cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
779
Views
24
Helpful
11
Replies

router on a stick and NAT

wenyuantu
Level 1
Level 1

I configured "router on a stick" and NAT on a 2621 router using a DSL connection for Internet access. My hardware equipment and configurations are attached.

Host A or B can ping their own gateways and each other's gateways. However, host A cannot ping host B and vice versa. Host A or B both can telnet to, say Yahoo's Web server port 80. Netstat -a output showed that an http connection has been established. Both hosts can resolve DNS from an outside resolver. However, Internet Explorer said that "The page cannot be displayed."

Could anyone please help resolve the problems? Thank you in advance!

11 Replies 11

c
Level 1
Level 1

If you are able reach yahoo successfully then the routing and dns setting (hopefully) is correct.

Are you able ping these pcs from anywhere? e.g. from the router itself? If not then check if any firewall is running on the pcs?

Second check if any browser settings (especially the connection tab) are incorrect?

Thank you for your precious time and trying to help!

I am able to ping the two PCs (host A and B) from the router. However, the two PCs cannot ping each other. Since host A can ping its own gateway and the gateway of host B and so does host B, I don't understand why the router does route the traffic when A and B try to ping each other.

Did I configure the switch or router wrong?

jorgenolla
Level 1
Level 1

I would start by assigning the native vlan on the router:

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

Thank you for your suggestion.

However, I have that configured on the router already. The version of IOS running on the 2621 router is 12.0(7)T. Therefore, it supports the command:

encapsulation dot1Q 1

but not

encapsulation dot1Q 1 native

Could you find anything else that might be wrong? Thanks.

Yes, but it is configured on a sub interface according to your output.

interface FastEthernet0/1.1

encapsulation dot1Q 1

You are currently running version 12.0, which then this rule applies:

The Native Vlan cannot be configured on a logical subinterface in Cisco IOS software release earlier than 12.1(3)T. Native IP addresses therefore have to be configured on the physical interface:

int fa0/1

encapsualtion dot1q 1 native

ip address 192.168.50.1 255.255.255.0

Best Regards

Thank you for telling me the rule.

However, I tried to configure the physical interface as you instructed but received "% Unrecognized command" due to the encapsulation command for some reason is not recognized when configuring the physical interface fa0/1.

What should I do to correct the problem? Do I need to upgrade the IOS in order to walk around the problem? Please advice. Thank you!

Wen

When configuring the native VLAN on the physical interface using the version of IOS that you are using, I believe that you do not need the encapsulation command. You just put the IP address of the native VLAN interface on the physical interface.

While I would think that a newer IOS would be helpful, I do not belive that it is a requirement for solving this issue. And since one PC is in VLAN 300 and the other is in VLAN 400 I do not believe that issues with the native VLAN have any impact on these PC connectivity issues.

HTH

Rick

HTH

Rick

Wen

In thinking about this issue I believe that we should consider it in two parts and attempt to solve the first part before we do the second part. I believe that the first part is the problem with the PCs not able to ping each other. The configs look pretty clear about that. I do not see it as likely to be a routing issue - especially since each PC can ping the gateway of the other PC, so access to the remote subnet is working through the router. is there any possibility that there are firewalls running on the PCs that would prevent the ping?

HTH

Rick

HTH

Rick

Hi Rick,

PC A (192.168.2.50) is running Windows XP with Microsoft firewall turned off. PC B (10.28.0.77) is running Windows 2000 Professional. I can ping either PC from the router but not from the switch.

rt2621#ping 192.168.2.50

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.50, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

rt2621#ping 10.28.0.77

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.28.0.77, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

rt2621#

switch2950#ping 192.168.2.50

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.50, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

switch2950#ping 10.28.0.77

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.28.0.77, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

switch2950#ping 10.16.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.16.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

switch2950#ping 192.168.2.254

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

switch2950#

Is there any additional information that might be helpful for the troubleshooting? I really appreciate helps from all of you.

I just resolved all problems by simply upgrading the IOS on the 2621 router from 12.0(7)T to 12.2(23f). It looks like there might be a bug in the IOS release before the upgrade.

I'd like to sincerely appreciate everyone who contributed to provide me with their ideas. I also want to especially thank Rick's help because I directly asked his help and he responded promptly. He will be always my role model.

Thank you all again!

Wen

I am glad that you have found the solution to your problem. Sometimes with problems that seem strange and do not behave as expected an upgrade of software will sometimes resolve the problem. And that was the case here.

It is a shame that there is not a good way in the ranking system to show that a problem is resolved when it was resolved by the person who submitted the problem. I hope that many people will read this thread and will learn from your experience.

Thank you for the compliment. I look forward to your continuing participation in the forum.

[edit] Even though the question is essentially closed I do have one other comment about the fact that the router could ping the PCs but the switch could not ping them. I believe that this is due to the issue with correct configuring of the native VLAN. The ping from the switch would be sent on the native VLAN to the router. If the router were properly processing the native VLAN then the ping would have worked. But with the native VLAN not working yet the ping fails.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco