Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

i am routing i.d.o.t. please help

Ok, all traffic need to go from vlan1 (192.168.4.0/24) to fe1 (dhcp) execpt any destination of 192.168.1.0/24 on fe0

if 192.168.1.0 destination go to fe0 from vlan1

if anything else need to go to fe1 from vlan1

I can not get anything to go out of fe0

router is 1811 attached is config

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: i am routing i.d.o.t. please help

Wayne

Thanks for the information and for running the test that I suggested. Especially since the router can ping devices connected on FastEther0 with a standard ping it establishes that there is connectivity and that IP addressing is ok. When the router can not ping the device when it specifies a source address different from FastEther0 then it suggests that the problem is that the device does not have the correct default gateway configured. Since the address on the router interface is 192.168.1.215, that should be the default gateway on the devices connected on FastEther0. If you check I believe that you will find that they are configured with some other default gateway. And if you configure them to use 192.168.1.215 as their default gateway then I believe that VLAN 1 will be able to ping them.

HTH

Rick

10 REPLIES
Hall of Fame Super Silver

Re: i am routing i.d.o.t. please help

Wayne

I have looked at the config that you posted and I believe that I see several issues that you need to correct:

- you specify ip nat inside on interface vlan 1 which I believe is correct. But you specify ip nat outside on interface FastEther0 which I believe is a mistake. Your nat translation will attempt to translate traffic going out FastEth0 using the address of FastEther1. I believe that this is the big problem preventing traffic from going out FastEther0.

- you also have a static route for 192.168.1.0 pointing to FastEther0. You do not need this. I am not sure that it is hurting anything. But you do not need static routes for connected subnets.

- you have a static route for 192.168.0.0 pointing to FastEther1. This may be ok. I expected to find a default route and do not see any. The result is that you will attempt to route for 192.168.0.0 but that is the only destination not on the local router that you will route.

- the access list inbound on FastEther1 will permit bootp/DHCP and a couple of ICMP message but nothing else. So there is very little useful that you can do with FastEther1.

I believe that the biggest problem is the ip nat outside on FastEther0. Remove it or change it to ip nat inside and I believe that you will be able to get traffic to go out that interface.

HTH

Rick

New Member

Re: i am routing i.d.o.t. please help

I have followed your suggestions I think please look over new config

Thanks for you help

Hall of Fame Super Silver

Re: i am routing i.d.o.t. please help

Wayne

You have done much of what I discussed. In particular you have removed the ip nat outside from FastEther0. And you have removed the access-group on FastEther1. And you have changed the static routes. Unfortunately there is a problem with the static default route that you have configured:

ip route 0.0.0.0 0.0.0.0 192.168.0.1

the next hop that you specify (192.168.0.1) is not any where that the router knows how to get to. In the original config that subnet was somewhere out the FastEther1 interface (based on the configured static route). But now the router has nothing to tell it where 192.168.0.1 is. So the default route will not be placed into the routing table (which you should be able to verify by using the shop ip route command).

Your original post focused on a problem of getting packets from devices in VLAN 1 to forward through FastEther0. It looks to me like that problem should be resolved. Does that work now?

HTH

Rick

New Member

Re: i am routing i.d.o.t. please help

I still cannot get out on fe0. Fe1 is internet. With current default route internet works. fe1 is for internet.

username privilege 15 secret 0

Replace and with the username and password you want to

use.

-----------------------------------------------------------------------

flex-ing#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.0.1 to network 0.0.0.0

C 192.168.4.0/24 is directly connected, Vlan1

C 192.168.0.0/24 is directly connected, FastEthernet1

C 192.168.1.0/24 is directly connected, FastEthernet0

S* 0.0.0.0/0 [1/0] via 192.168.0.1

Hall of Fame Super Silver

Re: i am routing i.d.o.t. please help

Wayne

Thanks for posting the output of show ip route. It makes clear that the address negotiated on Fe1 is in the 192.168.1.0 network and therefore the default route does work. It was not clear from the config, but the operational show ip route does make that clear.

So you seem to be saying that there is a problem with access on Fe0. What are you trying to do to access on Fe0? Note that with no ip nat statemet on Fe0 that traffic to and from the interface will not be translated. This means that its access to the Internet or Internet access to it will not work. But I would expect that access from VLAN 1 to Fe0 would work. Are you saying that access from VLAN 1 to Fe0 does not work?

HTH

Rick

New Member

Re: i am routing i.d.o.t. please help

yes, vlan1 can ping fe0, vlan1 cannot ping or access anything past it.

Hall of Fame Super Silver

Re: i am routing i.d.o.t. please help

Wayne

I suggest a test to help determine what and where the problem is. Can you ping from the router to some device connected through FastEth0? If that works it demonstrates a level of connectivity from the router to the device.

Then please do an extended ping from the router. In the extended ping use the same destination address as the previous step. And in extended ping specify the source address as the VLAN 1 interface address.

Knowing whether step 1 works or not and whether step 2 works or not may help us determine what and where the problem is.

HTH

Rick

New Member

Re: i am routing i.d.o.t. please help

pc can ping fe0

vlan1 can ping fe0

outside fe0 can ping fe0

fe0 can ping outside

vlan1 cannot ping outside fe0

pc cannot ping outside fe0

flex-ing#ping

Protocol [ip]:

Target IP address: 192.168.1.216

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: vlan1

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.216, timeout is 2 seconds:

Packet sent with a source address of 192.168.4.1

.....

Success rate is 0 percent (0/5)

flex-ing#

Hall of Fame Super Silver

Re: i am routing i.d.o.t. please help

Wayne

Thanks for the information and for running the test that I suggested. Especially since the router can ping devices connected on FastEther0 with a standard ping it establishes that there is connectivity and that IP addressing is ok. When the router can not ping the device when it specifies a source address different from FastEther0 then it suggests that the problem is that the device does not have the correct default gateway configured. Since the address on the router interface is 192.168.1.215, that should be the default gateway on the devices connected on FastEther0. If you check I believe that you will find that they are configured with some other default gateway. And if you configure them to use 192.168.1.215 as their default gateway then I believe that VLAN 1 will be able to ping them.

HTH

Rick

New Member

Re: i am routing i.d.o.t. please help

That fixed the issue, thank you. now I have a problem the two locations are connected via wireless bridge fe0 is connected to antenna. both locations want seperate internet connections. vlan1 needs access to sql server for mrp app.

140
Views
0
Helpful
10
Replies