Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco, how to forward all from WAN to LAN and vice versa.

Posted on 2011-03-18
22
Medium Priority
?
746 Views
Last Modified: 2012-06-27
Hello Experts,
I have two customer locations that am trying to connect using E-line (Layer2) instead of leased line, am using two Cisco routers 861, I was able to create the connection and while am in the console mode I can ping both router and telnet them from each other, my problem is I can’t get the traffic from the Pcs behind each outer to see the other PCs behind the other routers.
“ can’t get the outside traffic to pass to the inside traffic, and vice versa”, here are my config files for both routers

------------------------------------Router1------------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
 login
!
scheduler max-task-time 5000
end

------------------------------------Router2------------------------------------------


version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 no ip address
!
interface Vlan10
 ip address 192.168.100.89 255.255.255.0
!
!
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
password $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
 login
!
scheduler max-task-time 5000
end



so from router 1 (from withing the consol mode) I can ping 192.168.200.2 put can’t ping 192.168.100.100 which is a Pc behind the router2.
Thank you very much in advance.
0
Comment
Question by:podium78
  • 7
  • 6
  • 4
  • +4
22 Comments
 
LVL 5

Accepted Solution

by:
shubhanshu_jaiswal earned 400 total points
ID: 35163196
I guess you have same subnet defined for user segment at both the locations...so when the routing happens...Router thinks that the destination network is connected network and it is not routing...
0
 
LVL 11

Expert Comment

by:Kruno Džoić
ID: 35163260
router 2

interface FastEthernet4
 no ip address
shutdown
 duplex auto
 speed auto
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35163682
If it's a layer-2 connection, you don't really need routers. You could suffice with a layer 2 device: switch. Since both sides seem to be in the same ip range this could simplify things.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35163967
and you need to add the second router interfaces to VLAN 10:

interface FastEthernet0
 switchport access vlan 10
!
interface FastEthernet1
 switchport access vlan 10
!
interface FastEthernet2
 switchport access vlan 10
!
interface FastEthernet3
 switchport access vlan 10
0
 

Author Comment

by:podium78
ID: 35164417
thank you all for your replies.
1: @Jaisawl: the idea is to have layer2 connection so I need to have same subnet and it does work but am missing something.

2: @erniebeek: I tried conneect direcctly to the switches but it does not work, i have normal switches not cisco and am not going to buy new ones, again the way E-line work is with two routers I've seen it before but I don't know what am missing.

3:@M3rc74 and Ikalmar: I've check my config and reconfig the router, F4 was up but in my old post it showed that it was down also I removed Vlan10 and gave the ip address to Vlan1 and as far as I know F0-4 by default are on vlan1. I was reading on the net and I changed couple of things on the config especially on the "IP route" here are my configs again, please check them and if you see where I went wrong please advice.

----------------------------------------------main router------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.100.254
ip route 192.168.0.0 255.255.255.0 192.168.200.2
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end


----------------------------------------------------------Second Router--------------------------

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.89 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end
0
 
LVL 5

Expert Comment

by:shubhanshu_jaiswal
ID: 35164850
are there any types of logs coming when you do terminal monitor...
0
 
LVL 11

Expert Comment

by:Kruno Džoić
ID: 35164878
for testing purposes, why don't you add static route
0
 
LVL 11

Expert Comment

by:Kruno Džoić
ID: 35165151
ok, wait a minute, I get it all wrong,

you need to configure only WAN interface, and WAN subinterface to connect routers over pseudowire ( e-line ),
static route and rip is for routing not for layer 2 protocol
0
 
LVL 11

Assisted Solution

by:Kruno Džoić
Kruno Džoić earned 400 total points
ID: 35165162
0
 

Author Comment

by:podium78
ID: 35165567
ok, I've read the link but didn't understand what should I do in my case.
let me explain the situation abit more, the two site has thier own routers that provide internet the two router that I just installed is just to interconnect the two sites, becasue in the future I will remove the ISP line in the second location and it will be getting the internet from the main location.
I hope I managed to clear my case abit more.
thank you in advance.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35165599
So interface 4 is connecting the routers, what interface is connecting to the inside networks?
Is ther a specific need to have the same ip address on both networks? These are routers, they route between (different) networks and not with one network.....
0
 

Author Comment

by:podium78
ID: 35166080
right interface 4 is interconecting the router and interface 0 is the connected to the inside network.
it will be much better if I can have the same subnet on both networks but it's not a must, but I don't think the problem is the subnet, becasue for example I can't ping a pc=192.168.100.100  which is connected to the switch of Router 1 from the consol of the Router 2, but I can ping Router1 interace 4 from router2, and if am on the consol of Router1 I can ping that pc, so I didn't reach to the point to ping from a Pc on Router2 to a Pc on Router1.

having said that, I changed the subnet on the second router but still no luck, here are the last configs

-------------------------------------------------Router1--------------------------------------------


version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.2
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password spider78
 login
!
scheduler max-task-time 5000
end--------------------------------------------------Router2--------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 ip address 192.168.0.200 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.0.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end
0
 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 800 total points
ID: 35166280
And if you assign the ip directly to the interface f0 instead of the vlan?
0
 
LVL 4

Assisted Solution

by:mpickreign
mpickreign earned 400 total points
ID: 35168196
It sounds to me like what you really need to do is setup a bridge.

Check out this doc, he applies it a little differently than you will, but it explains it fairly well and the example is exactly what I think you need to do.

http://gregsowell.com/?p=495
0
 

Author Comment

by:podium78
ID: 35168203
I can't because it L2 port.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35168438
?
0
 

Author Comment

by:podium78
ID: 35171164
Hi Erniebeek,
I mean I can't give F0 Ip address becasue it is a switch port L2, it I try I get this MSG:
 "IP addresses may not be configured on L2 links FastEthernet0"
0
 
LVL 3

Expert Comment

by:lomejordeesto
ID: 35176672
Why don't you setup a bridge, you need to remove the ip address on the interfaces that connect both routers and do this on each one. bridge-group 1. You have to do it on the vlan and fasethernet interfaces so they will be behaving like a real L2 connection.
0
 

Author Comment

by:podium78
ID: 35179070
Hi Iomerjordeesto,
it sounds perfect but am newbie to cisco could you please explain in details how to do it?
thank you in advance.
0
 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 800 total points
ID: 35179360
Have a look at this link, it will give you some examples: http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dtbridge.html
0
 

Author Comment

by:podium78
ID: 35205537
Hello,
Ok I reconfigured the routers without Router rip, just static route and now everything is ok, thank you all very much.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35205539
Good job!

Glad you solved it :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question