Cisco 831 can't ping gateway

Answered Question
Aug 14th, 2010
User Badges:

Hi:  I'm new to this and I'm trying to set up a stub network with a DMZ on a

Cisco 831.  I haven't set up NAT or any access lists yet.  The router can ping

everything in all three segments-- WAN, LAN, DMZ.  A PC in (ether2) can

ping all router interfaces, but cannot ping PC or gateway in the WAN segment.  A PC in WAN

segment can ping gateway and 831 WAN interface, but no inside interfaces.  Can anyone

point out my mistake please?



network diagram.JPG


Cisco831#show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  192.168.40.1            -   0011.20da.ee3f  ARPA   Ethernet0

Internet  192.168.30.1            -   0011.20da.ee3f  ARPA   Ethernet2

Internet  192.168.30.10           2   00a0.cc79.b659  ARPA   Ethernet2

Internet  172.16.2.10             -   0011.20da.ee40  ARPA   Ethernet1

Internet  172.16.2.5              4   001d.60d1.6f2a  ARPA   Ethernet1

Internet  172.16.2.1              0   0018.3a08.ced8  ARPA   Ethernet1


Cisco831#show ip route


Gateway of last resort is 172.16.2.1 to network 0.0.0.0


C    192.168.30.0/24 is directly connected, Ethernet2

C    192.168.40.0/24 is directly connected, Ethernet0

C    172.16.0.0/16 is directly connected, Ethernet1

S*   0.0.0.0/0 [1/0] via 172.16.2.1


Cisco831#show run

Building configuration...


Current configuration : 1455 bytes

!

version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Cisco831

!

boot-start-marker

boot-end-marker

!

memory-size iomem 5

!

username PICOMETER

no aaa new-model

ip subnet-zero



!

no ip domain lookup

ip ids po max-events 100

no ftp-server write-enable

password encryption aes

!

!

interface Ethernet0

description inside LAN segment

ip address 192.168.40.1 255.255.255.0

no cdp enable

!

interface Ethernet1

description internet WAN segment

ip address 172.16.2.10 255.255.0.0

duplex auto

no cdp enable

!

interface Ethernet2

description DMZ LAN segment

ip address 192.168.30.1 255.255.255.0

no cdp enable

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet3

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.2.1

!

ip http server

no ip http secure-server

!

!

no cdp run

!

!

control-plane

!

!

line con 0

exec-timeout 120 0

no modem enable

transport preferred all

transport output all

stopbits 1

line aux 0

transport preferred all

transport output all

line vty 0 4

exec-timeout 120 0

password 7 11031008161606050A

login

transport preferred all

transport input all

transport output all

!

scheduler max-task-time 5000

end







show ip int br

Interface                  IP-Address      OK? Method Status

Protocol

Ethernet0                  192.168.40.1    YES manual up

up

Ethernet1                  172.16.2.10     YES NVRAM  up

up

Ethernet2                  192.168.30.1    YES NVRAM  up

up

FastEthernet1              unassigned      YES unset  up

up

FastEthernet2              unassigned      YES unset  administratively down

down

FastEthernet3              unassigned      YES unset  administratively down

down

FastEthernet4              unassigned      YES unset  up

up

Correct Answer by DialerString_2 about 6 years 8 months ago

Good to hear and good luck on the DMZ setup. Thanks for the rating also!!

Correct Answer by paolo bevilacqua about 6 years 8 months ago

Check 172.16.2.1 also.


And disable firewall on all PCs.

Correct Answer by DialerString_2 about 6 years 8 months ago

Does the gateway router '172.16.2.1' have a route to the 192.168.30.0 network?  If not try adding a route and see what happens.

Correct Answer by Richard Burts about 6 years 8 months ago

Jim


The information that you have supplied has been helpful. While it is not quite enough to definitely identify the problem it helps me to make a guess at the problem.


I have looked through the router config and I do not see any issues there that would produce these symptoms. I have looked at the output from route print from the PC and it looks to be ok. I do not believe that the problem is with either the 831 router or this PC.


My guess is that the issue is with the PC in the WAN subnet and with the Gateway for the WAN subnet. My guess is that the PC has its gateway configured to be the WAN gateway and that the WAN gateway does not have a route for the 192.168.30.0 subnet. My guess is that when your PC attempts to ping the PC in the WAN that the ping gets to the WAN PC and that it attempts to respond. But since its gateway is the WAN gateway it forwards its ping response to the WAN gateway. And if the WAN gateway does not have 192.168.30.0 in its route table then it can not forward the ping reponse.


Can you check the WAN PC and confirm that its configured gateway is the WAN gateway? And can you check the WAN gateway and confirm that it does not have a route for 192.168.30.0?


HTH


Rick

Correct Answer by paolo bevilacqua about 6 years 8 months ago

Check that PCs have valid default routes.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.9 (6 ratings)
Loading.
Correct Answer
paolo bevilacqua Sat, 08/14/2010 - 10:24
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Check that PCs have valid default routes.

picotable Sat, 08/14/2010 - 11:04
User Badges:

Still Can't ping 172.16.2.1...


  From  PC  192.168.30.10



Any clues?

Correct Answer
Richard Burts Tue, 08/17/2010 - 11:44
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jim


The information that you have supplied has been helpful. While it is not quite enough to definitely identify the problem it helps me to make a guess at the problem.


I have looked through the router config and I do not see any issues there that would produce these symptoms. I have looked at the output from route print from the PC and it looks to be ok. I do not believe that the problem is with either the 831 router or this PC.


My guess is that the issue is with the PC in the WAN subnet and with the Gateway for the WAN subnet. My guess is that the PC has its gateway configured to be the WAN gateway and that the WAN gateway does not have a route for the 192.168.30.0 subnet. My guess is that when your PC attempts to ping the PC in the WAN that the ping gets to the WAN PC and that it attempts to respond. But since its gateway is the WAN gateway it forwards its ping response to the WAN gateway. And if the WAN gateway does not have 192.168.30.0 in its route table then it can not forward the ping reponse.


Can you check the WAN PC and confirm that its configured gateway is the WAN gateway? And can you check the WAN gateway and confirm that it does not have a route for 192.168.30.0?


HTH


Rick

Correct Answer
DialerString_2 Tue, 08/17/2010 - 12:51
User Badges:
  • Bronze, 100 points or more

Does the gateway router '172.16.2.1' have a route to the 192.168.30.0 network?  If not try adding a route and see what happens.

Correct Answer
paolo bevilacqua Tue, 08/17/2010 - 13:04
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Check 172.16.2.1 also.


And disable firewall on all PCs.

picotable Thu, 08/19/2010 - 02:22
User Badges:

Success

         


     Thanks to the support community for combining forces. The instincts were good regarding the gateway—Thanks to Richard Burts, Dialer String and p. bevilacqua. 

                Apparently the gateway router, which is a proprietary design/configuration of the ISP (Westell 6100), was somehow incapable of acting in this network scenario.  Actually, I was unable to obtain its routing table, which lead me to the ISP support services.  They informed me of its deficiencies, without going into detail, and recommended configuring the device in bridge mode. I then inserted a run-of-the-mill router at R1 (Linksys BEFSR41) as the gateway router which had the advantage of being something familiar to the support tech, who was able to configure it with their bridge device to the point that I had a hard LAN interface. I then arranged the network as in the diagram below. 



               The rest was inserting the route to the 30.0 network and then strangely, everything started pinging (a great feeling in its own right) including the 40.0 network in ether0.  Apparently there is a sharing of electrical resources between ether2 and ether0 in the 831:

http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xr/dmz_port.pdf

•Because the media-independent interface, which connects the router's LAN interface to the Marvel switch, operates only at 10 Mbps, inter-LAN routing speed between Ethernet 0 and Ethernet 2 interfaces will be limited to a maximum of 10 Mbps.

•Because Ethernet 0 and Ethernet 2 interfaces share the same Tx/Rx rings, buffer pools, and communication controller, the output of some of the commands such as show controller and show buffers may be similar.

•The MAC address for the Ethernet 2 interface will be same as that for the Ethernet 0 interface.

     I inserted a route to the 40.0 network to no apparent detriment.  If anyone has a good reference, I'd like to learn more about the architecture level involving "Tx/Rx rings, buffer pools, and communication controller" etc.

 

Now it's onward and upward to the DMZ configuration.  Thanks again and wish me luck!



R1 routing table


Cisco 831 routing table


Gateway of last resort is 172.16.2.1 to network 0.0.0.0


C    192.168.30.0/24 is directly connected, Ethernet2
C    192.168.40.0/24 is directly connected, Ethernet0
C    172.16.0.0/16 is directly connected, Ethernet1
S*   0.0.0.0/0 [1/0] via 172.16.2.1

Correct Answer
DialerString_2 Thu, 08/19/2010 - 07:18
User Badges:
  • Bronze, 100 points or more

Good to hear and good luck on the DMZ setup. Thanks for the rating also!!

picotable Sat, 08/14/2010 - 11:57
User Badges:

For   PC_192.168.30.10


Is there something missing or present that causes this?  Metric?

Actions

This Discussion

Related Content