Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Simple routing question

I know this is quite simple, but the end result continues to elude me..

I have two LAN's, 192.168.0.0 (A) and 192.168.100.0 (B). I need the hosts on (B) to talk the servers on (A).

I have a Cisco 2801 Router. From (A) I can ping the interface configured to subnet (B) but cannot ping the hosts on the other side.

What is the simplest configuration for making A and B talk to each other efficiently? Thanks

16 REPLIES
Cisco Employee

Re: Simple routing question

Make sure you configure the default gateway (router local interface address) on the workstations.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Simple routing question

Yep, have the router interface set as gateway, in addition to my LAN gateway...is this bad?

Cisco Employee

Re: Simple routing question

You should nornally have only one default gateway.

If you just want to test the connectivity between subnet A and B then you could just manually add the routes on the workstations as follow (assuming they are windows WS):

on workstations on subnet A:

route add 192.168.100.0 mask 255.255.255.0 192.168.0.9

on workstations on subnet B:

route add 192.168.0.0 mask 255.255.255.0 192.168.100.1

This should do what you are looking for.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Simple routing question

Ive done this as well, still doesnt work. Perhaps I have something else wrong here...

New Member

Re: Simple routing question

Is it possible to see the configuration that you are using?

New Member

Re: Simple routing question

Yep...Im new to Cisco routers so this is a test environment...

Building configuration...

Current configuration : 1857 bytes

!

version 12.4

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname itfroute01

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$iH4t$INo3qB3/GCKlCHtjPH4JS/

enable password

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip routing

no ip cef

!

!

no ip dhcp use vrf connected

!

!

ip domain name itfnet.com

ip name-server 192.168.0.4

ip name-server 192.168.0.6

!

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 192.168.0.9 255.255.255.0

ip access-group sdm_fastethernet0/0_in in

ip access-group oubound0/0 out

no ip route-cache

speed auto

full-duplex

no mop enabled

!

interface FastEthernet0/1

description $ETH-LAN$

ip address 192.168.100.1 255.255.255.0

ip access-group sdm_fastethernet0/1_in in

ip access-group outbound0/1 out

ip nat inside

no ip route-cache

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 permanent

ip route 192.168.0.0 255.255.255.0 FastEthernet0/0

ip route 192.168.0.0 255.255.255.0 FastEthernet0/1

ip route 192.168.100.0 255.255.255.0 FastEthernet0/0

ip route 192.168.100.0 255.255.255.0 FastEthernet0/1

!

ip http server

ip nat inside source list sdm_fastethernet0/1_in interface FastEthernet0/0 overload

!

ip access-list standard oubound0/0

remark SDM_ACL Category=1

permit 0.0.0.0 255.255.255.0

ip access-list standard outbound0/1

remark SDM_ACL Category=1

permit 0.0.0.0 255.255.255.0

!

ip access-list extended sdm_fastethernet0/0_in

remark SDM_ACL Category=1

permit ip any any

ip access-list extended sdm_fastethernet0/1_in

remark SDM_ACL Category=3

permit ip any any

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password

login

!

end

New Member

Re: Simple routing question

For starters try taking all the following route statements out:

ip route 192.168.0.0 255.255.255.0 FastEthernet0/0

ip route 192.168.0.0 255.255.255.0 FastEthernet0/1

ip route 192.168.100.0 255.255.255.0 FastEthernet0/0

ip route 192.168.100.0 255.255.255.0 FastEthernet0/1

New Member

Re: Simple routing question

I think the next problem is in your outbound0/1 and outbound0/0 access-lists.

I am not sure what you actually want to permit out those interfaces but assuming you want to permit all traffic it needs to be

permit ip any any

if you just want to permit the specific subnet out each interface it would need to be for outbound0/0

permit 192.168.0.0 0.0.0.255

and for outbount0/1

permit 192.168.100.0 0.0.0.255

right now your access-list is only permitting network any.any.any.0 and nothing else.

New Member

Re: Simple routing question

Ok, here is my new config, still cant ping hosts on B...

Building configuration...

Current configuration : 1612 bytes

!

version 12.4

service config

service timestamps debug datetime msec

service timestamps log datetime msec

!

hostname itfroute01

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret xxx

enable password

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip routing

no ip cef

!

!

no ip dhcp use vrf connected

!

!

ip domain name itfnet.com

ip name-server 192.168.0.4

ip name-server 192.168.0.6

!

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 192.168.0.9 255.255.255.0

ip access-group any in

ip access-group any out

no ip route-cache

speed auto

full-duplex

no mop enabled

!

interface FastEthernet0/1

description $ETH-LAN$

ip address 192.168.100.1 255.255.255.0

ip access-group any in

ip access-group any out

ip nat inside

no ip route-cache

duplex auto

speed auto

!

ip classless

!

ip http server

ip nat inside source list sdm_fastethernet0/1_in interface FastEthernet0/0 overload

!

ip access-list standard any

remark SDM_ACL Category=1

permit any

ip access-list standard oubound0/0

remark SDM_ACL Category=1

permit 0.0.0.0 255.255.255.0

ip access-list standard outbound0/1

remark SDM_ACL Category=1

permit 0.0.0.0 255.255.255.0

!

ip access-list extended sdm_fastethernet0/0_in

remark SDM_ACL Category=1

permit ip any any

ip access-list extended sdm_fastethernet0/1_in

remark SDM_ACL Category=2

permit ip any any

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password

login

!

end

New Member

Re: Simple routing question

I know this is simple stuff..

I can ping both router interfaces from both subnets, all routes are in the windows routing tables, but STIll cant ping hosts behind the router. errr

Thanks for all the help, very appreciated

New Member

Re: Simple routing question

can i see what the ACL's look like now

New Member

Re: Simple routing question

Standard IP access list any

10 permit any (4139 matches)

Standard IP access list oubound0/0

10 permit 0.0.0.0, wildcard bits 255.255.255.0

Standard IP access list outbound0/1

10 permit 0.0.0.0, wildcard bits 255.255.255.0

Extended IP access list sdm_fastethernet0/0_in

10 permit ip any any (124287 matches)

Extended IP access list sdm_fastethernet0/1_in

10 permit ip any any

New Member

Re: Simple routing question

Your ACL is preventing this traffic from crossing the interface. The ACL's are affecting this.

Can you try to modify them the way I previously recomended. Or a quicker solution would just be to remove the oubound0/0 and oubound0/1 from the interfaces!!

New Member

Re: Simple routing question

You have a 'no ip routing' statement. Enable routing by doing an 'ip routing'.

HTH

--CS

New Member

Re: Simple routing question

Had to walk away from this yesterday. Came in today, reset to factory and started over. I can still ping each router interface from both subnets, but still cant ping hosts.

Building configuration...

Current configuration : 1335 bytes

!

! Last configuration change at 13:50:42 Chicago Fri Jul 13 2007 by admin

! NVRAM config last updated at 14:07:24 Chicago Fri Jul 13 2007 by admin

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname router

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$T25L$t/hXznZ.mM8nJUWQ7Zy5T1

enable password

!

no aaa new-model

!

resource policy

!

clock timezone Chicago -6

clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

!

no ip dhcp use vrf connected

!

!

ip name-server 192.168.0.6

!

!

!

!

interface FastEthernet0/0

ip address 192.168.0.9 255.255.255.0

ip access-group sdm_fastethernet0/0_in in

speed auto

full-duplex

no mop enabled

!

interface FastEthernet0/1

description $ETH-LAN$

ip address 192.168.100.1 255.255.255.0

ip access-group sdm_fastethernet0/1_in in

duplex auto

speed auto

!

ip classless

!

ip http server

!

ip access-list extended sdm_fastethernet0/0_in

remark SDM_ACL Category=1

permit ip any any

ip access-list extended sdm_fastethernet0/1_in

remark SDM_ACL Category=1

permit ip any any

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password

login

!

end

New Member

Re: Simple routing question

Chad

I took your configuration exatly as it is. put it in a Cisco 2811 and then connected two hosts to the router interfaces.

I tested with a device at 192.168.0.10 and a device ad 192.168.100.2.

From 192.168.0.10 I can ping 192.168.0.9, 192.168.100.1, and 192.168.100.2.

From 192.168.100.2 I can ping 192.168.100.1 192.168.0.9 and 192.168.0.10.

I think you have resolved your issue on your router. If you are still having problems I would verify the gateway's on your two hosts.

Please Rate if helpful!

Thanks,

David

166
Views
0
Helpful
16
Replies
CreatePlease to create content