Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1118
Views
0
Helpful
11
Replies

Unable to ping pc on the same network through cisco 857w router

Andrew Melsom
Level 1
Level 1

‎02-14-2012 01:00 AM - edited ‎07-03-2021 09:34 PM

Hello All

I am missing something and i dont no what but i am trying to ping a pc on the same network but get a destination host is unreachable. Can any one think of anything that could be causing this, i can ping the default gateway and internet address's?

Thanks  

!

interface FastEthernet0

no cdp enable

!

interface FastEthernet1

no cdp enable

!

interface FastEthernet2

no cdp enable

!

interface FastEthernet3

no cdp enable

!

interface Dot11Radio0

no ip address

!

encryption mode ciphers tkip

!

broadcast-key change 3600

!

!

ssid TESTLAB

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel least-congested 2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462

station-role root

no cdp enable

bridge-group 1

bridge-group 1 spanning-disabled

!

interface Vlan1

no ip address

bridge-group 1

!

interface BVI1

ip address 192.168.2.1 255.255.255.0

ip access-group 100 in

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

access-list 100 deny   ip host 255.255.255.255 any

access-list 100 deny   ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

Labels:
0 Helpful
11 Replies 11

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎02-14-2012 04:46 AM

What happens if you remove the access-group 100 from the BVI?

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Andrew Melsom
Level 1
Level 1

‎02-14-2012 05:33 AM

No still nothing I'm afraid

Sent from Cisco Technical Support iPhone App

0 Helpful

daviwatk
Level 3
Level 3

‎02-14-2012 08:47 AM

Are you only connected with wireless "only" or do you have another connection from the device in question?

If this is a windows device, post the following

>ipconfig /all

>route print

>arp -a

What IP address are you trying to reach?

0 Helpful

Andrew Melsom
Level 1
Level 1
In response to daviwatk

‎02-14-2012 11:58 PM

Hi i have tested this config again an realised ICMP does work between the 2 windows devices when the router is not connected to the internet, Strange?

0 Helpful

Andrew Melsom
Level 1
Level 1

‎02-26-2012 04:11 AM

still no answer to this does any one have any ideas.

Thanks

Sent from Cisco Technical Support iPhone App

0 Helpful

Andrew Melsom
Level 1
Level 1
In response to Andrew Melsom

‎03-14-2012 06:01 AM

Hello All

I have manged to get them the two windows pc's to ping eachover by adding a route onto the windows pc's saying

"route add 192.168.2.3 mask 255.255.255.255 192.168.2.1 metric 1" when i removed these from the two pc's it stoped working i can not figure out why i had to manualy add these in, can any one else?

Thanks

0 Helpful

Andrew Melsom
Level 1
Level 1
In response to Andrew Melsom

‎03-14-2012 07:10 AM

Attached are the Root print, Arp -a and ipconfig /all

trying to ping 192.168.2.3

Thanks

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to Andrew Melsom

‎03-14-2012 07:12 AM

is the firewall enabled on the adapter?

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Andrew Melsom
Level 1
Level 1
In response to Stephen Rodriguez

‎03-14-2012 07:27 AM

Hi Steve

No there is no firewall enabled on this device.

Thanks

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to Andrew Melsom

‎03-14-2012 07:59 AM

ok, so if it's not connected to the internet you can ping, but when it is connected you can't.

can you share the full config of the router?  and a show interface from the port connected to the internet.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Andrew Melsom
Level 1
Level 1

‎03-14-2012 08:12 AM

hi steve

i dont know why it worked before but it does not now when i unplug from the internet same result.

!This is the running config of the router: 192.168.2.1

!----------------------------------------------------------------------------

!version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname TECH857

!

boot-start-marker

boot system flash:c850-advsecurityk9-mz.124-15.T13.bin

boot-end-marker

!

logging buffered 51200

logging console critical

enable secret 5 *************************

!

no aaa new-model

clock timezone PCTime 0

clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00

!

!

!

crypto pki trustpoint TP-self-signed-3391553347

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3391553347

revocation-check none

rsakeypair TP-self-signed-3391553347

!

!

crypto pki certificate chain TP-self-signed-3391553347

certificate self-signed 01

3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 33333931 35353333 3437301E 170D3032 30333035 32323332

32385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33393135

35333334 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100D2B8 8F26C5B5 A7F73FCB 4B3E705F 604CD80D 1A4C334E 80C61643 8EBACED1

D294930E C807686D 5FD3D63D D2C3419B 8238F2B0 250E2771 5A2B62CA 787BD35E

805DC238 19BD2215 A892AB74 65737145 2723AF3C 2BC638A1 AACD7632 CEB9D879

44A2915A 8ADEAB6A 1AFF7AEB 50080264 E95BE5B2 06CAE014 6A2B8977 CE37ACBC

C0030203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603

551D1104 17301582 13544543 48383537 2E546F73 68696261 2E636F6D 301F0603

551D2304 18301680 14812F75 788098AC 388970CE 512161F5 1F7C0D84 8B301D06

03551D0E 04160414 812F7578 8098AC38 8970CE51 2161F51F 7C0D848B 300D0609

2A864886 F70D0101 04050003 81810049 3EAF8475 A4435A63 61B52964 AB0008FD

7BEA6D85 02BC344A BFBF26BE CC633FCE AD7E569D 2010D743 0D99A0A4 BF456F80

DC5A4A99 5212F0BC 3CEEA336 DFFE350A 370000C0 91AB38B7 3C5F78D8 B218EB66

052898C1 EE17F71D 27E9C5B0 6D3FC3C1 A85AB751 73D341C5 17B18406 91630336

06BA01DF 7BB2AC9F A73CE409 234ADA

quit

!

dot11 ssid *************

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7 *********************

!

no ip source-route

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.2.1

ip dhcp excluded-address 192.168.2.101 192.168.2.254

!

ip dhcp pool sdm-pool1

import all

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

dns-server 194.72.9.34 194.72.0.114

!

!

ip cef

ip inspect name SDM_LOW cuseeme

ip inspect name SDM_LOW dns

ip inspect name SDM_LOW ftp

ip inspect name SDM_LOW h323

ip inspect name SDM_LOW https

ip inspect name SDM_LOW icmp

ip inspect name SDM_LOW imap

ip inspect name SDM_LOW pop3

ip inspect name SDM_LOW rcmd

ip inspect name SDM_LOW realaudio

ip inspect name SDM_LOW rtsp

ip inspect name SDM_LOW esmtp

ip inspect name SDM_LOW sqlnet

ip inspect name SDM_LOW streamworks

ip inspect name SDM_LOW tftp

ip inspect name SDM_LOW tcp

ip inspect name SDM_LOW udp

ip inspect name SDM_LOW vdolive

no ip bootp server

no ip domain lookup

ip domain name tiu.teda

ip name-server 194.72.9.34

ip name-server 194.72.0.114

!

!

!

username *************** privilege 15 password 7 ************************

archive

log config

hidekeys

!

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

!

bridge irb

!

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

description $ES_WAN$$FW_OUTSIDE$

ip flow ingress

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface FastEthernet0

no cdp enable

!

interface FastEthernet1

no cdp enable

!

interface FastEthernet2

no cdp enable

!

interface FastEthernet3

no cdp enable

!

interface Dot11Radio0

no ip address

!

encryption mode ciphers tkip

!

broadcast-key change 3600

!

!

ssid TESTLAB

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel least-congested 2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462

station-role root

no cdp enable

bridge-group 1

bridge-group 1 spanning-disabled

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$

no ip address

bridge-group 1

!

interface Dialer0

description $FW_OUTSIDE$

ip address negotiated

ip access-group 101 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip inspect SDM_LOW out

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname *********************

ppp chap password 7 *******************************

ppp pap sent-username ***************************** password 7 **********************

!

interface BVI1

description $ES_LAN$$FW_INSIDE$

ip address 192.168.2.1 255.255.255.0

ip access-group 100 in

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

!

logging trap debugging

access-list 1 remark INSIDE_IF=BVI1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.2.0 0.0.0.255

access-list 100 remark auto generated by Cisco SDM Express firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny ip host 255.255.255.255 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by Cisco SDM Express firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 permit udp host 194.72.0.114 eq domain any

access-list 101 permit udp host 194.72.9.34 eq domain any

access-list 101 permit udp any eq bootps any eq bootpc

access-list 101 deny ip 192.168.2.0 0.0.0.255 any

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip host 255.255.255.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 permit ip host 255.255.255.255 any

access-list 101 deny ip host 0.0.0.0 any

access-list 101 deny ip any any

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input ssh

transport output all

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

 

thanks

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card