cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
57272
Views
10
Helpful
8
Replies

How to route traffic between interfaces on same router

jlthorsell
Level 1
Level 1

I have a cisco 1841 router with two fastethernet interfaces 0/0 and 0/1.

Configured 0/0 as outside with 10.10.10.100 255.255.255.0 (network 1)  and configured 0/1 as 10.100.100.200 255.255.255.0 (network 2) as inside with

IP route 0.0.0.0 0.0.0.0 10.10.10.1 so all inside traffic goes out.

Both networks have clients on them, but only the 10.10.10.100 network has an internet connection through another device on their network.

I want to be able to enable traffic to both interfaces so hosts on each network can communicate with each other and still go out to wan on the 10.10.10.100 interface.

I do not have vlans configured, just interfaces. No ACL's. I thought I only needed to make the routing table.


I can get out from the inside network 2 to the internet. However, hosts on either network cannot access each other. I know I am missing something but not sure what. Can someone please advise what I am doing wrong?

8 Replies 8

Peter Paluch
Cisco Employee
Cisco Employee

Hi Jerry,

So if I understand you correctly, on the network 1, there are actually two routers: the 10.10.10.100 (your 1841) and the 10.10.10.1 (the internet router). I wonder - what gateway is configured on the computers in the 10.10.10.0/24 network - the 1841 at 10.10.10.100, or the internet router at 10.10.10.1?

I suspect that your stations in the 10.10.10.0/24 network are using the default gateway at 10.10.10.1. Because this gateway has no knowledge about the network 10.100.100.0/24, it does not know how to forward packets to this network, and most probably, it sends them out to the internet.

If this is the case then I see two possible solutions - either add a static route on the internet router to the network 10.100.100.0/24 via 10.10.10.100, or change the default IP gateway setting on the PCs in the 10.10.10.0/24 network to 10.10.10.100 (your 1841).

Best regards,

Peter

E31qinhaijun
Level 1
Level 1

Hi Jerry,

By default, 1841 only has two ports.

I think 10.10.10.1 is the internet router's, is this top ?

If so ,you should use nat in your router.

Here is my setup. I can get out to the internet on devices from both networks. I cannot communicate with devices when I cross the router. I need full access to use services like rdp and copying and pasting files. Both networks can ping the router. 

mark wimbles
Level 1
Level 1

Hi Jerry when you say you can't communicate with devices are you able to ping them?

  ok I made it worse. I played around witht the routing table. Now I cannot ping devices accross the router. I cannot get to the interent from the 10.100.100.0 network.

See config below:

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.07.05 12:03:35 =~=~=~=~=~=~=~=~=~=~=~=


Building configuration...

Current configuration : 1070 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
!
          !
ip cef
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
archive
log config
  hidekeys
!
!
!
!
!
interface FastEthernet0/0
description outside
ip address 10.10.10.100 255.255.255.0
ip access-group 100 in
          ip access-group 100 out
duplex auto
speed auto
!
interface FastEthernet0/1
description inside
ip address 10.100.100.200 255.255.255.0
ip access-group 100 in
ip access-group 100 out
duplex auto
speed auto
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 10.10.10.0 255.255.255.0 10.10.10.1
no ip http server
no ip http secure-server
!
             !
!
access-list 100 permit ip any any
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end

Hi Jerry,

Errors I see in your configuration:

  • The ACL 100 is useless in its current form as it does not do anything. Please remove it both from your interfaces (no ip access-group 100 in, no ip access-group 100 out on both Fa0/0 and Fa0/1) and from your configuration (no access-list 100).
  • Unless there is another router in your network that speaks the RIP routing protocol, running RIP is useless and well. Remove the RIP from your configuraton (no router rip).
  • Your interfaces are not properly configured for NAT which you will need. Please configure Fa0/0 with ip nat outside and Fa0/1 with ip nat inside. Subsequently, create an ACL 101 as follows:

    access-list 101 permit ip 10.100.100.0 0.0.0.255 host 10.10.10.1
    access-list 101 deny ip 10.100.100.0 0.0.0.255 10.10.10.0 0.0.0.255

    access-list 101 permit ip 10.100.100.0 0.0.0.255 any

    The reason for this ACL is to say which packets shall be NAtted. Packets from 10.100.100.0/24 to 10.10.10.1 shall be NATted, as I suppose you can not reconfigure the router at 10.10.10.1 to tell it about the 10.100.100.0/24 network. That is why the communication to it from your internal network shall be NATted. All other communication from 10.100.100.0/24 to 10.10.10.0/24 shall be carried as-is, without NAT, because we assume that the stations in the 10.10.10.0/24 network can be modified to use the default gateway at 10.10.10.100 instead of .1. And, lastly, all other communication (presumably going to internet) shall be NATted again. Now, let's add the final NAT command that tie all this together and activate the NAT:

    ip nat inside source list 101 interface FastEthernet0/0 overload
  • Remove the ip route 10.10.10.0 255.255.255.0 10.10.10.1 route from your configuration, as it is useless. The 10.10.10.0/24 network is directly connected and will be present in your routing table as soon as Fa0/0 comes up.
  • Remove the ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 default route configuration from your configuration, and replace it with ip route 0.0.0.0 0.0.0.0 10.10.10.1 command. Using static routes pointing out Ethernet interfaces is calling for trouble. I'll explain some other time.

The configuration should start working after these changes, assuming that the stations in 10.10.10.0/24 are reconfigured to use the default IP gateway at 10.10.10.100.

Best regards,

Peter

Thanks Peter. Even 6 years down the road your solution was perfect.

Thanks. Regards.

siddhartham
Level 4
Level 4

Hi Jerry,

Did you make the changes Peter Suggested? What is the DG of the clinets in 10.10.10.X/24 network?

Please replace the below two routes

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

ip route 10.10.10.0 255.255.255.0 10.10.10.1

with

ip route 0.0.0.0 0.0.0.010.10.10.1

and change the DG of cleints on 10.10.10.x/24 network to 10.10.10.100 or add a static route on 10.10.10.1 for 10.100.100.0/24 network pointing to 10.10.10.100 as peter suggested.

Siddhartha
Review Cisco Networking for a $25 gift card