Solved

EIGRP

Posted on 2009-05-08
16
191 Views
Last Modified: 2012-05-06
Ive added a REFLEXIVE ACCESS-LIST

for the below and it says that once added relevant access-list, i should get the following responses:

VISTA should NOT be able to ping 10.0.0.11, BUT IT CANT STILL, WHY?

HOSTA on Sanjose1 router can ping Lo 172.16.1.1, which IS CORRECT
0
Comment
Question by:mikey250
  • 11
  • 5
16 Comments
 

Author Comment

by:mikey250
ID: 24335947
Building configuration...

Current configuration : 800 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sanjose1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
 ip address 10.0.0.1 255.0.0.0
 ip access-group FILTER-IN in
ip access-group FILTER-OUT out
!
interface Serial0
 ip address 192.168.1.2 255.255.255.0
 no fair-queue
!
interface Serial1
 no ip address
 shutdown
!
router eigrp 100
 network 10.0.0.0
 network 192.168.1.0
 auto-summary
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
ip access-list extended FILTER-IN
 permit ip any any reflect GOODGUYS
ip access-list extended FILTER-OUT
 evaluate GOODGUYS
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login local
!
end

sanjose1#
---------------------------------------------
Building configuration...

Current configuration : 708 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vista
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Loopback0
 ip address 172.16.1.1 255.255.255.0
!
interface Ethernet0
 no ip address
 shutdown
!
interface Serial0
 ip address 192.168.1.1 255.255.255.0
 clock rate 56000
!
interface Serial1
 no ip address
 shutdown
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
router eigrp 100
 network 192.168.1.0
 network 192.168.3.0
 auto-summary
!
ip http server
ip classless
ip route 10.0.0.0 255.0.0.0 192.168.1.2
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
end

vista#
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24336076
My guess would be you pinged from HOSTA to 172.16.1.1 first which then built the reflexive entry for the ICMP return traffic which also in turn allows Vista to ping HOSTA until the entry times out (5 minutes by default).  I would wait 10 minutes or until a "show access-list" no longer shows an entry for the return traffic and then first ping from Vista to HOSTA and see if it doesn't work anymore.
0
 

Author Comment

by:mikey250
ID: 24336133
I will try this and see.  i have also got an outstanding issue with a "LOCK & KEY" ISSUE on a 2 router config.  if you can look at this thread would be appreciated as been given advice but still dont know why.

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24364953.html
0
 

Author Comment

by:mikey250
ID: 24336163
i originally pinged in the order as above, so ive pinged from HOSTA first this time and it works.  so i will wait 10 mins and try my original way just to confirm!
0
 

Author Comment

by:mikey250
ID: 24336288
your way works, but ive now done it my original way and GUESS what it still works also!!  although the first time was as I said as per my instructions at the top of this thread it didnt initially work.  not sure if its some time issue thing.  unless ive missed something, but i doubt it i made sure i did my checks to confirm what i was logging onto before i entered any commands.

ive probably missed something!
0
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 500 total points
ID: 24336459
When you say it works, you mean the ping is successful or it has met the training guidelines?

Did you wait five minutes between attempts?

The key here is to do a "show access-list" prior to testing.  There should not be any entries in the FILTER-OUT access-list prior to you testing.  If there is, the ping is going to work both ways.
0
 

Author Comment

by:mikey250
ID: 24336543
yes exactly how youve said.  my initial thread question didnt work!  thats why i prompted the question in this thread.  then you gave me advice then i tried your way and it worked.  so i went back to my original way as per original thread and it also worked this time and still works.  dont know why.  i did make sure sh access-list was empty first of all!

i havent touched it since the last question ove 15 min ago so will try again ensuring sh access-list empty first!
0
 

Author Comment

by:mikey250
ID: 24336555
theres an entry still in sanjose 1 so will wait for that to clear!
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:mikey250
ID: 24336873
everynow and then the sh access-list dissapears and without me doing something and then doing a sh access-list again it shows:

sanjose1#sh ip access-list
Extended IP access list FILTER-IN
    10 permit ip any any reflect GOODGUYS (145 matches)
Extended IP access list FILTER-OUT
    10 evaluate GOODGUYS
Reflexive IP access list GOODGUYS
     permit udp host 10.255.255.255 eq netbios-ns host 10.0.0.11 eq netbios-ns (
5 matches) (time left 220)
sanjose1#

im assuming that by default it is keeping in contact?
and i need to do it straight after the sh access-list is empty?
0
 

Author Comment

by:mikey250
ID: 24336889
yes works!! CHEERS!
0
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 500 total points
ID: 24336916
im assuming that by default it is keeping in contact?
and i need to do it straight after the sh access-list is empty?

This is Netbios traffic that your PC will constantly send.  I shouldn't have said empty but rather, make sure there are no ICMP entries in the list if you are just dealing with "ping".
0
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 500 total points
ID: 24336920
Glad to hear.  Good luck with your studies!
0
 

Author Comment

by:mikey250
ID: 24336970
THANKS!  how the h......e...l...l im going to remember these, i havent got a clue.  ive got one page left.  but i know im gonna need to go through it at least a few times!!
0
 

Author Comment

by:mikey250
ID: 24336987
i must be loosing it, because im concentrated ive just realised that your helping me with another question.  apologies!!
0
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 500 total points
ID: 24336989
You know what, that is completely normal.  There is sooo much to take in but the key is to keep using it.  If you don't use it, you'll lose it applies here for certain but if you keep using and working with it, it will become easier and easier.
0
 

Author Comment

by:mikey250
ID: 24337019
the book i have though doesnt go deep enough i wish it did so i can relate it to scenarios!

but cheers nice to know!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now