different subnets

[Chopsy666]

Hi,

I am not amazingly knowledgeable on networkign issues, but basicalli have an IPP print server that can not be on the network, however it must be able to use tcpip to print to those printers (the address scheme is a private 172 range) however the address of the print server is a Class C address so that another server outside of our company can communicate to it.

I understand that i can not use Nats so the traffic must come through directly. But how do i make this print server talk to the other printers that are on a different subnet, will i need to buy an additional router? why does just telling that printer the default gateway that the clients use not work? i presume all dns info is also useless as it cannot communicate with the dns servers at present. Or does/can another IP address be configured on the defualt gateway router?

Sadly i have a tight deadline on this and i am at a loss, any help would be most appreciated.

Thanks

 

[KiscoKid]

To be honest, NAT is screaming at me as the way forward here. When you say you cannot use NAT, is it because you don't know how to implement it or you don't have the equipment for it or some other reason?

If you have to have this print server on a public address (class C) whilst the rest of your network is on a private (172) address, you will need a router that can route internal traffic between this print server and the rest of the printers on your LAN.

This router will also need a public Class C address on its LAN interface to be able to route between both IP subnets.

As I've said before, this is a messy little solution. NAT is so much better if you can support it. I don't mind assisting with the NAT configuration if required.

 

[Chopsy666]

Hi KiscoKid,

Thanks for the offer of help, i reallt do appreciate it. Problem is i have been told that IPP has a bug in it and that therefore you can not use NATS with it, this is being dictated to us by a higher level so we have no choice in this sadly.

CAn an existing router be used or can a router only have 2 IP addresses, one on either sidee. For example, our set up is a router that the clients use as the default gateway which then routes to the firwall and then onto the outside facing router which again is owned by someone else so we cant touch it. Is it possible to use the existing Internal Router to do this job (it already is used for another subnet that was created years ago) or is a seperate router required.

Regards
Chopsy

 

[KiscoKid]

Hi Chopsy

Your existing router should certainly be able to do the job.

If it's a Cisco device, I can assist with the configuration as below. I'll assume the LAN interface (the one that faces the internal network) is fastethernet0/0 (also called fa0/0). I'll assume also that the public Class C address used is 212.44.57.50 (for the print server). You will need to know the passwords (there may be 2 of them) to access the router (if it's a Cisco device).

You can either console to the router (using a Cisco rollover/console cable) or telnet to the router (if you know its default gateway address). Either method will prompt for a password.

Assuming you get past this stage, you then need to enter enable mode as follows:

router> enable

It will prompt for another password (may not be the same as the last one). If you get past this stage, you will get to the following prompt:

router#

This is enable mode (also called the hash prompt). From here you can config the router for an additional LAN address as follows:

router#conf t
router(config)#int fa0/0
router(config-if)#ip address 212.44.57.254 255.255.255.0 secondary
router(config-if)#exit
router(config)#exit
router#write memory

I've assumed that 212.44.57.254 is an available address from your Class C public subnet. If it's not, substitute something more appropriate.

You can then test it works by trying to ping the server on its public Class C address from the router.

Hope this helps

 

[Chopsy666]

Wow that was prompt reply - Thanks KiscoKid!

O.K i will do as you recommend, just a couple of more pieces of info for you. Its a cisco c2600

the router has one side 172.16.1.50 fa0/0 this is the sider that all the users have as there default gateway.
fa1/0 is the otherside of the router 172.17.1.50 (this is a small remote subnet at 10mbps)

Can you please tell me what the below part does, i notice that it mentions secondary there, but as two ip addresses are already on it, will it not overwrite one of them (i.e whatever it currently considers as secondary) or fa0/0 which i guess is vital for the users as its their default gateway.

router(config)#int fa0/0
router(config-if)#ip address 212.44.57.254 255.255.255.0 secondary

Also is there anyway to backup/restore config info on a router incase i mess anything up by accident.

finally what is the default gateway, is it the first hop on route to the internet or last or is it the first hop to a new network/subnet, if last why do clients not point to the firewall or the routers outside of it which are owned by our service provider.

I look forward to your response, thank you for your help and increasing my knowledge a bit, i will let you know how it all goes

Best Regards
Chopsy

 

[KiscoKid]

Hi Chopsy

Taking your questions in turn:

1. If you specify secondary on an interface IP address, it will not overwrite the addresses already there. It will create a second secondary if one already exists.

2. You're right that a backup of the current configuration is a very good idea. Once you get into the enable (hash) prompt, you can issue the 'show run' command. This will display the entire current configuration. You can then copy and paste this into a text document. If it all goes wrong later on, you can either:

(i) Reload the router. This will restore the previous configuration assuming you HAVE NOT issues the 'write memory' command above in my previous script. The write memory command saves your config. So as you may appreciate this will mean that a reload will not rollback to your previous config.

(ii) Issue the 'write erase' command and reload the router. The router will come up with an 'out of the box' default configuration. You can then literally copy and paste the config you captured from your text file into the router.

3. The default gateway is an address that is on the same local subnet as a client but it is a device that is capable of routing to non-local subnets. Standard PC's and print servers on the same subnet can talk to each other without a router but will need a default gateway to talk to a device outside their subnet. So in answer to your question, it's the first hop device from the clients.

Hope this helps

 

[Chopsy666]

Hi KiscoKid,

Here is what i have copied and pasted, is it the case of just copy and pasting all of the below (including ! and Current Configuration:, and 'END') at the hash prompt, or should some parts be ommited, will i need to enter line by line too).

Will that then restore the router to its current state. I have replaced ip addresses with letters as i am not kowledgeable enough to know whether posting them on the internet would be a security risk.

Regards
Chopsy

Current configuration : 1145 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Pathlink1
!
enable password 7 random numbers
!
ip subnet-zero
!
!
no ip domain-lookup
!
!
!
!
interface FastEthernet0/0
description connected to ROH
ip address v.x.y.z 255.255.0.0
ip helper-address v.x.y.z
no keepalive
duplex auto
speed auto
!
interface Serial0/0
description old wan link
ip unnumbered FastEthernet0/0
encapsulation ppp
shutdown
!
interface Ethernet1/0
ip address v.x.y.z v.x.y.z
full-duplex
!
router rip
version 2
network x.y.v.v
no auto-summary
!
ip default-gateway v.x.y.z
ip classless
ip route 0.0.0.0 0.0.0.0 v.x.y.z
ip route v.x.y.z 255.255.0.0 v.x.y.z
ip route v.x.y.z 255.255.0.0 v.x.y.z
ip route v.x.y.z 255.255.255.0 v.x.y.z
ip route v.x.y.z 255.255.255.0 v.x.y.z
no ip http server
ip pim bidir-enable
!
route-map exit permit 10
!
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password 7 Random Numbers
login
line aux 0
line vty 0 4
password 7 Random Numbers
login
!
no scheduler allocate
end

 

[KiscoKid]

Hi again

It's ok to paste your real IP addresses if they are what we call private IP addresses (these usually begin 10.x.x.x or 172.x.x.x or 192.168.x.x). This is because they have local significance to your organisation only.

If you have to paste in the entire config, you can include everything you've copied - i.e. you don't have to omit anything.

 

[Chopsy666]

Hi Kisco Kid,

Just to let you know that i did as you instructed and as of 5pm last night all went well. I want to thank you for all the help you have given me, i really do appreciate it. You're a top person

Regards
Chopsy

 

[Chopsy666]

Hello again its me,

I have yet another problem, i need to now change the ip address i set as a secondary interface to another one with a different one. I believe if i follow the same insturctions as above i would just be creating another secondary interface. Does the KiscoKid or anyone else know the command to edit existing secondary interfaces, or do i just delete the existing one, if so i would greatly appreciate the syntax for this too,as this is all uncharted territory for me

Regards
Chopsy

 

[KiscoKid]

Hi Chopsy

Best thing to do is to delete the existing secondary address and re-add what you want. For example,

router#conf t
router(config)#int fa0/0
router(config-if)#no ip address 212.44.57.254 255.255.255.0 secondary
router(config-if)#ip address a.b.c.d 255.255.255.0 secondary
router(config-if)#exit
router(config)#exit

where a.b.c.d is the new secondary address you want to use.

Review your changes using the 'show running' command and, if happy, save your work with the 'write memory' command.

Hope this helps

 

[Chopsy666]

Thanks KiscoKid,

As per usual, you were most helpful, and most correct

Ive got another question which is slightly off topic but related to this whole 'project'

Im trying to get the ISP to subnet our range

e.g 193.227.234.0-255 into 4 subnets using a 255.255.255.192 mask. All packets must still be forwarded to our firewall on 193.227.224.2

Now on the ISP routers is it sufficient after making the ISP routers subnet mask 255.255.255.192(this is a pre-req) to simply have a static route of:

Ip route 193.227.234.0 255.255.255.192 193.227.234.2

on the router so the whole range gets routed to the firewall still. or would there have to be 4 routes with the additional ones of:

Ip route 193.227.234.64 255.255.255.192 193.227.234.2
Ip route 193.227.234.128 255.255.255.192 193.227.234.2
Ip route 193.227.234.192 255.255.255.192 193.227.234.2

Sorry if this doesnt make much sense, im kinda learning by experience at the moment

Regards
Chopsy