01-10-2017 08:38 AM - edited 03-12-2019 04:28 AM
We have a Payroll software with two clock-in devices. The software requires that the computer where the software is installed and all the clock-in devices be in the same subnet. We have two sites connected through a VPN. Site A subnet 172.16, Site B subnet 172.17, Computer and clock-in A are in subnet 172.16.107 on Site A. That works fine. So, I created a subnet 172.16.107 on Site B, routed the 172.16.107 to Site A, but it does not work. I cannot ping the clock-in form the other site of the VPN. Please help,.
01-10-2017 11:58 AM
Are you sure? That would mean they are pretty much a brain dead device to have such a restriction. I find it hard to believe that devices in this age have such dumb restrictions.
If this really is true, you'll need to use L2TPv3 over your VPN. You'll need to create a VLAN at your remote site (remote from the server) and put the time clock devices in it. Then use L2TPv3 to connect that VLAN to the local site with the server.
01-11-2017 11:11 AM
Thank you for replying. All the examples that I can find for L2TPv3 requires 4 routers, 2 on each site. I only have a router on each site. Can I use a L3 switch to simulate the router, how? I am lost.
VLAN 107 - Router Configuration
ip dhcp pool 107
network 172.16.107.0 255.255.255.0
domain-name elsolacademy.net
dns-server 172.16.0.225
default-router 172.16.107.1
netbios-name-server 172.16.0.225
lease 10
!
interface GigabitEthernet0/1.107
description Room-7
encapsulation dot1Q 107
ip address 172.16.107.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Tunnel0
ip address 172.16.10.1 255.255.255.0
tunnel source ....
tunnel destination ....
So when I trying to use xconnect command, I get
CISCO-3925-Router-El(config-subif)#xconnect 172.16.10.2 1001 encapsulation l2tpv3 pw-class l2tp1
Incompatible with ip address command on Gi0/1.107 - command rejected.
Thank you for your help
01-11-2017 12:55 PM
You only require a single router at each site. You should dedicate one port to L2TP (which will go to the switch/vlan you want bridged) one one to L3 for the routing.
Layer 2 interfaces can not have an IP address on them.
01-11-2017 05:23 PM
But that is the port I am using for the dotq1 encapsulation and it the xconnect command take the entire network down. So if I need to use that port for the xconnect where do I create the vlans with the command int 0/1.vlan#?
01-11-2017 05:27 PM
Can you not use Gig0/2? Use another [additional] port on the router at both ends.
01-11-2017 06:05 PM
yes, I did, but it does not work. Nothing is connected to gig0/2. So it shows the xconnect all as down.
Sorry. I am new at this.
01-11-2017 06:33 PM
You need to plug Gig0/2 into your switch and have it present whatever vlan you want trunked between the two sites.
01-12-2017 09:36 AM
01-12-2017 10:26 AM
You need to create a new vlan (at both sites, the same new vlan), and put all your payroll solution into that. Then L2TPv3 connect that VLAN together.
Either that for find a new payroll solution.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide