07-09-2012 03:28 PM - edited 03-04-2019 04:55 PM
Here is the senerio. Site A will have the ip address of 192.168.1.x subnet mask 255.255.255.0 and will need to commmunicate with Site B (ip address 192.168.100.x subnet mask 255.255.255.0). Neither site needs internet access, so I don't have a default gateway. I have a cisco 891 with the ip address of 192.168.1.254. I don't have anything set up on the cisco right now (no running config). Is this possible to set up?
Thanks,
07-10-2012 08:14 AM
Yes, but you need routing enable at both branches pointing to their respective remote subnets.
07-10-2012 08:16 AM
Ok, how would I do that?
07-10-2012 08:24 AM
Site A- ip route 192.168.100.0 255.255.255.0 [local gateway]
Site B- ip route 192.168.1.0 255.255.255.0 [local gateway]
Is this some kind of test? If you are dealing with production network, I highly suggest getting hired help!
07-10-2012 08:36 AM
This is just in a test environment to see if it is plausable. I'd assume that the local gateway would be the ip address of the router (192.168.1.254) right?
07-10-2012 09:08 AM
and 100.x for the other router - correct.
07-11-2012 07:30 AM
I entered the ip address of the router fo the gateway, but I got an error basically saying that the next hop cannot be the router ip address. This was the commands I entered:
ip route 192.168.100.0 255.255.255.0 192.168.1.254
ip rout 192.168.1.0 255.255.255.0 192.168.100.254
07-11-2012 07:59 AM
How many routers do you have? I'm assuming you have a router on Site A and another router on Site B.
This command should go into the router on Site A
ip route 192.168.100.0 255.255.255.0 192.168.1.254
And this command should go into the router on Site B
ip rout 192.168.1.0 255.255.255.0 192.168.100.254
07-11-2012 08:01 AM
No I only have one router with two seperate vlans created on it.
07-11-2012 08:02 AM
Then you don't need static routing.
You configure the workstation with the default gateway pointing to the router IP address within the same subnet and you should be able to ping between subnets.
07-11-2012 08:52 AM
I did that, but when I try to ping across the Vlans I get a destination host unreachable error. There are no firewalls on the computers. Here is the runnifn config:
Building configuration...
Current configuration : 6951 bytes
!
! Last configuration change at 09:42:57 PCTime Wed Jul 11 2012 by User
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$MGyU$tihjUxLtv6emv3HPwm/cF.
!
no aaa new-model
!
!
!
clock timezone PCTime -7
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1261487516
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1261487516
revocation-check none
rsakeypair TP-self-signed-1261487516
!
!
crypto pki certificate chain TP-self-signed-1261487516
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323631 34383735 3136301E 170D3132 30373039 31353337
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32363134
38373531 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009BC5 77267AD8 D9C89362 94F4F968 351E5B1D 1BF108E5 64E7AECF 7615606D
9ACDFDCD 8EA4E199 5B0E7464 244DDCAF ABF21BE8 4E882A91 890D154C B73E4641
5A3067F1 33B6EE75 F1C468B2 FB81490E 2CBAA0C6 2C7B5321 B3E5AF2B 95CF8845
2D4C97DF 34BAE56C 073E82BE 7639D502 D7270B67 A1A79010 FEBF04B4 CC429ECE
87DB0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14111A2F F2A860AA 23CA34AE 2E2A8E82 AD61A6C4
09301D06 03551D0E 04160414 111A2FF2 A860AA23 CA34AE2E 2A8E82AD 61A6C409
300D0609 2A864886 F70D0101 04050003 8181004E FA10CEAB 27F69D5F 98621B01
5F234F3D 7E8A9ACE 25387F5D 41B345F0 62E3D166 24348EDD 6DA9DA71 FE36C828
EE6B6D7B 29184CF5 0D4261B2 D362887C 534EA588 BFA7245D 67EC96C9 8F992473
A31BCF67 D583D3C8 11DCB93F C92D5218 7AB917CA 9BAFC8FD 7639BEE8 7ACD9BE4
A151D857 50F5A5F3 1552D53D CD883395 92F333
quit
no ip source-route
!
!
!
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891-K9 sn FGL16082051
!
!
username User privilege 15 secret 5 $1$872L$usBjgP2KGGnEv48KleE1h0
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
switchport access vlan 2
!
!
interface FastEthernet5
switchport access vlan 2
!
!
interface FastEthernet6
switchport access vlan 2
!
!
interface FastEthernet7
switchport access vlan 2
!
!
interface FastEthernet8
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
!
!
interface GigabitEthernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.254 255.255.255.0
ip access-group AENV_IN in
ip access-group AENV_OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan2
ip address 192.168.100.254 255.255.255.0
ip access-group BTAP_IN in
ip access-group BTAP_OUT out
ip nat inside
ip virtual-reassembly
!
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
ip access-list extended AENV_IN
remark Allow Inbound IP From BTAP To AENV Or AENV To AENV
remark CCP_ACL Category=1
remark Only Allow Established Inbound TCP From BTAP
permit tcp 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255 established
remark Allow All Inbound IP Traffic from AENV
permit ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit icmp any any administratively-prohibited
ip access-list extended AENV_OUT
remark Allow Outbound IP From AENV To BTAP or AENV To AENV
remark CCP_ACL Category=1
remark Allow Outbound IP Traffic From AENV To BTAP
permit ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
remark Allow Outbound IP Traffic From AENV To AENV
permit ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit icmp any any administratively-prohibited
ip access-list extended BTAP_IN
remark Allow Inbound IP From AENV To BTAP Or BTAP To BTAP
remark CCP_ACL Category=1
permit ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
permit ip 192.168.100.0 0.0.0.255 192.168.100.0 0.0.0.255
permit icmp any any administratively-prohibited
ip access-list extended BTAP_OUT
remark Allow Outbound IP From BTAP To AENV or BTAP To BTAP
remark CCP_ACL Category=1
remark Allow Inbound IP From BTAP To AENV
permit ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255
remark Allow Outbound IP Traffice From BTAP To BTAP
permit ip 192.168.100.0 0.0.0.255 192.168.100.0 0.0.0.255
permit icmp any any administratively-prohibited
!
logging trap debugging
no cdp run
!
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username
Replace
use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
07-11-2012 10:07 AM
Remove the following:
interface Vlan1
no ip access-group AENV_IN in
no ip access-group AENV_OUT out
no ip nat inside
!
interface Vlan2
no ip access-group BTAP_IN in
no ip access-group BTAP_OUT out
no ip nat inside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide