Frame Relay Lan routing between sites help needed

Discussion in 'Cisco' started by kjkearney, May 4, 2007.

  1. kjkearney

    kjkearney Guest

    Our company recently purchased 4 frame relay circuits and 4 used cisco
    1720 routers. The way the frame relay has been set up is 1 host and 3
    remotes. I am curretnly working on the host and 1 remote at this
    time. I have been able to connect the 2 sites however I cannot figure
    out what to do to get the 2 lan networks to see each other.

    Router 1 (main site)
    ~~~~~~~~~~~~~~~~~~~~~~~~
    interface FastEthernet0
    description CBB Data Ethernet
    ip address 10.0.0.69 255.255.254.0
    speed 100
    full-duplex
    !
    interface Serial0
    bandwidth 1024
    no ip address
    encapsulation frame-relay
    !
    interface Serial0.16 point-to-point
    description 84th/Pinelake Frame Relay DLCI 16/16
    bandwidth 1024
    ip address 192.168.168.14 255.255.255.252
    frame-relay interface-dlci 16
    !
    interface Serial0.17 point-to-point
    description 84th/Fletcher Frame Relay DLCI 16/17
    bandwidth 1024
    ip address 192.168.168.6 255.255.255.252
    frame-relay interface-dlci 17
    !
    interface Serial0.18 point-to-point
    description 84th/Downtown Frame Relay DLCI 16/18
    bandwidth 1024
    ip address 192.168.168.10 255.255.255.252
    frame-relay interface-dlci 18
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Router 2 (remote site)
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    interface FastEthernet0
    description 27th Street Data Ethernet
    ip address 10.0.10.69 255.255.255.0
    speed 100
    full-duplex
    !
    interface Serial0
    bandwidth 1024
    ip address 192.168.168.5 255.255.255.252
    encapsulation frame-relay
    frame-relay interface-dlci 16
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    int ser 0.17 on the main site is UP and UP and ser 0 on the remote
    site is UP and UP
    I can telnet to and from each site using the serial IP addresses.

    what am I missing to allow LAN traffic to travel between the two
    sites?

    I tried adding routes such as on the main site i added
    ip route 10.0.10.0 255.255.255.0 192.168.168.5

    and on the remote site i added
    ip route 0.0.0.0 0.0.0.0 192.168.168.6

    but it did not help. I am sure I am missing something simple here but
    I just do not know what. I figured after I get this remote working
    the others will be easy to follow.

    Thank you
    KJ
     
    kjkearney, May 4, 2007
    #1
    1. Advertisements

  2. kjkearney

    Trendkill Guest

    What do your routing tables look like on both sides? You definitely
    need static routes or a routing protocol (I'd go with a routing
    protocol), and you'll probably need to consider point to point vs.
    point to multipoint and split horizon. Source a traceroute or more
    from the remote site, does it have routes all the way out? Does the
    central site have routes in its table back? Is IP routing enabled on
    th remote router so it is routing between its serial and ethernet
    interfaces?
     
    Trendkill, May 4, 2007
    #2
    1. Advertisements

  3. kjkearney

    Scooby Guest

    KJ,

    Sounds like you may not have the correct default gateway setup on the
    workstations. At each location, you will need to point this setting to the
    LAN interface of the local router. Or, if there is another default gateway
    at any particular location (maybe an internet connection), you would need
    the route back to the frame relay network.

    Before testing end to end, try testing workstation to remote router to make
    sure you can get that far, then test to a device on the remote lan.

    Hope that helps,

    Jim
     
    Scooby, May 4, 2007
    #3
  4. kjkearney

    kjkearney Guest

    Well the problem is I cannot even ping the FastEthernet IP address of
    the remote router from the main router. Until I can get that to
    happen workstations will not work either.

    I can up load my full configs if someone would be willing to edit them
    and show me where I am going wrong at.
     
    kjkearney, May 4, 2007
    #4
  5. kjkearney

    Scooby Guest

    Odd, indeed. And, you are correct, that if you can't get that far, then
    workstations are a moot point. I do understand that you can connect serial
    to serial okay, so that says connectivity is there. Routing would be my
    next guess. From each device you should try 'show ip route' to make sure
    that your entries are in the routing table. Also, checking the obvious,
    make sure the LAN interfaces are up and that you can ping them from the
    local routers.

    Please do upload the full configs and also include the following outputs
    from each router.

    show ip route
    show ip int brief
    ping 192.168.168.5
    ping 192.168.168.6
    ping 10.0.0.69
    ping 10.0.10.69

    Jim
     
    Scooby, May 4, 2007
    #5
  6. Check to make sure the line protocol is up on your fastethernet on
    that side. If line protocol is down, you won't be able to ping.

    Otherwise, seeing the 'show route' for each router would be more
    helpful than seeing configs at this point.

