposes, why don't you add static route
0
 
Kruno DžoićSystem EngineerCommented:
ok, wait a minute, I get it all wrong,

you need to configure only WAN interface, and WAN subinterface to connect routers over pseudowire ( e-line ),
static route and rip is for routing not for layer 2 protocol
0
 
podium78Author Commented:
ok, I've read the link but didn't understand what should I do in my case.
let me explain the situation abit more, the two site has thier own routers that provide internet the two router that I just installed is just to interconnect the two sites, becasue in the future I will remove the ISP line in the second location and it will be getting the internet from the main location.
I hope I managed to clear my case abit more.
thank you in advance.
0
 
Ernie BeekExpertCommented:
So interface 4 is connecting the routers, what interface is connecting to the inside networks?
Is ther a specific need to have the same ip address on both networks? These are routers, they route between (different) networks and not with one network.....
0
 
podium78Author Commented:
right interface 4 is interconecting the router and interface 0 is the connected to the inside network.
it will be much better if I can have the same subnet on both networks but it's not a must, but I don't think the problem is the subnet, becasue for example I can't ping a pc=192.168.100.100  which is connected to the switch of Router 1 from the consol of the Router 2, but I can ping Router1 interace 4 from router2, and if am on the consol of Router1 I can ping that pc, so I didn't reach to the point to ping from a Pc on Router2 to a Pc on Router1.

having said that, I changed the subnet on the second router but still no luck, here are the last configs

-------------------------------------------------Router1--------------------------------------------


version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.2
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password spider78
 login
!
scheduler max-task-time 5000
end--------------------------------------------------Router2--------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 ip address 192.168.0.200 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.0.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end
0
 
Ernie BeekConnect With a Mentor ExpertCommented:
And if you assign the ip directly to the interface f0 instead of the vlan?
0
 
mpickreignConnect With a Mentor Commented:
It sounds to me like what you really need to do is setup a bridge.

Check out this doc, he applies it a little differently than you will, but it explains it fairly well and the example is exactly what I think you need to do.

http://gregsowell.com/?p=495
0
 
podium78Author Commented:
I can't because it L2 port.
0
 
Ernie BeekExpertCommented:
?
0
 
podium78Author Commented:
Hi Erniebeek,
I mean I can't give F0 Ip address becasue it is a switch port L2, it I try I get this MSG:
 "IP addresses may not be configured on L2 links FastEthernet0"
0
 
lomejordeestoCommented:
Why don't you setup a bridge, you need to remove the ip address on the interfaces that connect both routers and do this on each one. bridge-group 1. You have to do it on the vlan and fasethernet interfaces so they will be behaving like a real L2 connection.
0
 
podium78Author Commented:
Hi Iomerjordeesto,
it sounds perfect but am newbie to cisco could you please explain in details how to do it?
thank you in advance.
0
 
Ernie BeekConnect With a Mentor ExpertCommented:
Have a look at this link, it will give you some examples: http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dtbridge.html
0
 
podium78Author Commented:
Hello,
Ok I reconfigured the routers without Router rip, just static route and now everything is ok, thank you all very much.
0
 
Ernie BeekExpertCommented:
Good job!

Glad you solved it :)
0
All Courses

From novice to tech pro — start learning today.