ASAP Help!!! Basic Route for WAN in 1720

[underzen]

Here is my situation. The guy from Sprint left because a dispute with my boss. Our 56k leased line is up and functioning. When I am inside router A i can ping router B and vice versa. The problem that I am having is that non of the pc's on the network for router A can see the pc's in router B. I am able to ping router A and B from a pc on the network on router A or B, I just can't ping any of the pc's from network A to network B. Here is the configuration that the Sprint guys started. I am not a Cisco guy but have a little bit of router expierence. The Sprint guy was in the middle of configuring the routers and then got into an argument and walked out. So any help here would be appreciated.

Using 1014 out of 29688 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco1720
!
enable password 7 09414304
!
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
!
!
!
!
interface Serial0

description connected to CorporateNetwork
ip unnumbered FastEthernet0
no ip directed-broadcast
encapsulation ppp
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet0
description connected to EthernetLAN
ip address 10.1.1.100 255.255.255.0
no ip directed-broadcast
no keepalive
!
router rip
version 2
passive-interface Serial0
network 10.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 10.1.1.0 255.255.255.0 FastEthernet0
no ip http server
!
snmp-server engineID local 00000009020000B064C761D9
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password 7 07022C41
login
transport input none
line aux 0
line vty 0 4
password 7 07022C41
login
!
no scheduler allocate
end

 

[underzen]

I forgot to mention. Our lan on router A is 10.1.1.0 255.255.255.0
On router B our lan is 10.1.2.0 255.255.255.0



thanks again for all your help

 

[svermill]

Not a very clean config. Why would you need a static route to an attached network? And why a default route on a closed point-to-point network? Enter static routes on each router to the network on the opposite end. Also, make sure the hosts have the correct default gateway entered.

Finally, is there something on your LAN that requires RIP? Sometimes that's true, but usually you don't want to enable a routing protocol and then make your WAN connection passive. It just wastes processor cycles and memory.

The abrupt departure of your Sprint rep wasn't too great a loss. Maybe your boss was asking him what the heck he was doing.

 

[jeter]

Where is this located? Svermill is right this config is out there. Now I work for Sprint so I am not going to give details unless I can find out what the issue is with you and the company. Lets try to come to a peaceful solution here so that you can move forward.

If you can provide a work order number and or anything I will see what I can do to help. Jeter@LasVegas.com
Fisher CCNA
Sprint-Data

 

[svermill]

Of course, I guess we have to leave open the possibility that this guy was fixing a mess of a config and didn't finish the job. Maybe he was undoing rather than doing.

 

[wybnormal]

Why have a static? because if there multiple gateways/subnets on the lan. For example, I have a client where the ISA server(software router) is the default gateway to the DMZ and internet. But.. on the LAN there is a 2nd subnet used for some leftover host apps where the IPs can not change. There is a multihomed NT box right now(soon to leave) providing the gateway to that net. They were custom config'ing certain workstations to talk to that box and not being able to see the internet. I showed them how to put a static route in the ISA box that says if you want ABC network, then go back onto the LAN over to the NT box as the next hop. IF the NT box was not there.. it would point to the interface and send the packet on it's way. This is very commonly done.. not clean but it's effective.

MikeS
Find me at

http://www.packetattack.com

"The trouble with giving up civil rights is that you never get them back"

 

[underzen]

I want to start and thank everyone for their help. I am not a router guy. I have played with a few Cisco routers here and there. There apparently was an arguement with the Sprint guy over the amount of time it was taking him to install the router. The guys was France and spoke very little english. Why Sprint would hire such a guy is beyond me.

Svermill,
I am not very Cisco IOS fluent so bare with me . When you mean why there is a static route to a connected network, you mean the route back to local ethernet? I was wondering the same thing when I looked at this. The Sprint guy was there for close to 8 hours and seemed really pissed when he was working so maybe he didn't know what he was doing. The default route on the closed PPP network is the 0.0.0.0 0.0.0.0 Serial0, right? I don't know. What should it be? When you say enter the static routes to the network on the other end you mean if I wanted hosts on router A with a network of 10.1.1.0 255.255.255.0 to access hosts on router B with a network of 10.1.2.0 255.255.255.0 then on router A I should:
ip route 10.1.2.0 255.255.255.0 Serial0
The config is still in the routers from when the tech walked out. Should I still keep the ip unnumbered FastEthernet0 on the serial0? Should I even keep the IP classless option since this is a closed ppp connection?

Thanks again to all of you for your help. I am not a CCNA and this is last minute thing my boss wants me to try and figure out with out having to go through Sprint again.




Thanks for all your help

 

[svermill]

wybnormal,

That sounds pretty wild. I'd have to see a drawing to understand it, but I'll take your word for it. I still see that the router automatically has a route because it is a connected network, but I sense that there is something I'm not getting.

underzen,

Yes, you have the static route concept figured out.

As for the default, it probably isn't necessary. If you expect traffic to be showing up at the router that it doesn't have a route entry for, and the next upstream router can get it to it's destination, the default will be useful. Otherwise, it won't be. Doesn't hurt either way.

As for the unnumbered interface, I would give it an IP since this looks like a closed private connection. But it should work either way.

As for classless, that requires a little too much explanation for what you are trying to immediately accomplish. IP classless is now the default in Cisco IOS so just leave it that way.

Keep us posted.

Scott

 

[svermill]

wybnormal,

I'm still intrigued by your earlier explanation about the static route. I can see a situation where you might want to point back towards the LAN to reach some other network. But I still can't see why you need to point to the network in which the LAN interface is addressed. From above:

interface FastEthernet0
description connected to EthernetLAN
ip address 10.1.1.100 255.255.255.0

ip route 10.1.1.0 255.255.255.0 FastEthernet0

???????????

The router wouldn't handle traffic on 10.1.1.0 destined for another host on 10.1.1.0 (with the exception of 10.1.1.100 of course). As for incoming traffic from a serial interface, the router already knows where 10.1.1.0 is - its connected.

What am I missing?

Thanks much,

Scott

 

[jdavis1]

svermill -

I agree that it makes no sense to put a static route in for a connected network. IOS will install that route automatically. It probably doesn't hurt anything, but it it isn't necessary.

If I understand this problem correctly, the 2 networks and the 2 routers that underzen mentions are on opposite ends of the serial link on S0. If these are the only 2 routers in the network than running a routing protocol like RIPv2 is probably overkill. On the other hand, if this is part of a much larger network than running a routing protocol makes a lot of sense.

I'm not sure how router at the other end is configured (running RIPv2?). If not, I would bet that if you issue a "show ip route" command you will have a route to 10.0.0.0/8 pointing at Null0, meaning any traffic bound for anything within the 10.0.0.0 network other than the connected subnet will drop off the face of the earth. The "show ip route" and a "show ip proto" command will give you a lot more info as to how the other router is configured.

-Jeff

 

[underzen]

Hey thanks guys! I got the routers up and running today. Both routers are running RIP version 2. I left the ip unnumbered in place not that I wanted to but when the routers started working I did not want to mess it up, lol. I do not have the config output with me but what I did was this.

Router A
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 10.1.2.0 255.255.255.0 10.1.2.100


Router B
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 10.1.1.0 255.255.255.0 10.1.1.100


I had to keep the default ip route because when I would delete it I couldn't ping the other router for what ever reason. I also had to add a next hop in our AS/400. Everything is up and running. I have learned alot from doing this and from you all. Thanks again.

I would be curious to know how much additional traffic RIP causes. We have only 5 hosts on router B and 15 hosts on Router A. Each router has 32 megs of RAM. I do not think this will be a problem.

Thanks again all!!!!!

 

[svermill]

RIP won't be a big issue. It is based on the number of networks (routes) - not hosts. However, with passive interface statements on your serial interfaces, it isn't working between the routers anyway and is just dumping a small amount of unnecessary traffic on your LANs.

Your static routes didn't work probably because of the unnumbered scheme. If you had put:

'ip route 10.1.2.0 255.255.255.0 s0'

it probably would have worked. Or if you had put 10.1.3.0 between the routers, it would have been something like:

'ip route 10.1.2.0 255.255.255.0 10.1.3.2'

Regards,

Scott

 

[underzen]

svermill,

Thats exactly what I did. I saw that the Sprint guy was using the ip unnumberd scheme so I did. Then I did a route like:
ip route 10.1.2.0 255.255.255.0 Serial0

and it didn't work. But now its working like I had described above. Thanks again!!

Eric

 

[svermill]

Eric,

This is why I don't like unnumbered. You are clearing some old cobwebs, since I haven't used it in so long. I think there is some workaround, like installing a static route to the ip that the distant end unnumbered interface references, and then installing a route to the subnet via that IP. Or something messy like that. In any case, you solved your immediate problem, which was basic connectivity. Congratualtions.

Regards,

Scott

 

[underzen]

Hey thanks again scott for all your help. Hopefully in the future I will actually get CCNA certified and then the higher up certs for cisco. I really fell in love with the cisco IOS after this learning process and could defitnely see myself doing this for a living.

Thanks again

Eric

 

[wybnormal]

Unnumbered interfaces are a pain in the butt .. as we see here..

Back to my *interesting* network

If you think about what I described, it makes perfect sense.

If your router has a default router of 0.0.0.0 0.0.0.0 something.. the router gets the packet and then looks at to see if it knows where to forward the packet. If there is not ANY route to forward the packet to, then the default is used. This is important to remember.

When you put in the static.. admin distance is 1 where connected is 0. So the router will get the packet.. the subnet is NOT connected so it's going to route.. the static is now looked at.. correct subnet? yes, I know where to send it.. right back out the interface it came in on over to the next hop router/device/etc.


internet---ISAdefaultGW-----subnet1 and 2
|
|---2ndGW-NT4 for subnet2

WS on subnet1 wants subnet 2.. default gateway has ONE interface on LAN.. next gateway for subnet 2 is on LAN with 2 nics.. one on subnet1 and one on subnet2. Subnet 2 is a legacy host.

Packet is directed to default gateway from workstation.. default gateway does not have a directly connected subnet2 but it DOES have the static route to tell it to forward packet over to the 2nd gateway going back out the incoming interface(this is legal but messy) The 2nd gateway gets the packet and passes it to the host.. the path is complete now.

The ONLY reason I suggested this to the client is due to existing hardware issues, it's only 3 workstations with a Reflections based app that is going away in the near future but they had to have it for now. This is not elegant nore recommended for a *normal* network due to the traffic issues on the ethernet port of it doing double duty. This is alot more common then you might think.



MikeS
Find me at

http://www.packetattack.com

"The trouble with giving up civil rights is that you never get them back"

 

[svermill]

MikeS,

Your drawing helps to understand what the intent is. However, I remain foggy. First of all, the default route concept is a no-brainer. However, administrative distance is 1 if the static points to a next hop IP. It is 0 (and considered to be directly attached) if it points to an interface. In the config of the orignal post, there is a static route to the network (not a host) via the interface on which that network resides.

I also suspect that in your config above, you are entering a static to the 2ndGW-NT4 (or at least that subnet?) - not right back to subnet 1 via a static back to the same interface. Why put the same exact traffic back on the network from which the router picket it up without specifying anything but the interface on which it arrived? Again, in the orginal config above, we are talking about one single subnet (10.1.1.0 255.255.255.0). You are clearly talking about two different subnets.

Regards,

Scott

 

[wybnormal]

Ahh- Let me give you another example but if you want a map, I'll do it later tonight.. A client had two 4500s.. one was the primary gateway and the 2nd was a secondary gateway for some DLSW stuff. There was a requirement for reasons not to be discussed here to use policy routing to grab the HTTP traffic, reroute back out the incoming interface and over to the 2nd gatway.. all on the same subnet.. 172.16.x.x

Was it clean? no way.. did it work ? yes.. would I do it again.. yes, if I had no other choice and in this case there was not any other choice for the time being.

MikeS
Find me at

http://www.packetattack.com

"The trouble with giving up civil rights is that you never get them back"

 

[svermill]

MikeS,

Thanks again for hangin in there with me. But before you go to the trouble to draw something up, let me recommend that you set up an ethernet interface with the following address:

from above...

'int f0'
'ip address 10.1.1.100 255.255.255.0'

now,

'sh ip route'

10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly attached, f0

Now, also from above, add...

'conf t'
'ip route 10.1.1.0 255.255.255.0 f0'

now,

'sh ip route'

10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly attached, f0


Any difference? Of course not. It was already directly attached before the static route referencing the interface to which the network is attached.

Now you seem to be talking about policy routing and perhaps some host routes from one gateway to another. No problem with that concept at all.

Scott

 

[underzen]

Wow, looks like I started a good thread and got some minds thinking.

Keep up the great work!

Eric