View Single Post
  #1 (permalink)  
Old August 28, 2012, 12:38 PM
Squeetard Squeetard is offline
"Quote This..."
F@H
 
Join Date: Nov 2007
Location: Hell
Posts: 3,828
Default ATTN: Networking Guru's, What am I missing?

I've been pulling my hair out for a week now over this. Can't get it to work properly.

We have a remote building connected to the main office through a Telus Fibre WAN (Layer 3) using cisco switches the line carries both data and VOIP traffic. . In addition there is a wireless canopy that is used as a backup on the 172.16.140.0 subnet. We recently switched to this new fibre service from a layer 2 service and we are having a few issues. Iíll start by outlining the setup.

Remote switch vlans:

VLAN Name Status Ports IP
---- -------------------------------- --------- ------------------------------- ----------------
1 default active Fa0/2, Fa0/24, Gi0/1, Gi0/2
10 Network_Mngmt active Fa0/1 10.1.1.0
11 PC_Data active Fa0/5, Fa0/6, Fa0/7, Fa0/8 10.13.11.0
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21
41 Servers_Data active
81 121 active Fa0/22
91 IP_Phones active Fa0/3, Fa0/4, Fa0/6, Fa0/7 10.13.91.0
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
111 WiFi_IP_Phones active
1000 Telus_MAN active OLD FIBRE SERVICE

The uplink is connected to interface Fa0/19 with an ip address of 10.13.11.252, the gateway is 10.13.11.254

The port has the following settings:

interface FastEthernet0/19
description *** IP_phone/PC
switchport access vlan 11
switchport mode access
switchport voice vlan 91
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
no mdix auto
spanning-tree portfast


Main office VLANS


VLAN Name Status Ports IP
---- -------------------------------- --------- ------------------------------- -----------------
1 default active Gi1/0/25, Gi1/0/26, Gi1/0/27
Gi1/0/28
10 Network_Mngmt active
11 PC_Data active Gi1/0/19 10.1.11.0
31 Firewall active Gi1/0/17 10.1.31.0
71 Servers_Voice active Gi1/0/20, Gi1/0/21, Gi1/0/22 10.1.71.0
81 121 active Gi1/0/23
91 IP_Phones active 10.1.91.0
111 WiFi_IP_Phones active
121 WiFi_Data active
400 Existing_Servers active Gi1/0/4, Gi1/0/5, Gi1/0/6 192.168.0.0
Gi1/0/9, Gi1/0/10, Gi1/0/11
Gi1/0/12, Gi1/0/13, Gi1/0/14
Gi1/0/15, Gi1/0/16
1000 Telus_MAN active Gi1/0/24

The uplink is connected to interface Gi1/0/8 with an ip address of 192.168.0.252, the gateway is 192.168.0.254. It is a trunk with the following settings:

interface GigabitEthernet1/0/8
description *** Downlink to Data Servers
switchport access vlan 400
switchport trunk encapsulation dot1q
switchport trunk native vlan 400
switchport trunk allowed vlan 11,91,121,400
switchport mode trunk
no mdix auto
spanning-tree portfast

Here is the routing info on the remote switch:

Gateway of last resort is 10.1.31.1 to network 0.0.0.0

172.16.0.0/24 is subnetted, 1 subnets
C 172.16.140.0 is directly connected, FastEthernet0/23
10.0.0.0/8 is variably subnetted, 26 subnets, 4 masks
S 10.3.11.0/24 [1/0] via 172.16.140.3
R 10.2.11.0/24 [120/2] via 10.13.11.252, 00:00:28, Vlan11
S 10.2.1.0/24 [240/0] via 172.16.140.2
S 10.1.1.0/24 [240/0] via 172.16.140.1
C 10.13.11.0/24 is directly connected, Vlan11
S 10.1.31.0/24 [240/0] via 172.16.140.1
R 10.159.47.240/30 [120/1] via 10.13.11.252, 00:00:28, Vlan11
R 10.159.47.244/30 [120/1] via 10.13.11.252, 00:00:28, Vlan11
S 10.1.91.0/24 [240/0] via 172.16.140.1
S 10.3.91.0/24 [1/0] via 172.16.140.3
S 10.2.91.0/24 [240/0] via 172.16.140.2
S 10.4.91.0/24 [1/0] via 172.16.140.4
C 10.13.81.0/24 is directly connected, Vlan81
S 10.2.81.0/24 [240/0] via 172.16.140.2
S 10.1.81.0/24 [240/0] via 172.16.140.1
C 10.13.91.0/24 is directly connected, Vlan91
S 10.1.111.0/24 [240/0] via 172.16.140.1
S 10.2.111.0/24 [240/0] via 172.16.140.2
S 10.2.121.0/24 [240/0] via 172.16.140.2
S 10.1.121.0/24 [240/0] via 172.16.140.1
R 10.253.37.80/28 [120/1] via 10.13.11.252, 00:00:04, Vlan11
R 10.52.152.25/32 [120/1] via 10.13.11.252, 00:00:04, Vlan11
R 10.143.16.92/30 [120/2] via 10.13.11.252, 00:00:04, Vlan11
R 10.159.47.96/30 [120/2] via 10.13.11.252, 00:00:04, Vlan11
R 10.159.47.92/30 [120/2] via 10.13.11.252, 00:00:04, Vlan11
R 10.143.16.96/30 [120/2] via 10.13.11.252, 00:00:04, Vlan11
R 192.168.0.0/24 [120/2] via 10.13.11.252, 00:00:04, Vlan11
S 192.168.1.0/24 [1/0] via 172.16.140.4
S 192.168.3.0/24 [240/0] via 172.16.140.20
S* 0.0.0.0/0 [1/0] via 10.1.31.1

Here is the routing info on the main office switch:

172.16.0.0/24 is subnetted, 1 subnets
C 172.16.140.0 is directly connected, GigabitEthernet1/0/18
10.0.0.0/8 is variably subnetted, 31 subnets, 4 masks
C 10.1.11.0/24 is directly connected, Vlan11
S 10.3.11.0/24 [1/0] via 172.16.140.3
R 10.2.11.0/24 [120/2] via 192.168.0.252, 00:00:16, Vlan400
S 10.13.1.0/24 [240/0] via 172.16.140.13
S 10.2.1.0/24 [240/0] via 172.16.140.2
C 10.1.1.0/24 is directly connected, Vlan10
R 10.13.11.0/24 [120/2] via 192.168.0.252, 00:00:16, Vlan400
C 10.1.31.0/24 is directly connected, Vlan31
R 10.159.47.240/30 [120/2] via 192.168.0.252, 00:00:16, Vlan400
C 10.1.71.0/24 is directly connected, Vlan71
R 10.159.47.244/30 [120/2] via 192.168.0.252, 00:00:20, Vlan400
C 10.1.91.0/24 is directly connected, Vlan91
S 10.3.91.0/24 [1/0] via 172.16.140.3
S 10.2.91.0/24 [240/0] via 172.16.140.2
S 10.4.91.0/24 [1/0] via 172.16.140.4
S 10.13.81.0/24 [240/0] via 172.16.140.13
S 10.2.81.0/24 [240/0] via 172.16.140.2
C 10.1.81.0/24 is directly connected, Vlan81
S 10.13.91.0/24 [240/0] via 172.16.140.13
C 10.1.111.0/24 is directly connected, Vlan111
S 10.2.111.0/24 [240/0] via 172.16.140.2
S 10.13.111.0/24 [240/0] via 172.16.140.13
S 10.2.121.0/24 [240/0] via 172.16.140.2
C 10.1.121.0/24 is directly connected, Vlan121
S 10.13.121.0/24 [240/0] via 172.16.140.13
R 10.253.37.80/28 [120/1] via 192.168.0.252, 00:00:21, Vlan400
R 10.52.152.15/32 [120/1] via 192.168.0.252, 00:00:21, Vlan400
R 10.143.16.92/30 [120/1] via 192.168.0.252, 00:00:21, Vlan400
R 10.159.47.96/30 [120/2] via 192.168.0.252, 00:00:21, Vlan400
R 10.159.47.92/30 [120/2] via 192.168.0.252, 00:00:21, Vlan400
R 10.143.16.96/30 [120/1] via 192.168.0.252, 00:00:21, Vlan400
C 192.168.0.0/24 is directly connected, Vlan400
S 192.168.1.0/24 [1/0] via 172.16.140.4
S 192.168.3.0/24 [1/0] via 172.16.140.20
S* 0.0.0.0/0 [1/0] via 10.1.31.1

10.1.31.1 is our fortinet gateway acting as a one armed router.

Now here is the issue. The remote office PC's connect to the servers (vlan 400) just fine through the 10.13.11.252 to 192.168.0.252 route. But the IP phones always route through the wireless canopy. They need to reach the voip servers on vlan 71 through fibre, not wireless. In addition, the servers can reach a NAS (remote backup)located on the 10.13.11.0 remote office vlan 11, but the main office PC's (10.1.11.0, vlan 11) always want to route through the 172.16.140.0 wireless canopy. I can ping the main office ip's 192.168.0.252 (L3 fibre gateway) and 192.168.0.254 (main switch server gateway) from the remote location but the main office PC's on vlan 11 can ping the 192.168.0.254 server gateway but not the 192.168.0.252 fibre gateway.I've tried setting a static route on the remote switch to 10.1.71.0 via both 192.168.0.252 and 192.168.0.254 and then nothing works.I've tried static routes to 192.168.0.252 on the office side and nothing works.

If you have any suggestions it would be much appreciated. Or any more questions, please ask. Thanks.
Reply With Quote