I would like to start by saying I am not a Cisco guy. With that in mind, here is what I am trying to accomplish.

My FastEthernet 0/1 interface needs to be configured to allow our 18 remote locations to connect back to us. Previously they all came in through the serial interface.

I am not sure if I am going to explain this correct, but this is what I am trying to program:
FastEthernet0/1:0   10.0.10.1
FastEthernet0/1:1   10.0.11.1
....up to.....      
FastEthernet0/1:17  10.0.28.1

Any guidance would be greatly appreciated.

Is there something already at those IP addresses? Is there a public IP on the outgoing interface?

Burt

We are using a new ISP which is handing us Ethernet at each of our locations. Therefore the I wanted the Cisco FastEthernet0/1 to be divided up into 18 different IP's
10.0.10.1 /30 - 10.0.28.1 /30

And the IP Address on the router at each location will be:
10.0.10.2 /30 - 10.0.28.2 /30



 

I have a suspicion that you're going about this all wrong. You had a multipoint serial configuration before, probably frame relay. Now you have some sort of metro ethernet connection. Most likely, the routing is going to be very different. The only way you'd do it the way you're doing it is if you were using a trunk interface to connect with the ISP and each remote site had its own VLAN ID.

If that's how you're doing it then you do sort of have the right idea. If that's not how they're doing it, we need to know more about the specifics in order to help.

Thank you for your patience with me. I am a Systems Guy, not a network guy. (I know I know!!)

-We are getting a Metro Ethernet Connection.

-Each of our 18 locations has a router.

-Our corporate location has a Cisco.

-The Cisco's FastEthernet0/1 interface is what we are planning on plugging the Metro Ethernet Connection into.

-Our ISP is leaving the networking up to us, therefore I wanted to divide the FastEthernet interface into 18 different IP Addresses.

EXAMPLE
This is how I imagined this working:
LOCATION  WAN IP     LAN IP        CISCO INT  CISCO IP
A         10.0.10.2  192.168.10.1  FE-0/1:0   10.0.10.1
B         10.0.11.2  192.168.11.1  FE-0/1:1   10.0.11.1
C         10.0.12.2  192.168.12.1  FE-0/1:2   10.0.12.1
R         10.0.28.2  192.168.28.1  FE-0/1:17  10.0.28.1

I hope this is descriptive enough

With metro ethernet you should be using switches and not routers. Are you going to tag vlans across the metro E or are you going to use routed interfaces?

I'd be interested to know how the ISP is configuring this. Are all of these sites connected to the same LAN as if they were all bridged together? If so, you will only need one LAN IP address per location and they'll be in the same subnet.

If the ISP is doing trunking and tagging at the main site, and giving each site its own VLAN, then you'll need to configure subinterfaces on your Fast Ethernet interface at the hub. Each subinterface will have its own IP address in its own subnet and will associated with individual VLAN IDs.

I believe routed interfaces?? Like I said, I am a Systems Guy.

Each location has a different IP Address scheme.
Corporate - 192.168.1.0 /24
Location A - 192.168.10.0 /24
...and so on

 

Hmm...something about this isn't adding up. Is your ISP assigned your LAN addresses that face them?

We have assigned our LAN IP's (192.168.XX.0 /24). In addition we also came up with the (10.0.XX.0 /30).

I will try to explain this another way. Our ISP is going to hand us 1 Cat5e cable to plug into our network at Corporate. At each location, they will have 1 Cat5e cable to plug into their local networks. I want the 1 Cat5e cable to plug into our Cisco's FastEthernet0/1 interface. I then want to divide that interface according to my previous post.

 

Using a router defeats the purpose for using metro ethernet. However, if you insist on using a router you would configure it ....

interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.2
 encapsulation dot1Q 2
 ip address 10.10.11.1 255.255.255.0

You would then have to configure the corresponding router with the same configuration and use a different IP address.

For what its worth, why isnt a network engineer doing this project?

Aaron,

I understand the physical connectivity. It's the logical connectivity that we need to understand. If all of your LAN IPs are in the same subnet then there is no reason to further configure additional addresses at your main site.

What problem are you trying to solve?

Each LAN is on it's own subnet.
Corporate's LAN subnet is 192.168.1.1
Each location's subnet starts with 192.168
then the third octet is incremental by 1 starting at 10.

 

We don't have a network engineer, we are a small private real estate company.

Okay, so, the ISP must be handling the routing for you. You just need to have default routes at your remote sites that point toward the ISPs gateway address that they should have given you.

Your hub site will need static routes pointing toward the ISP in order to get to your other sites unless they are allowing you to run some sort of routing protocol. Is this a static routing setup or did they offer to use OSPF or BGP?

You mention your ISP is handing you off an ethernet connection. Is the service actually metro ethernet or are they using a managed router?

Here is a part of the current way it is setup:

Instead of Serial I want to use the FastEthernet interface

This service is Metro Ethernet.  

The new service does not work quite the same way as the old service, so the configuration style you see currently will not work with the new setup.

So there isn't a way to divide the FastEthernet interface like the Serial interface?

It's not going to be necessary with the new configuration. In the current configuration, your main site actually is the hub site. In other words, the other sites have circuits (DS0 fractional T1 or ISDN BRI) that terminate directly at your site.

With the new configuration, the ISP is acting as the real hub. All of your sites--including the one you think of as the hub--simply attach to the ISP's network as spoke sites.

This definitely is starting to sound like a typical Friday!

Ok, I want to flip this around and ask you a question. Since we were told that each location would be able to keep their local IP Subnets and that they would all connect back to corporate. How would you go about setting this up then?

This is the Hardware I have
Router (each location)
Switch (each location)
Cisco Pix and 2600 (corporate location)


 

That depends. Do your routers have two Fast Ethernet connections? (I'm assuming that you're getting Fast Ethernet from your provider.)

You probably already figured this out, but you probably should have a network engineer helping you with this.    We're more than happy to help, of course, but that doesn't beat an on-site engineer who understands the design and the end goals. We'll get it working for you, though.

OMG, I wish we had a Network Engineer, along with a few other things, but you know how small privately held companies are.

We do have 2 FastEthernet interfaces on the Cisco.
   FastEthernet0/0 - is used for our LAN at Corp
   FastEthernet0/1 - was intended to connect us to the other sites
 

Okay, this will be fairly easy with a couple of caveats. We really need to know more about the overall design. For example, do these remotes sites require Internet access? If so, do they go through the main site to get to the Internet or do they have their own Internet connections (DSL/cable)?

The first part is simple. At each location, configure FastEthernet0/1 with the IP address assigned to you by the ISP.

The second part, routing, is probably going to be fairly simple, as well. If each site goes through the main site to get to the Internet, all you need at each "remote" site is a static route like this:

ip route 0.0.0.0 0.0.0.0 <gateway>

...where <gateway> is the IP address of the gateway for that site. The ISP should have given you this information. If you have old static routes, you'll want to remove them once you've tested the new circuits.

At the main site, you probably already have a default route for your Internet access, so you can't add another one pointing back toward your ISP. You'll need to add individual static routes for each remote subnet you need to reach.

Let's say the gateway for the main site is 192.168.0.1. You'd need routes to tell it how to reach the subnets at your remote sites. Let's say your local LAN subnets at each site are in the 10.x.x.x range, you'd need something like the following:

ip route 10.10.1.0 255.255.255.0 192.168.0.1
ip route 10.10.2.0 255.255.255.0 192.168.0.1
ip route 10.10.3.0 255.255.255.0 192.168.0.1

and so on, one for each remote subnet that you need to reach. The tricky part that we also need to understand is how your ISP knows about your remote networks. If you're not sharing routing information via OSPF or BGP, they probably are doing static routing internally, which means they need to know the locations of your local IP subnets.  

Our internet connection comes in at our Corporate Office.

The Metro E connection going to each site is going to give us a 3 meg pipe between corp and the remote site.

I was told that when they hand us off the ethernet connection, we can set whatever IP address scheme we want. I chose 10.0.xx.0 /30 (xx being an incremental number)

All the remote sites browse the Internet through the corporate location, 10 meg pipe.

I have figured out how to program in the static routes on the Cisco and have started to configure them.

The only Cisco is at Corporate.

Each site has a Linksys WRT54GL which I converted over to DD-WRT. (This has a WAN and LAN)
WAN: 10.0.xx.2 and LAN: 192.168.xx.1

Maybe this is where I am going wrong. I am configuring each WAN to have a subnet of 255.255.255.252
My train of thought is the Corp Cisco has an IP address of 10.0.10.1 /30 and the remote site 10.0.10.2 /30
then the next remote site would be configured 10.0.11.2 /30 and the Cisco would have another IP address 10.0.11.1 /30

Oh, I misunderstood something. If they're letting you assign your own addressing to the Metro E connections, I'm betting that they're all on the same subnet. That makes the most sense and it means that our task is even easier.

You still will only need one IP address on each Metro E connection, and they all need to be in the same subnet. Forget static routing. You probably already have a routing protocol running, so it should be relatively quick and painless.

If your remote sites have static default routes, you may need to change them if those sites suddenly lose Internet access after the migration.

If I am understanding you correctly, this is what you are saying.

Corporate:
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.0

Remote Locations:
WAN: 10.0.0.XX
LAN: 192.168.XX.1

Exactly!

Are you currently running a routing protocol or are you using static routes only?

I believe static routes.
Currently this is our situation:

So would my new config would look like this?

It won't quite be that simple, but we can turn on EIGRP as a routing protocol and all will be well. If you want to continue to use static routes, you'll need one for each remote site just as you currently do. If you turn on EIGRP, you'll only need the static default routes. The rest you'll be able to get rid of.

To turn on EIGRP, configure this on each router:

router eigrp 1
 network 10.0.0.0
 network 192.168.0.0

The static default route at your remote sites will probably change. If the IP address of your main site is 10.0.0.1, for example, the static route at the remote sites will be:

ip route 0.0.0.0 0.0.0.0 10.0.0.1

They can't run eigrp.

"The only Cisco is at Corporate.

Each site has a Linksys WRT54G"

Our Cisco 2600 is what connects all our remote sites.
It's lan ip address (FastEthernet0/0) is 192.168.1.4

Our internet connection comes in on the Cisco Pix (192.168.1.254)

  

Oh, I didn't even catch that. Good catch, Brian.

Hmm...I have no idea what routing capabilities those Linksys routers have. You're probably going to be stuck doing static routing for everything. That just means that your corporate site will have static routes to every remote site, just as you have now.

And btw, networking makes my brain hurt

That's okay. Systems stuff makes my brain hurt.  :)

Ok, with recent developments the new routes would look like:

No, don't just send them out the interface. They need to know exactly where to go, so use the "WAN" IP addresses of your remote sites instead.

Alright,
so it would be

WOW this was a LONG day. Thank you so much for your help. This is the second time I had to configure something on a Cisco router and I give you guys tons of credit for knowing you stuff.

That's exactly right. This is all assuming that all of your Metro E connections are on the same LAN subnet, which is almost certainly the case.  

I think you're well ahead of the curve if this is only the second time you've really had to touch a router!

I don't know what the routing is going to look like on those remote routers, though. Do they also have two Fast Ethernet interfaces? I seem to recall that those only have one Fast Ethernet interface.

The Linksys routers are 10/100 so I should be all set with the remote sites.

Can you have more than one VLAN on those routers? You'll want to put the WAN interface into a different VLAN and keep it separate from the rest of the LAN traffic.

How are these things working now? I thought that those routers didn't have serial interfaces, yet they're talking serially to the main router now.

Sorry for jumping in so late on this, but I have several of these types of networks running.

You are very close, just need some a few more routing changes.


