Solved

Cisco, how to forward all from WAN to LAN and vice versa.

Posted on 2011-03-18
22
721 Views
Last Modified: 2012-06-27
Hello Experts,
I have two customer locations that am trying to connect using E-line (Layer2) instead of leased line, am using two Cisco routers 861, I was able to create the connection and while am in the console mode I can ping both router and telnet them from each other, my problem is I can’t get the traffic from the Pcs behind each outer to see the other PCs behind the other routers.
“ can’t get the outside traffic to pass to the inside traffic, and vice versa”, here are my config files for both routers

------------------------------------Router1------------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
 login
!
scheduler max-task-time 5000
end

------------------------------------Router2------------------------------------------


version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 no ip address
!
interface Vlan10
 ip address 192.168.100.89 255.255.255.0
!
!
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
password $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
 login
!
scheduler max-task-time 5000
end



so from router 1 (from withing the consol mode) I can ping 192.168.200.2 put can’t ping 192.168.100.100 which is a Pc behind the router2.
Thank you very much in advance.
0
Comment
Question by:podium78
  • 7
  • 6
  • 4
  • +4
22 Comments
 
LVL 5

Accepted Solution

by:
shubhanshu_jaiswal earned 100 total points
ID: 35163196
I guess you have same subnet defined for user segment at both the locations...so when the routing happens...Router thinks that the destination network is connected network and it is not routing...
0
 
LVL 11

Expert Comment

by:M3rc74
ID: 35163260
router 2

interface FastEthernet4
 no ip address
shutdown
 duplex auto
 speed auto
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35163682
If it's a layer-2 connection, you don't really need routers. You could suffice with a layer 2 device: switch. Since both sides seem to be in the same ip range this could simplify things.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35163967
and you need to add the second router interfaces to VLAN 10:

interface FastEthernet0
 switchport access vlan 10
!
interface FastEthernet1
 switchport access vlan 10
!
interface FastEthernet2
 switchport access vlan 10
!
interface FastEthernet3
 switchport access vlan 10
0
 

Author Comment

by:podium78
ID: 35164417
thank you all for your replies.
1: @Jaisawl: the idea is to have layer2 connection so I need to have same subnet and it does work but am missing something.

2: @erniebeek: I tried conneect direcctly to the switches but it does not work, i have normal switches not cisco and am not going to buy new ones, again the way E-line work is with two routers I've seen it before but I don't know what am missing.

3:@M3rc74 and Ikalmar: I've check my config and reconfig the router, F4 was up but in my old post it showed that it was down also I removed Vlan10 and gave the ip address to Vlan1 and as far as I know F0-4 by default are on vlan1. I was reading on the net and I changed couple of things on the config especially on the "IP route" here are my configs again, please check them and if you see where I went wrong please advice.

----------------------------------------------main router------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.100.254
ip route 192.168.0.0 255.255.255.0 192.168.200.2
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end


----------------------------------------------------------Second Router--------------------------

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.89 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end
0
 
LVL 5

Expert Comment

by:shubhanshu_jaiswal
ID: 35164850
are there any types of logs coming when you do terminal monitor...
0
 
LVL 11

Expert Comment

by:M3rc74
ID: 35164878
for testing purposes, why don't you add static route
0
 
LVL 11

Expert Comment

by:M3rc74
ID: 35165151
ok, wait a minute, I get it all wrong,

you need to configure only WAN interface, and WAN subinterface to connect routers over pseudowire ( e-line ),
static route and rip is for routing not for layer 2 protocol
0
 
LVL 11

Assisted Solution

by:M3rc74
M3rc74 earned 100 total points
ID: 35165162
0
 

Author Comment

by:podium78
ID: 35165567
ok, I've read the link but didn't understand what should I do in my case.
let me explain the situation abit more, the two site has thier own routers that provide internet the two router that I just installed is just to interconnect the two sites, becasue in the future I will remove the ISP line in the second location and it will be getting the internet from the main location.
I hope I managed to clear my case abit more.
thank you in advance.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35165599
So interface 4 is connecting the routers, what interface is connecting to the inside networks?
Is ther a specific need to have the same ip address on both networks? These are routers, they route between (different) networks and not with one network.....
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:podium78
ID: 35166080
right interface 4 is interconecting the router and interface 0 is the connected to the inside network.
it will be much better if I can have the same subnet on both networks but it's not a must, but I don't think the problem is the subnet, becasue for example I can't ping a pc=192.168.100.100  which is connected to the switch of Router 1 from the consol of the Router 2, but I can ping Router1 interace 4 from router2, and if am on the consol of Router1 I can ping that pc, so I didn't reach to the point to ping from a Pc on Router2 to a Pc on Router1.

having said that, I changed the subnet on the second router but still no luck, here are the last configs

-------------------------------------------------Router1--------------------------------------------


version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaMainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.100.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.2
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password spider78
 login
!
scheduler max-task-time 5000
end--------------------------------------------------Router2--------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LatsiaSecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4.1
 encapsulation dot1Q 2
 ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
 ip address 192.168.0.200 255.255.255.0
!
interface Vlan10
 no ip address
!
router rip
 version 2
 network 192.168.0.0
 network 192.168.200.0
 no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end
0
 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 200 total points
ID: 35166280
And if you assign the ip directly to the interface f0 instead of the vlan?
0
 
LVL 4

Assisted Solution

by:mpickreign
mpickreign earned 100 total points
ID: 35168196
It sounds to me like what you really need to do is setup a bridge.

Check out this doc, he applies it a little differently than you will, but it explains it fairly well and the example is exactly what I think you need to do.

http://gregsowell.com/?p=495
0
 

Author Comment

by:podium78
ID: 35168203
I can't because it L2 port.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35168438
?
0
 

Author Comment

by:podium78
ID: 35171164
Hi Erniebeek,
I mean I can't give F0 Ip address becasue it is a switch port L2, it I try I get this MSG:
 "IP addresses may not be configured on L2 links FastEthernet0"
0
 
LVL 3

Expert Comment

by:lomejordeesto
ID: 35176672
Why don't you setup a bridge, you need to remove the ip address on the interfaces that connect both routers and do this on each one. bridge-group 1. You have to do it on the vlan and fasethernet interfaces so they will be behaving like a real L2 connection.
0
 

Author Comment

by:podium78
ID: 35179070
Hi Iomerjordeesto,
it sounds perfect but am newbie to cisco could you please explain in details how to do it?
thank you in advance.
0
 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 200 total points
ID: 35179360
Have a look at this link, it will give you some examples: http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dtbridge.html
0
 

Author Comment

by:podium78
ID: 35205537
Hello,
Ok I reconfigured the routers without Router rip, just static route and now everything is ok, thank you all very much.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35205539
Good job!

Glad you solved it :)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now