    Doing the static routes that you had listed should work fine.

    You seem to have connectivity across the Frame-Relay.
     
    Doug McIntyre, May 4, 2007
    #6
  7. kjkearney

    kjkearney Guest

    I think the main thing I am missing is something along the lines of
    router rip.

    I am not exactly sure ho this works but after adding it to the 2
    routers I was able to ping each others router fast ethernet port but
    nothing past it.

    so in otherwords from router b (remote) i could ping router a's serial
    IP, and fast ethernet port but I could not ping anything past it that
    was on router a's lan and vise versa.

    Anyway here are my full configs.

    Router A (main)
    ---------------------------------
    sho run
    Building configuration...

    Current configuration : 2351 bytes
    !
    version 12.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname 84RTR01
    !
    boot-start-marker
    boot-end-marker
    !
    enable password ******
    !
    memory-size iomem 25
    no aaa new-model
    ip subnet-zero
    !
    !
    ip domain name domain.com
    ip name-server 10.0.0.41
    !
    ip cef
    !
    !
    !
    !
    interface FastEthernet0
    description CBB Data Ethernet
    ip address 10.0.0.69 255.255.254.0
    speed 100
    full-duplex
    !
    interface Serial0
    bandwidth 1024
    no ip address
    encapsulation frame-relay
    !
    interface Serial0.16 point-to-point
    description 84th/Pinelake Frame Relay DLCI 16/16
    bandwidth 1024
    ip address 192.168.168.14 255.255.255.252
    frame-relay interface-dlci 16
    !
    interface Serial0.17 point-to-point
    description 84th/Fletcher Frame Relay DLCI 16/17
    bandwidth 1024
    ip address 192.168.168.6 255.255.255.252
    frame-relay interface-dlci 17
    !
    interface Serial0.18 point-to-point
    description 84th/Downtown Frame Relay DLCI 16/18
    bandwidth 1024
    ip address 192.168.168.10 255.255.255.252
    frame-relay interface-dlci 18
    !
    router rip
    network 10.0.0.0
    network 192.168.0.0
    no auto-summary
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.0.0.1
    ip route 10.0.3.0 255.255.255.0 10.0.0.13
    ip route 10.0.10.0 255.255.255.0 192.168.168.5
    no ip http server
    !
    snmp-server community public RO
    snmp-server community private RW
    !
    line con 0
    line aux 0
    line vty 0 4
    exec-timeout 0 0
    password cbbnet
    login
    !
    end

    84RTR01#ping 10.0.0.41

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.0.0.41, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
    84RTR01#exit

    84RTR01#telnet 10.0.10.69
    Trying 10.0.10.69 ... Open
    ---------------------------------

    Router B (remote)
    ---------------------------------
    User Access Verification

    Password:
    27RTR01>en
    Password:
    27RTR01#sho run
    Building configuration...

    Current configuration : 1973 bytes
    !
    version 12.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname 27RTR01
    !
    boot-start-marker
    boot-end-marker
    !
    enable password *******
    !
    memory-size iomem 25
    no aaa new-model
    ip subnet-zero
    !
    !
    ip domain name domain.com
    ip name-server 10.0.0.41
    !
    ip cef
    !
    !
    !
    !
    interface Loopback0
    ip address 192.168.169.6 255.255.255.252
    !
    interface FastEthernet0
    description 27th Street Data Ethernet
    ip address 10.0.10.69 255.255.255.0
    speed 100
    full-duplex
    !
    interface Serial0
    bandwidth 1024
    ip address 192.168.168.5 255.255.255.252
    encapsulation frame-relay
    frame-relay interface-dlci 16
    !
    router rip
    passive-interface FastEthernet0
    passive-interface Serial0
    --More--   network 10.0.0.0
    network 192.168.0.0
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.168.6
    ip route 10.0.0.0 255.255.254.0 192.168.168.6
    no ip http server
    !
    snmp-server community public RO
    snmp-server community private RW
    snmp-server enable traps tty
    !
    line con 0
    line aux 0
    line vty 0 4
    exec-timeout 0 0
    password cbbnet
    login
    !
    end

    27RTR01#ping 10.0.0.69

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.0.0.69, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms
    27RTR01#ping 10.0.0.69

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.0.0.41, timeout is 2 seconds:
    ......
    Success rate is 0 percent (0/5)
    27RTR01#exit
     
    kjkearney, May 5, 2007
    #7
  8. The use of a dynamic routing protocol (ie. RIP, EIGRP, OSPF, etc) is
    only an aid when you want to not make mistakes doing static routing
    across a number of routers out in the field for a network setup like this.
    For a 4 note network, I'd prefer to have static routing, a dynamic
    routing protocol is overkill for something like that.

    If doing RIP makes something work more than before, then you must have
    had some static route statements incorrect. I'd still prefer to see a
    'show ip route' on each router involved.

    *everything* you get with RIP you can do with static routing.

    Typically, for this setup, you'd have a default route back to the main
    hub on each leaf site. On the hub site, you'd have a static route out
    for each leaf LAN network.

    The symptoms of being able to ping the remote FastE interface would
    point me to looking at the default route out of the leaf site, and/or
    the default route setup on a workstation at that leaf site.
     
    Doug McIntyre, May 6, 2007
    #8
  9. kjkearney

    kjkearney Guest

    Ok that makes more sense. In that case here is the sho ip route
    results from the main router.
    84RTR01#sho ip route
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
    level-2
    ia - IS-IS inter area, * - candidate default, U - per-user
    static route
    o - ODR, P - periodic downloaded static route

    Gateway of last resort is 10.0.0.1 to network 0.0.0.0

    10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
    S 10.0.10.0/24 [1/0] via 192.168.168.5
    S 10.0.3.0/24 [1/0] via 10.0.0.13
    C 10.0.0.0/23 is directly connected, FastEthernet0
    192.168.168.0/30 is subnetted, 1 subnets
    C 192.168.168.4 is directly connected, Serial0.17
    S* 0.0.0.0/0 [1/0] via 10.0.0.1

    and here is the ip route from the remote router
    27RTR01#sho ip route
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
    level-2
    ia - IS-IS inter area, * - candidate default, U - per-user
    static route
    o - ODR, P - periodic downloaded static route

    Gateway of last resort is 192.168.168.6 to network 0.0.0.0

    10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
    C 10.0.10.0/24 is directly connected, FastEthernet0
    S 10.0.0.0/23 [1/0] via 192.168.168.6
    192.168.168.0/30 is subnetted, 1 subnets
    C 192.168.168.4 is directly connected, Serial0
    192.168.169.0/30 is subnetted, 1 subnets
    C 192.168.169.4 is directly connected, Loopback0
    S* 0.0.0.0/0 [1/0] via 192.168.168.6

    I hope this is more useful.

    KJ
     
    kjkearney, May 6, 2007
    #9
  10. kjkearney

    kjkearney Guest

    Just a update.

    I have been able to successfully route between the main site and 1
    remote site now but when hooking up a 2nd remote site and setting
    everything up the same I have a routing loop on the 2nd site and I am
    unsure how to fix this.

    Any suggestions.

    main site
    ip route 0.0.0.0 0.0.0.0 10.0.0.1
    ip route 10.0.3.0 255.255.255.0 10.0.0.13
    ip route 10.0.7.0 255.255.255.0 192.168.168.9
    ip route 10.0.10.0 255.255.255.0 192.168.168.5

    1st remote site (WORKING)
    ip route 0.0.0.0 0.0.0.0 192.168.168.6
    ip route 10.0.0.0 255.255.255.0 192.168.168.6

    2nd remote site (routing loop)
    ip route 0.0.0.0 0.0.0.0 192.168.168.10
    ip route 10.0.0.0 255.255.255.0 192.168.168.10

    any suggestions on how to fix this considering I will be running into
    this same issue once i bring up my 3rd and final one?

    KJ
     
    kjkearney, May 7, 2007
    #10
  11. Okay, your routing tables looked correct from before, although you
    switched some IP's around from the very first posts.

    I find it helpful to make a network diagram with all IPs called out,
    even for a small 4 node network like this. Just to keep everything straight.
    Okay, you have two more routers that you haven't told us about?..
    Those look good.
    No need to bother with the 2nd static route unless you just want to
    make note of it for whatever reason. Previous you said that 10.0.0.0
    was a /23 instead of a /24 you have here.


    Looks good, but that assumes 10.0.7.0/24 is the network in use here?

    What's your routing loop look like?
     
    Doug McIntyre, May 7, 2007
    #11
  12. kjkearney

    kjkearney Guest

    Ok layout would be like this
    ========================================
    Main site
    internet
    |
    firewall (Public IP on WAN port -- 10.0.0.1 on LAN Port)
    |
    Frame Relay router ( 10.0.0.69 )
    |
    switch ( 10.0.0.13 vlan1 --data ) & ( 10.0.3.13 vlan2 --voice )
    switch is doing basic layer 3
    | |
    computers/servers/etc PHONES
    ========================================
    1st Remote Site
    Frame Relay router ( 10.0.10.69 )
    |
    switch ( 10.0.10.10 ) LAN is 10.0.10.0 255.255.255.0
    |
    computers/servers/etc
    ========================================
    2nd Remote Site
    Frame Relay router ( 10.0.7.69 )
    |
    switch ( 10.0.7.10 ) LAN is 10.0.7.0 255.255.255.0
    |
    computers/servers/etc

