Subnet Routing..

[dawks]

Hello,

We have a network with two subnets (172.25.211.x and 172.25.200.x), which is connected to a larger network with multiple subnets (172.25.xx.x) through a gateway (172.25.200.1 - on the 172.25.200.x network obviously). We need the users on the 172.25.211.x network to be able to get to the other networks easily (they can get to the 172.25.200.x network no problem - we just need the ability for the 211 clients to route through the 200 network.

How can I go about doing this? The network is segmented with HP Procurve switches and we have a Windows Server 2003 box with RRAS and two NICs installed if needed.

If you can, please provide more specific details like the route add commands I'd need to do. (I'm not a subnetting expert).

I'm thinking there should be a way that any 172.xx.xx.xx traffic destined for anything other than the 172.25.211.x network should be able to be routed to the 200 network which can find its way to the other networks via the 172.25.200.1 gateway.

Hopefully this makes sense. Thanks.

 

[Pantlegz]

it's a little confusing but it sounds like you want the 211 network to go through the 200 network? if that is the case then all you need to do is set up the routers so there is a point to point connection between the 211 and 200 only. This way any unknown destination will go out the default gateway and if it's not on the 200 network then it will go out it's default gateway. a simple ip route 0.0.0.0 interface xxx would work on the 211 network, you could also use IP if that's easier. You shouldn't have to touch the 200 network at all.

 

[spidey07]

This could get complicated, quick. You're going to need a router to "route" between 172.25.211/24 and 172.25.200/24. Then on that router you'd set a route to 172.25.0.0/16 with a next hop of 172.25.200.1.

I'm assuming 200 and 211 are actually two separate broadcast domains and are truly separate networks?

 

[dawks]

Originally posted by: spidey07
This could get complicated, quick. You're going to need a router to "route" between 172.25.211/24 and 172.25.200/24. Then on that router you'd set a route to 172.25.0.0/16 with a next hop of 172.25.200.1.

I'm assuming 200 and 211 are actually two separate broadcast domains and are truly separate networks?

Not entirely sure if they are 'truly separate'. There are VLAN's configured and such. You are on the right track about the routing stuff though.

I'm looking at the switch that is configured to be the gateway for the 172.25.211/24 network and it has "ip route 172.25.0.0 255.255.192.0 172.25.200.1"

But when I try to ping 172.25.3.49 from the 172.25.211/24 side, it fails. On the 172.25.200/24 side, it works just fine.

On the switches on the 172.25.200/25 side it has the following:
ip route 172.25.0.0 255.255.192.0 172.25.200.1
ip route 172.24.0.0 255.255.0.0 172.25.200.1 (since theres also 172.24 networks, but just want to get the 25 working right now).

Thanks!

 

[dawks]

Another note

From the 172.25.211/24 side I can ping most 172.25.200/24 hosts just fine.
But I can't ping 172.25.200.1.

C:\Documents and Settings\Administrator>ping 172.25.200.17

Pinging 172.25.200.17 with 32 bytes of data:

Reply from 172.25.200.17: bytes=32 time=8ms TTL=63
Reply from 172.25.200.17: bytes=32 time=2ms TTL=63
Reply from 172.25.200.17: bytes=32 time=2ms TTL=63
Reply from 172.25.200.17: bytes=32 time=3ms TTL=63

Ping statistics for 172.25.200.17:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 8ms, Average = 3ms

C:\Documents and Settings\Administrator>ping 172.25.200.1

Pinging 172.25.200.1 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 172.25.200.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

[Pantlegz]

is there a chance that ping response was shut off on the router and not whatever was at 172.25.200.17?

The ping issues with .211 not working, is there an ACL on the router preventing ICMP? Is there an ACL at all?

Are the same routing protocols being used? is there a gateway of last resort setup?

ip route 172.25.0.0 255.255.192.0 172.25.200.1 this statement just means anything going to the 172.25.192-255.xxx goes to 172.25.200.1

Also, there is a router with subinterfaces(using 801.q) on routing between the VLANS right?

 

[imagoon]

What your mentioning can happen on routers that try to send the ping reply back using the routing table, and there is no way back. It can happen when only one side of a set of routers has a route to the others. In this case it sounds like the switches route the data ok, but the 172.25.200.1 router doesn't know where to send the data. Is the default gateway on the 200.x network the switch or the router?

*this all assumes that I am visualizing what your are describing correctly...

 

[dawks]

Originally posted by: Pantlegz1
is there a chance that ping response was shut off on the router and not whatever was at 172.25.200.17?

The ping issues with .211 not working, is there an ACL on the router preventing ICMP? Is there an ACL at all?

Are the same routing protocols being used? is there a gateway of last resort setup?

ip route 172.25.0.0 255.255.192.0 172.25.200.1 this statement just means anything going to the 172.25.192-255.xxx goes to 172.25.200.1

Also, there is a router with subinterfaces(using 801.q) on routing between the VLANS right?

172.25.200.2 will respond from my computer, but not from a computer on the other 'subnet'. Which would indicate, as imagoon says, that it might not be able to find its way back.

I logged into 172.25.200.2 (which is just a linksys router) and ran a bunch of pings. It can ping everything on its subnet, but nothing on the 172.25.211/24 network. The question for me is, why can't it, when computers can?

Edit: I guess since the linksys router isnt configured with an internal gateway, perhaps thats the problem? It can ping the 172.25.200/24 hosts since its on the same subnet, but without an internal gateway, it won't be able to find other subnets. Which could also be a possibility on the 172.25.200.1 gateway (that connects us to another private LAN - the one i'm trying to get connectivity working on).

 

[Pantlegz]

so is the 211 network just plugged into a LAN port on the linksys?

 

[spidey07]

I still can't picture what is doing the routing here. Stop posting symptoms please and start posting what routers are involved. A router is ANY device that forward IP packets - this could be your switch, this could be just about anything. A router is a router, it routes. You cannot figure this out without understanding what routers are involved. Routers define the network/subnet, that's their job. If clients or other routers don't agree on what defines the network then you'll see all kinds of crazy stuff.

What devices are routers in this?

 

[Pantlegz]

I'm with ya spidey I don't understand how this is setup let alone where the issue may be. Some configs and simple topology would be so helpful at this point.

 

[dawks]

Its pretty well laid out in the first post...

We have location A on 172.25.211/24 connected to 172.25.200/24. 172.25.200/24 (Location B) is connected to 172.25/18 or whatever, and 172.24/18 (Location C). We need 172.25.211/24 (A) to pass through to 172.25.200/24 (B) to the other networks (C).

Perhaps the confusion is we're running HP switches, that are called switches. Routing with vlans?

A computer on 172.25.211/24 (A) can ping and get responses to clients on 172.25.200/24 (B), but it will not get responses from 172.25.200.1 (Gateway to C) or 172.25.200.2 (Internet gateway for B). Im thinking both of these devices do not have gateways, so they can operate on 172.25.200/24 fine because they have an IP on that network (B). But without a gateway programmed on B's network, they don't know how to get to (A).

 

[spidey07]

Well that totally changes everything. Your OP makes it look lik 172.25.211 and 172.25.200 are connected to the same router.

What routers are involved and can you post their routing tables? It's still not making any sense on how this is connected or linked together. Are you running any routing protocol?

You'll just have to setup the routes on every single router involved so they have a next hop for every single network. This is normally where a routing protocol comes in because static routes can quickly become a nightmare.

 

[imagoon]

It sounds like your network is not converging (static or otherwise). IE not every router (which is still hard to see here) has a clue where to send packets. Also I am confused by 172.25/18 while you show a /16 address in the first post. /18 is a pretty uncommon boundary. If it is 172.25/16, you cannot have identical networks on both sides. 172.25/16 include 172.25.211/24 and 172.25.200/24 so you would definitely have lost packets because the router wouldn't know which interface to export them on.

Edit:

Pretty well laid out is something like this:

Loc A
Networks - Inside
192.168.100.0/24 Vlan 100
192.168.101.0/24 Vlan 101
192.168.200.0/30 T1 > LOC B

Router (A):
192.168.100.1
192.168.101.1
192.168.200.2 > LOC B

Loc B
Networks - Inside
192.168.120.0/24 Vlan 100
192.168.121.0/24 Vlan 101
192.168.200.0/30 T1 > LOC A

Router (B):
192.168.120.1
192.168.121.1
192.168.200.1 > LOC A
192.168.220.1 > LOC C

Loc C

Networks - Inside
192.168.130.0/24 Vlan 100
192.168.131.0/24 Vlan 101
192.168.220.2/30 T1 > LOC B

Router (C):
192.168.130.1
192.168.131.1
192.168.220.2 > LOC B


Routing table A
Some IPs
Routing table B
Some IPs
Rotuing table C
Some IPs



That info shows very clearly that there are 3 (or 4) routers 1 at A 1 at C 1 or 2 at B and which connect to which.

Let us know.