Can't route between networks using Cisco 2621 1

[brt1991]

Goal: add a Cisco 2621 to an existing network (192.168.0.0) in order to add another routable network (192.168.12.0). Both networks should be able to route all packets between each other with exception of broadcasts (i.e. netbios).

I configured the router but I am having no luck. I can ping both interfaces from the (192.168.12.0) side but I can only ping the 192.168.0.254 interface from the (192.168.0.0). The (192.168.0.0) side is managed by a Cisco 515e using RIP version 2. 192.168.0.1 is the gateway interface on the 515e.

Trying to see where I am going wrong. I even used the Cisco configurator software.

Here is the configuration:

Name: c2600-io3-mz.120-7.t.bin
Version: 12.0(7)
Booted via: flash
Feature set: IP protocol with Cisco IOS firewall feature set

!
ip name-server 192.168.0.4
!
ip subnet-zero
ip domain-lookup
ip routing
!
interface FastEthernet 0/0
no shutdown
description connected to EthernetLAN
ip address 192.168.0.254 255.255.255.0
keepalive 10
!
interface FastEthernet 0/1
no shutdown
description connected to EthernetLAN_1
ip address 192.168.12.1 255.255.255.0
keepalive 10
!
interface Serial 0/0
no description
no ip address
shutdown
!
interface Serial 0/1
no description
no ip address
shutdown
!
router rip
version 2
network 192.168.0.0
network 192.168.12.0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 FastEthernet 0/0 1 permanent
no ip http server
no snmp-server location
no snmp-server contact
!
line console 0
exec-timeout 0 0
password ******
login
!
line vty 0 4
password ******
login
!
end


Please help! I would truly appreciate some feedback...


brt1991

 

[ChrisAC]

On the 192.168.0 side of the networks, do the clients just have a default route of the Pix or do they also have a route to 192.168.12 via 192.168.0.254?

Without a route to the 192.168.12 network, clients on the 192.168.0 network will just send traffic via their default gateway, the Pix and so the trafic will be dropped. The Pix will not route that traffic back inside the network.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[brt1991]

They have a route of 192.168.12.0 255.255.255.0 192.168.0.254 metric 1

I also thought RIP would assist with this....



brt1991

 

[Lundah]

They have a route of 192.168.12.0 255.255.255.0 192.168.0.254 metric 1

But then you're sending the traffic to the wrong interface. Put in the following static route command from global config mode:
ip route 192.168.12.0 255.255.255.0 192.168.12.1

That should work much better for you.

 

[ChrisAC]

RIP will only tell the pix that any inbound traffic for 192.168.12.0 should be routed internally 192.168.0.254. It will not affect routing between the two networks as both are directly connected to the router. The Pix cannot route back out of the same interface (ie. on a stick").

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[brt1991]

Unfortunately... I changed it before I replied from 192.168.12.1 to 192.168.0.254

I'll change it back....

But I am still stuck.

brt1991

 

[brt1991]

Anyone know why the host 192.168.12.99 could ping 192.168.12.1 and 192.168.0.254 but 192.168.0.99 can ping 192.168.0.254 but not 192.168.12.1?

brt1991

 

[ChrisAC]

Post the output of 'route print' for host 192.168.0.99.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[brt1991]

115 instead of 99

Active Routes:

Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.115 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.115 192.168.0.115 1
192.168.0.115 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.0.255 255.255.255.255 192.168.0.115 192.168.0.115 1
224.0.0.0 224.0.0.0 192.168.0.115 192.168.0.115 1
255.255.255.255 255.255.255.255 192.168.0.115 0.0.0.0 1

 

[ChrisAC]

So, it has no route to the 192.168.12 network. It can only see it's local network of 192.168.0 and anything else gets routed to the Pix (102.168.0.1?). The pix will not route back to the router to send the traffic via the router to the 192.168.12 network because the pix will not route back out of the same interface.

Add:

route add 192.168.12.0 mask 255.255.255.255 192.168.0.254 -p

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[brt1991]

Still can't ping 192.168.12.1

Do I need to define access lists?

Active Routes:

Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.115 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.115 192.168.0.115 1
192.168.0.115 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.0.255 255.255.255.255 192.168.0.115 192.168.0.115 1
192.168.12.0 255.255.255.255 192.168.0.254 192.168.0.115 1
224.0.0.0 224.0.0.0 192.168.0.115 192.168.0.115 1
255.255.255.255 255.255.255.255 192.168.0.115 0.0.0.0 1

 

[ChrisAC]

No access lists are required. To be honest, now that you have a route to the other network, providing that the other interface is up/up, there is no reason why you shouldn't be able to ping it.

From the router, make sure that you can ping 192.168.0.115 and then try pinging using the FastEthernet 0/1 as the source.

ping <ip> source <interface>

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[brt1991]

ping <ip> source <interface> does not work. Doesn't like the word "source." I tried to ping from 192.168.12.99 to 192.168.0.115 and still no luck.

I am concerned about the feature set possibly interfering with my desired outcome. One side sees one interface and the other only sees one.

One more note. Nothing is shown in the routing table on the router.

 

[ChrisAC]

Can you post the output of 'ping 192.168.0.115 ?' from the router to see what options you do have.

evilhomer#ping

http://www.tek-tips.com

?
Translating "

http://www.tek-tips.com"...domain

server (213.249.130.100) [OK]

data specify data pattern
df-bit enable do not fragment bit in IP header
repeat specify repeat count
size specify datagram size
source specify source address or name
timeout specify timeout interval
validate validate reply data

Can we also have a 'sh ip route' and 'sh int' from the router. This is very strange?

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[brt1991]

INSIDERT#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

C 192.168.12.0/24 is directly connected, FastEthernet0/1
C 192.168.0.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, FastEthernet0/0
INSIDERT#

INSIDERT#sh int
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 0001.9680.c440 (bia 0001.9680.c440)
Description: connected to EthernetLAN
Internet address is 192.168.0.254/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
305013 packets input, 21297225 bytes
Received 303234 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast
0 input packets with dribble condition detected
52711 packets output, 4709555 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Serial0/0 is administratively down, line protocol is down
Hardware is PQUICC with Fractional T1 CSU/DSU
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=down DSR=up DTR=down RTS=down CTS=down

FastEthernet0/1 is up, line protocol is up
Hardware is AmdFE, address is 0001.9680.c441 (bia 0001.9680.c441)
Description: connected to EthernetLAN_1
Internet address is 192.168.12.1/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 10Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 01:44:47, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
141 packets input, 12260 bytes
Received 18 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast
0 input packets with dribble condition detected
51301 packets output, 4602753 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Serial0/1 is administratively down, line protocol is down
Hardware is PQUICC with Fractional T1 CSU/DSU
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=down DSR=up DTR=down RTS=down CTS=down


It would not accept the ping EXEC parameters.... Any ideas?

brt1991

 

[ChrisAC]

At this point, I would remove this router from the network for a shot while, and put a PC or a laptop on 192.168.0.1 attached to Fa0/0 with a default gateway of 192.168.0.254 and make sure that you can ping 192.168.0.254 and then try pinging 192.168.12.1. Do the same on the otherside with a device on 192.168.12.something and make sure that it can ping both interfaces and then try pinging between the two networks.

If that works, the problem is on your network. If it doesn't then the issue may be with the router.

That's about all I can suggest right now without being hands on myself.

Chris.


**********************
Chris A.C, CCNA, CCSA
**********************

 

[brt1991]

Ok... My apologies for the delay. Configured a software router using FreeSCO 0.3.3. Discovered 192.168.0.254 had to be the gateway set on the Cisco Pix for the 192.168.12.0 network and set as a route on all routing tables on the 192.168.0.0 network. This allowed communications between the two networks but the 192.168.12.0 could not route to the internet. The (4 Mar 05 16:47) post should have been working. The test machine was a Windows 98 box but that should not make a difference.

Any way.... The route of last resort for the Cisco 2621 had to be 192.168.0.1 instead of FastEthernet 0/0.

So... Chris... You were always on the money....

Final config before live config:

version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption

hostname INSIDERT

enable password 7 01180508





ip subnet-zero
ip name-server 192.168.0.4

ip audit notify log
ip audit po max-events 100



interface FastEthernet0/0
description connected to EthernetLAN
ip address 192.168.0.254 255.255.255.0
no ip directed-broadcast
duplex auto
speed auto

interface Serial0/0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown

interface FastEthernet0/1
description connected to EthernetLAN_1
ip address 192.168.12.1 255.255.255.0
no ip directed-broadcast
duplex auto
speed auto

interface Serial0/1
no ip address
no ip directed-broadcast
shutdown

router rip
version 2
network 192.168.0.0
network 192.168.12.0
no auto-summary

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
no ip http server

snmp-server engineID local 00000009020000019680C440

line con 0
exec-timeout 0 0
password 7 020D0757
login
transport input none
line aux 0
line vty 0 4
password 7 07042240
login

end

Thanks again

brt1991