    3rd Remote Site
    Frame Relay router ( 10.0.6.69 )
    |
    switch ( 10.0.6.10 ) LAN is 10.0.6.0 255.255.255.0
    |
    computers/servers/etc
    ========================================

    Frame relay is set up like this
    main to 1st Remote Site
    Serial 0.17 (192.168.168.6 255.255.255.2) to serial 0 (192.168.168.5
    255.255.255.252)

    main to 2nd Remote Site
    Serial 0.17 (192.168.168.10 255.255.255.2) to serial 0 (192.168.168.9
    255.255.255.252)

    main to 3rd Remote Site
    Serial 0.17 (192.168.168.14 255.255.255.2) to serial 0 (192.168.168.13
    255.255.255.252)

    =========================================

    currently i can connect to all remote routers and vise versa via the
    serail IPs
    but the remote routers cannot ping anything on the main network unless
    devices on the main network have the gateway set to the main network
    router. I cannot do this because on the main network the switch is
    doing basic layer 3 swtiching for our phones as well so somehow I need
    to tell the main network router that if remote sites are trying to get
    to devices on the main network they need to go to the switch for their
    next hop.

    Also all the remote routers can ping the main routers Fa0 port of
    10.0.0.69 but the main router can only ping the first remote site of
    10.0.10.69 the rest error out.

    this is what it looks like when i tracert the 3rd remote site router
    from the main site
    P:\>tracert 10.0.6.69

    Tracing route to 10.0.6.69 over a maximum of 30 hops

    1 <1 ms <1 ms <1 ms 84RTR01.don8bld.org [10.0.0.69]
    2 6 ms 5 ms 5 ms 192.168.168.13
    3 6 ms 6 ms 6 ms 192.168.168.14
    4 11 ms 11 ms 10 ms 192.168.168.13
    5 11 ms 11 ms 11 ms 192.168.168.14
    6 16 ms 16 ms 16 ms 192.168.168.13
    7 16 ms 16 ms ^C

    this i what it looks like when i tracert the 1st remote site router
    from the main site
    P:\>tracert 10.0.10.69

    Tracing route to 10.0.10.69 over a maximum of 30 hops

    1 1 ms <1 ms <1 ms 84RTR01.don8bld.org [10.0.0.69]
    2 7 ms 6 ms 6 ms 10.0.10.69

    This is where I am stuck at.

    Let me know what other information I can provide so I can get this
    workign properly.
     
    kjkearney, May 7, 2007
    #12
  13. The FR router has a route to the servers in vlan1 so that's ok. The
    switch at 10.0.0.13 also needs to have routes to 10.0.6.0/24, 10.0.7.0/24
    etc via 10.0.0.69 ( the router).

    I assume the boxes in vlan1 are in a different network. If vlan1 is also
    the 10.0.0.0/(23|24), then the hosts either need routes to 10.0.6.0/24,
    10.0.7.0/24 etc via 10.0.0.69, or their default gateway needs to send them
    icmp redirects as necessary. PIX firewalls, at least, don't do icmp
    redirects and maybe others don't either.

    The basic concept here is that every box in the network has to have some
    idea of how to get to every other box in the network, whether by a default
    gateway to some box that's assumed to know, static routes, or learned via
    a routing protocol doesn't matter.

    So if you want to know whether host A can reach server B you just need
    to check what address host A will forward it's packets to then go to that
    address and repeat the question. If you eventually arrive at server B then
    you have good routes in one direction. To see if server B can get
    back to host A you start at server B and ask yourself the same questions
    about host As address.

    This just indicates that the interface with address 10.0.6.69 is not in
    line up/protocol up state. You can't ping an address that isn't up, and
    to the router the address doesn't exist, even if it is configured.

    So your frame relay router forwards tbe packet addressed to
    10.0.6.69 to the 3rd remote site (3RS) because it has a route in that
    direction. 3RS receives the packet, looks in its own routing table for
    10.0.6.69, and it isn't there.

    Because 3RS has no specific route to 10.0.6.69, it looks up the default
    route and forwards the packet back to the frame relay router. Because
    traceroute increments the IP TTL by one at each step, the packet eventually
    dies on one router or the other and you get the output you see here.
     
    Martin Gallagher, May 8, 2007
    #13
  14. kjkearney

    kjkearney Guest

    Thank you Martin this make sense.

    The ones I cannot Ping I have yet to actually connect to a switch. I
    just figured I could ping the Fa0 port is all. I realized the problem
    with the networks so I had changed the default route of the switch to
    point to the router so now traffic seems to be flowing properly. I
    will be 100% sure once I actually connect the other 2 routers to their
    switches so that I can make sure I can ping them as well.

    Looks like I was headed in the right direction the whole time. It
    just made it easier to type it out and get feedback from everyone.

    Thank you again.
    KJ
     
    kjkearney, May 8, 2007
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.