Help with Cisco1720 Routing

[UncleVan]

We have a T1 connected to a Cisco 1720 with CSU/DSU which is working fine. We are adding an additional block of ip addresses to our current network and need to add the new segment to our router. I have added it to the interface as below:

interface FastEthernet0
description connected to EthernetLAN
--> ip address YY.YYY.YY.65 255.255.255.240 secondary
ip address XXX.XXX.XX.225 255.255.255.224
no keepalive
speed auto

And have added an entry for routing the new network as below:

ip classless
ip route 0.0.0.0 0.0.0.0 Serial0.1
--> ip route YY.YYY.YY.64 255.255.255.240 XX.XXX.XX.226

The problem I'm having is then even thought I made these changes, traffic is still not being routed to the new network. The output of show ip route is below:

YY.0.0.0/28 is subnetted, 1 subnets
C YY.YYY.YY.64 is directly connected, FastEthernet0
XXX.XXX.XX.0/27 is subnetted, 1 subnets
C XXX.XXX.XX.224 is directly connected, FastEthernet0
S* 0.0.0.0/0 is directly connected, Serial0.1

What have I missed?

 

[writemem]

Could you explain a little more about the setup of your network are you simply adding the ip's to support more users on your lan or what? Also be careful with that ip secondary command. It can get confusing if you using any access lists. this is due to the fact that the source address shows in most cases (IOS depending) as the ip of the primary int ip. Where does the T-1 connect to, the internet or another office? fill me in i'd be glad to help. i also don't see an ip directly connected to a serial interface. I see the default route but no negotiated ip?

 

[UncleVan]

The T1 connection is to the internet and is the source for all inbound traffic. The recommended configuration from our ISP did not include an IP for the serial interface, and since it works we the way it is, we see no reason to add one there. The added ip's are for a DMZ which are on the other side of a firewall. The connections look like this:

T1->1720->Firewall->Internal Net using XXX.XXX.XX.225
|
V
DMZ using YY.YYY.YY.64 Network

 

[writemem]

Your ISP should have given you at least this info for your new block:
network
subnet
gateway(next hop router)

If so your ip secondary statement is correct but your isp is probably seeing you coming from the primary ip assigned to that interface.

You could try to create a subinterface so that ip xx.xxx.xx.224 is assigned to fastethernet 0
and
yy.yyy.yy.64 is assigned to fasethernet 0.1

that way they would both be primary ip's and it might correct your problem.

Can you ping the isp's nexthop router from the 1720 (i.e. what ever the gateway is for the new network)

MARK

 

[jeter]

if they added more ips are they in numerical order to your existing if so all you need to do is change your subnet mask. If not then we will need to know your application. The interface ip does not need to be changed only the ethernet it looks like a secondary would work however I have not tried it that way. Jeter@LasVegas.com
J.Fisher CCNA