me@myllt:~$ traceroute 192.168.2.32
traceroute to 192.168.2.32 (192.168.2.32), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 2.337 ms 2.577 ms 2.918 ms
2 100.64.1.1 (100.64.1.1) 32.245 ms 31.087 ms 32.500 ms
3 * * *
4 * * *
5 * * *
6 * * *^C
me@myllt:~$
It looks like you can reach your router like you should, but why is your router connecting your ISP's router to reach a host in the branch office? To reach the branch office, your router should be directing traffic to the T1 line, not to the Internet.
Let's take a moment here to go over a basic concept that you will need to understand if you want to be a network admin: the purpose of a router is to route (natch!) traffic appropriately. In other words, a router works very much like an old-fashioned traffic cop, directing cars through an intersection. When a car (a packet) arrives at the intersection (a network interface), the traffic cop (the router) looks at the lane position and turn signals (the destination address and routing tables), and then directs the car (the packet) towards the proper lane (outbound interface). However, routers are just electronic devices; they aren't omniscient. With an exception that I'll discuss in just a minute, routers only know how to reach networks that either are directly connected to them, or that you have explicitly told them how to reach. Therefore, the easy solution is to log in to your router and type these commands...:
lab2651rtr# conf t
lab2651rtr(config)# ip route 192.168.2.0 255.255.255.0 192.168.3.6
lab2651rtr(config)# exit
lab2651rtr#
...then try the traceroute command again:
me@myllt:~$ traceroute 192.168.2.32
traceroute to 192.168.2.32 (192.168.2.32), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 2.047 ms 2.453 ms 3.199 ms
2 192.168.3.6 (192.168.3.6) 2.840 ms 3.697 ms 6.029 ms
3 192.168.2.32 (192.168.2.32) 3.169 ms 4.166 ms 4.522 ms
me@myllt:~$
That's better! However, what happens if you have to add another branch office? You'll need to add another static route to and from the main office, and if the two branch offices need to communicate with each other, too, then you'll need to add two more static routes on each router. If you keep following this train of thought, you'll soon realize that continuously adding static routes for every new branch office can quickly become unmanageable.
Fortunately, there is a better solution. Routers have the ability to create routes between connected devices automatically, if you enable the feature. This is called "dynamic routing" and the standards that have been established to allow interconnected routers to do this are collectively known as "dynamic routing protocols." One of the dynamic routing protocols that is easiest to understand and configure is known as "RIP" -- "Routing Information Protocol." I won't spend much time describing how RIP works -- again, there are plenty of on-line resources that explain the idea behind RIP (and you should probably spend at least a little time reading them, if you want to pass the CCNA) -- but instead, we'll dive right into configuring it. First, remove the static routes between the main office router and the branch office router:
lab2651rtr# sho run | inc route
default-router 192.168.1.1
ip route 0.0.0.0 0.0.0.0 100.64.1.1
ip route 192.168.2.0 255.255.255.0 192.168.3.6
lab2651rtr# conf t
lab2651rtr(config)# no ip route 192.168.2.0 255.255.255.0 192.168.3.6
lab2651rtr(config)#
...and...:
lab3640rtr# sho run | inc route
default-router 192.168.2.1
ip route 0.0.0.0 0.0.0.0 192.168.3.5
lab3640rtr# conf t
lab3640rtr(config)# no ip route 0.0.0.0 0.0.0.0 192.168.3.5
lab3640rtr(config)#
If you aren't familiar with the line that begins "sho run", basically all I'm doing is telling the router to show me the current configuration ("sho run"), and then I'm telling it to filter ("|") the output by including only the lines that contain the word "route." If you would like, spend a little time playing with the command until you understand what it's doing. For example, try running "sho ip int brie | inc Serial" or "sho run | inc password" There are other filters available, too, such as "sho run | begin interface" which can really help you out when troubleshooting problems.
Back to the configuration...If you try to traceroute to the branch office at his point, the traceroute should fail because the routers no longer know how to reach the internal networks on the other router. Let's fix that problem, shall we?
lab3640rtr(config)# router rip
lab3640rtr(config-router)# version 2
lab3640rtr(config-router)# network 192.168.3.4
lab3640rtr(config-router)# redistribute connected
lab3640rtr(config-router)# exit
lab3640rtr(config)# exit
lab3640rtr#
...and on the main office router:
lab2651rtr(config)# router rip
lab2651rtr(config-router)# version 2
lab2651rtr(config-router)# network 192.168.3.4
lab2651rtr(config-router)# redistribute connected
lab2651rtr(config-router)# redistribute static
lab2651rtr(config-router)# passive-interface fa0/1
lab2651rtr(config-router)# exit
lab2651rtr(config)# exit
lab2651rtr#
This should establish routing between the two routers. Here's what the commands do:
* First, we tell the router to start the RIP routing process with the "router rip" command.
* Next, we tell the router that we want to use RIP version 2. The original version of RIP was classful, meaning that it didn't understand subnetting. Version 2 introduced classless networks into RIP, and since we are using /30 addresses on the point-to-point serial link, it would be best if we used the version of RIP that supports classless networks.
* We tell RIP that we want it to send and receive router advertisements on the network interface that hosts the 192.168.3.4 network. We don't list the LAN networks (192.168.1.0 and 192.168.2.0) because they are "network stubs." There are no other routers on the LAN networks to send or receive RIP advertisements on those networks, so there is no reason to send or receive an advertisement out the LAN interface.
* Next, we tell the router that when it sends a route advertisement, we want it to include the routes to all of the networks directly connected to one of its network interfaces ("redistribute connected").
* On the main office router, we tell RIP to redistribute static routes also (so that branch office users can reach the Internet).
* Finally, also on the main office router, we tell RIP not to send route advertisements to the ISP. They don't care about routes on our internal network, and even if they did, RIP probably wouldn't be the best choice for a number of reasons that are beyond the scope of this discussion. Just take my word for it that, as of the date that I am writing this, BGP ("Border Gateway Protocol") is the routing protocol of choice for peering with service providers. Note: this command probably isn't strictly necessary, since we are only telling the routers to advertise across the serial interface, but I am including it anyway, just to prevent a typo in the future from suddenly sending advertisements to RFC-1918 IP space to our upstream provider. They should, in theory, be filtering RFC-1918 addresses out of their route advertisements, but...
Now that RIP has been configured on the two routers, hosts from the main office and the branch office should be able to reach each other. If not, then it's time to get familiar with two new Cisco commands, "sho ip route" and "sho ip rip database." "sho ip route" does exactly that -- it shows you the routes that your router "knows" about, and "sho ip rip database" shows you what networks are stored in the RIP database, and what path you would take to reach those networks.
No comments:
Post a Comment