cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4334
Views
4
Helpful
8
Replies

Cisco 831 can't ping gateway

picotable
Level 1
Level 1

Hi:  I'm new to this and I'm trying to set up a stub network with a DMZ on a

Cisco 831.  I haven't set up NAT or any access lists yet.  The router can ping

everything in all three segments-- WAN, LAN, DMZ.  A PC in (ether2) can

ping all router interfaces, but cannot ping PC or gateway in the WAN segment.  A PC in WAN

segment can ping gateway and 831 WAN interface, but no inside interfaces.  Can anyone

point out my mistake please?

network diagram.JPG

Cisco831#show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  192.168.40.1            -   0011.20da.ee3f  ARPA   Ethernet0

Internet  192.168.30.1            -   0011.20da.ee3f  ARPA   Ethernet2

Internet  192.168.30.10           2   00a0.cc79.b659  ARPA   Ethernet2

Internet  172.16.2.10             -   0011.20da.ee40  ARPA   Ethernet1

Internet  172.16.2.5              4   001d.60d1.6f2a  ARPA   Ethernet1

Internet  172.16.2.1              0   0018.3a08.ced8  ARPA   Ethernet1

Cisco831#show ip route

Gateway of last resort is 172.16.2.1 to network 0.0.0.0

C    192.168.30.0/24 is directly connected, Ethernet2

C    192.168.40.0/24 is directly connected, Ethernet0

C    172.16.0.0/16 is directly connected, Ethernet1

S*   0.0.0.0/0 [1/0] via 172.16.2.1

Cisco831#show run

Building configuration...

Current configuration : 1455 bytes

!

version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Cisco831

!

boot-start-marker

boot-end-marker

!

memory-size iomem 5

!

username PICOMETER

no aaa new-model

ip subnet-zero

!

no ip domain lookup

ip ids po max-events 100

no ftp-server write-enable

password encryption aes

!

!

interface Ethernet0

description inside LAN segment

ip address 192.168.40.1 255.255.255.0

no cdp enable

!

interface Ethernet1

description internet WAN segment

ip address 172.16.2.10 255.255.0.0

duplex auto

no cdp enable

!

interface Ethernet2

description DMZ LAN segment

ip address 192.168.30.1 255.255.255.0

no cdp enable

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet3

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.2.1

!

ip http server

no ip http secure-server

!

!

no cdp run

!

!

control-plane

!

!

line con 0

exec-timeout 120 0

no modem enable

transport preferred all

transport output all

stopbits 1

line aux 0

transport preferred all

transport output all

line vty 0 4

exec-timeout 120 0

password 7 11031008161606050A

login

transport preferred all

transport input all

transport output all

!

scheduler max-task-time 5000

end

show ip int br

Interface                  IP-Address      OK? Method Status

Protocol

Ethernet0                  192.168.40.1    YES manual up

up

Ethernet1                  172.16.2.10     YES NVRAM  up

up

Ethernet2                  192.168.30.1    YES NVRAM  up

up

FastEthernet1              unassigned      YES unset  up

up

FastEthernet2              unassigned      YES unset  administratively down

down

FastEthernet3              unassigned      YES unset  administratively down

down

FastEthernet4              unassigned      YES unset  up

up

5 Accepted Solutions

Accepted Solutions

paolo bevilacqua
Hall of Fame
Hall of Fame

Check that PCs have valid default routes.

View solution in original post

Jim

The information that you have supplied has been helpful. While it is not quite enough to definitely identify the problem it helps me to make a guess at the problem.

I have looked through the router config and I do not see any issues there that would produce these symptoms. I have looked at the output from route print from the PC and it looks to be ok. I do not believe that the problem is with either the 831 router or this PC.

My guess is that the issue is with the PC in the WAN subnet and with the Gateway for the WAN subnet. My guess is that the PC has its gateway configured to be the WAN gateway and that the WAN gateway does not have a route for the 192.168.30.0 subnet. My guess is that when your PC attempts to ping the PC in the WAN that the ping gets to the WAN PC and that it attempts to respond. But since its gateway is the WAN gateway it forwards its ping response to the WAN gateway. And if the WAN gateway does not have 192.168.30.0 in its route table then it can not forward the ping reponse.

Can you check the WAN PC and confirm that its configured gateway is the WAN gateway? And can you check the WAN gateway and confirm that it does not have a route for 192.168.30.0?

HTH

Rick

HTH

Rick

View solution in original post

Does the gateway router '172.16.2.1' have a route to the 192.168.30.0 network?  If not try adding a route and see what happens.

View solution in original post

Check 172.16.2.1 also.

And disable firewall on all PCs.

View solution in original post

Good to hear and good luck on the DMZ setup. Thanks for the rating also!!

View solution in original post

8 Replies 8

paolo bevilacqua
Hall of Fame
Hall of Fame

Check that PCs have valid default routes.

Still Can't ping 172.16.2.1...


  From  PC  192.168.30.10

Any clues?

Jim

The information that you have supplied has been helpful. While it is not quite enough to definitely identify the problem it helps me to make a guess at the problem.

I have looked through the router config and I do not see any issues there that would produce these symptoms. I have looked at the output from route print from the PC and it looks to be ok. I do not believe that the problem is with either the 831 router or this PC.

My guess is that the issue is with the PC in the WAN subnet and with the Gateway for the WAN subnet. My guess is that the PC has its gateway configured to be the WAN gateway and that the WAN gateway does not have a route for the 192.168.30.0 subnet. My guess is that when your PC attempts to ping the PC in the WAN that the ping gets to the WAN PC and that it attempts to respond. But since its gateway is the WAN gateway it forwards its ping response to the WAN gateway. And if the WAN gateway does not have 192.168.30.0 in its route table then it can not forward the ping reponse.

Can you check the WAN PC and confirm that its configured gateway is the WAN gateway? And can you check the WAN gateway and confirm that it does not have a route for 192.168.30.0?

HTH

Rick

HTH

Rick

Does the gateway router '172.16.2.1' have a route to the 192.168.30.0 network?  If not try adding a route and see what happens.

Check 172.16.2.1 also.

And disable firewall on all PCs.

Success

         

     Thanks to the support community for combining forces. The instincts were good regarding the gateway—Thanks to Richard Burts, Dialer String and p. bevilacqua. 

                Apparently the gateway router, which is a proprietary design/configuration of the ISP (Westell 6100), was somehow incapable of acting in this network scenario.  Actually, I was unable to obtain its routing table, which lead me to the ISP support services.  They informed me of its deficiencies, without going into detail, and recommended configuring the device in bridge mode. I then inserted a run-of-the-mill router at R1 (Linksys BEFSR41) as the gateway router which had the advantage of being something familiar to the support tech, who was able to configure it with their bridge device to the point that I had a hard LAN interface. I then arranged the network as in the diagram below. 

               The rest was inserting the route to the 30.0 network and then strangely, everything started pinging (a great feeling in its own right) including the 40.0 network in ether0.  Apparently there is a sharing of electrical resources between ether2 and ether0 in the 831:

http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xr/dmz_port.pdf

•Because the media-independent interface, which connects the router's LAN interface to the Marvel switch, operates only at 10 Mbps, inter-LAN routing speed between Ethernet 0 and Ethernet 2 interfaces will be limited to a maximum of 10 Mbps.

•Because Ethernet 0 and Ethernet 2 interfaces share the same Tx/Rx rings, buffer pools, and communication controller, the output of some of the commands such as show controller and show buffers may be similar.

•The MAC address for the Ethernet 2 interface will be same as that for the Ethernet 0 interface.

     I inserted a route to the 40.0 network to no apparent detriment.  If anyone has a good reference, I'd like to learn more about the architecture level involving "Tx/Rx rings, buffer pools, and communication controller" etc.

 

Now it's onward and upward to the DMZ configuration.  Thanks again and wish me luck!

R1 routing table

Cisco 831 routing table

Gateway of last resort is 172.16.2.1 to network 0.0.0.0

C    192.168.30.0/24 is directly connected, Ethernet2
C    192.168.40.0/24 is directly connected, Ethernet0
C    172.16.0.0/16 is directly connected, Ethernet1
S*   0.0.0.0/0 [1/0] via 172.16.2.1

Good to hear and good luck on the DMZ setup. Thanks for the rating also!!

picotable
Level 1
Level 1

For   PC_192.168.30.10

Is there something missing or present that causes this?  Metric?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco