I have two subnets running on 2 sets of cabling and switches. I need to be able to access 1 server on the Admin network from the Students network. I cannot just flatten the networks down into one due to school policy. So I bought a cisco router (881). I have managed to assign an ip address to the WAN port. I could not assign an ip address directly to the switchports. It turned out I had to create a VLAN for one of these and assign the ip address to it. I set a static route in Windows so it know where the device is. I can now ping both of these ips on different subnet from either network. However, I cannot work out how to route between the two of them. I can't ping beyond the router. I understand subnets ok but I have only done VLANs and routing in theory so am now completely stuck.
Connecting two subnets with Cisco 881
- Thread starter ajstan
- Start date
Soldato
- Joined
- 30 Dec 2004
- Posts
- 4,681
- Location
- Bromley, Kent
Can you post a show run?
- Pea0n
- Pea0n
Associate
- Joined
- 23 Dec 2002
- Posts
- 1,495
- Location
- Under my desk
There's a couple of ways you can do this, depends if both networks currently have Internet access or not (think default gateway)
If you've got that already you can either choose to replace it and do Internet via your cisco, or just add the cisco to do the routing between subnets for the server you want to access.
Ok, first of all, keep your wan port for that (just allows for future proofing)
Create two vlans on the router, either keep van 1 and add van 2 or add 2 and 3.
Go to configure it as an interface:
Conf t
Interface vlan 'x'
Ip address of your student vlan and subnet mask
No shutdown
Interface vlan 'y'
Ip address of your admin vlan and subnet mask
No shutdown
Interface '1' (switch port on the router)
Switchport access vlan 'x'
Interface '2' (switch port on the router)
Switchport access vlan 'y'
Exit
Plug your respective networks in to the switch ports.
Now this is where it gets a bit tricky. The router now knows where each subnet is, if traffic gets to the router it will route between the subnets as they are 'connected'. But the pc's won't know so you have two options.
Either set the pcs and servers to have the default gateways as the router ip address on their own subnet, but you could loose net access. Or set static routes on the pc's and server.
On the pcs you'll need to add the server address and route it via the router interface you created on the student vlan and on the server you'll need to set the student subnet as known via the router interface you connected on the admin network. That should work then
If you've got that already you can either choose to replace it and do Internet via your cisco, or just add the cisco to do the routing between subnets for the server you want to access.
Ok, first of all, keep your wan port for that (just allows for future proofing)
Create two vlans on the router, either keep van 1 and add van 2 or add 2 and 3.
Go to configure it as an interface:
Conf t
Interface vlan 'x'
Ip address of your student vlan and subnet mask
No shutdown
Interface vlan 'y'
Ip address of your admin vlan and subnet mask
No shutdown
Interface '1' (switch port on the router)
Switchport access vlan 'x'
Interface '2' (switch port on the router)
Switchport access vlan 'y'
Exit
Plug your respective networks in to the switch ports.
Now this is where it gets a bit tricky. The router now knows where each subnet is, if traffic gets to the router it will route between the subnets as they are 'connected'. But the pc's won't know so you have two options.
Either set the pcs and servers to have the default gateways as the router ip address on their own subnet, but you could loose net access. Or set static routes on the pc's and server.
On the pcs you'll need to add the server address and route it via the router interface you created on the student vlan and on the server you'll need to set the student subnet as known via the router interface you connected on the admin network. That should work then
Thanks for all the responses. I reset the router then followed Chief Wiggum's advice. Here's a show run of how the router is now. Also will post my windows route table.
Code:
!Cisco881#show run
Building configuration...
Current configuration : 1071 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco881
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$P.ME$iEGbkCgAdLJJqrxSy7/mJ.
enable password bethnal2
!
no aaa new-model
!
!
ip source-route
!
!
ip cef
no ipv6 cef
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
switchport access vlan 2
!
interface FastEthernet1
switchport access vlan 3
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 10.240.132.8 255.255.252.0
!
interface Vlan3
ip address 10.240.130.15 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
dialer-list 1 protocol ip permit
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password bethnal3
login
!
scheduler max-task-time 5000
end
Cisco881#From each network I can ping both switchports 0 (10.240.132.8) & 1 (10.240.130.15) but I cannot ping any other devices on the other networks. (Request time out)
The windows route table looks like this.
Code:
C:\Program Files\Support Tools>ping 10.240.132.22
Pinging 10.240.132.22 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.240.132.22:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Program Files\Support Tools>The windows route table looks like this.
