I have the following challenge:

I have two offices linked together with microtik wireless radios configured as bridge.The bridge port terminates in a Cisco 2811 router at each of the two branches.It seems network packets can get into the network at Branch A and moves from LAN A through the wireless bridge up to the ethernet ports in Router at Branch B but it cannot get out to the LAN at Branch B

The ip configuration looks like this

Branch A:
Mikrotik Wireless Bridge ip address: 192.168.10.9

2811 fa0/0 ip address: 192.168.0.253
2811 fa0/1 ip address: 192.168.10.253

routing
router eigrp 10
network 192168.0.0
network 192.168.1.0
network 192.168.10.0
no auto-summary

Branch B:
Mikrotik Wireless Bridge ip address: 192.168.10.10

2811 fa0/0 ip address: 192.168.1.254
2811 fa0/1 ip address: 192.168.10.254

routing
router eigrp 10
network 192168.0.0
network 192.168.1.0
network 192.168.10.0
no auto-summary

With this configuration, I can ping both routers and can telnet into any of them and once connected to any of the router using telnet, i can ping all the ethernet interfaces on the two Cisco 2811 routers including the bridge ip addresses on the mikrotik radio at both ends.Also from a workstation at Branch A I can ping all the ethernet ports on the router at Branch B and vice versa.

My problem
From a windows XP workstation at Branch A, i cannot ping another windows XP workstation at branch B even though the default gateway address on the workstation at each branch is the IP address of the Cisco 2811 at that branch.

Can some one help and let me what I have done wrongly or what else I still need to do.

Thank you in advance

Cna you give the actual CLI for both routers?

Take a look at your routing table. The problem could be related to the 192.168.1.0 network being discontiguous. Are you using the same mask on your 192.168.1.0 network on both sides? if so, how does the router know the host you are try to ping is on the local 192.168.1.0 on router A or on router B?

DonB the senarion is like this,

Branch A LAN is on 192.168.0.0 255.255.255.0
Branch B LAN is on 192.168.1.0 255.255.255.0
Bridge network is on 192.168.10.0 255.255.255.0

I am wondering whether my EIGRP entry in Branch A router would have looked like this:

router eigrp 10
network 192.168.1.0
network 192.168.10.0

and that at Branch B router as

router eigrp 10
network 192.168.0.0
network 192.168.10.0

Livinus,

Unfortunately, you are not providing enough information for us to do anything but guess.

What is the physical hardware setup of your 2811s? What modules do you have installed?

Does the interface @ each end of the wireless connection (specifically the Mikrotek devices) have an IP address and if so, what is it?

When you issue the sh ip route command on each 2811 router, what does the routing table display?

There are several here that could be of assistance ... but ... you limit our ability to do so with the limited information you provide. This is the reason I asked you to provide CLI output from each router's running/startup config file.

Happy New Year!

HermeszData,

The office is on break now, I dont have access to the routers for the CLI router configurations until tuesday but in answer to your questions:

1. The two 2811 routers have only the built-in interfaces fa0/0 and fa0/1. No other interface modules installed yet.

2. The Microtik routers are configured as bridge and the IPs are as follows:
Branch A Bridge ip address: 192.168.10.9
Branch B Bridge ip address: 192.168.10.10

The two branches communicate properly without the cisco routers which means the wireless bridge is properly configured.

You can view a sketch of the network attached here in pdf format.

Thanks for your interest in helping out while i look forward to your response

In looking at some of the support information for the MikroTik devices, the first thing I notice is that they are routers in and of themselves. If I now understand your hardware setup/configuration correctly, You have a MikorTik RouterBoard connected to f0/1 interfaces on each of your 2811 routers and these are set up for transparent bridging between the two devices.

IF what you say is correct (not that I am doubting you) and you are able to ping the opposite router's LAN interface, A - B or B - A, but cannot ping hosts on the opposite router's LAN, then the issue is definitely a routing issue.

EIGRP is a Cisco Proprietary Routing Protocol and therefore is not supported on equipment not manufactured by Cisco and even though your MikroTiks are set up for bridging they may not be allowing the 2811s to form the necessary adjacentcy.

You may test this by using a static route on each 2811 pointing to the opposite router's LAN:

RouterA

ip route 192.168.1.0 255.255.255.0 192.168.10.9 (assuming you are using a /24 mask)

or

ip route 192.168.1.0 255.255.255.0 f0/1


RouterB

ip route 192.168.0.0 255.255.255.0 192.168.10.10

or ip route 192.168.0.0 255.255.255.0 f0/1


You could also use the IP address of the opposite 2811's f0/1 interface as the next hop address.

Unless you are going to have other routers connected to 2811's LANs or you are going to to run a RoS (Router on a Stick) configuration (Data and VoIP as an expample) you will have no need to use a routing protocol. IF my suggestion above solves the routing issues you are having and you do actually need to impliment a routing protocol, then I would give one of the other protocols, RIP (v1 or v2) or OSPF, a try!

One thing to remember about routing protocols is looking at your original EIGRP configurations:
router eigrp 10
network 192.168.0.0
network 192.168.1.0
network 192.168.10.0
no auto-summary

unless you have an interface on the router that is in the UP/UP state AND there is another device (router, switch, or host) with an ip address on that network/subnet, the router will not broadcast connectivity (a route) to that network!

I have always found that troubleshooting is much easier IF we isolate the process to the simplest aspects!

I would either code the static route using the router's WAN interface f0/1 (the exit interface) or use the remote router's WAN interface, f0/1, ip address. using the ip address of the connected MikroTik router may confuse the route depending on how the MikroTik is configured!

Hi John,

Thanks for your very elaborate reply. I have implemented the static route as you suggested and the situation is still the same. please find attached some CLI configuration of the routers.

I would appreciate if you can still assit further by having time to look at the configurations and making suggestion.I would also appreciate views from other forum members.

Alternatively I am wondering if some body can have a look at the diagram I attached on 1/1/2011 on an ealier post on this issue and send me a script that will work for that senario. I dont mind reseting the startup-config and reconfiguring the routers afresh

Regards.

Livinus

Based on the information you provided, routing should work should work properly. You should be able to confirm this IF you are able to get both routers side-by-side in the same room (for troubleshooting purposes) and connect f0/1 of each router via a crossover cable. this would at least isolate whether the issue is with the router(s) configuration or with the MikroTik device.

From the basic (quick) search I have done, there seem to be two different hardware configurations of the MikroTik. One is PC based, the other is a stand-alone in its own enclosure. If you are implementing a PC-based MikroTik, do not use this PC as a host for testing.

It is not clear from your earlier posts, at least to me, but what happens if you do the following?

At BranchA, with a work station properly configured w/IP address/mask and Gateway, what happens when:


when you ping from the hostA to the LAN interface IP address of the 2811_A?
when you ping from the hostA to the WAN interface IP Address of the 2811_A?
when you ping from the hostA to the ethernet0 interface IP Address of MikroTik_A?
when you ping from the hostA to the WLAN interface IP Address of MikroTik_A?
when you ping from the hostA to the WLAN interface IP Address of MikroTik_B?
when you ping from the hostA to the ethernet0 interface IP Address of MikroTik_B?
when you ping from the hostA to the WAN interface IP Address of the 2811_B?
when you ping from the hostA to the LAN interface IP Address of the 2811_B?
when you ping from the hostA to the hostB interface IP Address?
You may also use the tracert command from the host to see where the connection fails.

As far as a config script, you could try the following to impliment OSPF on both routers:
BranchA

Router ospf 1
network 192.168.0.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0

BranchB

router ospf 1
network 192.168.2.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0


then issue sh ip route on one of the 2811s. If a route does not appear to the opposite branch's LAN, there are two likely causes. Notice, above I memtioned the WLAN IPs. In this case, your Branch WAN IPs are in the same network/subnet seperated by a completely different network (although with transparent bridging this shoul dnot be an issue)! You might want to consider placing one of the f0/1 -> ehternet0 (2811 -> MikroTik) interfaces in a completely different network/subnet from the opposite end WAN.

BranchA

inf f0/1
ip address 192.168.10.1 255.255.255.252
Router ospf 1
network 192.168.0.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.3 area 0

Set the ip address of MikroTikA ethernet0 to 192.168.10.3 255.255.255.252

BranchB

int f0/1
ip address 192.168.10.5 255.255.255.252
router ospf 1
network 192.168.2.0 0.0.0.255 area 0
network 192.168.10.4 0.0.0.3 area 0

Set the ip address of MikroTikB ethernet0 to 192.168.10.6 255.255.255.252

If none of the above resolve your issues then I suspect that the issue is with the MikroTik configuration.

Take a look at MikroTik's FAQs ... http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_Frequently_Asked_Questions_-_FAQ

Unfortunately, with my not being familiar with the MikroTik family (and not having similar devices here to test with) I am unable to offer more. Additionally, I sit my Cisco exam in 28 hours so I don't currently have the luxury of time to research this further (although I am interested in learning more about this product line.)

Let us know what happens.

HermeszData,

Thanks for your contribution and sorry for bothering you, more so now that your exams are around the corner.I actually did implement ospf b4 reading your post and the only diff is that I used area 10 instead of area 0.Just like the earlier configs both static and dynamic routing, I can ping all interfaces you listed except hostA to hostB. That is the only one that fails. I even attempted configuring a default route and the situation is still same.I will reconfigure it with the subnet you suggested and let you know what happens.I also intend configuring the mikrotik as router with ospf routing as against transparent bridging to see what happens and I will let you know what the result will be also.

Regards.

Livinus

Just to rule it out, is the firewall on XP disabled or set to allow icmp?

If you can ping site B gateway from a host on site A, it's not a routing issue at all.

Also check the default gateways on the hosts.

Can you telnet from RouterA to RouterB?

Finally fixed it. The problem was the gateway. The gateway of the workstations at one of the branches was pointing to another router(an 800 senies) which was originally used for VPN access. I was thinking that once the gateway at my end is ok my workstation should be able to reach the other end. I spoke with a CCIE who explained I needed a return path.

Because the VPN access was to be retained as a backup link, i added a route to the 2811 using the windows route command and that resolved the problem.

Thank you all for your contributions.

Regards.

Livinus

Finally fixed it. The problem was the gateway. The gateway of the workstations at one of the branches was pointing to another router(an 800 senies) which was originally used for VPN access. I was thinking that once the gateway at my end is ok my workstation should be able to reach the other end. I spoke with a CCIE who explained I needed a return path.

Because the VPN access was to be retained as a backup link, i added a route to the 2811 using the windows route command and that resolved the problem.

Thank you all for your contributions.

Regards.

Livinus

Congrats. Network Troubleshooting 101 ... Start with the endpoints and work in.