Ok here is the routing table and the traceroute information from the Server...

===========================================================================

Interface List

15...00 50 56 01 00 4a ......vmxnet3 Ethernet Adapter #2

16...00 50 56 01 00 58 ......Intel(R) PRO/1000 MT Network Connection

  1...........................Software Loopback Interface 1

14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0        10.21.1.2       10.21.1.10      6

        10.21.0.0      255.255.0.0         On-link        10.21.1.10    261

       10.21.1.10  255.255.255.255         On-link        10.21.1.10    261

    10.21.255.255  255.255.255.255         On-link        10.21.1.10    261

       10.180.0.0      255.255.0.0         On-link      10.180.0.106    266

     10.180.0.106  255.255.255.255         On-link      10.180.0.106    266

   10.180.255.255  255.255.255.255         On-link      10.180.0.106    266

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link      10.180.0.106    266

        224.0.0.0        240.0.0.0         On-link        10.21.1.10    261

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link      10.180.0.106    266

  255.255.255.255  255.255.255.255         On-link        10.21.1.10    261

===========================================================================

Persistent Routes:

  Network Address          Netmask  Gateway Address  Metric

          0.0.0.0          0.0.0.0        10.21.1.2       1

          0.0.0.0          0.0.0.0        10.21.1.2       1

===========================================================================

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination      Gateway

  1    306 ::1/128                  On-link

  1    306 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

tracert 172.16.1.1

Tracing route to 172.16.1.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  10.21.1.2

  2     4 ms     1 ms     4 ms  192-184-16-54.ip.tor.radiant.net [192.184.16.54]

  3  69-46-175-142.ip.tor.radiant.net [69.46.175.142]  reports: Destination net

unreachable.

Trace complete.

===================

Here is the traceroute information from the router. -  I don't know if I was supposed to do a traceroute from the vlan interface or not but here it is anyways right from the privileged level.

VICHOME050_PH#traceroute 10.21.1.2

Type escape sequence to abort.

Tracing the route to 10.21.1.2

  1 10.8.1.10 4 msec 4 msec 0 msec

  2  *  *  *

  3  *  *  *

  4  *  *  *

  5  *  *  *

  6  *  *  *

  7  *  *  *

  8  *  *  *

  9  *  *  *

10  *  *  *

11  *  *  *

12  *  *  *

13  *  *  *

14  *  *  *

15  *  *  *

16  *  *  *

17  *  *  *

18  *  *  *

19  *  *  *

20  *  *  *

21  *  *  *

22  *  *  *

As you can see it kept going with no reply.... 10.8.1.10 handles all the traffic for the 10.21.0.0 segment.

And here is your quick and dirty drawing....

Hello,

1. If you want to do routing you sould not use a ip default-gateway and a default route. Which one should he use

ip  default-gateway 10.8.1.1

ip route 0.0.0.0 0.0.0.0 192.168.1.22

2. What are you doing here? You have configured the port to be an access port, see below

interface FastEthernet0/1

description ** Port Hop (Vichome008-002) LAN**

ip address 10.8.1.1 255.255.0.0

no ip redirects

no ip unreachables

no ip mroute-cache

no logging event link-status

load-interval 30

duplex full

speed auto

no snmp trap link-status

no cdp enable

and this port is also a dot1q (trunk) port

interface FastEthernet0/1.1

description ** Avaya Phone System LAN **

encapsulation dot1Q 531

ip address 172.16.1.1 255.255.255.0

ip accounting output-packets

no snmp trap link-status

no cdp enable

so, how shoud the switch, which I think, is connected to fa0/1 know what it should speak, access ? trunk ? You shuld switch you change the subinterface like this

no interface FastEthernet0/1.1

!

interface FastEthernet0/1.531

description ** Avaya Phone System LAN **

encapsulation dot1Q 531

ip address 172.16.1.1 255.255.255.0

ip accounting output-packets

no snmp trap link-status

no cdp enable

       default FastEthernet0/1

       !

       interface FastEthernet0/1

         no shutdown

       exit

       !

interface FastEthernet0/1.1

description ** Port Hop (Vichome008-002) LAN**

encapsulation dot1Q 531

ip address 10.8.1.1 255.255.0.0

no ip redirects

no ip unreachables

no ip mroute-cache

no logging event link-status

load-interval 30

duplex full

speed auto

no snmp trap link-status

no cdp enable

exit

Now you can configure your switchport to dot1q trunk.

3. Is the firewall activated on you mail server?

Kai Onken wrote:
Hello,
1. If you want to do routing you sould not use a ip default-gateway and a default route. Which one should he use
ip  default-gateway 10.8.1.1
ip route 0.0.0.0 0.0.0.0 192.168.1.22
The 10.8.1.1 is our LAN segment on the router and the 192.168.1.22 is the connection to our MPLS network
2. What are you doing here? You have configured the port to be an access port, see below
interface FastEthernet0/1
description ** Port Hop (Vichome008-002) LAN**
ip address 10.8.1.1 255.255.0.0
no ip redirects
no ip unreachables
no ip mroute-cache
no logging event link-status
load-interval 30
duplex full
speed auto
no snmp trap link-status
no cdp enable
 The above section was programmed by the installer when this router was first setup a few years ago. It handles our traffic to the rest of our network both locally and to the WAN (at least that is how I understand it.)
and this port is also a dot1q (trunk) port
interface FastEthernet0/1.1
description ** Avaya Phone System LAN **
encapsulation dot1Q 531
ip address 172.16.1.1 255.255.255.0
ip accounting output-packets
no snmp trap link-status
no cdp enable
 I programmed this section by piecing together information from these forums. I can ping the local subnet for 10.8.0.0 as well as 172.16.0.0 but no where else. So if I have it wrong... please help me to sort myself out....
so, how shoud the switch, which I think, is connected to fa0/1 know what it should speak, access ? trunk ? You shuld switch you change the subinterface like this
Yes.. it is connected to fa0/1, I don't know how it should speak or access... I was hoping someone could help me with that... I have done something wrong and I could use a hand. I will make the changes as suggested.
no interface FastEthernet0/1.1
!
interface FastEthernet0/1.531
description ** Avaya Phone System LAN **
encapsulation dot1Q 531
ip address 172.16.1.1 255.255.255.0
ip accounting output-packets
no snmp trap link-status
no cdp enable
       default FastEthernet0/1
       !
       interface FastEthernet0/1
         no shutdown
       exit
       !
interface FastEthernet0/1.1
description ** Port Hop (Vichome008-002) LAN** 
encapsulation dot1Q 531
ip address 10.8.1.1 255.255.0.0
no ip redirects
no ip unreachables
no ip mroute-cache
no logging event link-status
load-interval 30
duplex full
speed auto
no snmp trap link-status
no cdp enable
exit
Now you can configure your switchport to dot1q trunk.
I am not to sure what you mean by this... sorry... as my very first statement was... I have no idea what I am doing and could use a hand.
3. Is the firewall activated on you mail server?
    No, it is not

I believe that Kai is confusing what most of us consider to be best practice with what is required. You have this

interface FastEthernet0/1

description ** Port Hop (Vichome008-002) LAN**

ip address 10.8.1.1 255.255.0.0

no ip redirects

no ip unreachables

no ip mroute-cache

no logging event link-status

load-interval 30

duplex full

speed auto

no snmp trap link-status

no cdp enable

!

interface FastEthernet0/1.1

description ** Avaya Phone System LAN **

encapsulation dot1Q 531

ip address 172.16.1.1 255.255.255.0

ip accounting output-packets

no snmp trap link-status

no cdp enable

and I do not believe that it is a problem. As long as the port on the switch connecting to the router defines that port as a trunk then the native vlan traffic will not be tagged and will be processed by Fast0/1 and vlan 531 will be tagged and will be processed by the subinterface as you have configured it.