Code:
C:\Program Files\Support Tools>route add -p 10.240.132.0 mask 255.255.252.0 10.2
40.130.15 metric 1
C:\Program Files\Support Tools>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 09 d8 a6 6d ...... VIA Compatable Fast Ethernet Adapter #2 - Teefer
2 Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.240.130.1 10.240.130.65 20
10.240.130.0 255.255.255.0 10.240.130.65 10.240.130.65 20
10.240.130.65 255.255.255.255 127.0.0.1 127.0.0.1 20
10.240.132.0 255.255.252.0 10.240.130.15 10.240.130.65 1
10.255.255.255 255.255.255.255 10.240.130.65 10.240.130.65 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.240.130.65 10.240.130.65 30
224.0.0.0 240.0.0.0 10.240.130.65 10.240.130.65 20
255.255.255.255 255.255.255.255 10.240.130.65 10.240.130.65 1
Default Gateway: 10.240.130.1
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.240.132.0 255.255.252.0 10.240.130.15 1
C:\Program Files\Support Tools>ok, so this is straightforward to sort out. looking at the information you've provided, your network looks like this:
the devices on the 10.240.130.0 /24 network are using 10.240.130.1 as their default gateway. so, you have two options. you either configure all hosts on the 10.240.130.0 /24 network with a static route directing traffic destined for the 10.240.132.0 /22 network at a gateway of 10.240.130.15...or you simply configure the router at 10.240.130.1 with that route instead. i know which i would rather do, but i don't know whether you have administrative control over 10.240.130.1 or not. if you do, then happy days, and if you don't and your network administrator won't add that route then you're SOL and will have to add the route entry onto workstations that need to see the remote network. if it comes to it, remember to use the -P flag when entering the route on the workstations so that it is persistent between reboots.
the devices on the 10.240.132.0 /22 network...you've not provided an ipconfig from one of these devices so i don't know whether there is another router on that subnet. if there isn't, then you can safely configure the default gateway on those devices to be 10.240.132.8 and then you will be able to access the 10.240.130.0 /24 network. if there is another router on that network then the same rules as above apply - you either get the route put on that router, or you'll have to configure each host individually again.
additionally, if there isn't another router on the 10.240.132.0 /22 network already (e.g. for internet access, etc) and you want the 10.240.132.0 /22 subnet to be able to access other upstream networks other than 10.240.130.0 /24 (e.g. such as the internet, etc) then you'll need to configure a default route (0.0.0.0 /0) on the router you have inserted with a gateway of 10.240.130.1.
hope this helps, come back if you need clarification on anything.
edit: p.s. please excuse the shoddy 'mspaint' diagram, don't have visio on this laptop, LOL.
edit2: sorry, i just noticed you already had a static route on the .65 device (not sure how i missed that one!)... do you have a route on the 10.240.132.22 device pointing back at .8 for the 10.240.130.0 /24 network? if not, that's why the ping response will have failed. you know how to get to it, but it doesn't know how to get back to you. hope this helps.
the devices on the 10.240.130.0 /24 network are using 10.240.130.1 as their default gateway. so, you have two options. you either configure all hosts on the 10.240.130.0 /24 network with a static route directing traffic destined for the 10.240.132.0 /22 network at a gateway of 10.240.130.15...or you simply configure the router at 10.240.130.1 with that route instead. i know which i would rather do, but i don't know whether you have administrative control over 10.240.130.1 or not. if you do, then happy days, and if you don't and your network administrator won't add that route then you're SOL and will have to add the route entry onto workstations that need to see the remote network. if it comes to it, remember to use the -P flag when entering the route on the workstations so that it is persistent between reboots.
the devices on the 10.240.132.0 /22 network...you've not provided an ipconfig from one of these devices so i don't know whether there is another router on that subnet. if there isn't, then you can safely configure the default gateway on those devices to be 10.240.132.8 and then you will be able to access the 10.240.130.0 /24 network. if there is another router on that network then the same rules as above apply - you either get the route put on that router, or you'll have to configure each host individually again.
additionally, if there isn't another router on the 10.240.132.0 /22 network already (e.g. for internet access, etc) and you want the 10.240.132.0 /22 subnet to be able to access other upstream networks other than 10.240.130.0 /24 (e.g. such as the internet, etc) then you'll need to configure a default route (0.0.0.0 /0) on the router you have inserted with a gateway of 10.240.130.1.
hope this helps, come back if you need clarification on anything.
edit: p.s. please excuse the shoddy 'mspaint' diagram, don't have visio on this laptop, LOL.
edit2: sorry, i just noticed you already had a static route on the .65 device (not sure how i missed that one!)... do you have a route on the 10.240.132.22 device pointing back at .8 for the 10.240.130.0 /24 network? if not, that's why the ping response will have failed. you know how to get to it, but it doesn't know how to get back to you. hope this helps.
Last edited:
Associate
- Joined
- 23 Dec 2002
- Posts
- 1,495
- Location
- Under my desk
It's quite funny in a round about way - I typed this first thing then forgot the no shutdown on a vlan interface I configured on our site cores this afternoon!
Let us know how you get on with the above advice
Let us know how you get on with the above advice
Thanks. Turns out the problem was that I hadn't made static routes on both PCs so just like you said so I could ping a host on other subnet but the ping didn't know the route back. Now I've done that I can ping both ways. Now onto windows GPOs and AD trusts. I feel more comfortable in that territory!