Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
786
Views
0
Helpful
5
Replies

Connecting a number of identical subnets to a server

vivekhajarnavis
Level 1
Level 1

‎12-16-2010 11:50 AM - edited ‎03-06-2019 02:34 PM

Hello,

I have an application in which I am trying to configure a number of subnets to access a server on its own subnet. A recommendation made to me was to use vrf and a pair of routers.

I am working with a Cisco 2811 and a Rockwell Stratix 8300 (IE3000 with IP Services).

The devices are set up as follows:

2811:

!

interface FastEthernet0/0.11

encapsulation dot1Q 11

ip vrf forwarding STATION1

ip address 192.168.1.10 255.255.255.0

ip nat inside

!

interface FastEthernet0/0.12

encapsulation dot1Q 12

ip vrf forwarding STATION2

ip address 192.168.1.10 255.255.255.0

ip nat inside

!

interface FastEthernet0/0.13

encapsulation dot1Q 13

ip vrf forwarding STATION3

ip address 192.168.1.10 255.255.255.0

ip nat inside

!

interface FastEthernet0/0.200

encapsulation dot1Q 200

ip vrf forwarding LINECONTROLLER

ip address 1.0.0.1 255.255.255.252

ip nat outside

!

interface FastEthernet0/0.201

encapsulation dot1Q 201

ip vrf forwarding STATION1

ip address 1.0.1.1 255.255.255.252

ip nat outside

!

interface FastEthernet0/0.202

encapsulation dot1Q 202

ip vrf forwarding STATION2

ip address 1.0.2.1 255.255.255.252

ip nat outside

!

interface FastEthernet0/0.203

encapsulation dot1Q 203

ip vrf forwarding STATION3

ip address 1.0.3.1 255.255.255.252

ip nat outside

!

interface FastEthernet0/0.210

encapsulation dot1Q 210

ip vrf forwarding LINECONTROLLER

ip address 192.168.210.251 255.255.255.0

ip nat inside

!

ip route vrf LINECONTROLLER 0.0.0.0 0.0.0.0 1.0.0.2

ip route vrf STATION1 0.0.0.0 0.0.0.0 1.0.1.2

ip route vrf STATION2 0.0.0.0 0.0.0.0 1.0.2.2

ip route vrf STATION3 0.0.0.0 0.0.0.0 1.0.3.2

!

!

ip nat inside source static network 192.168.1.0 2.0.101.0 /24 vrf STATION1

ip nat inside source static network 192.168.1.0 2.0.102.0 /24 vrf STATION2

ip nat inside source static network 192.168.1.0 2.0.103.0 /24 vrf STATION3

ip nat inside source static network 192.168.210.0 2.0.104.0 /24 vrf LINECONTROLLER

Then on the 8300, I trunk to the 2811 interface and define the following VLAN interfaces. I also have routing enabled:

interface Vlan1

ip address 172.16.255.201 255.255.0.0

!

interface Vlan200

ip address 1.0.0.2 255.255.255.252

!

interface Vlan201

ip address 1.0.1.2 255.255.255.252

!

interface Vlan202

ip address 1.0.2.2 255.255.255.252

!

interface Vlan203

ip address 1.0.3.2 255.255.255.252

!

interface Vlan210

ip address 192.168.210.201 255.255.255.0

When I test within the router. I see this:
Cisco_2811#trace vrf STATION2 192.168.210.11
Type escape sequence to abort.
Tracing the route to 192.168.210.11
  1 1.0.2.2 0 msec 0 msec 4 msec
  2 2.0.104.11 4 msec 4 msec 4 msec
Cisco_2811#
Which suggests that it is working. However, when I try and ping from the PC's on the 192.168.1.0 subnet, I can't reach the server at 192.168.210.11
Have I missed something?
Thanks for your help.

Labels:
0 Helpful
5 Replies 5

AJ Cruz
Level 3
Level 3

‎12-16-2010 12:40 PM

I can't quite visualize what you're trying to do, but if it were me I would:

1. Fight tooth and nail against the apps/dev people about implementing a solution where the clients have to be on the same subnet as the server (welcome to twenty years ago) ><

2. If I absolutely had to do it, I'd slap a NIC in the server that supports (any new nic should) dot1q, run a trunk all the way to the server and bind an IP address for every vlan to the server.

Maybe I don't understand your situation though...

0 Helpful

vivekhajarnavis
Level 1
Level 1
In response to AJ Cruz

‎12-16-2010 01:25 PM

It's an industrial automation application. Several identical machines (think of them as being 5 PC's) need to access another machine (the server). The programs that operate the machines include the IP addresses of the nodes (again, think PC). If the IP addresses are different, then the programs also need to be different. This makes life difficult for the people that make, build and maintain the machines.

The solution I am trying to implement is to NAT out from the machines, and then to route between the outside addresses. Is vrf even the right option here?

0 Helpful

AJ Cruz
Level 3
Level 3

‎12-16-2010 01:50 PM

ok I think I understand now. The config looks ok to me. Are you getting an xlate when you ping from the station? How is the 8300 routing to the 2. network?

0 Helpful

vivekhajarnavis
Level 1
Level 1
In response to AJ Cruz

‎12-17-2010 03:53 AM

Thanks for your reply. The ping from a PC (at 192.168.1.1) to 192.168.210.11 does not get through. A Traceroute only gets as far as 192.168.1.10.

In answer to your question, I have VLAN interfaces with IP addresses 2.0.0.2, 2.0.0.1.2, 2.0.2.2 and 2.0.3.2 on the 8300. I then have an EIGRP process running between the 8300 and the 2811 on another VLAN. The 2.0.x.0 routes are visible in the 2811. This allows me to ping the NAT'ed address of the line controller - 2.0.0.11 from the 2811.

Within the vrf process, I can successfully ping the PC using the command: ping vrf STATION2 192.168.1.1 - but the other way round does not work.

0 Helpful

AJ Cruz
Level 3
Level 3
In response to vivekhajarnavis

‎12-17-2010 05:28 AM

hmm, I'm missing something. I don't understand where the 2.0.0-3.0 networks come into play or why a trace would be routing through it. What I meant by the xlate was when you ping from the station can you see a nat translation in the translation table? That way you can at least rule out a NAT problem. If you could throw up a quick diagram that would be helpful too.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card