Solved

Cisco 2600 will not route after perfoming password recovery

Posted on 2004-10-09
4
3,649 Views
Last Modified: 2008-01-09
Hi!

I have a 2600 that "forgot" how to route after performing a password recovery per Cisco instructions. It was working before recovery. I really don't know who did the config, but I think that changes were made to running and not copied over to startup config. Both FastEthernet interfaces are connected to the local 10.10.1.0 network. The Serial Interface is connected to a Cisco 7200 Eternet that provides Internet connection to the local network. From the 2600 console I can ping the upstream 7200 @ x.x.x.x; the local network @ 10.10.1.0 and I can ping the interface on the 2600 @ x.x.x.x. Running config follows and THANKS!

PTCLAN#sh int
FastEthernet0/0 is up, line protocol is up
  Hardware is AmdFE, address is 0001.42a6.b860 (bia 0001.42a6.b860)
  Description: DSL Uplink to CETLink.Net
  Internet address is x.x.x.x/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:06, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  30 second input rate 1000 bits/sec, 3 packets/sec
  30 second output rate 0 bits/sec, 0 packets/sec
     5343 packets input, 360107 bytes
     Received 5260 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     245 packets output, 14308 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
Serial0/0 is up, line protocol is up
  Hardware is PQUICC with 56k 4-wire CSU/DSU
  Description: pineville ADS56
  Interface is unnumbered. Using address of FastEthernet0/1 (10.101.1.252)
  MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set
  Keepalive set (10 sec)
  Last input 00:00:06, output 00:00:09, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/1/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     252 packets input, 22838 bytes, 0 no buffer
     Received 189 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     280 packets output, 12912 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     1 carrier transitions
     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

FastEthernet0/1 is up, line protocol is up
  Hardware is AmdFE, address is 0001.42a6.b861 (bia 0001.42a6.b861)
  Description: Internal Lan - Connected to Catalyst 2924XL Port 24
  Internet address is 10.101.1.252/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:02, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 2000 bits/sec, 3 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     7601 packets input, 550198 bytes
     Received 5515 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     1430 packets output, 112232 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
PTCLAN#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line.  End with CNTL/Z.
PTCLAN(config)#^Z
PTCLAN#
*Feb 28 19:29:27.043 EST: %SYS-5-CONFIG_I: Configured from console by console
PTCLAN#sh int
FastEthernet0/0 is up, line protocol is up
  Hardware is AmdFE, address is 0001.42a6.b860 (bia 0001.42a6.b860)
  Description: DSL Uplink to CETLink.Net
  Internet address is x.x.x.x/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:09, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  30 second input rate 5000 bits/sec, 9 packets/sec
  30 second output rate 0 bits/sec, 0 packets/sec
     5779 packets input, 387144 bytes
     Received 5693 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     256 packets output, 14956 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
Serial0/0 is up, line protocol is up
  Hardware is PQUICC with 56k 4-wire CSU/DSU
  Description: pineville ADS56
  Interface is unnumbered. Using address of FastEthernet0/1 (10.101.1.252)
  MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set
  Keepalive set (10 sec)
  Last input 00:00:06, output 00:00:03, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/1/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     262 packets input, 23316 bytes, 0 no buffer
     Received 199 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     292 packets output, 13328 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     1 carrier transitions
     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

FastEthernet0/1 is up, line protocol is up
  Hardware is AmdFE, address is 0001.42a6.b861 (bia 0001.42a6.b861)
  Description: Internal Lan - Connected to Catalyst 2924XL Port 24
  Internet address is 10.101.1.252/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 6000 bits/sec, 9 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     8115 packets input, 583686 bytes
     Received 5959 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     1484 packets output, 115874 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
PTCLAN#sh running-config
Building configuration...

Current configuration:
!
version 12.1
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
!
hostname PTCLAN
!
no logging buffered
enable secret 5 blah
!
username ctc-gary privilege 15 password 7 blah
username ctc-dean privilege 15 password 7 blah
username pineville-tel privilege 15 password 7 blah
username ctc-netmon password 7 blah
username pinevillesc privilege 5 password 7 blah
!
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
ip name-server x.x.x.x
!
ip audit notify log
ip audit po max-events 100
lane client flush
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
crypto isakmp key blah address x.x.x.x
!
!
crypto ipsec transform-set ads-ptc-set esp-des esp-md5-hmac
!
crypto map ads-ptc-map local-address FastEthernet0/0
crypto map ads-ptc-map 1 ipsec-isakmp
 set peer x.x.x.x
 set transform-set ads-ptc-set
 match address 100
!
!
!
!
!
!
!
interface FastEthernet0/0
 description DSL Uplink to CETLink.Net
 ip address x.x.x.x 255.255.255.0
 ip nat outside
 no ip mroute-cache
 load-interval 30
 speed 100
 full-duplex
 no cdp enable
 crypto map ads-ptc-map
!
interface Serial0/0
 description pineville ADS56
 bandwidth 56
 ip unnumbered FastEthernet0/1
 no cdp enable
!
interface FastEthernet0/1
 description Internal Lan - Connected to Catalyst 2924XL Port 24
 ip address 10.101.1.252 255.255.255.0
 ip nat inside
 no ip mroute-cache
 speed 100
 full-duplex
 no cdp enable
!
router rip
 version 2
 passive-interface FastEthernet0/0
 network 10.0.0.0
 no auto-summary
!
ip nat inside source route-map nonat interface FastEthernet0/0 overload
ip classless
ip route 10.166.203.0 255.255.255.0 Serial0/0
ip route x.x.x.x 255.255.255.0 10.101.1.253
no ip http server
!
access-list 1 permit x.x.x.x 0.0.31.255
access-list 1 permit x.x.x.x 0.0.3.255
access-list 1 permit x.x.x.x 0.0.0.255
access-list 3 permit 10.101.1.0 0.0.0.255
access-list 99 permit x.x.x.x
access-list 100 permit ip 10.101.1.0 0.0.0.255 10.166.203.0 0.0.0.255
access-list 111 deny   ip 10.101.1.0 0.0.0.255 10.166.203.0 0.0.0.255
access-list 111 permit ip 10.101.1.0 0.0.0.255 any
no cdp run
route-map nonat permit 10
 match ip address 111
!
route-map uunet permit 10
 match ip address 37
!
snmp-server engineID local 000000090200000142A6B860
snmp-server community blah RO 99
snmp-server community blah RW 99
snmp-server packetsize 2048
snmp-server location contact 800-555-1212
snmp-server contact citizens@example.net
snmp-server host x.x.x.x br549
banner login ^C


THIS IS A PROTECTED DEVICE. ALL LOGIN ATTEMPTS ARE MONITORED.
UNAUTHORIZED ACCESS IS PROHIBITED BY LAW! VIOLATORS WILL BE
PROSECUTED TO THE FULLEST EXTENT OF THE LAW.

^C
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 5 show users
privilege exec level 15 show logging
privilege exec level 5 show
privilege exec level 5 clear line
privilege exec level 5 clear
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
line aux 0
line vty 0 4
 password 7 blah
 login local
!
ntp clock-period 17180099
ntp server x.x.x.x prefer
ntp server x.x.x.x
end

PTCLAN#

PTCLAN#
PTCLAN#sh running-config
Building configuration...

Current configuration:
!
version 12.1
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
!
hostname PTCLAN
!
no logging buffered
enable secret 5 blah
!
username ctc-gary privilege 15 password 7 blah
username ctc-dean privilege 15 password 7 blah
username pineville-tel privilege 15 password 7 blah
username ctc-netmon password 7 blah
username pinevillesc privilege 5 password 7 blah
!
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
ip name-server x.x.x.x
!
ip audit notify log
ip audit po max-events 100
lane client flush
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
crypto isakmp key blah address x.x.x.x
!
!
crypto ipsec transform-set ads-ptc-set esp-des esp-md5-hmac
!
crypto map ads-ptc-map local-address FastEthernet0/0
crypto map ads-ptc-map 1 ipsec-isakmp
 set peer x.x.x.x
 set transform-set ads-ptc-set
 match address 100
!
!
!
!
!
!
!
interface FastEthernet0/0
 description DSL Uplink to CETLink.Net
 ip address x.x.x.x 255.255.255.0
 ip nat outside
 no ip mroute-cache
 load-interval 30
 speed 100
 full-duplex
 no cdp enable
 crypto map ads-ptc-map
!
interface Serial0/0
 description pineville ADS56
 bandwidth 56
 ip unnumbered FastEthernet0/1
 no cdp enable
!
interface FastEthernet0/1
 description Internal Lan - Connected to Catalyst 2924XL Port 24
 ip address 10.101.1.252 255.255.255.0
 ip nat inside
 no ip mroute-cache
 speed 100
 full-duplex
 no cdp enable
!
router rip
 version 2
 passive-interface FastEthernet0/0
 network 10.0.0.0
 no auto-summary
!
ip nat inside source route-map nonat interface FastEthernet0/0 overload
ip classless
ip route 10.166.203.0 255.255.255.0 Serial0/0
ip route x.x.x.x 255.255.255.0 10.101.1.253
no ip http server
!
access-list 1 permit x.x.x.x 0.0.31.255
access-list 1 permit x.x.x.x 0.0.3.255
access-list 1 permit x.x.x.x 0.0.0.255
access-list 3 permit 10.101.1.0 0.0.0.255
access-list 99 permit x.x.x.x
access-list 100 permit ip 10.101.1.0 0.0.0.255 10.166.203.0 0.0.0.255
access-list 111 deny   ip 10.101.1.0 0.0.0.255 10.166.203.0 0.0.0.255
access-list 111 permit ip 10.101.1.0 0.0.0.255 any
no cdp run
route-map nonat permit 10
 match ip address 111
!
route-map uunet permit 10
 match ip address 37
!
snmp-server engineID local 000000090200000142A6B860
snmp-server community blah RO 99
snmp-server community blah RW 99
snmp-server packetsize 2048
snmp-server location contact 800-555-1212
snmp-server contact citizens@example.net
snmp-server host x.x.x.x br549
banner login ^C


THIS IS A PROTECTED DEVICE. ALL LOGIN ATTEMPTS ARE MONITORED.
UNAUTHORIZED ACCESS IS PROHIBITED BY LAW! VIOLATORS WILL BE
PROSECUTED TO THE FULLEST EXTENT OF THE LAW.

^C
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 5 show users
privilege exec level 15 show logging
privilege exec level 5 show
privilege exec level 5 clear line
privilege exec level 5 clear
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
line aux 0
line vty 0 4
 password 7 blah
 login local
!
ntp clock-period 17180099
ntp server x.x.x.x prefer
ntp server x.x.x.x
end

PTCLAN#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

S    a.b.c.d.0/24 [1/0] via 10.101.1.253
     10.0.0.0/24 is subnetted, 2 subnets
S       10.166.203.0 is directly connected, Serial0/0
C       10.101.1.0 is directly connected, FastEthernet0/1
C    w.x.y.z/24 is directly connected, FastEthernet0/0
PTCLAN#sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.101.1.98             1   0090.27a7.3aa3  ARPA   FastEthernet0/1
Internet  10.101.1.97             3   0000.1f31.00d1  ARPA   FastEthernet0/1
Internet  10.101.1.90             5   0006.2504.6e46  ARPA   FastEthernet0/1
Internet  10.101.1.91             5   0050.70a4.57a3  ARPA   FastEthernet0/1
Internet  10.101.1.88             2   00c0.f01f.48aa  ARPA   FastEthernet0/1
Internet  10.101.1.89             0   0080.2912.9e76  ARPA   FastEthernet0/1
Internet  10.101.1.87             1   0090.275a.d0de  ARPA   FastEthernet0/1
Internet  10.101.1.84             3   0004.6146.98ea  ARPA   FastEthernet0/1
Internet  10.101.1.82            13   0030.1bad.5023  ARPA   FastEthernet0/1
Internet  10.101.1.56             2   0060.0842.f0ec  ARPA   FastEthernet0/1
Internet  10.101.1.55             1   0060.081e.ac85  ARPA   FastEthernet0/1
Internet  x.x.x.x           0   00b0.8e09.8400  ARPA   FastEthernet0/0
Internet  10.101.1.5              0   0030.4810.0e62  ARPA   FastEthernet0/1
Internet  x.x.x.x           -   0001.42a6.b860  ARPA   FastEthernet0/0
Internet  10.101.1.252            -   0001.42a6.b861  ARPA   FastEthernet0/1
PTCLAN#sh route
route-map nonat, permit, sequence 10
  Match clauses:
    ip address (access-lists): 111
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map uunet, permit, sequence 10
  Match clauses:
    ip address (access-lists): 37
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
PTCLAN#

[Public IP addresses edited by The--Captain - the solution should be obvious, regardless]
0
Comment
Question by:weads
4 Comments
 
LVL 15

Accepted Solution

by:
Frabble earned 500 total points
ID: 12268624
There's no route for networks other than a couple of static and those directly conncted.

Enter a gateway of last resort through the serial interface to the upsream 7200.
Enter configuration mode and enter:

ip route  0.0.0.0  0.0.0.0  ser0/0  <IP of your upstream>

You should get to other networks now. Don't forget to save.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 12269367
Frabble sounds correct - maybe your upstream used to send you the default route via RIP, but has now ceased since you were down for the time it took to reset the password.

Speaking of passwords, you should probably change all of yours, since all of your info was out there for a while and may be subject to brute-force attacks from unfriendly folk - I obliterated all the authentication info I could find in your original post, but you were opening yourself up to a potential attack - please be more careful posting sensitive info in the future, for you own sake.  I can blot out portions of your IP info as well if you'd like, but next time please save me the trouble.

Cheers,
-Jon
 
0
 
LVL 1

Expert Comment

by:mrchaos101
ID: 12786485
Captain...

I know this should not go here pelase feel free to remove if it is to worng.
I know of any other way to contact you.
I woulf be honord if you would consider assisting me with an issue I have in the networking threads. I wont put link in here to hijack this thread unless you ask for it?
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now