Solved: Re: Help with ROAS configuration

sir_ulrick · ‎03-20-2020

Hi! I'm studing CCNA and I'm checking ROAS configuration on Packet Tracert. Currently, I'm simulating a connection between 3 servers, one switch and 2 routers (attached). Appareantly, it's an easy configuration but all packets are bloqued on router DC when I try access to ISP2, but I can access using DC router to all servers. I suppose that I have configured something wrong with ROAS interface. Somebody can help me? I think my problem be in the switch, I didn't have a default-gateway in the switch because I don't know wich ip to choose, because I have different vlan's

Thanks in advance

Spooster IT Services · ‎03-20-2020

@sir_ulrick ,

Default-gateway on the switch can be any IP. It's only required if you are accessing switch from any outside subnet like from ISP router

Do you have a default-gateway setting configured on servers (default gateway for servers should be DC router IP)?

Spooster IT Services Team

View solution in original post

Spooster IT Services · ‎03-20-2020

Hi @sir_ulrick

Have you added the routes for server's subnets on the ISP 2 router and vise versa routes on DC router (if you are using any other subnet except 3.3.3.1 as a source)? For example:

On ISP 1,

ip route 10.1.1.0 255.255.255.0 3.3.3.2

ip route 10.1.2.0 255.255.255.0 3.3.3.2

ip route 10.1.3.0 255.255.255.0 3.3.3.2

On DC,

ip route 1.1.1.0 255.255.255.252 3.3.3.1

Also, Is there any ACL configured on any interface of these routers?

Please attach both routers configuration.

Spooster IT Services Team

sir_ulrick · ‎03-20-2020

Hi,
routes were added. You can see configuration attached of both routers and switch in my first message
and I don't have any ACL. But I think problem is related with default-gateway from the switch. If I have 3 different ip address with 3 SVI's, which should I choose? I have added the first ip, vlan 10 (by the way) and now I can access to all different vlan switch interfaces, but no the servers from ISP2 router (although servers are reachable from switch or DC router)

Spooster IT Services · ‎03-20-2020

@sir_ulrick ,

Default-gateway on the switch can be any IP. It's only required if you are accessing switch from any outside subnet like from ISP router

Do you have a default-gateway setting configured on servers (default gateway for servers should be DC router IP)?

Spooster IT Services Team

sir_ulrick · ‎03-20-2020

Thanks a lot!!!, I was using vlan interfaces as default gateway for servers, I changed for DC interfaces and it's works, but why is neccesary to add as default gateways subinterfaces address and not vlan interfaces?In a configuration withouth ROAS we would use vlan interfaces as default gateway

Spooster IT Services · ‎03-20-2020

Because the switch is operating as layer 2 switch. If you want to use VLAN interfaces as default-gateway for servers, then you need to enable "ip routing" and give a default route on switch towards DC router. You can choose any of the sub-interface for the default route. For example:

On switch,

# ip routing

# ip route 0.0.0.0 0.0.0.0 10.1.1.100

Please rate if you find my answer useful.

Spooster IT Services Team

sir_ulrick · ‎03-23-2020

Thanks a lot for our clarification!

Spooster IT Services · ‎03-20-2020

On ISP2 router config, I am only seeing the below single route:

ip route 10.1.1.0 255.255.255.0 3.3.3.2

You need to add routes for the other two subnets as well.

On DC router,

You don't need the below routes, as they are directly connected to DC router:

ip route 10.1.1.0 255.255.255.0 10.1.1.101
ip route 10.1.2.0 255.255.255.0 10.1.2.101
ip route 10.1.3.0 255.255.255.0 10.1.3.101

Spooster IT Services Team

sir_ulrick · ‎03-23-2020

Hi, with the configuration attached, only I added one server path. After your suggestion about change servers default gateway to DR router, all is working. Thanks a lot again!