Routing issue

[npereira]

I am having difficulty pingin accross a cisco 2900 router.

Here is the config file:

********************************************
interface Ethernet0/0
ip address 192.168.10.1 255.255.255.0
half-duplex
bridge-group 1
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
ip address 10.1.1.3 255.255.255.0
half-duplex
bridge-group 1
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 192.168.10.0 255.255.255.0 Ethernet0/0
ip http server
ip pim bidir-enable
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server community public RO
snmp-server enable traps tty
bridge 1 protocol dec
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4

login
!
end
*************************************

Here is my 'show ip route':

*************************************

Gateway of last resort is 10.1.1.1 to network 0.0.0.0

C 192.168.10.0/24 is directly connected, Ethernet0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Ethernet0/1
S* 0.0.0.0/0 [1/0] via 10.1.1.1
*************************************

The problem is I cannot ping from 10.1.1.1 to 192.168.10.101 or vice-versa. I _CAN_ ping both addresses from the router.

Can someone please tell me if they can fond something wrong?

 

[npereira]

Correction!

I can ping 10.1.1.1 from 192.168.10.101 but not the other way (ie: ping 192.168.10.101 from 10.1.1.1).

NPereira

 

[svermill]

Your config is pretty confusing to me. You've got two interfaces in the same bridge group that are in totally different networks. You've also got static route statements. What are you trying to do? Bridge or route?

 

[npereira]

svermill,

Sorry, my mistake. I corrected the bridge and removed it on both interfaces, but I still cannot ping 192.168.10.101

I want to route, not bridge. Sorry again for the confussion.

 

[svermill]

Is 10.1.1.1 a workstation or another router on the opposite end of e0/1?

And what about 192.168.10.101? A router or workstation?

 

[svermill]

Also, just FYI, when you remove something like a bridge group, it's best to shut and no shut the interface. I'd also clear the arp cache just to be safe. I haven't messed with bridge groups in quite a while, but I do recall that the arp cache can play tricks with you. Best to get a clean slate and go from there.

 

[npereira]

10.1.1.1 on the eth1 side is a sonicwall firewall which has a route to 192.168.10.0 via 10.1.1.3

192.168.1.101 is a win2000 box with gateway of 192.168.10.1 (eth0 of router)

I have since erased the nvram and re-did the setup several times. Also, I cold reboot the router several times.

Here is an up to date config with the corrections.

****************************************
Router#show run
Building configuration...

Current configuration : 645 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
ip subnet-zero
!
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.10.1 255.255.255.0
half-duplex
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface Ethernet0/1
ip address 10.1.1.3 255.255.255.0
half-duplex
!
ip default-gateway 10.1.1.1
ip classless
ip http server
ip pim bidir-enable
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
!
end
*************************************

 

[svermill]

Well...unless we're both overlooking something, you've got your routes all plugged into the right places. So can you ping 10.1.1.3 from 10.1.1.1? If so, you need to figure out why you can't cross the router. I would turn on 'debug icmp' and possibly 'debug icmp packet' and see where your ping is failing. I suspect this has more to do with the firewall itself as opposed to the router, but only some debug or sniffer traces can prove anything one way or another.

 

[svermill]

Also, just off the wall (so to speak), I run the Windows software firewall on my machine at home. This prevents anyone from pinging my machine, but still allows me to ping anyone I please.

 

[npereira]

I am reconfiguring the sonicwall right now.
and removing the router to see if all os ok and if it is actualy the router the issue.

Later!

 

[npereira]

Now I can ping accross the router but the DNS does not get resolved on the 192.168.10.0 side.
The dns used is my isp's
How do I assign a dns server to the router?

 

[svermill]

I believe this is what you are trying to do:

http://www.cisco.com/en/US/tech/tk648/tk368/technologies_tech_note09186a00800c525f.shtml

What was the fix action on the ping issue?

 

[help24ca]

Small point, but is your router routing? I don't see a routing protocol, so I hope you used the IP ROUTE command while in conf t.

Best of Luck.
help24ca@yahoo.ca

 

[svermill]

He doesn't need any static routes because the only networks he's dealing with are directly attached. In other words, the router already knows how to reach what is attached to it.

 

[npereira]

SVERMILL,

Actualy, I needed a route. I added;

ip route 0.0.0.0 0.0.0.0 10.1.1.1

And that fixed my problems. I already had a

ip default-gateway 10.1.1.1

but that did not help. I think the last is only used if the router acts as a DHCP server which in my case, it does not.

Anyway, now everything is working and here is a copy of my 'show run' for you to see.

********************************************
Building configuration...

Current configuration : 817 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 (OMMITED)
enable password 4
!
ip subnet-zero
!
!
ip name-server 198.235.216.134
ip name-server 198.235.216.135
ip name-server 192.168.10.103
!
!
!
!
interface Ethernet0/0
ip address 192.168.10.1 255.255.255.0
ip directed-broadcast
half-duplex
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface Ethernet0/1
ip address 10.1.1.3 255.255.255.0
ip directed-broadcast
half-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip http server
ip pim bidir-enable
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
line con 0
line aux 0
line vty 0 4
(OMITTED)
login
!
end
************************************************

 

[svermill]

The default gateway is used when ip routing isn't enabled. In other words, when the router is the same as any old host attached to the network.

I'm skeptical that the default route solved your problem. You had that in your original config. And even without it, your routing table included both the 192 network and the 10 subnet. So what did the default route do for you that the routing table didn't?

 

[npereira]

Well by adding the line;

ip route 0.0.0.0 0.0.0.0 10.1.1.1

Solved the issue. That's theonly thing I did add.

 

[svermill]

If you remove that route, and loose the ability to ping 192.168.10.101 from the firewall, there is something wrong in the network. And whatever it is might manifest itself in some other way down the pike...

Regards.