In general we might prefer to have all the vlans on subinterfaces, and we might prefer to have the subinterface number agree with the vlan number, but neither of those is a requirement.

I also have something to say about Kai's comment about ip default-gateway and default route. The two commands are not mutually exclusive and it does not create any problem to have them both configured. But you should understand the context in which each will be used. The default route is used when the router is performing layer 3 routing, and default-gateway is used if the router is operating as a host. Since there are not many occasions when a router acts as a host most people do not configure it. But having it in the configuration is a form of insurance, so that if the router does get in a situation where it is acting as a host then you still have remote access.

Having said all that I will also point out that the default-gateway needs to point to some next hop address and not to its own address as you have it.

I believe that there is confusion about how the routing should work. Your drawing shows a connection through Juniper to the Internet. But you also describe something as MPLS network. I am confused at the relationship here and hope that you can provide clarification.

But I also see that you tell us that the mail server is in the 10.21.0.0 network and that the router has a static route for that network. So I am guessing that the problem is that you are able to get to the subnet where the mail server is located. But that the mail server and whatever is routing for that segment do not have a route back to your 10.8.0.0 network.

HTH

Rick

Hi Rick

Thanks for the explanation and don't be to hard on Kai.. I like to learn stuff like best practice. And that I wil keep that noted for the future.

Here is a drawing to answer for more clarification on what I am trying to do. Any and all information (especially the exact commands) is always helpful.

Hello,

I would paste a configuration, based on your sketch and how I would design it. I hope that is ok for you.

1. MPLS is working correct and I think the hosted router is configured by your MPLS provider, if not you could use something like this:

Hosted router:

interface fastEthernet 0/0

description My local 10.21.1.0 /24 network

ip address 10.21.1.2 255.255.255.0

no shutdown

exit

!

interface fastEthernet 0/1

description Here is my MPLS stuff or the connection to my MPLS router

!

! This is a sample, I'm placing a MPLS router behind this router in this sample.

! The MPLS router will have the ip address 20.0.0.2

!

ip address 20.0.0.2 255.255.255.252

no shutdown

exit

!

ip route 0.0.0.0 0.0.0.0 20.0.0.2 name "Default route to MPLS network"

2. The Mail Server:

default gateway 10.21.1.2

3. Juniper: (I configure the Juniper as a Cisco router, that makes it easier to explain.

interface fastEthernet 0/0

description My local 10.8.1.0 /24 network

ip address 10.8.1.2 255.255.255.0

no shutdown

exit

!

interface fastEthernet 0/1

description Here is my MPLS stuff or the connection to my MPLS router

!

! This is a sample, I'm placing a MPLS router behind this router in this sample.

! The MPLS router will have the ip address 30.0.0.2

!

ip address 30.0.0.2 255.255.255.252

no shutdown

exit

!

ip route 0.0.0.0 0.0.0.0 30.0.0.2 name "Default route to MPLS network"

ip route 172.16.1.0 255.255.255.0 name "172.16.10 LAN behind Cisco 2811"

4. Switch

Access / Trunk

By default all interfaces on a Cisco Router And switches are access interfaces. In this state these interfaces can't handle vlan tags and the will always work on the vlan, which they are connected to. If you have e.g. a switch with vlan 2000 on access mode configured to port Fa0/1 and the router is connected to this port, the router will work in vlan 2000.

So you have to decide if you want to work with one access vlan or with multiple vlans on a dot1q trunk.

In your case, should configure you switch like this

interface fastEthernet 0/1

  descriptiption Port to Juniper in access mode (no dot1q trunk)

  switchport mode access

  switchport access vlan 1

  no shutdown

exit

!

interface fastEthernet 0/2

  description Port to 2811 in trunk mode (no access port)

  !  switchport trunk encapsulation dot1q <-- require by some cisco ios

  switchport mode trunk

  switchport trunk allowed vlan 1,531

  no shutdown

exit

now you can place any other port to vlan 1 oder 531 as an access port.

5. Cisco 2811

So, know we, or I, made the decision that the router will use only a dot1q trunk to the switch, so that the router can handle both vlan's. For this step, we have to change the configuration of your current fa0/1.1 interface. Its a good top, the set the subinterface id equal to the used vlan. To do this we remove the current subinterface fa0/1.1 by using

no interface FastEthernet0/1.1

!

interface FastEthernet0/1.531

  description ** Avaya Phone System LAN **

  encapsulation dot1Q 531

  ip address 172.16.1.1 255.255.255.0

  ip accounting output-packets

  no snmp trap link-status

  no cdp enable

exit

No we remove the access interface from fa0/1 by setting the interface to its default state and after we did this, we've to enable the interface

       default FastEthernet0/1

       !

       interface FastEthernet0/1

         no shutdown

       exit

Now the can create a subinterface for vlan 1, like the subinterface we used for vlan 531. I saw, that I made typing error. sorry.

interface FastEthernet0/1.1

description ** Port Hop (Vichome008-002) LAN**

encapsulation dot1Q 1

  ip address 10.8.1.1 255.255.0.0

  no ip redirects

  no ip unreachables

  no ip mroute-cache

  no logging event link-status

  load-interval 30

         no snmp trap link-status

  no cdp enable

exit

       After we did this, you have to add a default route on the router that points to the MPLS

       ip route 0.0.0.0 0.0.0.0 10.8.1.2 name "Default route to MPLS"

For all clients on your 10.8.1.0 /16 and 172.16.1.1 /24 network, the 2811 is you default gateway. You could replace the default route with accurate routes, e.g.

ip route 10.21.1.0 255.255.255.0 10.8.1.2 name "More accurate route"

I hope this will help you a bit

Kind regards

Kai

Yep....

I like your lesson.. and I think it's a good one.... but my actual MPLS is on fa0/0 and I don't think I should change the routes as of just yet...(uuugh I wish I could phone one of you guys to talk this out so I can answer questions faster)

I have uploaded a more detailed pic that was a little better than my simple drawing to give a better picture. On my screen it shows just previous to your post.

The juniper router is supplied by the vendor and managed by them so I can't do anything to it.. I can change whatever it is I want on the mail server....

 no interface FastEthernet0/1.1
!
interface FastEthernet0/1.531
description ** Avaya Phone System LAN **
encapsulation dot1Q 531
ip address 172.16.1.1 255.255.255.0
ip accounting output-packets
no snmp trap link-status
no cdp enable
       default FastEthernet0/1
       !
When I get to this part this is what happens....
VICHOME050_PH(config-subif)#description ** Avaya Phone System LAN **
VICHOME050_PH(config-subif)#encapsulation dot1Q 531
VICHOME050_PH(config-subif)#ip address 172.16.1.1 255.255.255.0
VICHOME050_PH(config-subif)#ip accounting output-packets
Accounting will exclude mls traffic when mls is enabled.
VICHOME050_PH(config-subif)#no snmp trap link-status
VICHOME050_PH(config-subif)#no cdp enable
VICHOME050_PH(config-subif)#default FastEthernet0/1
                                     ^
% Invalid input detected at '^' marker.
And if I type in this command for default interface will this affect the way my router is configured for the MPLS connection.

Hi Ron,

there is an exit missing

Hello Ron

FYI -You have a duplicate post ongoing

https://supportforums.cisco.com/message/3945588#3945588

Would be best to close one of them

Res

Paul

FYI -You have a duplicate post ongoing
https://supportforums.cisco.com/message/3945588
Would be best to close one of them

Paul,

I don't believe a comment like this justifies a 1-star.  +5