I see what you are saying. I will need to be careful about the interface numbers. I think I actually have them backwards. It doesn't matter though. So, the local routing table will automatically understand that all requests to the Internet, (i.e. not to the other subnet) will need to go out the new interface. I thought you actually had to add a route in the config that would let the router know that.

James

Each router currently has a static default route (and the GA router has an additional floating static default route). when you connect the firewall on another interface and change the IP address of the firewall you will need to change the existing static default route. Your post talked about adding a static route, perhaps you meant change the static route.

HTH

Rick

Rick,

We are starting to configure the new routers. So far this is what we have:

From my pc, I am unable to ping 192.168.0.1 or 192.168.0.2 which is the connection between the router and the Sonicwall firewall. 110.0 is the subnet I am on.

NY2811>en

Password:

NY2811#sh run

Building configuration...

Current configuration : 1081 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname NY2811

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$SazW$RKdLN.XMp2gL9DmJFl2kC1

enable password stanton

!

no aaa new-model

ip subnet-zero

no ip routing

!

!

no ip cef

!

!

ip ips po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 192.168.110.1 255.255.255.0

no ip route-cache

duplex full

speed auto

no mop enabled

!

interface FastEthernet0/1

ip address 192.168.0.1 255.255.0.0

no ip route-cache

duplex auto

speed auto

!

interface Serial0/0/0

bandwidth 1120

ip address 10.1.2.1 255.255.255.0

no ip route-cache

no fair-queue

!

interface Serial0/1/0

no ip address

no ip route-cache

shutdown

clockrate 2000000

!

no ip classless

ip route 0.0.0.0 0.0.0.0 192.168.0.2

ip route 192.168.120.0 255.255.255.0 10.1.2.2

!

ip http server

no ip http secure-server

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 4

password carpet

login

!

scheduler allocate 20000 1000

!

end

NY2811#

James

I am not sure why this is in the config:

no ip routing

I would suggest that you configure:

ip routing

and see what happens.

HTH

Rick

Yes, we missed some configuration info. The only thing that seems to be not functioning is the actual p-t-p connection. We are unable to set the clocking on it. This is a 2811 router. We used the service-module t1 clock source line/internal command and it did not take.

Perhaps there is some new command for this newer router?

James

What kind of card is the T1 in the 2811?

I am curious about what part of it did not work? Did it not accept the service-module t1 command? Or did it accept the service-module command but not the clock source command?

And how do you know that it did not take? Especially if you set it to clock source line that is the default and probably would not show up in the config. If you set it to clock source internal I would expect that to show up in the config.

Could you post the output of show service-module?

HTH

Rick

Rick,

I will post the sh run and sh int from both routers. The NY one is a 2811 and the GA one is still a 1600, but we will be replacing it with a 2611.

GEORGIA

User Access Verification

Password:

GA_router>en

Password:

GA_router#sh run

Building configuration...

Current configuration:

!

version 11.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service udp-small-servers

no service tcp-small-servers

!

hostname GA_router

!

enable password 7 104D000A0618

!

ip subnet-zero

no ip domain-lookup

!

interface Ethernet0

description connected to GA_LAN

ip address 192.168.120.1 255.255.255.0

no ip directed-broadcast

!

interface Serial0

description 56k csu/dsu NOT USED

no ip address

no ip directed-broadcast

encapsulation ppp

shutdown

service-module 56k clock source internal

service-module 56k network-type dds

!

interface Serial1

description connected to NY via t1

ip address 10.1.2.2 255.255.255.0

no ip directed-broadcast

encapsulation ppp

bandwidth 1120

service-module t1 clock source internal

service-module t1 timeslots 1-20

service-module t1 remote-alarm-enable

!

no ip classless

ip route 0.0.0.0 0.0.0.0 192.168.120.2

ip route 192.168.110.0 255.255.255.0 10.1.2.1

!

line con 0

exec-timeout 0 0

password 7 030752180500

login

transport input none

line vty 0 4

password 7 01100F175804

login

!

end

GA_router#

NEW YORK

NY2811#sh run

Building configuration...

Current configuration : 1078 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname NY2811

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$SazW$RKdLN.XMp2gL9DmJFl2kC1

enable password stanton

!

no aaa new-model

ip subnet-zero

!

ip cef

!

ip ips po max-events 100

no ftp-server write-enable

!

interface FastEthernet0/0

ip address 192.168.110.1 255.255.255.0

duplex full

speed auto

no mop enabled

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.1.2.1 255.255.255.0

encapsulation ppp

no fair-queue

!

interface Serial0/1/0

no ip address

shutdown

clockrate 2000000

!

router rip

network 10.0.0.0

network 192.168.0.0

network 192.168.110.0

network 192.168.120.0

!

no ip classless

ip route 0.0.0.0 0.0.0.0 192.168.0.2

ip route 192.168.120.0 255.255.255.0 10.1.2.2

!

ip http server

no ip http secure-server

!

control-plane

!

line con 0

line aux 0

line vty 0 4

password carpet

login

!

scheduler allocate 20000 1000

!

end

NY2811# ~

NEW YORK

NY2811#sh int s0/0/0

Serial0/0/0 is up, line protocol is down

Hardware is GT96K with integrated T1 CSU/DSU

Internet address is 10.1.2.1/24

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

reliability 128/255, txload 1/255, rxload 1/255

Encapsulation PPP, LCP Listen, loopback not set

Keepalive set (10 sec)

Last input 00:00:20, output 00:00:14, output hang never

Last clearing of "show interface" counters 02:07:02

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

55 packets input, 770 bytes, 0 no buffer

Received 0 broadcasts, 2 runts, 0 giants, 0 throttles

2270 input errors, 2248 CRC, 111 frame, 73 overrun, 0 ignored, 2171 abort

1691 packets output, 23564 bytes, 0 underruns

0 output errors, 0 collisions, 411 interface resets

0 output buffer failures, 0 output buffers swapped out

2 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up

NY2811#

GEORGIA

GA_router#sh int s1

Serial1 is up, line protocol is down

Hardware is QUICC Serial (with FT1 CSU/DSU WIC)

Description: connected to NY via t1

Internet address is 10.1.2.2/24

MTU 1500 bytes, BW 1120 Kbit, DLY 20000 usec, rely 182/255, load 1/255

Encapsulation PPP, loopback not set, keepalive set (10 sec)

LCP ACKsent

Closed: IPCP, CDPCP

Last input 00:00:00, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0 (size/max/drops); Total output drops: 0

Queueing strategy: weighted fair

Output queue: 0/1000/64/0 (size/max total/threshold/drops)

Conversations 0/1/256 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

161 packets input, 2174 bytes, 0 no buffer

Received 161 broadcasts, 0 runts, 0 giants, 0 throttles

717 input errors, 379 CRC, 323 frame, 0 overrun, 0 ignored, 15 abort

1190 packets output, 23810 bytes, 0 underruns

0 output errors, 0 collisions, 107 interface resets

0 output buffer failures, 0 output buffers swapped out

1 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up

GA_router#

James

I believe that the immediate problem is that the GA router knows that the connection is a partial T1:

service-module t1 timeslots 1-20

but it looks like the NY router believes that it is a full T1. We need to get this resolved to see if there are any other issues.

What kind of card is in the NY router? If I knew that we might find what it takes to configure it properly.

HTH

Rick

James

I do not see it in the config that you posted from the NY router and I wonder if you need the command:

card type t1

This should then enable the controller t1 command to set the timeslots.

HTH

Rick

Rick,

I haven't been able to look at the router yet, but I will see about that command.

Rick,

We ran into some problems, so we decided to blow out the config and start again. We want to load the factory defaults, but when we do it, we get some errors. Specifically,

%error opening tftp://255.255.255.255/network-config (Timed Out)

when we tried to do it again, one of the eth interfaces comes up with a dhcp address. Obviously we should get a blank config.

James

There is a feature in IOS for auto config and if an IOS router boots with an empty config and if its interfaces are connected to something that has an IP address that the router can identify, then the router will generate an IP address in that subnet. If you disconnect all the interfaces before you boot the router that should not happen again.

Also the error about %error opening tftp://255.255.255.255/network-config (Timed Out) is from a line in the config that says:

service config

it may have gotten into the config as part of the auto config. If it is in the config and you remove it, there should not be any more of these errors.

HTH

Rick

Rick

We were able to get around it. We reconfigured all of the interfaces and we are starting over. I will get back to you with a more meaningful question. Thanks for your patience.