Solved EdgeRouter routing

Dashrender

@mike-davis said in EdgeRouter routing:

@dashrender said in EdgeRouter routing:

From your diagram, it's likely that server 10.66.1.100 has no idea how to get back to 10.1.62.20. You need to give it a route to Corp Cisco router for network/node 10.1.62.20 and the corp cisco router needs a route also to network/node 10.1.62.20.

When the laptop is plugged in where the ER is, it has no problem connecting.

Sure, because that new network you created behind the EdgeRouter isn't in the middle, but you've introduced a new network behind another network. So the far side (10.66.1.100) has no idea that the 10.1.62.1 network exists, so it doesn't know how to get there. The same is true of the Cisco Router. it's unaware that you've put a new network in place behind the 192.168.61.1 network (again, namely the 10.1.62.20 network).

https://i.imgur.com/4BLJbGw.png

Mike Davis

@dashrender

Since 10.1.62.x is NATed behind the ER how would the other networks know about it?
Wouldn't they only need to get back to 192.168.62.20 ?

Mike Davis

@mike-davis said in EdgeRouter routing:

Since 10.1.62.x is NATed behind the ER how would the other networks know about it?
Wouldn't they only need to get back to 192.168.62.20 ?

I think that partially answers my question. I'm not NATing eth3 yet....

Mike Davis

creating a masq for eth3 automatically created a static route for 192.168.62.0/24, and then I added a couple of more routes, but something isn't right because my ping from the windows box looks like this:

Reply from 10.1.62.1: Destination host unreachable.
Reply from 10.1.62.1: Destination host unreachable.
Reply from 10.1.62.1: Destination host unreachable.
Reply from 10.66.1.100: bytes=32 time=1ms TTL=61
Reply from 10.66.1.100: bytes=32 time=2ms TTL=61
Reply from 10.66.1.100: bytes=32 time=2ms TTL=61
Reply from 10.66.1.100: bytes=32 time=2ms TTL=61
Reply from 10.66.1.100: bytes=32 time=1ms TTL=61
Reply from 10.66.1.100: bytes=32 time=2ms TTL=61
Reply from 10.1.62.1: Destination host unreachable.
Reply from 10.66.1.100: bytes=32 time=1ms TTL=61
Reply from 10.66.1.100: bytes=32 time=2ms TTL=61
Reply from 10.1.62.1: Destination host unreachable.
Reply from 10.66.1.100: bytes=32 time=1ms TTL=61
Request timed out.
Reply from 10.66.1.100: bytes=32 time=1ms TTL=61
Reply from 10.1.62.1: Destination host unreachable.
Reply from 10.66.1.100: bytes=32 time=1ms TTL=61
Reply from 10.66.1.100: bytes=32 time=2ms TTL=61
Reply from 10.1.62.1: Destination host unreachable.
Reply from 10.1.62.1: Destination host unreachable.
Reply from 10.1.62.1: Destination host unreachable.
Reply from 10.66.1.100: bytes=32 time=2ms TTL=61
Reply from 10.1.62.1: Destination host unreachable.
Reply from 10.66.1.100: bytes=32 time=1ms TTL=61
Reply from 10.1.62.1: Destination host unreachable.

Mike Davis

Got it.

Added a static route of 10.66.1.0/24 192.168.62.1 eth3 and life is good.

Mike Davis

The tracert is interesting. The server that I thought was across a site to site VPN is more likely in the building due to the ping times:

Tracing route to 10.66.1.100 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  10.1.62.1
  2     1 ms     2 ms     1 ms  192.168.62.1
  3     2 ms     2 ms     1 ms  192.168.180.2
  4     2 ms     2 ms     1 ms  10.66.1.100

Trace complete.

Dashrender

@mike-davis said in EdgeRouter routing:

@mike-davis said in EdgeRouter routing:

Since 10.1.62.x is NATed behind the ER how would the other networks know about it?
Wouldn't they only need to get back to 192.168.62.20 ?

I think that partially answers my question. I'm not NATing eth3 yet....

LOL that was going to be my next question - are you actually NATing?

travisdh1

@mike-davis said in EdgeRouter routing:

The tracert is interesting. The server that I thought was across a site to site VPN is more likely in the building due to the ping times:

Tracing route to 10.66.1.100 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  10.1.62.1
  2     1 ms     2 ms     1 ms  192.168.62.1
  3     2 ms     2 ms     1 ms  192.168.180.2
  4     2 ms     2 ms     1 ms  10.66.1.100

Trace complete.

Gotta love finding equipment you didn't know was on-site... kinda. documentation

Mike Davis

@travisdh1 said in EdgeRouter routing:

Gotta love finding equipment you didn't know was on-site...

I once found a 48 port switch bolted to the top of a partition wall up above a ceiling. If I can find a picture, I'll start a new thread.

As a consultant, it's getting harder and harder to surprise me and I don't really trust what users say about how they think things work anymore.

travisdh1

@mike-davis said in EdgeRouter routing:

@travisdh1 said in EdgeRouter routing:

Gotta love finding equipment you didn't know was on-site...

I once found a 48 port switch bolted to the top of a partition wall up above a ceiling. If I can find a picture, I'll start a new thread.

As a consultant, it's getting harder and harder to surprise me and I don't really trust what users say about how they think things work anymore.

I don't believe it. There had to be a leaky water pipe involved somewhere as well!

coliver

@mike-davis said in EdgeRouter routing:

I once found a 48 port switch bolted to the top of a partition wall up above a ceiling. If I can find a picture, I'll start a new thread.

Was there a patch panel there too? I ran into that issue at one of the places are worked at. 24 port switch above a utility closet in a warehouse because home running all the cables would have cost too much.

bigbear

This is something you would have much more control over with a Mikrotik with one of their cloud router switch hybrids. You can literally create 10 different WAN and LAN ports on a 24 port router for 10 private networks, then link local networks together as needed.

Unfortunately PoE is still on the Horizon and they lack the Unifi software panel. You do get a desktop app called Winbox for configs. They also have similarly priced options to edgerouter with similar specs. Sounds like you got this working though with each LAN routing to their own internet connection as well as linked to each other?

Mike Davis

@bigbear The corp LAN knows nothing of the private network. The private network uses its own internet and just goes to the corp LAN for access to the one server.

bigbear

Gotcha, still something more easily done with a Microtik than Ubiquiti. Would be great Ubiquiti would start making their switches this way. Basically a switch can be a router, multiple routers, etc.

scottalanmiller

@bigbear said in EdgeRouter routing:

Gotcha, still something more easily done with a Microtik than Ubiquiti. Would be great Ubiquiti would start making their switches this way. Basically a switch can be a router, multiple routers, etc.

That's an L3 switch.

bigbear

@scottalanmiller said in EdgeRouter routing:

@bigbear said in EdgeRouter routing:

Gotcha, still something more easily done with a Microtik than Ubiquiti. Would be great Ubiquiti would start making their switches this way. Basically a switch can be a router, multiple routers, etc.

That's an L3 switch.

While you are correct, RouterOS and RouterBoard do some things that are unique and will work with there $150 24 port switches. Back when we were bigger uses of them the only alternative was a Cisco Metro Ethernet switch that started at $2500.

Still currently a bigger fan of UBNT though.