cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
964
Views
0
Helpful
16
Replies

Simple routing question

itfchadrob
Level 1
Level 1

I know this is quite simple, but the end result continues to elude me..

I have two LAN's, 192.168.0.0 (A) and 192.168.100.0 (B). I need the hosts on (B) to talk the servers on (A).

I have a Cisco 2801 Router. From (A) I can ping the interface configured to subnet (B) but cannot ping the hosts on the other side.

What is the simplest configuration for making A and B talk to each other efficiently? Thanks

16 Replies 16

Harold Ritter
Cisco Employee
Cisco Employee

Make sure you configure the default gateway (router local interface address) on the workstations.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Yep, have the router interface set as gateway, in addition to my LAN gateway...is this bad?

You should nornally have only one default gateway.

If you just want to test the connectivity between subnet A and B then you could just manually add the routes on the workstations as follow (assuming they are windows WS):

on workstations on subnet A:

route add 192.168.100.0 mask 255.255.255.0 192.168.0.9

on workstations on subnet B:

route add 192.168.0.0 mask 255.255.255.0 192.168.100.1

This should do what you are looking for.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Ive done this as well, still doesnt work. Perhaps I have something else wrong here...

dschuckman
Level 1
Level 1

Is it possible to see the configuration that you are using?

Yep...Im new to Cisco routers so this is a test environment...

Building configuration...

Current configuration : 1857 bytes

!

version 12.4

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname itfroute01

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$iH4t$INo3qB3/GCKlCHtjPH4JS/

enable password

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip routing

no ip cef

!

!

no ip dhcp use vrf connected

!

!

ip domain name itfnet.com

ip name-server 192.168.0.4

ip name-server 192.168.0.6

!

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 192.168.0.9 255.255.255.0

ip access-group sdm_fastethernet0/0_in in

ip access-group oubound0/0 out

no ip route-cache

speed auto

full-duplex

no mop enabled

!

interface FastEthernet0/1

description $ETH-LAN$

ip address 192.168.100.1 255.255.255.0

ip access-group sdm_fastethernet0/1_in in

ip access-group outbound0/1 out

ip nat inside

no ip route-cache

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 permanent

ip route 192.168.0.0 255.255.255.0 FastEthernet0/0

ip route 192.168.0.0 255.255.255.0 FastEthernet0/1

ip route 192.168.100.0 255.255.255.0 FastEthernet0/0

ip route 192.168.100.0 255.255.255.0 FastEthernet0/1

!

ip http server

ip nat inside source list sdm_fastethernet0/1_in interface FastEthernet0/0 overload

!

ip access-list standard oubound0/0

remark SDM_ACL Category=1

permit 0.0.0.0 255.255.255.0

ip access-list standard outbound0/1

remark SDM_ACL Category=1

permit 0.0.0.0 255.255.255.0

!

ip access-list extended sdm_fastethernet0/0_in

remark SDM_ACL Category=1

permit ip any any

ip access-list extended sdm_fastethernet0/1_in

remark SDM_ACL Category=3

permit ip any any

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password

login

!

end

For starters try taking all the following route statements out:

ip route 192.168.0.0 255.255.255.0 FastEthernet0/0

ip route 192.168.0.0 255.255.255.0 FastEthernet0/1

ip route 192.168.100.0 255.255.255.0 FastEthernet0/0

ip route 192.168.100.0 255.255.255.0 FastEthernet0/1

I think the next problem is in your outbound0/1 and outbound0/0 access-lists.

I am not sure what you actually want to permit out those interfaces but assuming you want to permit all traffic it needs to be

permit ip any any

if you just want to permit the specific subnet out each interface it would need to be for outbound0/0

permit 192.168.0.0 0.0.0.255

and for outbount0/1

permit 192.168.100.0 0.0.0.255

right now your access-list is only permitting network any.any.any.0 and nothing else.

Ok, here is my new config, still cant ping hosts on B...

Building configuration...

Current configuration : 1612 bytes

!

version 12.4

service config

service timestamps debug datetime msec

service timestamps log datetime msec

!

hostname itfroute01

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret xxx

enable password

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip routing

no ip cef

!

!

no ip dhcp use vrf connected

!

!

ip domain name itfnet.com

ip name-server 192.168.0.4

ip name-server 192.168.0.6

!

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 192.168.0.9 255.255.255.0

ip access-group any in

ip access-group any out

no ip route-cache

speed auto

full-duplex

no mop enabled

!

interface FastEthernet0/1

description $ETH-LAN$

ip address 192.168.100.1 255.255.255.0

ip access-group any in

ip access-group any out

ip nat inside

no ip route-cache

duplex auto

speed auto

!

ip classless

!

ip http server

ip nat inside source list sdm_fastethernet0/1_in interface FastEthernet0/0 overload

!

ip access-list standard any

remark SDM_ACL Category=1

permit any

ip access-list standard oubound0/0

remark SDM_ACL Category=1

permit 0.0.0.0 255.255.255.0

ip access-list standard outbound0/1

remark SDM_ACL Category=1

permit 0.0.0.0 255.255.255.0

!

ip access-list extended sdm_fastethernet0/0_in

remark SDM_ACL Category=1

permit ip any any

ip access-list extended sdm_fastethernet0/1_in

remark SDM_ACL Category=2

permit ip any any

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password

login

!

end

I know this is simple stuff..

I can ping both router interfaces from both subnets, all routes are in the windows routing tables, but STIll cant ping hosts behind the router. errr

Thanks for all the help, very appreciated

can i see what the ACL's look like now

Standard IP access list any

10 permit any (4139 matches)

Standard IP access list oubound0/0

10 permit 0.0.0.0, wildcard bits 255.255.255.0

Standard IP access list outbound0/1

10 permit 0.0.0.0, wildcard bits 255.255.255.0

Extended IP access list sdm_fastethernet0/0_in

10 permit ip any any (124287 matches)

Extended IP access list sdm_fastethernet0/1_in

10 permit ip any any

Your ACL is preventing this traffic from crossing the interface. The ACL's are affecting this.

Can you try to modify them the way I previously recomended. Or a quicker solution would just be to remove the oubound0/0 and oubound0/1 from the interfaces!!

You have a 'no ip routing' statement. Enable routing by doing an 'ip routing'.

HTH

--CS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: