11-07-2021 01:46 PM
Hi guys,
I've got a Cisco 2612 router and trying to route traffic between my Ethernet network (192.168.1.0/24) and TokenRing network (192.168.2.0/24). I'm trying to create a bridge between both networks.
The router has the interface Ethernet0/0 configured as 192.168.1.101 and the TokenRing0/0 interface configured with 192.168.2.1.
On the actual router I can ping both interfaces do I need to setup a static route? If so how?
Thanks,
11-11-2021 07:16 AM
It seems to me that there is a fundamental choice about how to connect devices on Token Ring to devices on Ethernet. One choice is to use bridging (layer 2 forwarding). If you want bridging then you do need translational bridging - remember that the bit order in Token Ring is the reverse of the bit order in Ethernet. So the bit swap really is needed. And perhaps something else as well. There is some question about whether this device and this version of code fully support this solution.
The other choice is to use routing (layer 3 forwarding). For several reasons I believe that a routing solution (as suggested when the network had 2 subnets) is the better choice. If you want to try this approach I suggest removing the parts of the config related to bridging
bridge crb
bridge 1 protocol ieee
bridge 1 bitswap-layer3-addresses
bridge 1 route ip
I see a DHCP pool for the token ring devices and it does set the default gateway as the router (which is correct). How are the devices on Ethernet getting their addressing information? Is there another DHCP server somewhere? Do the Ethernet connected devices have their default gateway set to 192.168.1.101?
11-11-2021 07:56 AM
@Richard Burts wrote:I see a DHCP pool for the token ring devices and it does set the default gateway as the router (which is correct). How are the devices on Ethernet getting their addressing information? Is there another DHCP server somewhere? Do the Ethernet connected devices have their default gateway set to 192.168.1.101?
Thanks Richard. Before I go back to the Layer 3 routing solution does my iOS need to have "Source Route Bridging" ? Because the version I'm using does not have those commands.
On the last config I posted using a BVI my ethernet devices get the DHCP IP's from 192.168.1.1 which is the main router/firewall on the network. I wanted to use the same DHCP server for the token ring network too but its not working the token ring clients cant see all of the 192.168.1.0/24 subnet for some reason?
Effectively the Cisco 2600 router is only being use to connect token ring to ethernet. Nothing else. I
11-11-2021 09:26 AM
You ask "does my iOS need to have "Source Route Bridging" ?" in answering this we need to be careful about the context in which you want to operate. If you are looking at a layer 2 forwarding/bridging solution then yes your router does need source route bridging. If you are looking at a layer 3 forwarding/routing solution then no your router does not need source route bridging.
With a slightly better understanding of your network environment I believe that I can see another potential problem when implementing the routing solution. Your token ring devices will have this router as their default gateway. But it appears that your Ethernet devices probably have their default gateway as the main router. And my guess is that this main router does not know about the 192.168.2.0 network. Add a static route for the new network on that router with 192.168.1.101 as the next hop so that it can route to the new network. And it would be good to add a static default rotute on this router with 192.168.1.1 as the next hop so that the token ring devices can access more than the 192.168.1.0 network.
11-11-2021 09:41 AM
Amazing Richard,
Ok yes on my ethernet router I have the static route for 192.168.2.1 setup pointing to the Cisco 2600 on 192.168.1.101 so the devices on the ethernet network reach the token ring network.
@Richard Burts wrote:And it would be good to add a static default route on this router with 192.168.1.1 as the next hop so that the token ring devices can access more than the 192.168.1.0 network.
I don't understand this part? Do you mean create this static route on the token ring devices or on the Cisco 2600 router? Your right the token ring cant access all of 192.168.1.0 subnet. Only some machines.
The last anomaly is one of the devices on the token ring network is getting an DHCP ip of 192.168.2.4 from the Cisco 2600 IP helper pool I configured. I see its entry in the arp table. It can be pinged from the clients on the token ring network (And the Cisco 2600 router) but cannot be pinged from clients on the ethernet network. This device in question is an IBM 8235 remote access box. I'm not sure that is blocking the ping only to that device. Could it be a routing problem? Why only that device?
11-11-2021 10:07 AM
It is good to know that your main router, 192.168.1.1 does have a static route for 192.168.2.0 with the 2600 as the next hop. I would expect this should allow devices on the Token Ring to communicate with Ethernet devices on 192.168.1.0. My comment about a static default route was about whether your Token Ring devices need to communicate with any network beyond 192.168.1.0. Let me think a bit about your anomaly and respond about that later.
11-11-2021 10:49 AM
I am not familiar with 8235. I wonder if it has some security logic that does allow ping from "local" sources but not from "remote" sources. As one test I would suggest doing a normal ping from the 2600 to the 8235 (which should work) and then doing a ping from the 2600 in which you specify the source address of the ping as 192.168.1.101. (on the 2600 you probably need to be in privilege mode and do extended ping to be able o specify a source address). If the first ping works and the second ping fails then the only difference is the address the ping is coming from and would sure seem to point at something on the 8235 preventing the ping.
11-11-2021 12:56 PM
So pinging the 8235 normally from the 2600 works. Pinging using the source 192.168.1.101 does not. So As you mentioned there must be something on the 8235 that blocks this behaviour. I'll try and investigate further and report back.
Regarding the token ring network communicating beyond 192.168.1.0 where would I need to configure? On the 2600?
11-11-2021 08:24 PM
I have several things to respond to.
- in reading through the discussion you noted that "I wanted to use the same DHCP server for the token ring network too but its not working" I believe that the issue there is that with the BVI you are doing regular bridging. But in trying to bridge between Token Ring and Ethernet you have to manage the differences in bit order Token Ring and Ethernet. There is not anything in the BVI configuration to bit swap the mac address as the frame goes from Token Ring to Ethernet.
- I have another thought about the anomaly with the 8235. It has an IP address in the 192.168.2.0 network and you see its mac address in the arp table. Is it possible that the configuration of the 8235 has something for its default gateway different from 192.168.2.1 (the IP of the 2600 router)? If it has an incorrect default gateway (or no gateway at all) then it would respond to requests from the local network but not from any remote network.
- if you want the token ring network to communicate further than the 192.168.1.0 network then at a minimum you would need some routing logic on the 2600. That routing logic might come from running a dynamic routing protocol. But the simple thing would be to configure some static route(s). If there are other private networks in your environment then you might want static routes on 2600 for those networks. If you want the Token Ring devices to be able to access the Internet then you would want a static default route on the 2600. And to provide Internet access you would also need to configure address translation for the 192.168.2.0 network (do this where ever your other address translation is being done)
11-12-2021 02:19 AM
@Richard Burts wrote:I have several things to respond to.
- in reading through the discussion you noted that "I wanted to use the same DHCP server for the token ring network too but its not working" I believe that the issue there is that with the BVI you are doing regular bridging. But in trying to bridge between Token Ring and Ethernet you have to manage the differences in bit order Token Ring and Ethernet. There is not anything in the BVI configuration to bit swap the mac address as the frame goes from Token Ring to Ethernet.
So does the Route route bridging resolve this issue with the bridge 1 bitswap-layer3-addresses option? I cant use this method currently as my iOS does not include this. I'm hunting the version that does so I can test also.
@Richard Burts wrote:I have several things to respond to.
- I have another thought about the anomaly with the 8235. It has an IP address in the 192.168.2.0 network and you see its mac address in the arp table. Is it possible that the configuration of the 8235 has something for its default gateway different from 192.168.2.1 (the IP of the 2600 router)? If it has an incorrect default gateway (or no gateway at all) then it would respond to requests from the local network but not from any remote network.
I've attached the current configuration bellow. The 8235 is getting an ip assigned by the IP helper and DHCP pool I created on the 2600. I've included the gateway so it should not be a gateway issue. The problem with the 8235 is I need to run the configuration software from a computer that has windows 3.11 or 98 and that is on the Token Ring network otherwise I cant access it. The other devices on the token ring network are running MSDOS so no good.
The arp table shows the 8235
BRI-TOKEN#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.1.101 - 00b0.6426.3aa0 ARPA Ethernet0/0 Internet 192.168.1.8 0 003e.e1c2.10f1 ARPA Ethernet0/0 Internet 192.168.2.11 2 0001.cb0a.2005 SNAP TokenRing0/0 Internet 192.168.2.1 - 000d.2664.5c85 SNAP TokenRing0/0
Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname BRI-TOKEN ! enable secret 5 ******* enable password 7 ******* ! ! ! ! ! ip subnet-zero ip dhcp excluded-address 192.168.2.1 192.168.2.10 ! ip dhcp pool TOKENPOOL network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 ! ! ! process-max-time 200 ! interface Ethernet0/0 ip address 192.168.1.101 255.255.255.0 no ip directed-broadcast no ip route-cache no ip mroute-cache ! interface Serial0/0 no ip address no ip directed-broadcast no ip mroute-cache shutdown no fair-queue ! interface TokenRing0/0 ip address 192.168.2.1 255.255.255.0 ip helper-address 192.168.2.1 ip directed-broadcast no ip route-cache no ip mroute-cache ring-speed 16 ! interface Serial0/1 no ip address no ip directed-broadcast no ip mroute-cache shutdown ! ip classless ip http server ! snmp-server engineID local 00000009020000B064263AA0 snmp-server community public RO ! line con 0 transport input none line aux 0 line vty 0 4 password 7 ****** login ! end
11-12-2021 07:25 AM
You ask " So does the Route route bridging resolve this issue" If you can find the right software you may be able to get the bridging solution to work. Finding software for a router as old as the 2600 will be challenging. And even if you are successful at finding different software I continue to believe that a layer 3 routing solution is better than a layer 2 bridging solution. You can certainly choose which direction you want to go, and the community will try to be helpful which ever one you choose.
My suggestion about the default gateway of the 8235 was one possibility to explore. If you are confident that the default gateway of the 8235 is correct then we need to look for other explanations. I sympathize about the difficulty in configuring, maintaining, and trouble shooting older equipment like that. Unfortunately I do not have anything to suggest about that.
It is nice to see a fresh copy of the router config. I have a few comments, none of them being particularly critical:
- you have both both enable password and enable secret. Only one of them is used. When enable secret is present then the router ignores enable password (and the encryption of enable password is weaker than that of enable secret). So I suggest you remove enable password.
- I wonder if you would want to have a DNS server specified in your DHCP pool.
- on the Token Ring interface you have a helper address. But it points to a local address. DHCP requests from clients will automatically find the server if it is in the same subnet as the client (the request is sent as a local broadcast). So there is no need for the helper address on the Token Ring interface and I suggest that you remove it.
11-11-2021 07:05 AM
ok, I don't think this will work then. I don't know if this is the limitations of the bridged virtual interface but the I have the following problems.
On my ethernet network I already have a router/firewall for internet access and acts as my DHCP for the LAN 192.168.1.0/24 subnet. As now I've got both token ring and ethernet networks on the same subnet the BVI1 interface is configured with 192.168.1.101. Seems the token ring clients don't like this as they can't see the entire 192.168.1.0/24 subnet nor can they access the DHCP at 192.168.1.1. I dont know if this is the limitation of the configuration or if there is another problem?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide