Static Route on a Cisco router

[36Degrees]

It's a long time since I did any Cisco stuff and I have a problem that is driving me mad.

If I set a static route on a router, does the next hop address have to be the IP address of the router interface or can it be an IP address on the subnet the router is connected to?

e.g. I have two subnets 10.1.1.0/24 and 10.1.2.0/24 and the interfaces on the router are 10.1.1.1 and 10.1.2.1. I want to route all internet traffic on 10.1.1.0 to a Smoothwall box 10.1.2.2 so is this valid or not: ip route 0.0.0.0 0.0.0.0 10.1.2.2


Please note I need to use this router - VLANs are not an option!

[FN-GM]

ip route 0.0.0.0 0.0.0.0 10.1.2.2

This should be fine.

[36Degrees]

Thanks. Now to work out why I can't access the internet...

[FN-GM]

In smoothwall have you added the subnet of the client you are trying to browse the web on?

[36Degrees]

No and it would not have occurred to me to do so.

If the traffic is being sent from a router with an interface on the same subnet as the Smoothwall box why would I need to add the other subnet? And more importantly, where?

[FN-GM]

No and it would not have occurred to me to do so.

If the traffic is being sent from a router with an interface on the same subnet as the Smoothwall box why would I need to add the other subnet? And more importantly, where?

Off top of my head i cant remember where it is. I had smoothie on trial and have ordered and it hasn't arrive yet. We dont have a working setup. You will need to do it because smoothwall sees the client IP addresses. It needs to know to accept the traffic. I had the exact same thing.

Why are you using a router and not layer 3 routing?

Thanks

[36Degrees]

Why are you using a router and not layer 3 routing?

It's a long, sordid story about trying to give wireless access for a meeting the Head is having one evening next week.

We don't have managed wireless or Layer 3 switches and you need to manually enter proxy settings to access the internet if you're not on the domain. My cheap and quick solution was to use a spare router I already have and connect a wireless access point, such that all the user would need to do is enter the password for the wireless.

[twin--turbo]

Why are you using a router and not layer 3 routing?

Thanks

A Router is Layer 3


The smothwall has to know how to get to route to 10.1.1.x

So in smoothwall routing you would have

10.1.1.0/255.255.255.0 via 10.1.2.1


Rob

[FN-GM]

A Router is Layer 3

I missed out a few key phrases. Layer 3 switch for routing

[36Degrees]

I missed out a few key phrases. Layer 3 switch for routing

Glad I understood correctly - the way my brain is this week I'm massively surprised.

There's a more fundamental issue that is causing the problem, namely that the router isn't routing! Problem is I'm not sure if it's the router that's broken or I'm not configuring it correctly.

[SYNACK]

Glad I understood correctly - the way my brain is this week I'm massively surprised.

There's a more fundamental issue that is causing the problem, namely that the router isn't routing! Problem is I'm not sure if it's the router that's broken or I'm not configuring it correctly.

If you are trying to use it to route between two segments on the same IP range it will fail as that is just not how it works. What you could do is use it in NAT mode so that all traffic from its segment 'appears' to come from an ip on your main network. This way the upstream box does not need to know about it and you can use a seporate ip range on the router side.

Depending on the router you may be able to put something like dd-wrt or open-wrt or tomato on it turning it into a full fledged linux router with a bearable interface and use that plus VLANs to setup internal multi VLAN routing but I would only do that with a little bit of traffic, you'll want a full pc with a couple of network cards and something like untangle on it for decent levels of throughput and I'd still go layer3 Switch if I had any option to instead.

[twin--turbo]

have you got the route set up on the smoothwall back to the other lan.


have you done this command on the cisco

ip routing


what is the output of

show ip route


Rob

[36Degrees]

If you are trying to use it to route between two segments on the same IP range it will fail as that is just not how it works. What you could do is use it in NAT mode so that all traffic from its segment 'appears' to come from an ip on your main network. This way the upstream box does not need to know about it and you can use a seporate ip range on the router side.

Depending on the router you may be able to put something like dd-wrt or open-wrt or tomato on it turning it into a full fledged linux router with a bearable interface and use that plus VLANs to setup internal multi VLAN routing but I would only do that with a little bit of traffic, you'll want a full pc with a couple of network cards and something like untangle on it for decent levels of throughput and I'd still go layer3 Switch if I had any option to instead.

Sounds very complicated for what I'm trying to achieve!

Basically, I need to allow wireless access for some visitors next week in the classroom next to my office. They need to be able to access the internet without having to manually configure their favourite browser on their personal device (laptop, iPad, smartphone, etc) with the proxy settings deployed via GPO to domain computers.

I have no time or budget to buy / install a Layer 3 switch, configure VLANs or buy / install a proper managed wireless solution. I already have a Cisco 1841 router and a Draytek Vigor access point. The AP will allow access purely by entering a WPA key and I have configured transparent proxying on our Smoothwall box.

So, Fe0/0 on router has (say) IP address of 10.1.100.1 on new subnet 10.1.100.0/24. Router configured to be a DHCP server for that subnet allocating 10.1.100.151 to 10.1.100.254, DG of 10.1.100.1. Laptop receiving IP address in this range wirelessly.

Fe0/1 on router has (say) IP address of 10.1.1.2 on existing subnet 10.1.1.0/22. Smoothwall box has an IP of 10.1.1.3. Static route set "ip route 0.0.0.0 0.0.0.0 10.1.1.3"

Show IP route has:

Gateway of last resort is 10.1.1.3.
10.0.0.0/8 is variably subnetted. 2 subnets, 2 masks.
C 10.1.100.0/24 is directly connected, FastEthernet0/0
C 10.1.1.0/22 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [1/0] via 10.1.1.3

From the router I can ping the WAP and the main network.

From the laptop I can ping the WAP and both router interfaces but not anything on the main network.

[twin--turbo]

Sounds very complicated for what I'm trying to achieve!

Basically, I need to allow wireless access for some visitors next week in the classroom next to my office. They need to be able to access the internet without having to manually configure their favourite browser on their personal device (laptop, iPad, smartphone, etc) with the proxy settings deployed via GPO to domain computers.

I have no time or budget to buy / install a Layer 3 switch, configure VLANs or buy / install a proper managed wireless solution. I already have a Cisco 1841 router and a Draytek Vigor access point. The AP will allow access purely by entering a WPA key and I have configured transparent proxying on our Smoothwall box.

So, Fe0/0 on router has (say) IP address of 10.1.100.1 on new subnet 10.1.100.0/24. Router configured to be a DHCP server for that subnet allocating 10.1.100.151 to 10.1.100.254, DG of 10.1.100.1. Laptop receiving IP address in this range wirelessly.

Fe0/1 on router has (say) IP address of 10.1.1.2 on existing subnet 10.1.1.0/22. Smoothwall box has an IP of 10.1.1.3. Static route set "ip route 0.0.0.0 0.0.0.0 10.1.1.3"

Show IP route has:

Gateway of last resort is 10.1.1.3.
10.0.0.0/8 is variably subnetted. 2 subnets, 2 masks.
C 10.1.100.0/24 is directly connected, FastEthernet0/0
C 10.1.1.0/22 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [1/0] via 10.1.1.3

From the router I can ping the WAP and the main network.

From the laptop I can ping the WAP and both router interfaces but not anything on the main network.

have you got the route set up on the smoothwall back to the other lan.


have you got the route set up on the smoothwall back to the other lan.


have you got the route set up on the smoothwall back to the other lan.


have you got the route set up on the smoothwall back to the other lan.


have you got the route set up on the smoothwall back to the other lan.


have you got the route set up on the smoothwall back to the other lan.


have you got the route set up on the smoothwall back to the other lan.


have you got the route set up on the smoothwall back to the other lan.

[januttall]

have you got your interface IP's Set with the correct Sub-net Masks it sounds although your sub netting the 10.0.0.0 255.0.0.0 into 10.0.1.0 and 10.0.2.0 255.255.255.0 this may be some of the reason its not working correctly, also are there any ACL's Set up on the router if so you may wish to turn them off till you can verify that there not causing the issue.

if your router goes
Internet > SMOOTHWALL > Main Network > Router > Wi-Fi
you shouldn't need to set anything in the smooth wall box. unless its to do with filtering restrictions network wise it should be OK
if the router plugs direct into the smothwall box then. A. Why do you need a router. B. you will need to change Network settings on it somewhere.