CORPORATE

The Cisco router FE0/0 interface should be set up as follows:

interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.0

You're going to need static routes to point back to the remote sites:

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 192.168.10.0 255.255.255.0 10.0.0.10
ip route 192.168.11.0 255.255.255.0 10.0.0.11
ip route 192.168.12.0 255.255.255.0 10.0.0.12
ip route 192.168.13.0 255.255.255.0 10.0.0.13
ip route 192.168.14.0 255.255.255.0 10.0.0.14
ip route 192.168.15.0 255.255.255.0 10.0.0.15
ip route 192.168.16.0 255.255.255.0 10.0.0.16
ip route 192.168.17.0 255.255.255.0 10.0.0.17
ip route 192.168.18.0 255.255.255.0 10.0.0.18
ip route 192.168.19.0 255.255.255.0 10.0.0.19
ip route 192.168.20.0 255.255.255.0 10.0.0.20
ip route 192.168.21.0 255.255.255.0 10.0.0.21
ip route 192.168.22.0 255.255.255.0 10.0.0.22
ip route 192.168.23.0 255.255.255.0 10.0.0.23
ip route 192.168.24.0 255.255.255.0 10.0.0.24
ip route 192.168.25.0 255.255.255.0 10.0.0.25
ip route 192.168.26.0 255.255.255.0 10.0.0.26
ip route 192.168.27.0 255.255.255.0 10.0.0.27
ip route 192.168.28.0 255.255.255.0 10.0.0.28

All Corp DHCP should have the Cisco's FE0/0 (192.168.1.1) as the default gateway.

I am assuming that 192.168.1.254 is separate device that accesses the internet. You'll have to put static routes in that as well. All those static routes should point to the Cisco FE0/0 (192.168.1.1).


REMOTE SITES

All DHCP should point to the LAN interface of the WRT54G for the default gateway.

The WRT54G WAN interface IP address should correspond to the routing table above.

The WRT54G should have 10.0.0.1 as it's default gateway.

You'll have to make sure all firewall functions are turned off.

I'm not sure about the DD-WRT firmware mod, but the WRT54G has 2 modes of operation "router" and "gateway", you don't want gateway mode because then all traffic is NAT'd.

One other thought...
I believe the DD-WRT mod of the Linksys routers are capable of RIP.
You could get rid of all the static routes in all the devices by enabling RIP on everything.
RIP has it's drawbacks; all devices send out the entire routing table every 30 seconds which can generate some traffic, but you network is relatively small and you have enough bandwidth available, I'd consider it.

I think that's everything, let us know how it works out.

MCSE CCNA CCDA

I believe they will accept multiple VLANs. Currently we have old (10 years old) Cisco 1700 routers at each remote site.

The plan with this Metro Ethernet connection is to next roll out VoIP at all our locations. Would the RIP traffic generate too much traffic for that? Also is RIP hard to configure, as I said I am a Systems guy so I don't want to attempt something too far over my head.

RIP is easy to configure and won't generate too much traffic with a network your size. You'd basically use the same commands I gave you for EIGRP, except the first command is "router rip" instead of "router eigrp 1".

He'll want version 2 RIP for the 24 bit masks for 172.x.x.x and 10.x.x.x

Burt

Yes, RIPv2 for classless routing.

As far as VoIP...
You have plenty of bandwidth, each VoIP session only consumes 84k (with overhead) of bandwidth.
However, you will probably want to implement some form of QoS.
You can implement QoS based on several factors: MAC address, IP address, VLAN, DiffServ, Dot1p, etc.
You're probably going to be restricted to what the DD-WRT routers will support.

MCSE CCNA CCDA

I talked to the network engineers from our Metro Ethernet connection, and I got some more information and some terminology!!

They want the FastEthernet0/1 interface divided up into Sub Interfaces. The reason they wanted it that way was to avoid network broadcast storm in the event that a router goes bad (not too sure but it sounded legit).

 

It may be legit, but I don't understand it. If you break it up into subinterfaces, that means that each subinterface is going  to be on its own VLAN, which means they're doing trunking to you. It also has some ramifications regarding your IP addressing scheme.

OMG - this definitely is a Monday!
I tried breaking it up into subinterfaces and when attempting to put the IP address on it I get the following error:

You said:

Quote:

that means that each subinterface is going  to be on its own VLAN, which means they're doing trunking to you

That is a foreign langauge to me, could you explain this a little more?

That means you have to configure it as a trunk port and then add "encapsulation dot1q" to the subinterface. I'm very unclear about why they want it configured that way, though.

Are they doing trunking on this link? If so, is each remote site coming in on its own VLAN? If that's the case, each VLAN will have its own LAN subnet and subinterface.  

For some reason the router doesn't recognize 'encapsulation'.

Here is what was explained to me in the meeting today. After I told them how I reconfigured everything (the way we discussed in here) they said that they didn't want the design that way because of the possibility of a broadcast storm. They said they wanted all the traffic between the Remote Sites separated from each other on the back to corporate.

Then I suggested using RIP, but they said that a Dynamic routing table wouldn't make much sense for a network with 1 internet connection with remote sites that aren't going to be changing.

PS - I need a new job with a real IT department, anyone know of something?

I'm not understanding this at all...you have several locations, each with their own subnet. Don't they each have their own router??? Why are you wanting to put 18 IP addresses on one interface???
If all your IP addresses are static, with no redundancy configured, you may as well have static routes rather than using a routing protocol. But that means you can't have redundancy!
Please explain your topology!

Burt

I'm with you, Burt. I just don't understand how they have this designed under the hood. It almost sounds like each remote site is on its own VLAN and they are trunking to the main site. I've only seen a couple of "point-to-point" Metro E connections, so I have no idea if that's a common configuration or not.

He's probably running IP Base code, since their is no choice for encapsulation, or it may be a router that does not support trunking, like a 1720...
"We are using a new ISP which is handing us Ethernet at each of our locations. Therefore the I wanted the Cisco FastEthernet0/1 to be divided up into 18 different IP's
10.0.10.1 /30 - 10.0.28.1 /30

And the IP Address on the router at each location will be:
10.0.10.2 /30 - 10.0.28.2 /30"

So, why put all the sites' IP addresses on your fa0 interface??? It just needs one like the rest, and each one seems to be point-to-point, with the routing configured with a 24 bit mask! The 30 bit mask makes no sense to me in this situation---not needed at all! Not with a private IP addressing scheme!

Burt

"My FastEthernet 0/1 interface needs to be configured to allow our 18 remote locations to connect back to us. Previously they all came in through the serial interface."

fa0/0(10.1.1.1/24)------site1(10.1.1.2)----site3(10.1.1.3)etc...

With all the routers having routes to eachother, this is all that's needed!

Burt

- Each Site has it's own router.

- There is no redundancy.

- I was told to divide the interface into subinterfaces to
separate all the traffic from each remote site back to corporate.

- I am not 100% sure what trunking at the main site means. But I understand that the connection between Corporate and each Remote site was supposed to be isolated.

Burtsbees, that is how I last configured the router. However, I was told today in a meeting that it was strongly advised not to program it that way in the event of a router going bad and creating a broadcast storm.

Previously, they all came in on the Serial interface, but that had subinterfaces for each location.  

Interesting, it does sound like they are doing trunking. That simply means that although the traffic is coming in on the same physical interface, it is separated logically inside the router on different subinterfaces.

If that's what they're doing then you will need a separate subnet for each connection. A /30 would work just fine for each virtual link, but it's not necessary to make your subnet that small. You could easily use /24s to make the math easier in your head. It's not like you're going to run out of space!

And they're right that dynamic routing does make sense, but I'm just lazy and hate adding tons of static routes. :)

AaronBeau:
I have three MetroE networks just like yours in Miami, Orlando, and Tampa.

Configure it the way we've recommended, it will work just fine. It's the way mine are set up.
The ISP's concerns about broadcast storms are old-school. With the new equipment nowadays, the chances of a broadcast storm are very rare. In fact I haven't seen one in the last five years.

One other thing to note: you may not be able to use VLANs over the MetroE. It depends on how the ISP implements their MetroE. All your sites are just a single VLAN on their network. So unless you are able to use Q-in-Q (VMAN), any tagged traffic will not work. My Miami network is that way.

MCSE CCNA CCDA