Solved

Cisco, how to forward all from WAN to LAN and vice versa.

Posted on 2011-03-18
22
733 Views
Last Modified: 2012-06-27
Hello Experts,
I have two customer locations that am trying to connect using E-line (Layer2) instead of leased line, am using two Cisco routers 861, I was able to create the connection and while am in the console mode I can ping both router and telnet them from each other, my problem is I can’t get the traffic from the Pcs behind each outer to see the other PCs behind the other routers.
“ can’t get the outside traffic to pass to the inside traffic, and vice versa”, here are my config files for both routers

------------------------------------Router1------------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
 login
!
scheduler max-task-time 5000
end

------------------------------------Router2------------------------------------------


version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 no ip address
!
interface Vlan10
 ip address 192.168.100.89 255.255.255.0
!
!
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
password $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
 login
!
scheduler max-task-time 5000
end



so from router 1 (from withing the consol mode) I can ping 192.168.200.2 put can’t ping 192.168.100.100 which is a Pc behind the router2.
Thank you very much in advance.
0
Comment
Question by:podium78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 4
  • +4
22 Comments
 
LVL 5

Accepted Solution

by:
shubhanshu_jaiswal earned 100 total points
ID: 35163196
I guess you have same subnet defined for user segment at both the locations...so when the routing happens...Router thinks that the destination network is connected network and it is not routing...
0
 
LVL 11

Expert Comment

by:Kruno Džoić
ID: 35163260
router 2

interface FastEthernet4
 no ip address
shutdown
 duplex auto
 speed auto
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35163682
If it's a layer-2 connection, you don't really need routers. You could suffice with a layer 2 device: switch. Since both sides seem to be in the same ip range this could simplify things.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35163967
and you need to add the second router interfaces to VLAN 10:

interface FastEthernet0
 switchport access vlan 10
!
interface FastEthernet1
 switchport access vlan 10
!
interface FastEthernet2
 switchport access vlan 10
!
interface FastEthernet3
 switchport access vlan 10
0
 

Author Comment

by:podium78
ID: 35164417
thank you all for your replies.
1: @Jaisawl: the idea is to have layer2 connection so I need to have same subnet and it does work but am missing something.

2: @erniebeek: I tried conneect direcctly to the switches but it does not work, i have normal switches not cisco and am not going to buy new ones, again the way E-line work is with two routers I've seen it before but I don't know what am missing.

3:@M3rc74 and Ikalmar: I've check my config and reconfig the router, F4 was up but in my old post it showed that it was down also I removed Vlan10 and gave the ip address to Vlan1 and as far as I know F0-4 by default are on vlan1. I was reading on the net and I changed couple of things on the config especially on the "IP route" here are my configs again, please check them and if you see where I went wrong please advice.

----------------------------------------------main router------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.100.254
ip route 192.168.0.0 255.255.255.0 192.168.200.2
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end


----------------------------------------------------------Second Router--------------------------

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.89 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end
0
 
LVL 5

Expert Comment

by:shubhanshu_jaiswal
ID: 35164850
are there any types of logs coming when you do terminal monitor...
0
 
LVL 11

Expert Comment

by:Kruno Džoić
ID: 35164878
for testing purposes, why don't you add static route
0
 
LVL 11

Expert Comment

by:Kruno Džoić
ID: 35165151
ok, wait a minute, I get it all wrong,

you need to configure only WAN interface, and WAN subinterface to connect routers over pseudowire ( e-line ),
static route and rip is for routing not for layer 2 protocol
0
 
LVL 11

Assisted Solution

by:Kruno Džoić
Kruno Džoić earned 100 total points
ID: 35165162
0
 

Author Comment

by:podium78
ID: 35165567
ok, I've read the link but didn't understand what should I do in my case.
let me explain the situation abit more, the two site has thier own routers that provide internet the two router that I just installed is just to interconnect the two sites, becasue in the future I will remove the ISP line in the second location and it will be getting the internet from the main location.
I hope I managed to clear my case abit more.
thank you in advance.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35165599
So interface 4 is connecting the routers, what interface is connecting to the inside networks?
Is ther a specific need to have the same ip address on both networks? These are routers, they route between (different) networks and not with one network.....
0
 

Author Comment

by:podium78
ID: 35166080
right interface 4 is interconecting the router and interface 0 is the connected to the inside network.
it will be much better if I can have the same subnet on both networks but it's not a must, but I don't think the problem is the subnet, becasue for example I can't ping a pc=192.168.100.100  which is connected to the switch of Router 1 from the consol of the Router 2, but I can ping Router1 interace 4 from router2, and if am on the consol of Router1 I can ping that pc, so I didn't reach to the point to ping from a Pc on Router2 to a Pc on Router1.

having said that, I changed the subnet on the second router but still no luck, here are the last configs

-------------------------------------------------Router1--------------------------------------------


version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.2
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password spider78
 login
!
scheduler max-task-time 5000
end--------------------------------------------------Router2--------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 ip address 192.168.0.200 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.0.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end
0
 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 200 total points
ID: 35166280
And if you assign the ip directly to the interface f0 instead of the vlan?
0
 
LVL 4

Assisted Solution

by:mpickreign
mpickreign earned 100 total points
ID: 35168196
It sounds to me like what you really need to do is setup a bridge.

Check out this doc, he applies it a little differently than you will, but it explains it fairly well and the example is exactly what I think you need to do.

http://gregsowell.com/?p=495
0
 

Author Comment

by:podium78
ID: 35168203
I can't because it L2 port.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35168438
?
0
 

Author Comment

by:podium78
ID: 35171164
Hi Erniebeek,
I mean I can't give F0 Ip address becasue it is a switch port L2, it I try I get this MSG:
 "IP addresses may not be configured on L2 links FastEthernet0"
0
 
LVL 3

Expert Comment

by:lomejordeesto
ID: 35176672
Why don't you setup a bridge, you need to remove the ip address on the interfaces that connect both routers and do this on each one. bridge-group 1. You have to do it on the vlan and fasethernet interfaces so they will be behaving like a real L2 connection.
0
 

Author Comment

by:podium78
ID: 35179070
Hi Iomerjordeesto,
it sounds perfect but am newbie to cisco could you please explain in details how to do it?
thank you in advance.
0
 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 200 total points
ID: 35179360
Have a look at this link, it will give you some examples: http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dtbridge.html
0
 

Author Comment

by:podium78
ID: 35205537
Hello,
Ok I reconfigured the routers without Router rip, just static route and now everything is ok, thank you all very much.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35205539
Good job!

Glad you solved it :)
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ACL not working 11 64
connect to cisco 2690 series 6 74
Cisco ASA 5505 firewall open port 4 56
Unable to enable HWIC 2FE 2 30
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question