03-04-2008 01:39 AM - edited 03-03-2019 08:57 PM
Hello,
I'm stuck with a simple routing problem in Cisco 2811.
Extended ping tests from fas0/1 to host in fas0/0 side fails
but, extended ping from fas0/0 to host in fas0/1 side pass.
no additional modules installed, (only builtin fas0/0 and fas0/1 used.
Could some advice please.
Additional info
ip classles, ip routing configured.
more info below
2811 router 12.4, (crypto not used immediately)
Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.4(17), RELEASE SOFTWARE (fc1)
|------------| Router |----------|
192.168.212.0/24 10.203.48.0/26
Fas0/0 192.168.212.4 fas0/1 10.203.48.1
(a device 212.2) (a device 48.2)
from router ping 192.168.212.2 (OK) another switch/router
from router ping 10.203.48.2 (ok) another switch/router
from router, extended ping
one direction extended ping ok (ping 10.203.48.2 from 192.168.212.4 ok)
other direction extended ping fails (ping 192.168.212.2 from 10.203.48.1 fail)
abstracts
!
interface FastEthernet0/0
description Vlan555 to Donabulan Gi1/1 from Fleet PACS
ip address 192.168.212.4 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description LES10 to Fleet-PACS
ip address 10.203.48.1 255.255.255.192
duplex full
speed 10
!
ip forward-protocol nd
ip route 10.203.48.0 255.255.255.192 FastEthernet0/1
ip route 192.168.212.0 255.255.255.0 FastEthernet0/0
!
03-04-2008 02:18 AM
HI,
Pls post the output of show ip route....
Thanks...
03-04-2008 02:52 AM
Show IP route and other info pasted
=======================
Router#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.212.0/24 is directly connected, FastEthernet0/0
10.0.0.0/26 is subnetted, 1 subnets
C 10.203.48.0 is directly connected, FastEthernet0/1
Router#
=======================
Router#sh ver
Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.4(17), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Fri 07-Sep-07 16:46 by prod_rel_team
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
frm-tucr-dr-dorado uptime is 4 days, 16 hours, 24 minutes
System returned to ROM by power-on
System restarted at 16:38:57 UTC Thu Feb 28 2008
System image file is "flash:c2800nm-spservicesk9-mz.124-17.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 2811 (revision 53.51) with 251904K/10240K bytes of memory.
Processor board ID FCZ114872EA
2 FastEthernet interfaces
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Router#
03-04-2008 03:03 AM
Hi,
Please check the gateway and subnet mask of the PC 192.168.212.2
HTH
03-04-2008 03:14 AM
The host 192.168.212.2
g/w 192.168.212.4
ping from 10.203.48.1 not working.
Thanks
(I do not expect the crypto image (not used at present) in the router to do something in one direction!!)
03-04-2008 03:28 AM
Hi,
you mean to say the whole network 10.203.48.0/192 is not able to reach/ping the other network...???
did u have any ACL activated..Would u pls. post the running configuration.... May be some other experts might have a look into this.
03-04-2008 03:32 AM
03-04-2008 03:50 AM
Hi,
I'm not seeing any problem in router configuration. please check n answer these queries..
1. what is the device "192.168.212.2" is this switch/PC...
2. Are you able to ping(ext) to other IPs in 192.168.212.x segment from router. If yes, then the problem might be in the device with IP 192.168.212.2 with either the gateway or some ip routing issue.
3. Are u able to ping from any device/PC in 192.168.212.x network to PCs in 10.203.48.x network.
4. Same above but vice versa...
03-04-2008 03:58 AM
i disconnected the real 192...
I connected the laptop to fas0/0
192.168.212.49
g/w 192.168.212.4
i can ping and telnet from laptop (192) to 10.203.48.2 and .1
but,
I can not ping 192.168.212.49 from 10.203.48.1 or .2
thanks
03-04-2008 04:11 AM
in addition to above,
i'm going to disable firewall in my laptop and repeat the above test.
I'll report, once completed.
Thanks
03-04-2008 04:45 AM
Sinnathurai
Replacing some device with a laptop certainly introduces the possibility that a firewall is part of the issue. You are correct that you should disable the firewall and test again.
The symptoms that you describe of being able to do normal ping from the router to the device demonstrates several things including the fact that you have basic connectivity to the device (its interfaces are working, ARP is working, etc).
When normal ping does work and extended ping with a different source address does not work it usually indicates a routing problem. And aside from the possibility of access lists (which clearly are not present based on the config that you posted) the problem is more often on the remote device than on the router. In my experience the problem is frequently an incorrect default gateway or an incorrect subnet mask. But your post seems to indicate that these are correct. The next thing that I would check are the possibility of access lists or firewall on the device, which you are doing. I would also suggest checking for routes entered on the remote device. If it is a Windows PC would you post the output of route print?
One other thought is that it is my understanding that 12.4(17) is a pretty buggy release. According to this link it is deferred:
and the suggestion is to use 12.4(17b). You may need a login with download privilege to access that link. I am not sure that this problem is a software problem but I would suggest that you think about changing software before you put this router into a live network.
HTH
Rick
03-04-2008 05:14 AM
The test Laptop now works ok, after disabling the firewall in the laptop.
Thanks to Aijaz and Rick
I can close this now.
Later,
I'll be raising another question, how to divert at pix 192.168.212.1 (inside) to (inside) 10.203.48.0 (as pix is the current g/w for devices on 192.168.212.0 and I do not plan to change gateways on servers.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: