cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
240
Views
5
Helpful
3
Replies

Simple routing problem

d.bigerstaff
Level 1
Level 1

Just a quick static routing problem, i'm sure this is so simple and i'm just overlooking something but I cant seem to fix it.

I have a 2811 router with 2x FA and 1x 4 port switch hwic.

ip dhcp pool Telephones

network 192.168.20.0 255.255.255.0

default-router 192.168.20.1

option 150 ip 192.168.20.1

dns-server 217.79.111.7 217.79.96.163

interface FastEthernet0/0

description LAN

ip address 192.168.10.10 255.255.255.0

duplex auto

speed auto

interface FastEthernet0/1

description Internet

ip address 83.100.100.76 255.255.255.248

duplex auto

speed auto

interface Vlan1

description Phone Network

ip address 192.168.20.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 83.100.100.73

Any PC that plugs into the 4 port internal switch will get an IP correctly and I can ping from 192.168.20.x to 192.168.10.x

From the router I can ping 83.100.100.73 and www.google.com fine. But from the 192.168.20.x network I cant ping 83.100.100.73 at all.

"Router#show ip route" gives the following output:

Gateway of last resort is 83.100.100.73 to network 0.0.0.0

C 192.168.10.0/24 is directly connected, FastEthernet0/0

83.0.0.0/29 is subnetted, 1 subnets

C 83.100.100.72 is directly connected, FastEthernet0/1

C 192.168.20.0/24 is directly connected, Vlan1

S* 0.0.0.0/0 [1/0] via 83.100.100.73

Are there some debug commands that will show incoming traffic and the corresponding routing decision made?

Thanks.

2 Accepted Solutions

Accepted Solutions

vijayasankar
Level 4
Level 4

Hi,

As per your output, in Fastethernet0/0, you are having a public ip,

Is this some sort of connectivity to internet via an ISP.

I couldn't notice any NAT configuration in your setup.

You should configure nat in your router to translate your inside address to public address before leaving your router.

By default when you ping from your router,the outgoing packet will take the exiting interface ip as source ip. Thats why it is working for you from router and not from the lan.

You should configure the following.

interface fastethernet0/0

ip nat inside

interface vlan1

ip nat inside

interface fastethernet0/1

ip nat outside

in the global config create an access list as follows

access-list 10 permit 192.168.20.0 0.0.0.255

access-list 10 permit 192.168.10.0 0.0.0.255

Create a dynamic nat in the global config

ip nat inside source list 10 interface fastethernet0/1 overload

Now traffic from your lan to outside will be natted and it will work.

Hope this helps. Rate the post if you find it usefull.

-VJ

View solution in original post

Hi,

Glad to know that your issue is resolved.

"debug ip packet "

This will give exhaustive debug outputs on ip level. It is not advisable to turn on this debug on a production router.

However you can attach an aCL to this command so that the debug output is restricted only to the interesting traffic that matches the acl.

For example you can do as follows

access-list 10 permit host 192.168.20.5

debug ip packet 10

Now the debug will only produce outputs only when 192.168.20.5 is involved in the traffic flow.

Generally the show commands available are very exhaustive and we get most of the details from them. Explore them.

Apart from ip level debug using "debug ip packet", there are several other very specific debug commands are available for many features.

Hope this helps.

-VJ

View solution in original post

3 Replies 3

vijayasankar
Level 4
Level 4

Hi,

As per your output, in Fastethernet0/0, you are having a public ip,

Is this some sort of connectivity to internet via an ISP.

I couldn't notice any NAT configuration in your setup.

You should configure nat in your router to translate your inside address to public address before leaving your router.

By default when you ping from your router,the outgoing packet will take the exiting interface ip as source ip. Thats why it is working for you from router and not from the lan.

You should configure the following.

interface fastethernet0/0

ip nat inside

interface vlan1

ip nat inside

interface fastethernet0/1

ip nat outside

in the global config create an access list as follows

access-list 10 permit 192.168.20.0 0.0.0.255

access-list 10 permit 192.168.10.0 0.0.0.255

Create a dynamic nat in the global config

ip nat inside source list 10 interface fastethernet0/1 overload

Now traffic from your lan to outside will be natted and it will work.

Hope this helps. Rate the post if you find it usefull.

-VJ

Thanks, that sorted it out. Everything is working fine.

Out of interest are there any debug commands which will let me monitor packets and the routing decisions associated with them?

Thanks once again.

Hi,

Glad to know that your issue is resolved.

"debug ip packet "

This will give exhaustive debug outputs on ip level. It is not advisable to turn on this debug on a production router.

However you can attach an aCL to this command so that the debug output is restricted only to the interesting traffic that matches the acl.

For example you can do as follows

access-list 10 permit host 192.168.20.5

debug ip packet 10

Now the debug will only produce outputs only when 192.168.20.5 is involved in the traffic flow.

Generally the show commands available are very exhaustive and we get most of the details from them. Explore them.

Apart from ip level debug using "debug ip packet", there are several other very specific debug commands are available for many features.

Hope this helps.

-VJ

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: