Cisco 1921 Router LAN config

marcus742 · ‎03-28-2012

I have recently configured a cisco 1921 router for internal routing on my network. Here is what i am trying to accomplish:

Main network 10.65.1.0 mask 255.255.255.0- all office devies and computers.

Second network 10.65.2.0 mask 255.255.255.0 - All plant equipment machinery and production lines

i have configure gig 0/0 for my company network and gig 0/1 for my plant network. I can ping the router from both networks but am unable to route traffic betwenn them. what am i missing?

Config file:

Bosal_Plant#show run

Building configuration...

Current configuration : 1537 bytes

!

! Last configuration change at 16:00:16 UTC Wed Mar 28 2012

! NVRAM config last updated at 16:00:24 UTC Wed Mar 28 2012

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Bosal_Plant

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$VDw4$kzGgCLt6S2B7rRYbz.xQR0

enable password Mufflers65

!

no aaa new-model

!

no ipv6 cef

ip source-route

ip cef

!

no ip domain lookup

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

license udi pid CISCO1921/K9 sn FTX160785FS

!

redundancy

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Internal Bosal Network

ip address 10.65.1.5 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

description Internal Plant Network

ip address 10.65.2.1 255.255.255.0

duplex auto

speed auto

!

router rip

version 2

network 10.0.0.0

no auto-summary

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 10.65.2.0 255.255.255.0 10.65.1.0

!

control-plane

!

line con 0

password Mufflers65

login

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password Mufflers65

login

transport input all

!

scheduler allocate 20000 1000

end

Please Help

Reza Sharifi · ‎03-28-2012

The config looks good. Since the networks are part of the same router (connected networks) you don't need below statement

ip route 10.65.2.0 255.255.255.0 10.65.1.0

Also, can you make sure you end devices have the correct default gateways?

and the end devices (PC, Laptop, etc.. ) are not running any firewall application that prevents them from being pinged?

HTH

marcus742 · ‎03-28-2012

So my default gateway in my plant network would be the ip address of gig 0/1

on my company network the router just needs an address that puts it in the network.

however here is the rub.

I can ping from a pc with ip 10.65.2.100 ip addresses 10.65.2.1 and 10.65.1.5 but no other devices in the 10.65.0 network.

From a Pc in with 10.65.1.91 i can ping 10.65.1.5 but not 10.65.2.1 or 10.65.2.100

What am i missing?

do i need to install a WAN port on the router? i am using the existing ports GIG 00 and GIG 01 i have no wic installed as of yet.

glen.grant · ‎03-28-2012

Sounds like you have the incorrect default gateways configured in your pc's nic cards . Company plant gateway is 10.65.2.1 , check mask is correct too . Any pc nic on the Bosal net should have 10.65.1.5 as it's gateway.

marcus742 · ‎03-28-2012

This is not a border router to the internet. In my main network the DG to go out to the internet is 10.65.1.2 the address of my firewall.

This router is for connecting 10.65.2.0 (the Plant) to 10.65.1.0 (The Main Company Network)

I hope this helps clarify.

I have a production line that requires its own seperate network. The forst of many lines to come i hope. my goal was to install a router to connect it to the main network. Maybe i am looking athis the wrong way.

any advice would be greatly appreciated.

vijay.swaminathan · ‎03-28-2012

What is the DG configured on the PC's on the company / Main network? is it 10.65.1.5 or 10.65.1.2 ??

you need to have the DG on the PC's set to the router interface's for the traffic to reach the router and then the router can make the decision to forward appropriately.

if you want the traffic to be sent to the firewall, then you need to have a route on your router to send your PC's traffic to the firewall

HTH
-Vijay

marcus742 · ‎03-28-2012

The DG on the main network for all pcs is 10.65.1.2 the address of my firebox router/firewall, this connects directly to my T1.

As i clarified this router is intended to connect my new plant network 10.65.2.0 to my main network 10.65.1.0, i did not intend to route traffic to the internet with this router as i have only the 2 GIG ports configure and it does not have a WAN port installed.

Now i may be in-correct in my network theory. IF so please advise on solution.

glen.grant · ‎03-28-2012

The default gateway on the pc nics and the default gateway on the router is 2 different things. The default gateway on the pc nics should just be pointed to the router interface of the subnet they are attached to not the internet firewall . So any device on the 10.65.1.X network gateway should be 10.65.1.5 . Any pc on the 10.65.2.X should have gateway of 10.65.2.1 . The router itself then should have a default static route pointing to the firewall so that it sends any traffic it does not have a specific route for to the internet.

marcus742 · ‎03-28-2012

Ok so now im on the same page. I do in fact have to purchase and install a wan wic to connect the firewall to giving another ip address and network from the router tothe firewall.

Thank you for your help