09-07-2006 04:36 AM - edited 03-03-2019 04:51 AM
Just a quick static routing problem, i'm sure this is so simple and i'm just overlooking something but I cant seem to fix it.
I have a 2811 router with 2x FA and 1x 4 port switch hwic.
ip dhcp pool Telephones
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
option 150 ip 192.168.20.1
dns-server 217.79.111.7 217.79.96.163
interface FastEthernet0/0
description LAN
ip address 192.168.10.10 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
description Internet
ip address 83.100.100.76 255.255.255.248
duplex auto
speed auto
interface Vlan1
description Phone Network
ip address 192.168.20.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 83.100.100.73
Any PC that plugs into the 4 port internal switch will get an IP correctly and I can ping from 192.168.20.x to 192.168.10.x
From the router I can ping 83.100.100.73 and www.google.com fine. But from the 192.168.20.x network I cant ping 83.100.100.73 at all.
"Router#show ip route" gives the following output:
Gateway of last resort is 83.100.100.73 to network 0.0.0.0
C 192.168.10.0/24 is directly connected, FastEthernet0/0
83.0.0.0/29 is subnetted, 1 subnets
C 83.100.100.72 is directly connected, FastEthernet0/1
C 192.168.20.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 [1/0] via 83.100.100.73
Are there some debug commands that will show incoming traffic and the corresponding routing decision made?
Thanks.
Solved! Go to Solution.
09-07-2006 04:48 AM
Hi,
As per your output, in Fastethernet0/0, you are having a public ip,
Is this some sort of connectivity to internet via an ISP.
I couldn't notice any NAT configuration in your setup.
You should configure nat in your router to translate your inside address to public address before leaving your router.
By default when you ping from your router,the outgoing packet will take the exiting interface ip as source ip. Thats why it is working for you from router and not from the lan.
You should configure the following.
interface fastethernet0/0
ip nat inside
interface vlan1
ip nat inside
interface fastethernet0/1
ip nat outside
in the global config create an access list as follows
access-list 10 permit 192.168.20.0 0.0.0.255
access-list 10 permit 192.168.10.0 0.0.0.255
Create a dynamic nat in the global config
ip nat inside source list 10 interface fastethernet0/1 overload
Now traffic from your lan to outside will be natted and it will work.
Hope this helps. Rate the post if you find it usefull.
-VJ
09-07-2006 05:53 AM
Hi,
Glad to know that your issue is resolved.
"debug ip packet "
This will give exhaustive debug outputs on ip level. It is not advisable to turn on this debug on a production router.
However you can attach an aCL to this command so that the debug output is restricted only to the interesting traffic that matches the acl.
For example you can do as follows
access-list 10 permit host 192.168.20.5
debug ip packet 10
Now the debug will only produce outputs only when 192.168.20.5 is involved in the traffic flow.
Generally the show commands available are very exhaustive and we get most of the details from them. Explore them.
Apart from ip level debug using "debug ip packet", there are several other very specific debug commands are available for many features.
Hope this helps.
-VJ
09-07-2006 04:48 AM
Hi,
As per your output, in Fastethernet0/0, you are having a public ip,
Is this some sort of connectivity to internet via an ISP.
I couldn't notice any NAT configuration in your setup.
You should configure nat in your router to translate your inside address to public address before leaving your router.
By default when you ping from your router,the outgoing packet will take the exiting interface ip as source ip. Thats why it is working for you from router and not from the lan.
You should configure the following.
interface fastethernet0/0
ip nat inside
interface vlan1
ip nat inside
interface fastethernet0/1
ip nat outside
in the global config create an access list as follows
access-list 10 permit 192.168.20.0 0.0.0.255
access-list 10 permit 192.168.10.0 0.0.0.255
Create a dynamic nat in the global config
ip nat inside source list 10 interface fastethernet0/1 overload
Now traffic from your lan to outside will be natted and it will work.
Hope this helps. Rate the post if you find it usefull.
-VJ
09-07-2006 05:14 AM
Thanks, that sorted it out. Everything is working fine.
Out of interest are there any debug commands which will let me monitor packets and the routing decisions associated with them?
Thanks once again.
09-07-2006 05:53 AM
Hi,
Glad to know that your issue is resolved.
"debug ip packet "
This will give exhaustive debug outputs on ip level. It is not advisable to turn on this debug on a production router.
However you can attach an aCL to this command so that the debug output is restricted only to the interesting traffic that matches the acl.
For example you can do as follows
access-list 10 permit host 192.168.20.5
debug ip packet 10
Now the debug will only produce outputs only when 192.168.20.5 is involved in the traffic flow.
Generally the show commands available are very exhaustive and we get most of the details from them. Explore them.
Apart from ip level debug using "debug ip packet", there are several other very specific debug commands are available for many features.
Hope this helps.
-VJ
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: