Simple routing question

Unanswered Question
Jul 12th, 2007
User Badges:

I know this is quite simple, but the end result continues to elude me..


I have two LAN's, 192.168.0.0 (A) and 192.168.100.0 (B). I need the hosts on (B) to talk the servers on (A).


I have a Cisco 2801 Router. From (A) I can ping the interface configured to subnet (B) but cannot ping the hosts on the other side.


What is the simplest configuration for making A and B talk to each other efficiently? Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Harold Ritter Thu, 07/12/2007 - 11:12
User Badges:
  • Cisco Employee,

Make sure you configure the default gateway (router local interface address) on the workstations.


Hope this helps,

itfchadrob Thu, 07/12/2007 - 11:17
User Badges:

Yep, have the router interface set as gateway, in addition to my LAN gateway...is this bad?

Harold Ritter Thu, 07/12/2007 - 11:29
User Badges:
  • Cisco Employee,

You should nornally have only one default gateway.


If you just want to test the connectivity between subnet A and B then you could just manually add the routes on the workstations as follow (assuming they are windows WS):


on workstations on subnet A:


route add 192.168.100.0 mask 255.255.255.0 192.168.0.9


on workstations on subnet B:


route add 192.168.0.0 mask 255.255.255.0 192.168.100.1


This should do what you are looking for.


Hope this helps,



itfchadrob Thu, 07/12/2007 - 11:40
User Badges:

Ive done this as well, still doesnt work. Perhaps I have something else wrong here...

dschuckman Thu, 07/12/2007 - 11:13
User Badges:

Is it possible to see the configuration that you are using?

itfchadrob Thu, 07/12/2007 - 11:15
User Badges:

Yep...Im new to Cisco routers so this is a test environment...


Building configuration...


Current configuration : 1857 bytes

!

version 12.4

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname itfroute01

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$iH4t$INo3qB3/GCKlCHtjPH4JS/

enable password

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip routing

no ip cef

!

!

no ip dhcp use vrf connected

!

!

ip domain name itfnet.com

ip name-server 192.168.0.4

ip name-server 192.168.0.6

!

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 192.168.0.9 255.255.255.0

ip access-group sdm_fastethernet0/0_in in

ip access-group oubound0/0 out

no ip route-cache

speed auto

full-duplex

no mop enabled

!

interface FastEthernet0/1

description $ETH-LAN$

ip address 192.168.100.1 255.255.255.0

ip access-group sdm_fastethernet0/1_in in

ip access-group outbound0/1 out

ip nat inside

no ip route-cache

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 permanent

ip route 192.168.0.0 255.255.255.0 FastEthernet0/0

ip route 192.168.0.0 255.255.255.0 FastEthernet0/1

ip route 192.168.100.0 255.255.255.0 FastEthernet0/0

ip route 192.168.100.0 255.255.255.0 FastEthernet0/1

!

ip http server

ip nat inside source list sdm_fastethernet0/1_in interface FastEthernet0/0 overload

!

ip access-list standard oubound0/0

remark SDM_ACL Category=1

permit 0.0.0.0 255.255.255.0

ip access-list standard outbound0/1

remark SDM_ACL Category=1

permit 0.0.0.0 255.255.255.0

!

ip access-list extended sdm_fastethernet0/0_in

remark SDM_ACL Category=1

permit ip any any

ip access-list extended sdm_fastethernet0/1_in

remark SDM_ACL Category=3

permit ip any any

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password

login

!

end


dschuckman Thu, 07/12/2007 - 11:19
User Badges:

For starters try taking all the following route statements out:


ip route 192.168.0.0 255.255.255.0 FastEthernet0/0

ip route 192.168.0.0 255.255.255.0 FastEthernet0/1

ip route 192.168.100.0 255.255.255.0 FastEthernet0/0

ip route 192.168.100.0 255.255.255.0 FastEthernet0/1


dschuckman Thu, 07/12/2007 - 11:29
User Badges:

I think the next problem is in your outbound0/1 and outbound0/0 access-lists.


I am not sure what you actually want to permit out those interfaces but assuming you want to permit all traffic it needs to be


permit ip any any


if you just want to permit the specific subnet out each interface it would need to be for outbound0/0

permit 192.168.0.0 0.0.0.255


and for outbount0/1

permit 192.168.100.0 0.0.0.255


right now your access-list is only permitting network any.any.any.0 and nothing else.

itfchadrob Thu, 07/12/2007 - 11:40
User Badges:

Ok, here is my new config, still cant ping hosts on B...


Building configuration...


Current configuration : 1612 bytes

!

version 12.4

service config

service timestamps debug datetime msec

service timestamps log datetime msec


!

hostname itfroute01

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret xxx

enable password

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip routing

no ip cef

!

!

no ip dhcp use vrf connected

!

!

ip domain name itfnet.com

ip name-server 192.168.0.4

ip name-server 192.168.0.6

!

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 192.168.0.9 255.255.255.0

ip access-group any in

ip access-group any out

no ip route-cache

speed auto

full-duplex

no mop enabled

!

interface FastEthernet0/1

description $ETH-LAN$

ip address 192.168.100.1 255.255.255.0

ip access-group any in

ip access-group any out

ip nat inside

no ip route-cache

duplex auto

speed auto

!

ip classless

!

ip http server

ip nat inside source list sdm_fastethernet0/1_in interface FastEthernet0/0 overload

!

ip access-list standard any

remark SDM_ACL Category=1

permit any

ip access-list standard oubound0/0

remark SDM_ACL Category=1

permit 0.0.0.0 255.255.255.0

ip access-list standard outbound0/1

remark SDM_ACL Category=1

permit 0.0.0.0 255.255.255.0

!

ip access-list extended sdm_fastethernet0/0_in

remark SDM_ACL Category=1

permit ip any any

ip access-list extended sdm_fastethernet0/1_in

remark SDM_ACL Category=2

permit ip any any

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password

login

!

end

itfchadrob Thu, 07/12/2007 - 12:00
User Badges:

I know this is simple stuff..

I can ping both router interfaces from both subnets, all routes are in the windows routing tables, but STIll cant ping hosts behind the router. errr

Thanks for all the help, very appreciated

itfchadrob Thu, 07/12/2007 - 12:04
User Badges:


Standard IP access list any

10 permit any (4139 matches)

Standard IP access list oubound0/0

10 permit 0.0.0.0, wildcard bits 255.255.255.0

Standard IP access list outbound0/1

10 permit 0.0.0.0, wildcard bits 255.255.255.0

Extended IP access list sdm_fastethernet0/0_in

10 permit ip any any (124287 matches)

Extended IP access list sdm_fastethernet0/1_in

10 permit ip any any

dschuckman Thu, 07/12/2007 - 12:08
User Badges:

Your ACL is preventing this traffic from crossing the interface. The ACL's are affecting this.


Can you try to modify them the way I previously recomended. Or a quicker solution would just be to remove the oubound0/0 and oubound0/1 from the interfaces!!

yutlophat Thu, 07/12/2007 - 16:29
User Badges:

You have a 'no ip routing' statement. Enable routing by doing an 'ip routing'.


HTH

--CS

itfchadrob Fri, 07/13/2007 - 06:19
User Badges:

Had to walk away from this yesterday. Came in today, reset to factory and started over. I can still ping each router interface from both subnets, but still cant ping hosts.



Building configuration...


Current configuration : 1335 bytes

!

! Last configuration change at 13:50:42 Chicago Fri Jul 13 2007 by admin

! NVRAM config last updated at 14:07:24 Chicago Fri Jul 13 2007 by admin

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname router

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$T25L$t/hXznZ.mM8nJUWQ7Zy5T1

enable password

!

no aaa new-model

!

resource policy

!

clock timezone Chicago -6

clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

!

no ip dhcp use vrf connected

!

!

ip name-server 192.168.0.6

!

!

!

!

interface FastEthernet0/0

ip address 192.168.0.9 255.255.255.0

ip access-group sdm_fastethernet0/0_in in

speed auto

full-duplex

no mop enabled

!

interface FastEthernet0/1

description $ETH-LAN$

ip address 192.168.100.1 255.255.255.0

ip access-group sdm_fastethernet0/1_in in

duplex auto

speed auto

!

ip classless

!

ip http server

!

ip access-list extended sdm_fastethernet0/0_in

remark SDM_ACL Category=1

permit ip any any

ip access-list extended sdm_fastethernet0/1_in

remark SDM_ACL Category=1

permit ip any any

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password

login

!

end


dschuckman Fri, 07/13/2007 - 13:01
User Badges:

Chad


I took your configuration exatly as it is. put it in a Cisco 2811 and then connected two hosts to the router interfaces.


I tested with a device at 192.168.0.10 and a device ad 192.168.100.2.


From 192.168.0.10 I can ping 192.168.0.9, 192.168.100.1, and 192.168.100.2.


From 192.168.100.2 I can ping 192.168.100.1 192.168.0.9 and 192.168.0.10.


I think you have resolved your issue on your router. If you are still having problems I would verify the gateway's on your two hosts.


Please Rate if helpful!


Thanks,

David

Actions

This Discussion