Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
7
Replies

Frame trunk w/ 4 remotes, users cannot map to other remote on same trunk

lhoyle
Level 1
Level 1

‎09-22-2004 08:35 AM - edited ‎03-02-2019 06:41 PM

I have 3 frame trunks, each with 4 remotes (all hub and spoke topology). This has not come up before now as we have always split cities with 2 offices up to different trunks. But now we have 1 city with 2 locations on the same trunk. Abit about our config. we have 1760's at all the remotes, using a subinterface with "frame-relay interface-dlci (remote dlci)". We can ping from router to router with good times, but a traceroute gets nowhere. I have added a static route from one leg to the other via the core router (non-Cisco), but traceroute still fails. Consequently, the manager for both sites cannot map a drive to the main site from the other site. Any help will be appreciated.

Thanks,

Lee

Labels:
0 Helpful
7 Replies 7

Richard Burts
Hall of Fame
Hall of Fame

‎09-22-2004 09:01 AM

You describe the configuration of the remote as being a subinterface (which I assume to mean a point to point subinterface). But you do not tell us about the configuration of the central site. Does it configure separate subinterfaces for each remote or does it configure a multipoint interface for the remotes? One way to determine this is whether the remotes in the trunk all have IP addresses in the same subnet (this would be multipoint) or have IP addresses in separate subnets (this would be point to point and is generally considered to be best practice).

If it is a multipoint config there are a couple of issues that might be involved. One is a question of frame relay mapping - does the remote router know which DLCI to use to get to the other remote router IP address?

The other issue that may be involved if the central site is multipoint is the issue of split horizon. With split horizon the central site will not advertise information about one spoke to other spokes on the same trunk. This is particularly an issue with Distance Vector based routing protocols. Cisco routers do have the ability to turn off split horizon.

As I read your post again there is something that puzzles me. If I am reading it correctly you are saying that you can ping from remote to remote but that traceroute fails from remote to remote. If that is correct then the issue is more likely to be some kind of filter than it is to be a routing issue. Can you clarify who has connectivity to whom?

HTH

Rick

HTH

Rick
0 Helpful

lhoyle
Level 1
Level 1
In response to Richard Burts

‎09-22-2004 09:40 AM

The central site is a Nortel BCN with a multi-point interface that reads the DLCI's in kind of a promiscous mode (we don't have to put them in).

We are moving over to several 2691's to replace the BCN, but that's next year.

Here's the output from ping and traceroute. I am trying to get to another leg. We are using RIPv2 due to the older core router.

ping 10.10.11.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.11.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms

woodward-walmart-router#traceroute 10.10.11.1

Type escape sequence to abort.

Tracing the route to 10.10.11.1

1 10.10.10.65 12 msec 12 msec 12 msec

2 * * *

3 * * *

4 * * *

5 * * *

6 *

Thanks for your help.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to lhoyle

‎09-22-2004 10:52 AM

When you tell me that the central site is multipoint and that you are running RIPv2, then my first thought is that the problem is likely to be split horizon.

But if the ping is successful, then it does not seem that it would be a split horizon problem. (If the ping works then it looks like you have a route how to get there and they have a route how to get back to you.)

In my experience when one application (like ping) does work and some other application (like traceroute) does not work, then the problem is less likely to be a routing issue and more likely to be an issue like some kind of filter somewhere in the data path. Are there any filters or access lists on the central site or at the remote?

Can you provide any specifics about the topology of the network? I notice that you trace to 10.10.11.1 and the first hop response comes from 10.10.10.65. What is the address of the router where you are pinging and tracerouting? And what is the subnet mask on the interfaces?

It might also be helpful if you could post the output from show ip route and show frame-relay map.

HTH

Rick

HTH

Rick
0 Helpful

lhoyle
Level 1
Level 1
In response to Richard Burts

‎09-22-2004 12:33 PM

Sorry for the confusion. He's about all I can tell you (financial institution). The 4 legs and host site are all in the 10.10.10.64/29 subnet. The 10.10.10.65 address is the host site (main bank). 10.10.11.1 is the F0/0 on the router for site #1 and I am pinging from site #2 (both are legs on this trunk). There is NO filtering that I know about between the sites. I imagine it's split horizon also, from the reading that I have done today. I guess my best bet would be to re-configure the sub-interfaces as multi-point and use "frame-relay map ip (host IP address) (my DLCI)" instead of the way that I am doing it now.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to lhoyle

‎09-22-2004 12:54 PM

I understand the need to be careful about information being desiminated - I have worked for and with financial institutions.

Most of what you have described leads me to suspect a split horizon issue. However I am very puzzled about the ping working. If there is really a split horizon problem then how does the ping work?

So let me suggest a few things. If you see this behavior when site #2 attempts to access site #1, what do you see if site #1 attempts to access site #2. Do you have the same symptoms of ping works but traceroute does not?

Also I would suggest trying a debug at site #1. To limit the debug output you can use an access list. Create an extended access list which permite traffic from site #2:

access-list 199 permit ip host 10.10.10. any

Then run debug at site 1: debug ip packet 199

Be sure to do terminal monitor so that you will see the debug output. Then try ping and try traceroute and whatever else you want. If the packets are getting to site 1 you should see debug output.

If you confirm that ping packets do get there but that traceroute packets do not get there, then I must think that something along the path is protocol sensitive - and that feels like a filter somewhere.

HTH

Rick

HTH

Rick
0 Helpful

lhoyle
Level 1
Level 1
In response to Richard Burts

‎09-23-2004 06:35 AM

The ping only works because I put in a static route to the ethernet side of router #2 on router #1 with a gateway address which is the multi-point Nortel router. My boss, the Nortell guru, tells me that turning off split horizon on the BCN would be harardous to our health.

I found our that the 1st 2691 we will get to move away from the BCN is going to be done next quarter. So I don't feel so bad. The manager of the 2 involved sites is only at the smaller site occasionally. I'll see if I can get her to wait until I get the 2691 in place. I'll configure the 2691 with as 4 point-to-point sub-interfaces to the point-to-points on the legs. I have plenty of address space for those new subnets.

Does that sound like a good strategy?

Thanks for your help.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to lhoyle

‎09-23-2004 07:10 AM

If the static route made the ping work, why did it not also make the traceroute work?

I agree that configuring the central site as 4 point to point subinterfaces is a good strategy.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card