router on a stick and NAT

Unanswered Question
Sep 4th, 2007
User Badges:

I configured "router on a stick" and NAT on a 2621 router using a DSL connection for Internet access. My hardware equipment and configurations are attached.


Host A or B can ping their own gateways and each other's gateways. However, host A cannot ping host B and vice versa. Host A or B both can telnet to, say Yahoo's Web server port 80. Netstat -a output showed that an http connection has been established. Both hosts can resolve DNS from an outside resolver. However, Internet Explorer said that "The page cannot be displayed."


Could anyone please help resolve the problems? Thank you in advance!



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.2 (7 ratings)
Loading.

If you are able reach yahoo successfully then the routing and dns setting (hopefully) is correct.


Are you able ping these pcs from anywhere? e.g. from the router itself? If not then check if any firewall is running on the pcs?

Second check if any browser settings (especially the connection tab) are incorrect?

wenyuantu Wed, 09/05/2007 - 08:23
User Badges:

Thank you for your precious time and trying to help!


I am able to ping the two PCs (host A and B) from the router. However, the two PCs cannot ping each other. Since host A can ping its own gateway and the gateway of host B and so does host B, I don't understand why the router does route the traffic when A and B try to ping each other.


Did I configure the switch or router wrong?

jorgenolla Wed, 09/05/2007 - 04:43
User Badges:

I would start by assigning the native vlan on the router:


interface FastEthernet0/1.1

encapsulation dot1Q 1 native


wenyuantu Wed, 09/05/2007 - 08:39
User Badges:

Thank you for your suggestion.


However, I have that configured on the router already. The version of IOS running on the 2621 router is 12.0(7)T. Therefore, it supports the command:


encapsulation dot1Q 1


but not


encapsulation dot1Q 1 native


Could you find anything else that might be wrong? Thanks.

jorgenolla Wed, 09/05/2007 - 11:15
User Badges:

Yes, but it is configured on a sub interface according to your output.


interface FastEthernet0/1.1

encapsulation dot1Q 1


You are currently running version 12.0, which then this rule applies:


The Native Vlan cannot be configured on a logical subinterface in Cisco IOS software release earlier than 12.1(3)T. Native IP addresses therefore have to be configured on the physical interface:


int fa0/1

encapsualtion dot1q 1 native

ip address 192.168.50.1 255.255.255.0


Best Regards

wenyuantu Thu, 09/06/2007 - 09:45
User Badges:

Thank you for telling me the rule.


However, I tried to configure the physical interface as you instructed but received "% Unrecognized command" due to the encapsulation command for some reason is not recognized when configuring the physical interface fa0/1.


What should I do to correct the problem? Do I need to upgrade the IOS in order to walk around the problem? Please advice. Thank you!

Richard Burts Thu, 09/06/2007 - 11:23
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Wen


When configuring the native VLAN on the physical interface using the version of IOS that you are using, I believe that you do not need the encapsulation command. You just put the IP address of the native VLAN interface on the physical interface.


While I would think that a newer IOS would be helpful, I do not belive that it is a requirement for solving this issue. And since one PC is in VLAN 300 and the other is in VLAN 400 I do not believe that issues with the native VLAN have any impact on these PC connectivity issues.


HTH


Rick

Richard Burts Thu, 09/06/2007 - 11:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Wen


In thinking about this issue I believe that we should consider it in two parts and attempt to solve the first part before we do the second part. I believe that the first part is the problem with the PCs not able to ping each other. The configs look pretty clear about that. I do not see it as likely to be a routing issue - especially since each PC can ping the gateway of the other PC, so access to the remote subnet is working through the router. is there any possibility that there are firewalls running on the PCs that would prevent the ping?


HTH


Rick

wenyuantu Thu, 09/06/2007 - 12:27
User Badges:

Hi Rick,


PC A (192.168.2.50) is running Windows XP with Microsoft firewall turned off. PC B (10.28.0.77) is running Windows 2000 Professional. I can ping either PC from the router but not from the switch.


rt2621#ping 192.168.2.50


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.50, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

rt2621#ping 10.28.0.77


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.28.0.77, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

rt2621#


switch2950#ping 192.168.2.50


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.50, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

switch2950#ping 10.28.0.77


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.28.0.77, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

switch2950#ping 10.16.0.1


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.16.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

switch2950#ping 192.168.2.254


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

switch2950#


Is there any additional information that might be helpful for the troubleshooting? I really appreciate helps from all of you.

wenyuantu Thu, 09/06/2007 - 14:24
User Badges:

I just resolved all problems by simply upgrading the IOS on the 2621 router from 12.0(7)T to 12.2(23f). It looks like there might be a bug in the IOS release before the upgrade.


I'd like to sincerely appreciate everyone who contributed to provide me with their ideas. I also want to especially thank Rick's help because I directly asked his help and he responded promptly. He will be always my role model.


Thank you all again!

Richard Burts Thu, 09/06/2007 - 17:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Wen


I am glad that you have found the solution to your problem. Sometimes with problems that seem strange and do not behave as expected an upgrade of software will sometimes resolve the problem. And that was the case here.


It is a shame that there is not a good way in the ranking system to show that a problem is resolved when it was resolved by the person who submitted the problem. I hope that many people will read this thread and will learn from your experience.


Thank you for the compliment. I look forward to your continuing participation in the forum.


[edit] Even though the question is essentially closed I do have one other comment about the fact that the router could ping the PCs but the switch could not ping them. I believe that this is due to the issue with correct configuring of the native VLAN. The ping from the switch would be sent on the native VLAN to the router. If the router were properly processing the native VLAN then the ping would have worked. But with the native VLAN not working yet the ping fails.


HTH


Rick

Actions

This Discussion