05-23-2013 11:08 AM - edited 03-07-2019 01:31 PM
**** I have this posted in another forum section but this forum section seem more appropriate *****
I have no idea what I am doing, lets get that right off the bat.
Simply stated... I have a Cisco 2811 Router. I have two VLANS on the router. The first one of course is VLAN 1 and the second one is one that I created from reading everything from this forum.. so thanks for that... it is called VLAN 531, Now what I want to do is probably simple to everyone here but I would really appreciate any help that can be given.
On VLAN one I have an IP address of 10.8.1.1 and on VLAN 531 I have an IP Address of 172.16.1.1, now what I can do is this... I can.. from a workstation on the 10.8.0.0 segment, ping 172.16.1.1 and one server on that segment that has an IP address of 172.16.1.50, which is fine, but what I really want to be able to do is ping our email server which is on a 10.21.0.0 segment and I cannot. I would like some help and commands on what I would need to do to make this work as I would like the 172.16.0.0 segment to ping any other part of my LAN of my choosing.
Current configuration : 5889 bytes
!
version 12.4
service nagle
no service pad
service telnet-zeroidle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname VICHOME050_PH
!
boot-start-marker
boot-end-marker
!
logging buffered 20000 debugging
enable secret 5 ********************************************
enable password 7 *****************************
!
no aaa new-model
!
resource policy
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip source-route
ip tcp selective-ack
ip tcp path-mtu-discovery
ip telnet hidden addresses
!
!
ip cef
!
!
ip tftp source-interface Loopback50
no ip bootp server
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback10
description *** HPOV ***
ip address 192.168.49.7 255.255.255.255
no snmp trap link-status
!
interface Loopback50
description *** rogers MNS ***
ip address 206.186.192.89 255.255.255.255
no snmp trap link-status
!
interface Loopback100
description *** E2E MNS ***
ip address 10.188.6.135 255.255.255.255
no snmp trap link-status
!
interface FastEthernet0/0
description *** E10 to Sprint - 05LVXQ800167-463BLCA-A00 ***
ip address 192.168.1.21 255.255.255.252
duplex full
speed 10
no snmp trap link-status
no cdp enable
!
interface FastEthernet0/1
description ** Port Hop (Vichome008-002) LAN**
ip address 10.8.1.1 255.255.0.0
no ip redirects
no ip unreachables
no ip mroute-cache
no logging event link-status
load-interval 30
duplex full
speed auto
no snmp trap link-status
no cdp enable
!
interface FastEthernet0/1.1
description ** Avaya Phone System LAN **
encapsulation dot1Q 531
ip address 172.16.1.1 255.255.255.0
ip accounting output-packets
no snmp trap link-status
no cdp enable
!
interface ATM0/0/0
no ip address
shutdown
no snmp trap link-status
no atm ilmi-keepalive
dsl operating-mode auto
!
ip default-gateway 10.8.1.1 **** <------ I think I did this when I tried adding a route to my 172.16.1.1 as a default gateway.....
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.22
ip route 10.12.1.0 255.255.255.0 192.168.1.22
ip route 10.20.0.0 255.255.0.0 10.8.1.10
ip route 10.20.0.0 255.255.0.0 192.168.1.22 250
ip route 10.21.0.0 255.255.0.0 10.8.1.10
ip route 198.162.26.0 255.255.255.0 192.168.1.22
ip route 198.162.27.0 255.255.255.0 192.168.1.22
!
!
no ip http server
no ip http secure-server
!
access-list 91 permit 192.168.252.0 0.0.0.255
access-list 91 remark Sprint MNS OpenView Read-only
access-list 91 remark Rogers MNS OpenView
access-list 91 permit 198.162.26.0 0.0.0.255
access-list 92 permit 192.168.252.1
access-list 92 permit 192.168.252.42
access-list 92 remark Sprint MNS OpenView Read-write
snmp-server engineID local 00000009020000049A2C3741
snmp-server community public RO
snmp-server community ********** RO
snmp-server community RM7net RO 91
snmp-server community sci'2.3@ RW 91
snmp-server trap-source Loopback50
snmp-server system-shutdown
snmp-server enable traps snmp linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps xgcp
snmp-server enable traps flash insertion removal
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps atm subif
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps entity
snmp-server enable traps event-manager
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmobile
snmp-server enable traps ipmulticast
snmp-server enable traps mpls ldp
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls vpn
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-messa
ge
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps rtr
snmp-server enable traps l2tun session
snmp-server enable traps vsimaster
snmp-server enable traps vtp
snmp-server enable traps voice poor-qov
snmp-server enable traps voice fallback
snmp-server enable traps dnis
snmp-server host 192.168.252.1 **********
snmp-server host 192.168.252.42 **********
snmp-server host 198.162.26.93 RM7net
snmp-server tftp-server-list 91
no cdp run
!
!
snmp mib community-map public engineid 800000090300001B534F64E8
!
control-plane
!
!
!
!
!
!
!
dial-peer voice 73 vofr
max-conn 6
destination-pattern 3..
dtmf-relay
codec g711ulaw
!
dial-peer voice 74 vofr
max-conn 6
destination-pattern 4..
dtmf-relay
codec g711ulaw
!
dial-peer voice 1 pots
max-conn 12
destination-pattern 2..
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password 7 07032E4F45060C11
login
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
!
end
05-23-2013 11:44 AM
Hi,
can you post a drawing to see where the mail server is attached and give us its routing table output.
can you also do a traceroute from the mail server to 172.16.X.X network host as well as the same from this host to mail server.
Regards
Alain
Don't forget to rate helpful posts.
05-23-2013 12:12 PM
Ok here is the routing table and the traceroute information from the Server...
===========================================================================
Interface List
15...00 50 56 01 00 4a ......vmxnet3 Ethernet Adapter #2
16...00 50 56 01 00 58 ......Intel(R) PRO/1000 MT Network Connection
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.21.1.2 10.21.1.10 6
10.21.0.0 255.255.0.0 On-link 10.21.1.10 261
10.21.1.10 255.255.255.255 On-link 10.21.1.10 261
10.21.255.255 255.255.255.255 On-link 10.21.1.10 261
10.180.0.0 255.255.0.0 On-link 10.180.0.106 266
10.180.0.106 255.255.255.255 On-link 10.180.0.106 266
10.180.255.255 255.255.255.255 On-link 10.180.0.106 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.180.0.106 266
224.0.0.0 240.0.0.0 On-link 10.21.1.10 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.180.0.106 266
255.255.255.255 255.255.255.255 On-link 10.21.1.10 261
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.21.1.2 1
0.0.0.0 0.0.0.0 10.21.1.2 1
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
tracert 172.16.1.1
Tracing route to 172.16.1.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 10.21.1.2
2 4 ms 1 ms 4 ms 192-184-16-54.ip.tor.radiant.net [192.184.16.54]
3 69-46-175-142.ip.tor.radiant.net [69.46.175.142] reports: Destination net
unreachable.
Trace complete.
===================
Here is the traceroute information from the router. - I don't know if I was supposed to do a traceroute from the vlan interface or not but here it is anyways right from the privileged level.
VICHOME050_PH#traceroute 10.21.1.2
Type escape sequence to abort.
Tracing the route to 10.21.1.2
1 10.8.1.10 4 msec 4 msec 0 msec
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
As you can see it kept going with no reply.... 10.8.1.10 handles all the traffic for the 10.21.0.0 segment.
And here is your quick and dirty drawing....
05-23-2013 12:17 PM
Hello,
1. If you want to do routing you sould not use a ip default-gateway and a default route. Which one should he use
ip default-gateway 10.8.1.1
ip route 0.0.0.0 0.0.0.0 192.168.1.22
2. What are you doing here? You have configured the port to be an access port, see below
interface FastEthernet0/1
description ** Port Hop (Vichome008-002) LAN**
ip address 10.8.1.1 255.255.0.0
no ip redirects
no ip unreachables
no ip mroute-cache
no logging event link-status
load-interval 30
duplex full
speed auto
no snmp trap link-status
no cdp enable
and this port is also a dot1q (trunk) port
interface FastEthernet0/1.1
description ** Avaya Phone System LAN **
encapsulation dot1Q 531
ip address 172.16.1.1 255.255.255.0
ip accounting output-packets
no snmp trap link-status
no cdp enable
so, how shoud the switch, which I think, is connected to fa0/1 know what it should speak, access ? trunk ? You shuld switch you change the subinterface like this
no interface FastEthernet0/1.1
!
interface FastEthernet0/1.531
description ** Avaya Phone System LAN **
encapsulation dot1Q 531
ip address 172.16.1.1 255.255.255.0
ip accounting output-packets
no snmp trap link-status
no cdp enable
default FastEthernet0/1
!
interface FastEthernet0/1
no shutdown
exit
!
interface FastEthernet0/1.1
description ** Port Hop (Vichome008-002) LAN**
encapsulation dot1Q 531
ip address 10.8.1.1 255.255.0.0
no ip redirects
no ip unreachables
no ip mroute-cache
no logging event link-status
load-interval 30
duplex full
speed auto
no snmp trap link-status
no cdp enable
exit
Now you can configure your switchport to dot1q trunk.
3. Is the firewall activated on you mail server?
05-23-2013 12:47 PM
Kai Onken wrote:
Hello,
1. If you want to do routing you sould not use a ip default-gateway and a default route. Which one should he use
ip default-gateway 10.8.1.1
ip route 0.0.0.0 0.0.0.0 192.168.1.22
The 10.8.1.1 is our LAN segment on the router and the 192.168.1.22 is the connection to our MPLS network
2. What are you doing here? You have configured the port to be an access port, see below
interface FastEthernet0/1
description ** Port Hop (Vichome008-002) LAN**
ip address 10.8.1.1 255.255.0.0
no ip redirects
no ip unreachables
no ip mroute-cache
no logging event link-status
load-interval 30
duplex full
speed auto
no snmp trap link-status
no cdp enable
The above section was programmed by the installer when this router was first setup a few years ago. It handles our traffic to the rest of our network both locally and to the WAN (at least that is how I understand it.)
and this port is also a dot1q (trunk) port
interface FastEthernet0/1.1
description ** Avaya Phone System LAN **
encapsulation dot1Q 531
ip address 172.16.1.1 255.255.255.0
ip accounting output-packets
no snmp trap link-status
no cdp enable
I programmed this section by piecing together information from these forums. I can ping the local subnet for 10.8.0.0 as well as 172.16.0.0 but no where else. So if I have it wrong... please help me to sort myself out....
so, how shoud the switch, which I think, is connected to fa0/1 know what it should speak, access ? trunk ? You shuld switch you change the subinterface like this
Yes.. it is connected to fa0/1, I don't know how it should speak or access... I was hoping someone could help me with that... I have done something wrong and I could use a hand. I will make the changes as suggested.
no interface FastEthernet0/1.1
!
interface FastEthernet0/1.531
description ** Avaya Phone System LAN **
encapsulation dot1Q 531
ip address 172.16.1.1 255.255.255.0
ip accounting output-packets
no snmp trap link-status
no cdp enable
default FastEthernet0/1
!
interface FastEthernet0/1
no shutdown
exit
!
interface FastEthernet0/1.1
description ** Port Hop (Vichome008-002) LAN**
encapsulation dot1Q 531
ip address 10.8.1.1 255.255.0.0
no ip redirects
no ip unreachables
no ip mroute-cache
no logging event link-status
load-interval 30
duplex full
speed auto
no snmp trap link-status
no cdp enable
exit
Now you can configure your switchport to dot1q trunk.
I am not to sure what you mean by this... sorry... as my very first statement was... I have no idea what I am doing and could use a hand.
3. Is the firewall activated on you mail server?
No, it is not
05-23-2013 01:18 PM
I believe that Kai is confusing what most of us consider to be best practice with what is required. You have this
interface FastEthernet0/1
description ** Port Hop (Vichome008-002) LAN**
ip address 10.8.1.1 255.255.0.0
no ip redirects
no ip unreachables
no ip mroute-cache
no logging event link-status
load-interval 30
duplex full
speed auto
no snmp trap link-status
no cdp enable
!
interface FastEthernet0/1.1
description ** Avaya Phone System LAN **
encapsulation dot1Q 531
ip address 172.16.1.1 255.255.255.0
ip accounting output-packets
no snmp trap link-status
no cdp enable
and I do not believe that it is a problem. As long as the port on the switch connecting to the router defines that port as a trunk then the native vlan traffic will not be tagged and will be processed by Fast0/1 and vlan 531 will be tagged and will be processed by the subinterface as you have configured it.
In general we might prefer to have all the vlans on subinterfaces, and we might prefer to have the subinterface number agree with the vlan number, but neither of those is a requirement.
I also have something to say about Kai's comment about ip default-gateway and default route. The two commands are not mutually exclusive and it does not create any problem to have them both configured. But you should understand the context in which each will be used. The default route is used when the router is performing layer 3 routing, and default-gateway is used if the router is operating as a host. Since there are not many occasions when a router acts as a host most people do not configure it. But having it in the configuration is a form of insurance, so that if the router does get in a situation where it is acting as a host then you still have remote access.
Having said all that I will also point out that the default-gateway needs to point to some next hop address and not to its own address as you have it.
I believe that there is confusion about how the routing should work. Your drawing shows a connection through Juniper to the Internet. But you also describe something as MPLS network. I am confused at the relationship here and hope that you can provide clarification.
But I also see that you tell us that the mail server is in the 10.21.0.0 network and that the router has a static route for that network. So I am guessing that the problem is that you are able to get to the subnet where the mail server is located. But that the mail server and whatever is routing for that segment do not have a route back to your 10.8.0.0 network.
HTH
Rick
05-23-2013 01:41 PM
Hi Rick
Thanks for the explanation and don't be to hard on Kai.. I like to learn stuff like best practice. And that I wil keep that noted for the future.
Here is a drawing to answer for more clarification on what I am trying to do. Any and all information (especially the exact commands) is always helpful.
05-23-2013 01:28 PM
Hello,
I would paste a configuration, based on your sketch and how I would design it. I hope that is ok for you.
1. MPLS is working correct and I think the hosted router is configured by your MPLS provider, if not you could use something like this:
Hosted router:
interface fastEthernet 0/0
description My local 10.21.1.0 /24 network
ip address 10.21.1.2 255.255.255.0
no shutdown
exit
!
interface fastEthernet 0/1
description Here is my MPLS stuff or the connection to my MPLS router
!
! This is a sample, I'm placing a MPLS router behind this router in this sample.
! The MPLS router will have the ip address 20.0.0.2
!
ip address 20.0.0.2 255.255.255.252
no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 20.0.0.2 name "Default route to MPLS network"
2. The Mail Server:
default gateway 10.21.1.2
3. Juniper: (I configure the Juniper as a Cisco router, that makes it easier to explain.
interface fastEthernet 0/0
description My local 10.8.1.0 /24 network
ip address 10.8.1.2 255.255.255.0
no shutdown
exit
!
interface fastEthernet 0/1
description Here is my MPLS stuff or the connection to my MPLS router
!
! This is a sample, I'm placing a MPLS router behind this router in this sample.
! The MPLS router will have the ip address 30.0.0.2
!
ip address 30.0.0.2 255.255.255.252
no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 30.0.0.2 name "Default route to MPLS network"
ip route 172.16.1.0 255.255.255.0 name "172.16.10 LAN behind Cisco 2811"
4. Switch
Access / Trunk
By default all interfaces on a Cisco Router And switches are access interfaces. In this state these interfaces can't handle vlan tags and the will always work on the vlan, which they are connected to. If you have e.g. a switch with vlan 2000 on access mode configured to port Fa0/1 and the router is connected to this port, the router will work in vlan 2000.
So you have to decide if you want to work with one access vlan or with multiple vlans on a dot1q trunk.
In your case, should configure you switch like this
interface fastEthernet 0/1
descriptiption Port to Juniper in access mode (no dot1q trunk)
switchport mode access
switchport access vlan 1
no shutdown
exit
!
interface fastEthernet 0/2
description Port to 2811 in trunk mode (no access port)
! switchport trunk encapsulation dot1q <-- require by some cisco ios
switchport mode trunk
switchport trunk allowed vlan 1,531
no shutdown
exit
now you can place any other port to vlan 1 oder 531 as an access port.
5. Cisco 2811
So, know we, or I, made the decision that the router will use only a dot1q trunk to the switch, so that the router can handle both vlan's. For this step, we have to change the configuration of your current fa0/1.1 interface. Its a good top, the set the subinterface id equal to the used vlan. To do this we remove the current subinterface fa0/1.1 by using
no interface FastEthernet0/1.1
!
interface FastEthernet0/1.531
description ** Avaya Phone System LAN **
encapsulation dot1Q 531
ip address 172.16.1.1 255.255.255.0
ip accounting output-packets
no snmp trap link-status
no cdp enable
exit
No we remove the access interface from fa0/1 by setting the interface to its default state and after we did this, we've to enable the interface
default FastEthernet0/1
!
interface FastEthernet0/1
no shutdown
exit
Now the can create a subinterface for vlan 1, like the subinterface we used for vlan 531. I saw, that I made typing error. sorry.
interface FastEthernet0/1.1
description ** Port Hop (Vichome008-002) LAN**
encapsulation dot1Q 1
ip address 10.8.1.1 255.255.0.0
no ip redirects
no ip unreachables
no ip mroute-cache
no logging event link-status
load-interval 30
no snmp trap link-status
no cdp enable
exit
After we did this, you have to add a default route on the router that points to the MPLS
ip route 0.0.0.0 0.0.0.0 10.8.1.2 name "Default route to MPLS"
For all clients on your 10.8.1.0 /16 and 172.16.1.1 /24 network, the 2811 is you default gateway. You could replace the default route with accurate routes, e.g.
ip route 10.21.1.0 255.255.255.0 10.8.1.2 name "More accurate route"
I hope this will help you a bit
Kind regards
Kai
05-23-2013 01:49 PM
Yep....
I like your lesson.. and I think it's a good one.... but my actual MPLS is on fa0/0 and I don't think I should change the routes as of just yet...(uuugh I wish I could phone one of you guys to talk this out so I can answer questions faster)
I have uploaded a more detailed pic that was a little better than my simple drawing to give a better picture. On my screen it shows just previous to your post.
The juniper router is supplied by the vendor and managed by them so I can't do anything to it.. I can change whatever it is I want on the mail server....
05-23-2013 01:01 PM
no interface FastEthernet0/1.1
!
interface FastEthernet0/1.531
description ** Avaya Phone System LAN **
encapsulation dot1Q 531
ip address 172.16.1.1 255.255.255.0
ip accounting output-packets
no snmp trap link-status
no cdp enable
default FastEthernet0/1
!
When I get to this part this is what happens....
VICHOME050_PH(config-subif)#description ** Avaya Phone System LAN **
VICHOME050_PH(config-subif)#encapsulation dot1Q 531
VICHOME050_PH(config-subif)#ip address 172.16.1.1 255.255.255.0
VICHOME050_PH(config-subif)#ip accounting output-packets
Accounting will exclude mls traffic when mls is enabled.
VICHOME050_PH(config-subif)#no snmp trap link-status
VICHOME050_PH(config-subif)#no cdp enable
VICHOME050_PH(config-subif)#default FastEthernet0/1
^
% Invalid input detected at '^' marker.
And if I type in this command for default interface will this affect the way my router is configured for the MPLS connection.
05-23-2013 01:29 PM
Hi Ron,
there is an exit missing
05-23-2013 03:42 PM
Hello Ron
FYI -You have a duplicate post ongoing
https://supportforums.cisco.com/message/3945588#3945588
Would be best to close one of them
Res
Paul
05-24-2013 08:00 PM
FYI -You have a duplicate post ongoing
https://supportforums.cisco.com/message/3945588Would be best to close one of them
Paul,
I don't believe a comment like this justifies a 1-star. +5
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide