cisco 3700 configure with 2 nics with fiber.

[dictator88]

Ok, I am at my wits end here. The situation is simple. Have a connection coming in that is fiber converted to cat5. This is to goto my cisco 3700 with 2 fastethernet nics. 0/0 and 0/1.
Provider info for configuration of router.
WAN:
network 100.103.33.12
gateway 100.103.33.13
useable 100.103.33.14
broadcast 100.103.33.15
size /30
subnet 255.255.255.252

LAN:
/22 data
network 100.103.36.0
gateway 100.103.36.1
useable 100.103.36.2 thur 100.103.39.254
broadcast 100.103.39.255
size /22
subnet 255.255.252.0

Now, cisco config
Building configuration...

Current configuration : 717 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname mechgate
!
boot-start-marker
boot-end-marker
!
enable secret 5 *********************
enable password ****
!
no aaa new-model
ip subnet-zero
!
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 100.103.33.14 255.255.255.252
no ip mroute-cache
speed 100
full-duplex
no cdp enable

interface FastEthernet0/1
ip address 100.103.36.1 255.255.252.0
speed 100
full-duplex
no mop enabled
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password ******
login
!
end
----------
Now, this config should work from what I can tell but it doesn't. Additional test include:
1. gave a laptop the WAN IP and connected directly to test actual connectivity. 10mb u/d good.
2. hooked laptop to internal side with a .36.x IP and could ping 36.1 inside, and 33.14 outside. But nothing beyound that.
3. did the obvious and set everything to auto (duplex,speed,ect. which I changed back for this example)
4. tried different flavors of the "ip route x.x.x.x" command.
5. Pointed a gun at it and told it to work or else!

Still,, nothing. Can anyone here see anything that might be a problem with this config?
I have done all I can do and could really use a good word.

 

[imbadatthis]

you need nat, i dont see that in your configuration .
there has to be something that tells the router to translate inside and outside addresses.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f8e.shtml

 

[Minue]

Hi Imbadatthis
No Nat is needed here.We are talking public addresses,these addresses can reach the WEB without need for translation.
Dictator88 please do a traceroute and a ping to 4.2.2.2 to see where the packet is being drop.

Regards

 

[mahlad29]

Yes, he needs nat, but where i don't know yet. These ip's do not exist on the net. And i assume you are trying to use them in a rfc 1918 fashion. I higly doubt that you happen to have access to 1024 public ip addresses. We need a litte more of a topology.

*** route-server.ip.att.net now uses AAA for logins. Login with
username "rviews".




User Access Verification

Username: Kerberos: No default realm defined for Kerberos!


User Access Verification

Username: rviews
route-server>
route-server>sho ip bg
route-server>sho ip bgp 100.103.33.12
% Network not in table
route-server>sho ip
route-server>sho ip bgp 100.103.36.0
% Network not in table
route-server>


20 yrs old, working towards my CCNP. Looking for a new job
02472

 

[dictator88]

well, to honest I changed the first set of numbers on the ip block to prevent,,,,,, issues. But, (as it were), if someone wants to try to track the problem from the outside, I will post the real ips, (though it would make no difference when it comes to the cisco configuration being correct or not.
As for the trace route, everything stops at the router. Period. It's driving me nuts.
As for the ip blocks. Yes, the # of ip is correct. 4 class c's on the inside. And right now only a /30 on the outside, (which will change soon since there will be fiber point to points to feed different cells in different counties in this state.

I also have a number of cisco 2610's that connect Internet to our network, (which), the configuration is the same except one of the FastEthernet is a Serial0/0. But the configuration rules are the same. And they all work fine.

Personally, I am begining to believe the router is 'broke'. But the problem with that is when a 'show int' is done, it shows that everything is great. So, I find myself still scratching my head.

Currently I am building/loading a openbsd unix box to be "a router" to test the system period. If that works, then it's down to two things. Bad config of the cisco, or bad cisco.

When I get the openbsd done and working, I will hookup the cisco again and post the real ips.

If anyone can see anything on that "simple" config that might be wrong, I am willing to try anything.

BTW, with all public IP's, none of my cisco's have required any NAT commands.

 

[dictator88]

openbsd server/router worded fine. So the problem is with the cisco 3700. Question still is, "Is it the config, or the hardware."

outside real IP is 98.103.33.14
inside blocks are 98.103.36.0 /22 (y.y.36-39.x

It is hooked back up.

 

[dictator88]

it should be said, the outside gateway (the provider router) of 98.103.33.13 has all ping response shut down. (Which sucks). But from the outside network I can NOT ping 98.103.33.14. Which where the neon sign is pointing to the root of the problem. So, either that nic is bad, OR, something in that config is stopping traffic to it. And from what I can tell, it can't be the latter. Anyone dissagree, or agree?

 

[dictator88]

also, still, I can ping 98.103.33.14 FROM a internal IP of 98.103.36.33. Which means its going though .1 and to the WAN nic. Which mean that traffic is stopping on the OUTSIDE, of the outside nic. (so to speak).

 

[dictator88]

one last point. From the same internal IP of .33, when I ping a outside ip (such as googles ip or something) I get a "reply from 98.103.36.1: Destination houst unreachable".

WHich just confirms the same problem in a different way.

 

[Minue]

I think "ip routing" should be on be default,but to be on the safe side try apply this command.Also try the ping from the router and not a PC.Do a ping and traceroute with source FastEthernet0/0.If the linux box is working fine then it's the router conf.Don't think it's a layer 1 ot harwar problem,in any case look for duplex mismatch and errors on the interface with show int FastEthernet0/0.

Regards