+ Post New Thread
Results 1 to 13 of 13
Wired Networks Thread, Today's Cisco task... How to alter routing table on a Cisco 1841 in Technical; We have several wireless networks here, one of which is a guest network which routes all traffic via a tunnel ...
  1. #1

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,616
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    831

    Today's Cisco task... How to alter routing table on a Cisco 1841

    We have several wireless networks here, one of which is a guest network which routes all traffic via a tunnel to a router off-site (I believe!)

    I need to add a static IP route to the route table for that network which directs traffic to our internal moodle server.

    So, I have got the command 'ip route vrf guest 10.16.16.17 255.255.255.255 10.16.16.129 there, which should direct requests to that IP to the router 10.16.16.129, but am I right in thinking that routing tables are followed sequentially? So, if the catch all 'ip route vrf guest 0.0.0.0 0.0.0.0 Tunnel3' route is before it in the list, it won't hit that route?

    If that's the case, how do I move a route up in the list in Cisco IOS?

  2. #2
    Robot's Avatar
    Join Date
    Oct 2009
    Location
    Leeds
    Posts
    82
    Thank Post
    23
    Thanked 7 Times in 7 Posts
    Rep Power
    12
    Hello,

    The router gets the packet, looks at the destination ip in the packet and looks in its table for a network that would include this dest ip address. The entry with the longest match (longest prefix) will be selected. The 0.0.0.0 0.0.0.0 route will only be used if no other routes in the table are found for that destination.

  3. Thanks to Robot from:

    localzuk (21st September 2011)

  4. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,039
    Thank Post
    852
    Thanked 2,666 Times in 2,263 Posts
    Blog Entries
    9
    Rep Power
    767

  5. Thanks to SYNACK from:

    localzuk (21st September 2011)

  6. #4

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,616
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    831
    Ok, thanks. That means my problem lays elsewhere. I am starting to dislike the way this network was set up - far too overkill/complicated compared to what it needs be.

  7. #5

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,039
    Thank Post
    852
    Thanked 2,666 Times in 2,263 Posts
    Blog Entries
    9
    Rep Power
    767
    You can use traceroute right in ios to see where it is going, if i remember right there is an extended mode to that lets you pick the source ip
    Understanding the Ping and Traceroute Commands - Cisco Systems

  8. Thanks to SYNACK from:

    localzuk (21st September 2011)

  9. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,616
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    831
    Yeah, the problem is that the configuration is remarkably complicated.

    Eg. The wireless network has a WLC-4404 as the controller. Which has basic routing capabilities. This is set up to route all traffic via a VLAN, on our core switch, to a 1841 router, which then routes traffic out depending on a routing table to the core switch again, which has an ACL in place.

    So, as you can guess, I am trying to find my way through this weird web of weirdness to find what goes where!

  10. #7

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,039
    Thank Post
    852
    Thanked 2,666 Times in 2,263 Posts
    Blog Entries
    9
    Rep Power
    767
    Eeek, nested routers and ACLs are annoying, good luck in your hunt and if the CPU / memory usage permits maybe offload the routing directly onto the core for simplicity later.

  11. Thanks to SYNACK from:

    localzuk (21st September 2011)

  12. #8

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,616
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    831
    Further analysis makes it apparent that the 1841 is actually doing nothing... It has a tunnel to another device, and that device no longer exists (ex managed service stuff).

    So, the 1841 is doing zero work, or so it seems.

    I do wish some form of documentation, other than printouts of the config files had been left!!

  13. #9

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,616
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    831
    Ok, next task - it appears to be some ill-advised 'deny' rules in the ACL.

    So, my question is - how do I move the ACL-list order around? This is on a Catalyst 3750. I can add a new rule, but obviously it adds at the bottom of the list, and it needs to be up nearer the top.

    I really must try and get sent on some cisco training I think!

  14. #10
    Robot's Avatar
    Join Date
    Oct 2009
    Location
    Leeds
    Posts
    82
    Thank Post
    23
    Thanked 7 Times in 7 Posts
    Rep Power
    12
    What version of ISO is the router currently running?

    After ISO release 12.3, sequence numbering was introduced for both numbered and named ACLs, meaning that you can edit the order of statements, remove individual statements and add statements to any line in the ACL.

    Pre 12.3, you can remove lines from a named ACL, but that's it if I remember correctly.

    If you have a setup you have inherited, it may be worth writing a whole new ACL and applying that instead of editing what you have got? then you can write it as required and know the score.

    If you would like help doing this just ask.

  15. Thanks to Robot from:

    localzuk (21st September 2011)

  16. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,616
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    831
    Seems to be 12.4(15)T7.

    At the moment I'm looking to stick a plaster on a small wound, but when I have a few weeks where I can sit down and work on it, I intend to rebuild the wireless system from scratch - removing a lot of the complex stuff that isn't needed (there is a lot. The running-config on the core switch would cover around 12 pages. We only have 18 switches, with around 580 devices on the network site-wide. So, there's a lot of managed service legacy stuff in there.

    Also, I'm going to try and get signed up to a CCNA course asap.

  17. #12
    Robot's Avatar
    Join Date
    Oct 2009
    Location
    Leeds
    Posts
    82
    Thank Post
    23
    Thanked 7 Times in 7 Posts
    Rep Power
    12
    OK.
    If you do show access-lists [list #/name] does it print line numbers at the start of each statement?
    If so you can then do some thing like the following (copied from cisco site : Configuring IP Access Lists - Cisco Systems)

    Example.

    Router#show access-list
    Extended IP access list 101
    10 permit tcp any any
    20 permit udp any any
    30 permit icmp any any


    Router#configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#ip access-list extended 101
    Router(config-ext-nacl)#5 deny tcp any any eq telnet
    Router(config-ext-nacl)#exit
    Router(config)#exit
    Router#


    Router#show access-list
    Extended IP access list 101
    5 deny tcp any any eq telnet
    10 permit tcp any any
    20 permit udp any any
    30 permit icmp any any

  18. Thanks to Robot from:

    localzuk (21st September 2011)

  19. #13

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,616
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    831
    Great stuff. Got exactly what I needed working done. Thanks muchly

SHARE:
+ Post New Thread

Similar Threads

  1. How to alter new template
    By DirtySnipe in forum EduGeek Joomla 1.5 Package
    Replies: 3
    Last Post: 18th February 2009, 02:24 PM
  2. How to present a blog on the reception Plasma?
    By reggiep in forum How do you do....it?
    Replies: 2
    Last Post: 11th July 2008, 04:14 PM
  3. Replies: 2
    Last Post: 6th September 2007, 11:02 PM
  4. Replies: 4
    Last Post: 24th January 2007, 11:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •