Ethernet to Ethernet Configuration problem

[bigdaddytim]

I have two subnets on a 1605 router. Ethernet 1 is 172.17.17.0/24 and Ethernet 0 is 192.168.0.0/24. I cannot get the two to talk freely and I need some help. My internal gateway is 172.17.17.1 (3640 Router) and I have tried IP routes, dual IP interfaces and other. Could you please tell me if there is a way to get these two talking. Also I have no access list experience and I need to have an access list to block 192.168...... from getting to 172.17.17....... but 172.17.17 had full access to 192.168..... Thanks ahead of time..

 

[jeter]

have you tried to setup a routing protocol such as rip.eigrp.etc

On the router with the 172 network add this statement
access-list 1 deny 192.168.0.0
now we need to apply an access group to your interfaces

ip access-group 1 in or out
IN= keeps traffic from getting into your router
out=keeps traffic from going through your router J.Fisher CCNA
Jeter@LasVegas.com

 

[Guest_imported]

You may have a problem using access lists in the manner described because TCP uses acknowledgements. For example, if the 172 network sends data to the 192 network, it will expect to see an ack packet to verify receipt, however it will not because it will be filtered.

 

[rsfoyles]

I have a problem with the fact that you have two directly connected networks and they can't see each other? Run "sh ip route" and see if they show-up in the table. Then check to see that both interfaces are up. Make sure that you typed the "no shut" command on both interfaces. What routing protocol are you running? Can you ping the e1 int from the 3640?

maddstang is also correct about your problem in using an access-list

 

[bigdaddytim]

I have the problem with the IP route table. No IP routes show up when I add them. I have never seen this, no matter what static route I put in there, it doesn't show up. It is in the Running Config though, just not working...

 

[wybnormal]

Am I missing something here? you say the IP of E1 is 172.17.17.0 ? Thats the wire address and illegal in most cases.. if you have 172.17.17.1 , then it's legal and it should show up in the show ip route as a C connection for a directly connected network.

The same applies for the other interface of 192.x.x.x

Mike S
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[chodges]

Did you configure this router from scratch - no previous config at all? If so, did you turn on IP Routing? or try issuing the IP Routing global command.

 

[talisker]

I sounds like someone must have typed "no ip routing" at some point. This is tricky because it doesn't show up when you do a "show run". You need this to be enabled even if you are only using static routes. Try this: in global configuration mode, type "ip routing", do a cntrl-Z and save the config. Now try the show ip route command & see what happens.

Good luck!

 

[charcarson]

The 172.17.17.0 address should be legal if they've used the ip subnet-zero command. This is turned off by default.

 

[wybnormal]

Ahem.. it's turned ON by default in the newer IOS loads. I have to turn it OFF each time I upgrade one of my older IOS loads. And subnet Zero ONLY works if ALL network devices on the wire understand it's legal. That makes it a not very useful command in the real world with many different vendor's "stuff" on the wire. I dont of anyone who has actually used it in a production network. Not saying there are not any.. just I have not met any in my travels so far.

MikeS "Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[Guest_imported]

Cisco Lover

i need router configuration and