Traffic not routing properly

[Fadibitz]

Hey folks,

Refer to this diagram:

[Test PC]--[RTR]--[SW]--[GW RTR]--[Inet]

Test PC is connected to RTR int f0/1
RTR = c2621
SW = HP4108 switch (connected to RTR int f0/0
GW RTR = c2811

The Problem:

From the Test PC I can:
1. Ping RTR int f0/1
2. Ping RTR int f0/0
...but cannot:
1. Ping GW or other device on SW
2. Ping Inet site
3. Resolve DNS (DNS Svr is attached to SW)

From RTR I can:
1. Ping Test PC
2. Ping f0/1
3. Ping f0/0
4. Ping GW and all other devs on SW
5. Resolve DNS
...but cannot:
1. Ping Inet site

From Production PC on the SW I can:
1. Ping RTR f0/0
...but cannot:
1. Ping RTR f0/1
2. Ping Test PC

(The production PC can also access Inet, Resolve DNS, just as it has normally; the devices on the SW, such as the production PC should be taken to have full inter-device and Internet access capabilities.)

I'm mainly concerned with the DIFFERENCES between the pinging from the Test PC vs. from the RTR. The pinging Inet site I included to prevent questions about it, but it is likely a rule that I have applied on my main firewall.

The Configuration of RTR:

!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname MRMC
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 10.0.0.1 10.0.0.99
ip dhcp excluded-address 10.0.1.0 10.255.255.255
!
ip dhcp pool DHCP_POOL
network 10.0.0.0 255.0.0.0
dns-server 128.100.10.10
default-router 10.0.0.1
!
!
!
!
!
!
interface FastEthernet0/0
ip address 128.100.255.0 255.255.0.0
duplex auto
speed auto
!
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 10.0.0.1 255.0.0.0
duplex auto
speed auto
!
router rip
network 10.0.0.0
network 128.100.0.0
!
no ip http server
ip classless
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end


What say you, gentlemen?

 

[Alterac]

You might have to do some NAT work.
Does your gateway router accept 10.0.0.X addresses?

----------------------------------
Bill

 

[Fadibitz]

Actually, I'm not too concerned with passing traffic through the Gateway Router (GW RTR) just yet. It is configured not to allow 10.x.x.x traffic. Permitting traffic at the gateway will be one of the final steps.

The main issue in this case is that the traffic from the production network (attached to [SW]) will not pass through RTR, which is the device under test, and traffic from the Test PC will not pass through RTR going the other way.

I've config'd a kazillion of these things, but haven't touched one in almost 10 years. It's got to be something simple. Perhaps I've missed a required command that has changed or been added in the IOS.

Thx.

 

[Alterac]

Well maybe it is not receiving Rip updates from the main router?

post a
sh ip route

----------------------------------
Bill

 

[Fadibitz]

Would that really cause the router not to route traffic coming in on f0/0 out through f0/1? I would not think that a router would rely on RIP updates from another router in order to route traffic through itself. How would that work, exactly?

Remember, I'm not the least bit concerned about having internet access through the gateway at this point. I just want my Test PC to see the production PCs on the other side of the router under test.

 

[unclerico]

Like alterac said, post the output of sh ip route from both routers. Also full configs from both devices would be helpful.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[jneiberger]

Fadibitz, RTR must have a valid routing table or it won't route properly. As others have said, please post the output of "show ip route".

 

[Fadibitz]

I think you're missing the point. Let's simplify the configuration:

[PC1]--[RTR]--[PC2]

PC1 = 128.100.26.55 Connected to f0/0
PC2 = 10.0.0.100 Connected to f0/1

* The PCs cannot ping one another.
* The RTR can ping both PCs.

The router has been completely wiped and only the FE interfaces were set up with IPAs and the NO SHUT command was applied to each to bring them up.

*** Router (RTR) Running Config
*** And Routing Table


Router#sho run
Building configuration...

Current configuration : 614 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marke
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 128.100.255.0 255.255.0.0
duplex auto
speed auto
!
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface FastEthernet0/1
ip address 10.0.0.1 255.0.0.0
duplex auto
speed auto
!
ip http server
ip classless
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

Router#sho ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 128.100.0.0/16 is directly connected, FastEthernet0/0
C 10.0.0.0/8 is directly connected, FastEthernet0/1
Router#

*** E N D R O U T E R C L I ***

This should remove the discussion of RIP updates and Gateways.

Thanks guys

 

[Alterac]

Now it definatly will not work.

Please put the router rip and the network statements back in.

Without those, you will absolutly not be able to ping through the router.

And for curious sakes, why such huge subnets?

----------------------------------
Bill

 

[jneiberger]

Actually, bill, as long as the IP addressing is configured properly on the PCs in question, it will work just fine. Since the routes are directly connected, they already exist in the routing table.

Looking back at the original question, I'd still like to see routing tables from both routers. This issue indicates a problem with routing or with IP addressing, specifically subnet masks or default gateways.

Can you post routing tables from those two routers in the original scenario? Have you verified that the PC has the same subnet mask as the router interfaces it's connected to?

Does the DNS server have the same subnet mask as the RTR and GW-RTR interfaces? What is the default gateway of the DNS server? If the default gateway of that server is GW-RTR then you will need to add routes on the server to tell it how to get to "internal" LANs.

 

[Alterac]

I had not tested that configuration as I was under the impression it would not work.

Thanks for the info

----------------------------------
Bill

 

[jneiberger]

Yeah, it would work in the one-router scenario he posted assuming that the PCs had their local router interface set as the default gateway. There are only two subnets and the router is aware of both because they're directly connected.

 

[unclerico]

add this command:
ip routing

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[Fadibitz]

Thanks, folks. Adding the command IP ROUTING did the trick. Another issue that came up was that since these are production PCs (which explains the enormous subnets, Bill), one of them had the wrong DEFAULT GATEWAY configured (it was config'd to use the production router, not my test router), so it would not connect to (i.e. PING) anything aside from the router interface it was directly connected to.

JNEIBERGER: The configuration of the second router is enormous, and, since it is a production router, I consider its contents sensitive information and will not disclose it. However, it is my belief that the entire issue from the initial post to this resolution was the dual problem of the lack of IP ROUTING and the misconfiguration of the PC's DEFAULT GATEWAY.

Thanks again, guys.

 

[jneiberger]

I didn't even think about the ip routing command. You'd never want to remove that command on a router, so I assumed it was there. If you turn off IP routing it turns your device into a bridge, so only bridged traffic will pass across the interfaces. As you noticed, traffic that needs to be routed will simply be dropped.

 

[Alterac]

Normally if ip routing is off, it shows in the config as a "no ip routing" line.

Well, good to see you got it up and running.. Now to turn all the fun stuff back on

----------------------------------
Bill