Solved

EIGRP

Posted on 2009-05-08
16
198 Views
Last Modified: 2012-05-06
Ive added a REFLEXIVE ACCESS-LIST

for the below and it says that once added relevant access-list, i should get the following responses:

VISTA should NOT be able to ping 10.0.0.11, BUT IT CANT STILL, WHY?

HOSTA on Sanjose1 router can ping Lo 172.16.1.1, which IS CORRECT
0
Comment
Question by:mikey250
  • 11
  • 5
16 Comments
 

Author Comment

by:mikey250
ID: 24335947
Building configuration...

Current configuration : 800 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sanjose1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
 ip address 10.0.0.1 255.0.0.0
 ip access-group FILTER-IN in
ip access-group FILTER-OUT out
!
interface Serial0
 ip address 192.168.1.2 255.255.255.0
 no fair-queue
!
interface Serial1
 no ip address
 shutdown
!
router eigrp 100
 network 10.0.0.0
 network 192.168.1.0
 auto-summary
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
ip access-list extended FILTER-IN
 permit ip any any reflect GOODGUYS
ip access-list extended FILTER-OUT
 evaluate GOODGUYS
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login local
!
end

sanjose1#
---------------------------------------------
Building configuration...

Current configuration : 708 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vista
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Loopback0
 ip address 172.16.1.1 255.255.255.0
!
interface Ethernet0
 no ip address
 shutdown
!
interface Serial0
 ip address 192.168.1.1 255.255.255.0
 clock rate 56000
!
interface Serial1
 no ip address
 shutdown
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
router eigrp 100
 network 192.168.1.0
 network 192.168.3.0
 auto-summary
!
ip http server
ip classless
ip route 10.0.0.0 255.0.0.0 192.168.1.2
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
end

vista#
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24336076
My guess would be you pinged from HOSTA to 172.16.1.1 first which then built the reflexive entry for the ICMP return traffic which also in turn allows Vista to ping HOSTA until the entry times out (5 minutes by default).  I would wait 10 minutes or until a "show access-list" no longer shows an entry for the return traffic and then first ping from Vista to HOSTA and see if it doesn't work anymore.
0
 

Author Comment

by:mikey250
ID: 24336133
I will try this and see.  i have also got an outstanding issue with a "LOCK & KEY" ISSUE on a 2 router config.  if you can look at this thread would be appreciated as been given advice but still dont know why.

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24364953.html
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:mikey250
ID: 24336163
i originally pinged in the order as above, so ive pinged from HOSTA first this time and it works.  so i will wait 10 mins and try my original way just to confirm!
0
 

Author Comment

by:mikey250
ID: 24336288
your way works, but ive now done it my original way and GUESS what it still works also!!  although the first time was as I said as per my instructions at the top of this thread it didnt initially work.  not sure if its some time issue thing.  unless ive missed something, but i doubt it i made sure i did my checks to confirm what i was logging onto before i entered any commands.

ive probably missed something!
0
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 500 total points
ID: 24336459
When you say it works, you mean the ping is successful or it has met the training guidelines?

Did you wait five minutes between attempts?

The key here is to do a "show access-list" prior to testing.  There should not be any entries in the FILTER-OUT access-list prior to you testing.  If there is, the ping is going to work both ways.
0
 

Author Comment

by:mikey250
ID: 24336543
yes exactly how youve said.  my initial thread question didnt work!  thats why i prompted the question in this thread.  then you gave me advice then i tried your way and it worked.  so i went back to my original way as per original thread and it also worked this time and still works.  dont know why.  i did make sure sh access-list was empty first of all!

i havent touched it since the last question ove 15 min ago so will try again ensuring sh access-list empty first!
0
 

Author Comment

by:mikey250
ID: 24336555
theres an entry still in sanjose 1 so will wait for that to clear!
0
 

Author Comment

by:mikey250
ID: 24336873
everynow and then the sh access-list dissapears and without me doing something and then doing a sh access-list again it shows:

sanjose1#sh ip access-list
Extended IP access list FILTER-IN
    10 permit ip any any reflect GOODGUYS (145 matches)
Extended IP access list FILTER-OUT
    10 evaluate GOODGUYS
Reflexive IP access list GOODGUYS
     permit udp host 10.255.255.255 eq netbios-ns host 10.0.0.11 eq netbios-ns (
5 matches) (time left 220)
sanjose1#

im assuming that by default it is keeping in contact?
and i need to do it straight after the sh access-list is empty?
0
 

Author Comment

by:mikey250
ID: 24336889
yes works!! CHEERS!
0
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 500 total points
ID: 24336916
im assuming that by default it is keeping in contact?
and i need to do it straight after the sh access-list is empty?

This is Netbios traffic that your PC will constantly send.  I shouldn't have said empty but rather, make sure there are no ICMP entries in the list if you are just dealing with "ping".
0
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 500 total points
ID: 24336920
Glad to hear.  Good luck with your studies!
0
 

Author Comment

by:mikey250
ID: 24336970
THANKS!  how the h......e...l...l im going to remember these, i havent got a clue.  ive got one page left.  but i know im gonna need to go through it at least a few times!!
0
 

Author Comment

by:mikey250
ID: 24336987
i must be loosing it, because im concentrated ive just realised that your helping me with another question.  apologies!!
0
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 500 total points
ID: 24336989
You know what, that is completely normal.  There is sooo much to take in but the key is to keep using it.  If you don't use it, you'll lose it applies here for certain but if you keep using and working with it, it will become easier and easier.
0
 

Author Comment

by:mikey250
ID: 24337019
the book i have though doesnt go deep enough i wish it did so i can relate it to scenarios!

but cheers nice to know!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question