Avatar of Chris
Chris
Flag for United States of America asked on

Need help adding routes

If someone wants to get paid to make the changes I need, I would be willing for that as well. 


I need help configuring a Cisco 2901. I am sure this is simple, but I have never done it. 

I am needing to Route the following networks to 206.22.28.46
192.110.68.0/24
192.224.101.0/24
207.187.74.167/32


Am I correct in adding this:

ip route 192.110.68.0 255.255.255.0 206.22.28.46
ip route 192.224.101.0 255.255.255.0 206.22.28.46
ip route 207.187.74.167 255.255.255.255 206.22.28.46


just below: 

ip route 0.0.0.0 0.0.0.0 172.30.20.3 


Below is my config:

____________________________________________________________________________


Current configuration : 3750 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname FC-C2901
!
boot-start-marker
boot-end-marker
!
!

!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
cts logging verbose
!

!
!

!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description LAN
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.1
 encapsulation dot1Q 1 native
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.10.20.2 255.255.255.0
!
interface GigabitEthernet0/0.100
 encapsulation dot1Q 100
 ip address 172.30.20.1 255.255.255.0
 ip helper-address 172.30.0.10
 ip helper-address 10.10.10.34
!
interface GigabitEthernet0/0.150
 encapsulation dot1Q 150
 ip address 172.30.40.1 255.255.255.0
!
interface GigabitEthernet0/0.410
 encapsulation dot1Q 410
 ip address 172.16.2.1 255.255.255.0
 ip helper-address 172.16.1.2
!
interface GigabitEthernet0/1
 no ip address
 ip pim sparse-mode
 shutdown
 duplex auto
 speed auto
!
!
router eigrp 100
 network 172.0.0.0
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 172.30.20.3


!
!
!
!
control-plane
!
!
!
line con 0
 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

CiscoNetworking

Avatar of undefined
Last Comment
Chris

8/22/2022 - Mon
Craig Beck

Hi Chris,

When you say you need to route the following networks to 206.22.28.46, what exactly do you mean?
RedNectar Chris Welsh

Hi Chris,
Your router has four interfaces, so only knows about those routes that are DIRECTLY CONNECTED to those interfaces. I.e. your router has these four IP addresses:
10.10.20.2 255.255.255.0
172.30.20.1 255.255.255.0
172.30.40.1 255.255.255.0
172.16.2.1 255.255.255.0
You can think of these addresses as the house numbers in four streets. The "255.255.255.0" MASK says that the house number is the last part of the address (where the 0 occurs in the MASK) and the rest is the "street" address.
SO your router only knows how to get to these four "streets" shall we say:
10.10.20._
172.30.20._
172.30.40._
172.16.2._
Plus, it has one more direction "ip route 0.0.0.0 0.0.0.0 172.30.20.3" which says "if you get a packet addressed to ANY address that is not one of the four local streets, deliver it to house No 3 in street 172.30.20._"

Now, in your question, you say you want to get to these "streets"
192.110.68._
192.224.101._
207.187.74.167 [This one is a bit tricky, because you are specifying just a particular street number, but that's OK]

BUT
The big problem is the way you are telling your router HOW to reach those streets, your IP route statements are saying
To get packets to to "192.110.68._" street, just deliver them to the house at 206.22.28.46
The problem is, your router ONLY knows how to get to  these four "streets"
10.10.20._
172.30.20._
172.30.40._
172.16.2._
It doesn't know HOW to get to 206.22.28._ street, so you configuration WON'T work
What you need to know is which "house" in one of the for streets you know about is the router that knows who to get to the destinations you need.
Given that you are already sending ALL remote traffic to  206.22.28.46, and we assume that that is not working, you have approximately 1000 other addresses you could choose - but 206.22.28.46 is NOT one of them

So you need to find out the IP address of the router that knows how to get to those destination networks, or even a router that knows how to get to 206.22.28.46

The most LIKELY choices (given YOUR router has IP addresses ending in ".1" is one of the following:
10.10.20.2
172.30.20.2
172.30.40.2
172.16.2.2

so you could try one of the following 4 choices:

CHOICE 1
ip route 192.110.68.0 255.255.255.0 10.10.20.2
ip route 192.224.101.0 255.255.255.0 10.10.20.2
ip route 207.187.74.167 255.255.255.255 10.10.20.2

CHOICE 2
ip route 192.110.68.0 255.255.255.0 172.30.20.2
ip route 192.224.101.0 255.255.255.0 172.30.20.2
ip route 207.187.74.167 255.255.255.255 172.30.20.2
 
CHOICE 3
ip route 192.110.68.0 255.255.255.0 172.30.40.2
ip route 192.224.101.0 255.255.255.0 172.30.40.2
ip route 207.187.74.167 255.255.255.255 172.30.40.2

CHOICE 4
ip route 192.110.68.0 255.255.255.0 172.16.2.2
ip route 192.224.101.0 255.255.255.0 172.16.2.2
ip route 207.187.74.167 255.255.255.255 172.16.2.2

Or actually find out which should be the next-hop IP address to put at the end of those statements.

As to WHERE you place it in the configuration (if you are sending the WHOLE configuration) it really doesn't matter where - the router will sort that out and put it in the right place - which will be just before or just after the ip route 0.0.0.0 0.0.0.0 172.30.20.3

RedNectar
Don Johnston

The standard way of adding a static route is the network, mask and next hop address. You're okay on the first two, but you are not connected to the next hop address.  So as mentioned, you would need to determine which of your interfaces you would go through to get to those networks.

Otherwise, you will need to create a recursive static route.  With a recursive route, when the router identifies the route and sees a "next hop" which is not connected, it then has to search the routing table again, to identify if it has a route to that address. If it finds an entry, it uses that next hop instead of the one you specified.

Definitely not the optimal approach to adding a route to the routing table.

Best to figure out what the actual next hop address is and use that. 
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Chris

ASKER
RedNectar,

I am going to have to my mind into what you wrote a little but am already following what you wrote a bit. Let me give a bit more information and maybe that will help with that information.

The 4 routes that it knows, are existing routes to our main location.

There is a new layer 3 switch that was installed at this site with a velocloud going to an outside network. What I am attempting to do is create a new route for traffic destined to that network.

I have a catalyst switch that I have port 48 plugged into the new layer 3 switch. I have done this per their instructions:

interface Vlan75
 ip address 206.22.28.43 255.255.255.240

interface GigabitEthernet1/0/48
 switchport trunk allowed vlan 75
 switchport mode trunk

Then I was told to do my original question which was specifically:
Route the following networks to 206.22.28.46
192.110.68.0/24
192.224.101.0/24
207.187.74.167/32

Now, I am thinking about this and wondering: Should it actually be routed to 206.22.28.43 not .46. And if that is the case, how would the rest be configured.

Also, The subnet used at this site is the 172.30.20.0/24 for the LAN. 

Craig Beck

That makes more sense. So they're saying they want you to route all traffic to 192.110.68.0/24, 192.224.101.0/24 and 207.187.74.167/32 via 206.22.28.46.

You need to put the .43 address on your router, not your switch. On the router do:
interface GigabitEthernet0/0.75
 encapsulation dot1Q 75
 ip address 206.22.28.43 255.255.255.240
!
ip route 192.110.68.0 255.255.255.0 206.22.28.46
ip route 192.224.101.0 255.255.255.0 206.22.28.46
ip route 207.187.74.167 255.255.255.255 206.22.28.46

Open in new window

On the switch, add VLAN 75 to the port where the router connects (if you have pruned the VLANs).
ASKER CERTIFIED SOLUTION
RedNectar Chris Welsh

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Chris

ASKER
From Catalyst switch:
                 Gig 1/0/47        151            R B S I CISCO2901 Gig 0/0.1
From Router:
     Gig 0/0.1         121              S I   WS-C2960X Gig 1/0/47

So the physical's appear to jive from each other.

Catalyst:
interface GigabitEthernet1/0/47
 switchport mode trunk

So no vlans defined, means all vlans correct? So should not need to configure anything different?

So if I am following you correctly, this is what I would do.

Catalyst switch:
--------------------------------------------------------------------------------------------
no interface Vlan75
no  ip address 206.22.28.43 255.255.255.240

Current config:
interface GigabitEthernet1/0/47
 switchport mode trunk

interface GigabitEthernet1/0/48
 switchport trunk allowed vlan 75
 switchport mode trunk

Port 1/0/47 connects to Router - No change because it should pass vlan 75
Port 1/0/48 connects to new layer 3 switch -No change because I only want vlan 75 traffic

Router:
Since it appears it is interface 0/0

interface GigabitEthernet0/0.75
encapsulation dot1q 75
ip address 206.22.28.43 255.255.255.240

ip route 192.110.68.0 255.255.255.0 206.22.28.46
ip route 192.224.101.0 255.255.255.0 206.22.28.46
ip route 207.187.74.167 255.255.255.255 206.22.28.46

Now, these routes work because the "street" will be the same as what is defined in the int gig 0/0.75 . I think I follow that.



Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Chris

ASKER
I made these changes. They specified they needed to make a change once I made these changes so it would route properly. However, these are the results at the moment.

I ping .43 and get a response
I ping .46 and get rto

And here is the actual config including all the changes.

Catalyst:

interface GigabitEthernet1/0/47
 switchport mode trunk
!
interface GigabitEthernet1/0/48
 switchport trunk allowed vlan 75
 switchport mode trunk

!
interface Vlan10
 ip address 10.10.20.1 255.255.255.0
!
interface Vlan100
 ip address 172.30.20.2 255.255.255.0

Router:

​interface GigabitEthernet0/0.75
 encapsulation dot1Q 75
 ip address 206.22.28.43 255.255.255.240
!
interface GigabitEthernet0/0.100
 encapsulation dot1Q 100
 ip address 172.30.20.1 255.255.255.0
 ip helper-address 172.30.0.10
 ip helper-address 10.10.10.34
!
interface GigabitEthernet0/0.150
 encapsulation dot1Q 150
 ip address 172.30.40.1 255.255.255.0
!
interface GigabitEthernet0/0.410
 encapsulation dot1Q 410
 ip address 172.16.2.1 255.255.255.0
 ip helper-address 172.16.1.2
!
interface GigabitEthernet0/1
 no ip address
 ip pim sparse-mode
 shutdown
 duplex auto
 speed auto
!
!
router eigrp 100
 network 172.0.0.0
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 172.30.20.3
ip route 192.110.68.0 255.255.255.0 206.22.28.46
ip route 192.224.101.0 255.255.255.0 206.22.28.46
ip route 207.187.74.167 255.255.255.255 206.22.28.46


​​​​​
RedNectar Chris Welsh

Hi Chris,
When you say
I ping .43 and get a response

I ping .46 and get rto
I'm assuming that you are doing the ping from the ROUTER. Am I correct?
If so, then it would seem that either the service provider has not yet configured 206.22.28.46 yet.
So that may be precisely what they mean when they say that "they needed to make a change once I made these changes so it would route properly"

YOU PROBABLY DON'T NEED THIS BELOW HERE, but..

IF you want to do a bit more checking between the router and the Catalyst switch, do this:
FROM the router:
ping all the IP addresses between 206.22.28.33 and 45 - hopefully you get no reply on at least ONE of them - you can stop if any of these IPs times out - note that address. I'll assume you'll be lucky enough to get a timeout on 206.22.28.33

ON THE CATALYST SWITCH
configure terminal
interface vlan 75
ip address 206.22.28.33 255.255.255.240 !or substitute any IP address that timed out
no shutdown
end

Open in new window

ON THE ROUTER
try to ping the IP address you configured on the switch (say 203.22.28.33)
IF that works, you have verified that VLAN 75 is happy between your router and the switch, and you should assume that you have done all you need to do (almost - see CLEAN UP below)

IF NOT
Try this ON THE CATALYST SWITCH (should NOT be necessary thoough)
 
enable
configure terminal


interface GigabitEthernet1/0/47
 switchport trunk allowed vlan 75
end
copy run start

Open in new window

and try again
IF that doesn't work - check the cabling 
CLEAN UP
You should remove the temporary IP address you assigned to VLAN 75 on the switch to be safe.
configure terminal
no interface vlan 75
end
copy run start

Open in new window

Let us know how you go

Chris

ASKER
So, I went ahead and tried the following:

Catalyst:

interface Vlan75
 ip address 206.22.28.44 255.255.255.240

I am unable to ping 206.22.28.44 from the Router, however I am unable to ping 206.22.28.44 from the catalyst either.

I am able to ping 206.22.28.43 from both the Catalyst and the Router.

I did not want to chance losing access so I then tried:

Catalyst:

config t
int gig 1/0/47
switchport trunk allowed vlan all
end

Same result

Cabling:

All of the vlans configured work and are all off the same 2 ports. Catalyst 1/0/47 <-> Router 0/0

Could it be a cabling issue where the others work but this new one is not? 
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
RedNectar Chris Welsh

Hi Chris,
Sorry I missed your earlier reply - but I'm pretty sure Craig is on the money now!
RedNectar
Chris

ASKER
When I added:
interface GigabitEthernet1/0/48
 switchport trunk allowed vlan 75
 switchport mode trunk
I wondered why it did not add the vlan, because I remembered it adding it automatically before. I bet it added it automatically when I configured a access port to use vlan XX not just allowing vlan XX on a trunk.

But as soon as I added that, boom started pinging on .44

You 2 are fabulous. Hopefully they do not need me for anything else, but I know exactly where to turn if I need help. Thank you both again so much.