Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to Ping

First let me apologize for posting probably such a simple question but i'm new to configuring routers so please be nice :) I have installed a 2nd router on our network (my first router config) from this router I can get out to the rest of the network and Internet no problem however I am not able to access any computer connected to the new router. There are 2 networks configured on the new router 10.20.4.0/10.20.5.0. I can ping the router and connect to it over my network, I can ping 10.20.4.1 and 5.1 but the laptop I connect which, has IP address 10.20.4.2, I am unable to ping.

2 ACCEPTED SOLUTIONS

Accepted Solutions

There are no rip learned

There are no rip learned routes in the routing table. Did you ever have rip routes, or did you just configure it and it not work? If you do a "show ip rip database" on both routers, do you get anything back?

If not, you could always put your static routes on routerA. This is the exact reason why you lost internet access when you removed nat. The only network RouterA knows about is 10.20.0.0/22 which your 10.20.3.0 falls into. When you nat, all of your traffic is going out of routerB as the 10.20.3.253 wan address. Before you can remove nat though, you'll need to get the routing fixed on RouterA.

Try 10.20.4.0 <netmask> with a next hop of 10.20.3.253. Remove nat again and try again...

John

HTH, John *** Please rate all useful posts ***

Glad to hear it! Can you

Glad to hear it! Can you please mark this as resolved?

Thanks!

John

HTH, John *** Please rate all useful posts ***
25 REPLIES

The most common cause of this

The most common cause of this is the firewall on the laptop is enabled. Have you made sure that it's disabled? If it is, you can try to source your ping:

ping 10.20.4.2 source 10.20.4.1

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

Ping using source 10.20.4.1

Ping using source 10.20.4.1 also fails. I've also noticed that i got my windows mixed up when pinging 10.20.4.1. From the router it pings 10.20.4.1 but not 10.20.4.2 and from my computer connected to a different network i can ping the router but not 10.20.4.1

Firewall on laptop is disabled.

Can you post your config?

Can you post your config?

HTH, John *** Please rate all useful posts ***
New Member

Config attached. This is my

Config attached. This is my first attempt at configuring a router and I am currently working towards my CCNA so still learning.

Cisco Employee

Ouch!  You do realize you

Ouch!  You do realize you just pasted your passwords in clear text?  I'd change them immediately.  It's always a good idea to sanitize your config before pasting it online, removing any passwords (either clear text or hash), any crypto keys and any real-world IPs at minimum.  It's also a good idea to run the

service password encryption

command on your routers.

New Member

Thanks for pointing that out.

Thanks for pointing that out. I picked out a few passwords that i'd noticed were still in clear text but missed a couple. doh! changed now

The first thing I see is in

The first thing I see is in your dhcp pool. You're assigning an incorrect gateway to the 10.20.4.0 subnet:

 

ip dhcp pool Train
 import all
 network 10.20.4.0 255.255.255.192
 dns-server 10.20.0.20 10.20.0.21 
 default-router 10.20.3.254 
 lease 8

This should be 10.20.4.1. This won't stop your pings though.

This dhcp pool should be changed as well:

 

ip dhcp pool Demo
 import all
 network 10.20.5.0 255.255.255.192
 dns-server 10.20.0.20 10.20.0.21 
 domain-name autotech.co.uk
 default-router 10.20.3.254 
 lease 8

The default router for it should be 10.20.5.1.

 

You also don't need these two static routes because the router already sees them as Connected:

 

ip route 10.20.4.0 255.255.255.192 GigabitEthernet0/1
ip route 10.20.5.0 255.255.255.192 GigabitEthernet0/0/0

 

I don't see anything that would keep you from pinging. So, let me clarify. You can ping the router from a laptop in the 10.20.4.x range, but you cannot ping the laptop from the router? The only thing that I see that could affect it is your acl on the interface, but that acl allows everything. You could try removing that to see if it helps. Is there anything between this router and the workstation that you're trying to ping?

HTH,

John

 

HTH, John *** Please rate all useful posts ***
New Member

Hi and thanks for the tips. I

Hi and thanks for the tips. I've corrected those things.

Ah! the Kaspersky firewall was blocking the ping's from the router even though i'd set the exclusions to allow it. So i am now able to ping my laptop from the router it's just from my existing network i'm not able to ping the new ranges. But from new network I can ping the old.

 

What is your existing network

What is your existing network? 10.20.3.x?

HTH, John *** Please rate all useful posts ***
New Member

10.20.2.x is my existing

10.20.2.x is my existing network

This router doesn't know

This router doesn't know anything about 10.20.2.x. There aren't any routes or interfaces in that network. Where is that in relation to 10.20.3.x? Can I ask why you're natting on the 10.20.3.x interface?

HTH, John *** Please rate all useful posts ***
New Member

10.20.3.x is the IP range for

10.20.3.x is the IP range for Comms and Printers. So in that range I have switches, Printers, Wireless AP's and my firewall/default gateway.

Devices in existing network have DHCP range of 10.20.1.1-10.20.2.254

The 10.20.3.x interface is the interface that is connected back to my existing network.

Okay. Is there anything

Okay. Is there anything between your router and the workstation that you cannot ping? Are you 100% certain that there isn't a firewall enabled on your laptop and that it's getting the correct information from dhcp? I see no reason otherwise why you wouldn't be able to ping the laptop, especially when you can ping the router from the laptop unless there was a firewall between you and it.

You could try to enable debug to see where the packet is going. If you have a heavy network, create an acl and tie the debug to that:

access-list 101 permit ip any host <laptop address>
access-list 101 permit ip host <laptop address> any

debug ip packet 101 detail

Try to ping the host to see what the router is reporting.


 

HTH, John *** Please rate all useful posts ***
New Member

I don't think I've explained

I have checked and triple checked the firewall on the laptop and it is definitely disabled., the laptop I cannot ping is currently plugged directly in to INT 0/1 on the Router

I don't think I've explained myself very well so for that i appolgise. What i have at the moment is

1. Laptop A connected to existing network via Router A.

2. From Laptop A I can ping Router B on it's 10.20.3.x address but not it's 10.20.4.x address.

3. I can telnet to router B from Laptop A using the 10.20.3.x address.

4. From that telnet session I can ping Laptop B on it's 10.20.4.x (DHCP) address

5. From Laptop B I can ping Laptop A which has a 10.20.2.x address

So I can get "out" from router B I just can't get "in" Does that makes sense?

Please draw a diagram and I

Please draw a diagram and I can help further...

HTH, John *** Please rate all useful posts ***
New Member

Thank you for all the help.

Thank you for all the help. Attached is a very quick basic diagram of the current setup. I am physically sat at Laptop A and Laptop B is in the server room connected directly to FE 0/1 Hope this helps.

Ah okay...I get it now. I

Ah okay...I get it now. I believe your problem is your natting. If everything is in your control, there's no need to nat.

Look at it from this perspective. At this point, the only networks RouterA knows about are its networks which are 10.20.0.0/22 (10.20.0.0 - 10.20.3.255). With nat enabled, your 10.20.4.0 and 10.20.5.0 networks are reaching RouterA as the natted address of 10.20.3.253. When you're trying to ping 10.20.4.x from LaptopA, you can't because that network doesn't exist to RouterA, so it's sending to the default route.

What I would do is remove all natting from the fa0/0 interface on RouterB. Your rip process should be able to route this correctly. Personally, I'd also add "version 2" under the rip process unless you're neighboring with a device that doesn't support version 2. If you're not, you'll be in a better position since version 1 is classful.

In summary:

Remove "ip nat out" from g0/0.

Give it a few minutes for rip to catch up and then try again.

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

Thanks for the help. I have

Thanks for the help. I have removed NAT and changed RIP to version 2. Just waiting now to see if that fixes it.

Make sure that you change the

Make sure that you change the version on both routers. You can see the rip database with "show ip rip database" to see if your routes are there.

HTH, John *** Please rate all useful posts ***
New Member

Thanks for all the help today

Thanks for all the help today. I'm still not able to Ping Router B from Laptop A. I've removed NAT and changed RIP to V2 but my Pings still fail. If everything looks OK on Router B in your opinion I'll take a look at Router A to make sure everything is OK there but I would have thought it would be.

At this point, can you post a

At this point, can you post a "show ip route" from both routers?

HTH, John *** Please rate all useful posts ***
New Member

I removed the Nat from 0/0

I removed the Nat from 0/0 and changed RIP to v2. After that Laptop B was not able to get out to the Internet or internal network. I enable Nat on 0/0 and Internet/network connection comes back. Attached are the 2 show ip routes

There are no rip learned

There are no rip learned routes in the routing table. Did you ever have rip routes, or did you just configure it and it not work? If you do a "show ip rip database" on both routers, do you get anything back?

If not, you could always put your static routes on routerA. This is the exact reason why you lost internet access when you removed nat. The only network RouterA knows about is 10.20.0.0/22 which your 10.20.3.0 falls into. When you nat, all of your traffic is going out of routerB as the 10.20.3.253 wan address. Before you can remove nat though, you'll need to get the routing fixed on RouterA.

Try 10.20.4.0 <netmask> with a next hop of 10.20.3.253. Remove nat again and try again...

John

HTH, John *** Please rate all useful posts ***
New Member

Thank you for your help. all

Thank you for your help. all works fine now :) Router A was at fault doesn't look like it has RIP enabled so added static route, disabled NAT on Router B and all is OK. Thank you again.

Glad to hear it! Can you

Glad to hear it! Can you please mark this as resolved?

Thanks!

John

HTH, John *** Please rate all useful posts ***
292
Views
0
Helpful
25
Replies
CreatePlease login to create content