04-10-2008 11:58 AM - edited 03-03-2019 09:30 PM
I have two internal private networks that I'm trying to connect using a 1721 router. I am able to telnet from network 1 to the router, and ping from router the gw on network 2, but I can't ping anything back on network 1. Also, I can't ping network 2 from network 1. Can someone give me the correct route or other commands I need to get started. I'm not worried about security, this is just for testing. Once I make the connections, I can start playing around with more advanced commands. Network 1 is 10.10.x.x/16 and Network 2 is 10.20.20.x/24. Thanks.
04-10-2008 12:11 PM
Tony
Do you have 2 ethernet interfaces in the 1721 ?
You need to set the default-gateway on your clients to be the interface on the 1721 for their respective vlans so if the 10.20.20.x network uses e0 on the 1721 and the IP address on e0 is 10.20.20.1 then on a client in that network the default-gateway would need to be 10.20.20.1.
Could you post the config of the 1721
Jon
04-10-2008 12:12 PM
Hi Tony,
Please post the running-config of the 1721 router.
Thanks:
Istvan
04-10-2008 12:21 PM
Ok, don't laugh I know there is mistakes....
show config
Using 838 out of 29688 bytes
!
! Last configuration change at 15:45:58 UTC Sun Mar 30 2008
! NVRAM config last updated at 15:47:11 UTC Sun Mar 30 2008
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TestRouter
!
logging queue-limit 100
enable secret xxx
enable password xxxx
!
ip subnet-zero
!
!
!
!
!
!
!
interface Ethernet0
ip address 10.20.20.77 255.255.255.0
ip access-group 101 in
half-duplex
!
interface FastEthernet0
ip address 10.10.7.1 255.255.0.0
ip access-group 111 in
speed auto
!
ip classless
ip route 10.20.0.0 255.255.255.0 10.10.3.10
no ip http server
!
!
access-list 111 permit tcp host 10.10.3.10 any
!
line con 0
exec-timeout 0 0
password xxxx
login
line aux 0
line vty 0 4
password xxxx
login
!
no scheduler allocate
end
04-10-2008 12:25 PM
Tony
You can't ping net2 from net1 because of your access-list.
access-list 111 permit tcp host 10.10.3.10 any
There is an implicit deny at the end of any access-list so you will not be able to ping through.
The access-list also looks wrong. Could you remove the access-lists from both the e0 and fa0 interfaces and retest
Jon
04-10-2008 12:47 PM
I removed the access-list and access group statements. Now when I'm telneted to the router, I can ping both networks from the router. However I still can't ping 10.20.20.1 from 10.10.3.10. Any ideas?
04-10-2008 12:49 PM
Tony
What device is 10.10.3.10 ?
Jon
04-10-2008 12:52 PM
It's my workstation. At first I was trying to get the configuration so I could only access the other network, but it's not a necessary security measure at this time.
04-10-2008 12:55 PM
Tony
Can you remove the following from your config
ip route 10.20.0.0 255.255.255.0 10.10.3.10
Is 10.20.20.1 a server/workstation on the 10.20.20.x network ?
Jon
04-10-2008 01:04 PM
I removed the ip route line but still can't ping the other network. (10.20.20.1). 10.20.20.1 is a workstation. Actually the whole network is setup with automated forklifts each with it's own computer. That particular 10.10.20.1 is on truck #1 and is the gateway for the network.
04-10-2008 01:07 PM
Tony
Not sure what you mean by the gateway. Do you have the default-gateway on 10.20.20.1 set to the 10.20.20.77 IP address ?
Jon
04-10-2008 01:25 PM
No. I haven't changed that network. I think all workstations are setup like 10.20.20.n subnet: 255.255.255.0 gw:10.20.20.1 Again the 10.20.20.1 is also the IP address of workstation #1. Not sure why it was setup that way, but I didn't want to change any settings. Is the problem that I need to change the gw to point to the router e0 interface?
04-10-2008 01:30 PM
Tony
That would be the problem. I'm not sure why the clients on the 10.20.20.x subnet are pointing to a workstation so i agree until you know what is going on best you don't change anything.
If the workstation (10.20.20.1) is a Windows 2000/2003/XP machine you could try adding a route to it ie. in a dos window
route add 10.10.0.0 mask 255.255.0.0 10.20.20.77
and then retry but you need to be careful of making changes without a full understanding of what is going on.
The 10.20.20.1 workstation - does it only have one NIC and one IP address ?
Jon
04-10-2008 01:38 PM
Jon, I need to verify your questions about the NIC and IP address but it is running Win 2000. I'll also try to get an idea of why it was setup that way. I will have to do that tomorrow and get back on here and let you know. Thanks for all the help, I'm getting closer. You guys are good!
04-11-2008 04:49 AM
Here is more info...
Second Network
NT Server Computer
IP: 10.20.20.254
SN: 255.255.255.0
GW: 10.20.20.1
-------------------------------------
ALL Workstations have WIRELESS NICS
Workstation 1
IP: 10.20.20.1
SN: 255.255.240.0
GW: 10.20.20.254
Worksation 2
IP: 10.20.20.2
SN: 255.255.240.0
GW: 10.20.20.254
Workstation 3
IP: 10.20.20.3
SN: 255.255.240.0
GW: 10.20.20.254
---------------------------------------
Wireless ORINOCO AP
AP1
IP: 10.20.20.21
SB: 255.255.255.0
GW: 10.20.20.1
AP2
IP: 10.20.20.25
SB: 255.255.255.0
GW: 169.245.128.133
-----------------------------------------
Not sure why the GW on the server is the IP address of WS #1. Also
not sure why the GW on AP2 is different. Seems to work ok. Notice that
the Subnet is different on the worksations.
I will try to get in touch with the people that set it up to see if the GW makes any difference.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: