CONTENT BASED ACCESS CONTROL - CBAC ON ROUTERS

ive configured the following and according to my instructions I should be able to from SANJOSE1 router be able to ping both. 172.16.1.2 & 172.17.1.2, but I CANNOT at this point as I havent added any CBAC yet, why?

Building configuration...

Current configuration : 852 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vista
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
ip cef
!
ip audit po max-events 100
!
!
!
interface Serial0/0
 description "FIREWALL"
 ip unnumbered Ethernet1/1
 clockrate 56000
!
interface Serial0/1
 no ip address
!
interface Serial0/2
 no ip address
 shutdown
!
interface Serial0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 description DMZ
 ip address 172.16.1.1 255.255.255.0
 half-duplex
!
interface Ethernet1/1
 description Internal Network
 ip address 172.17.1.1 255.255.255.0
 half-duplex
!
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
---------------------------------------------------------------------------------------

vista#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  172.17.1.1      YES TFTP       up                       up      
Serial0/1                  unassigned     YES TFTP     down                    down    
Serial0/2                  unassigned     YES unset   administratively down down    
Serial0/3                  unassigned     YES unset   administratively down down    
Ethernet1/0             172.16.1.1      YES manual    up                      up      
Ethernet1/1             172.17.1.1     YES manual    up                       up

---------------------------------------------------------------------------------------      
vista#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     172.17.0.0/24 is subnetted, 1 subnets
C       172.17.1.0 is directly connected, Ethernet1/1
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Ethernet1/0
S*   0.0.0.0/0 is directly connected, Serial0/0
vista#
---------------------------------------------------------------------------------

Building configuration...

Current configuration : 611 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sanjose1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
!
interface Serial0
 ip unnumbered Ethernet0
 no fair-queue
!
interface Serial1
 no ip address
 shutdown
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
ip http server
ip classless
ip route 172.16.1.0 255.255.255.0 Serial0
ip route 172.17.1.0 255.255.255.0 Serial0
!
!
line con 0
line aux 0
line vty 0 4
!
end
-----------------------------------------------------------------------------------------
sanjose1#sh ip route int brief
Interface                  IP-Address      OK? Method Status                Protocol
BRI0                       unassigned      YES unset  administratively down down    
BRI0:1                    unassigned      YES unset  administratively down down    
BRI0:2                    unassigned      YES unset  administratively down down    
Ethernet0               192.168.1.1     YES manual up                    down    
Serial0                    192.168.1.1     YES TFTP     up                    up      
Serial1                    unassigned      YES unset  administratively down down
-----------------------------------------------------------------------------------------    
sanjose1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.17.0.0/24 is subnetted, 1 subnets
S       172.17.1.0 is directly connected, Serial0
     172.16.0.0/24 is subnetted, 1 subnets
S       172.16.1.0 is directly connected, Serial0
sanjose1#
mikey250Asked:
Who is Participating?
 
JFrederick29Connect With a Mentor Commented:
Hmm, config looks okay.  This is why I am not a big fan of IP Unnumbered.  IP Unnumbered and CBAC have nothing to do with eachother so you can mark this lab complete by using IP's on the serial interfaces and testing successfully.  This is an IP Unnumbered issue and not a CBAC issue.
0
 
mikey250Author Commented:
Im assuming its because Ive added "IP Unnumbered" hence ping not working from Sanjose1 to HOSTB & HOSTC?
0
 
JFrederick29Commented:
Yeah, are you supposed to be using "ip unnumbered"?  I would put 192.168.1.1 on serial0 on sanjose1 and put 192.168.1.2 on vista's serial interface.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
mikey250Author Commented:
yes I am supposed to be using "IP Unnumbered".  ok I will remove and add relevant ip addresses to both routers to double check.

thanks!
0
 
mikey250Author Commented:
I did add the above for both serial interface connections:  sanjose1 192.168.1.1 & vista 192.168.1.2 and was able to go through the rest of my scenario and everything works fine as below:

- Cannot ping from sanjose1 to HOSTC 172.17.1.2/24 - unsuccessful
- Can ping from HOSTC 172.17.1.2/24 to sanjose1 - successful

- Cannot ping from sanjose1 to HOSTB 172.16.1.2/24 - unsuccessful
- Cannot ping from HOSTB 172.16.1.2/24 to sanjose1 - successful
----------------------------------------------------------------------------------------------
BUT NOW

BEARING IN MIND NOW IVE ADDED ALL OF THE EXPECTED CBAC access-lists etc, Ive now removed serial interface "IP Addresses" at the end of my scenario and replaced as originally stated with "IP Unnumbered".

Building configuration...

Current configuration : 2865 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vista
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
ip cef
!
ip inspect udp idle-time 1800
ip inspect dns-timeout 15
ip inspect name STANDARD ftp
ip inspect name STANDARD http
ip inspect name STANDARD smtp
ip inspect name STANDARD sqlnet
ip inspect name STANDARD tcp
ip inspect name STANDARD tftp
ip inspect name STANDARD udp
ip inspect name STANDARD realaudio
ip audit po max-events 100
!
interface Serial0/0
 description "FIREWALL"
 ip unnumbered Ethernet1/1
 ip access-group 121 in
 ip access-group 122 out
 ip inspect STANDARD in
 clockrate 56000
!
interface Serial0/1
 no ip address
!
interface Serial0/2
 no ip address
 shutdown
!
interface Serial0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 description DMZ
 ip address 172.16.1.1 255.255.255.0
 ip access-group 111 in
 ip access-group 112 out
 half-duplex
!
interface Ethernet1/1
 description Internal Network
 ip address 172.17.1.1 255.255.255.0
 ip access-group 101 in
 ip access-group 102 out
 ip inspect STANDARD in
 half-duplex
!
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!
access-list 101 permit ip 172.17.1.0 0.0.0.255 any
access-list 101 deny   ip any any
access-list 102 permit icmp any any administratively-prohibited
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any packet-too-big
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny   ip any any
access-list 111 permit ip 172.16.1.0 0.0.0.255 any
access-list 111 deny   ip any any
access-list 112 permit udp any host 172.16.1.2 eq domain
access-list 112 permit tcp any host 172.16.1.2 eq domain
access-list 112 permit tcp any host 172.16.1.2 eq ftp
access-list 112 permit tcp any host 172.16.1.2 eq smtp
access-list 112 permit tcp any host 172.16.1.1 eq www
access-list 112 permit tcp 172.17.1.0 0.0.0.255 host 172.16.1.2 eq pop3
access-list 112 permit tcp 172.17.1.0 0.0.0.255 any eq telnet
access-list 112 permit icmp any any administratively-prohibited
access-list 112 permit icmp any any echo-reply
access-list 112 permit icmp any any packet-too-big
access-list 112 permit icmp any any time-exceeded
access-list 112 permit icmp any any unreachable
access-list 112 deny   ip any any
access-list 121 deny   ip 172.17.1.0 0.0.0.255 any
access-list 121 deny   ip 127.0.0.0 0.255.255.255 any
access-list 121 deny   ip 224.0.0.0 31.255.255.255 any
access-list 121 permit ip any any
access-list 122 permit icmp any any echo-reply
access-list 122 permit icmp any any time-exceeded
access-list 122 deny   ip 172.16.1.0 0.0.0.255 any
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end

vista#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     172.17.0.0/24 is subnetted, 1 subnets
C       172.17.1.0 is directly connected, Ethernet1/1
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Ethernet1/0
S*   0.0.0.0/0 is directly connected, Serial0/0
vista#sh ip int breif    i rief
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  172.17.1.1      YES TFTP      up                        up      
Serial0/1                  unassigned      YES NVRAM  down                  down    
Serial0/2                  unassigned      YES NVRAM  administratively down down    
Serial0/3                  unassigned      YES NVRAM  administratively down down    
Ethernet1/0                172.16.1.1      YES NVRAM  up                    up      
Ethernet1/1                172.17.1.1      YES NVRAM  up                    up      
vista#
--------------------------------------------------------------------------------
Building configuration...

Current configuration : 618 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sanjose1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
interface Ethernet0
 ip address 192.168.2.1 255.255.255.0
!
interface Serial0
 ip unnumbered Ethernet0
 no fair-queue
!
interface Serial1
 no ip address
 shutdown
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
ip http server
ip classless
ip route 172.16.1.0 255.255.255.0 Serial0
ip route 172.17.1.0 255.255.255.0 Serial0
!
!
line con 0
line aux 0
line vty 0 4
 login
!
end

sanjose1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.17.0.0/24 is subnetted, 1 subnets
S       172.17.1.0 is directly connected, Serial0
     172.16.0.0/24 is subnetted, 1 subnets
S       172.16.1.0 is directly connected, Serial0
sanjose1#sh ip intb  briee f
Interface                  IP-Address      OK? Method Status                Protocol
BRI0                       unassigned      YES NVRAM  administratively down down    
BRI0:1                     unassigned      YES unset  administratively down down    
BRI0:2                     unassigned      YES unset  administratively down down    
Ethernet0                  192.168.2.1     YES NVRAM  up                    down    
Serial0                    192.168.2.1     YES TFTP       up                    up      
Serial1                    unassigned      YES NVRAM  administratively down down    
sanjose1#

----------------------------------------------------------------------------
But now I cannot specifically ping from those as above were stated

- Cannot ping from sanjose1 to HOSTC 172.17.1.2/24 - unsuccessful - as expected
- Cannot ping from HOSTC 172.17.1.2/24 to sanjose1 - unsuccessful - should be successful

- Cannot ping from sanjose1 to HOSTB 172.16.1.2/24 - unsuccessful - as expected
- Cannot ping from HOSTB 172.16.1.2/24 to sanjose1 - unsuccessful - should be successful

I know my "sh ip route" doesnt show anything although my connections are showing as UP UP.
Why is this?
0
 
JFrederick29Commented:
The problem is ethernet0 on sanjose1 is not up/up:

Ethernet0               192.168.1.1     YES manual up                    down    

Plug a PC or a switch into ethernet0 so that it is up/up and it should work.
0
 
mikey250Author Commented:
whoops!!

sanjose1#sh ip int brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
BRI0                       unassigned      YES NVRAM  administratively down down

BRI0:1                     unassigned      YES unset  administratively down down

BRI0:2                     unassigned      YES unset  administratively down down

Ethernet0                  192.168.2.1     YES NVRAM  up                    up

Serial0                    192.168.2.1     YES TFTP   up                    up

Serial1                    unassigned      YES NVRAM  administratively down down

sanjose1#

The scenario says:  now ping sanjose1 fastethernet0/0 from HostC.  these pings should be successful!

But  when pinging from HOSTC it is still saying destination unreachable!! When it should be successful!
0
 
mikey250Author Commented:
Ok.  I agree.  can you give me an instance for using "IP Unnumbered" other than hiding it in "sh ip route" & "sh ip int brief" for example although it still shows as up?

If they can work together I would like to resolve this issue.  Im just going through a few checks so between now and tomorrow I will let you know and if you have anymore ideas then let me know?

unless both just cant work together?
0
 
JFrederick29Commented:
It should work with IP unnumbered it's just a sub par way of doing things.  Back in the day prior to VLSM and when everything was publicly addressed, IP Unnumbered was a way to conserve IP addresses.  It's really unnecessary nowadays.  Using IP's on each interface is the preferred method.
0
 
mikey250Author Commented:
ok. no probs. let me look at it tomorrow, otherwise  will leave it anyway.
0
 
mikey250Author Commented:
1. why does my vista router show the serial interface as below when it is set now as ip unnumbered?
2. what should the dg of, HostA - 192.168.2.2/24, HostB - 172.16.1.2/24 & HOSTC - 172.17.1.2/24?

vista#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  172.17.1.1      YES TFTP   up                          up

Serial0/1                  unassigned      YES NVRAM  down                 down

Serial0/2                  unassigned      YES NVRAM  administratively down down

Serial0/3                  unassigned      YES NVRAM  administratively down down

Ethernet1/0                172.16.1.1      YES NVRAM  up                    up

Ethernet1/1                172.17.1.1      YES NVRAM  up                    down

vista#
0
 
mikey250Author Commented:
1. on sanjose1 the serial interface as below shows the same ip address as ethernet0 why is this?

2. I cannot ping from HOSTC - 172.17.1.2/24 - When I SHOULD be able to?

sanjose1#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
BRI0                       unassigned      YES NVRAM  administratively down down

BRI0:1                     unassigned      YES unset  administratively down down

BRI0:2                     unassigned      YES unset  administratively down down

Ethernet0                  192.168.2.1     YES NVRAM  up                    up

Serial0                    192.168.2.1     YES TFTP   up                    up

Serial1                    unassigned      YES NVRAM  administratively down down

sanjose1#ping 192.168.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
sanjose1#
0
 
mikey250Author Commented:
1. HOSTB - 172.16.1.2/24 no DG set, but can ping 172.16.1.1 auto BUT CANNOT ping sanjose1 ETHERNET0 interface - 192.168.2.1/24.  Although HOSTB SHOULD be able to?

Note:  I have 2 pcs currently setup for HOSTC - 172.17.1.2/24 & HOSTA - 192.168.2.2/24.  

2. Although as I have 2 nics on my MAIN pc im currently using the spare nic to simulate HOSTA - 192.168.2.2/24.  I presume this is ok?
0
 
JFrederick29Commented:
The serial interfaces have the same IP as the ethernet because you are using IP Unnumbered (this is how it works), it borrows the IP from the ethernet.  This is normal.

HOSTA should have a DG of 192.168.2.1
HOSTB should have a DG of 172.16.1.1
HOSTC should have a DG of 172.17.1.1

The default gateway is needed to reach the hosts outside its own subnet.
0
 
mikey250Author Commented:
Oh yes I remember reading that.  well thats ok, because I did have each HOST set with DG as youve stated and it still did not work.  I will set back and retry to double check I havent muddled something up along the way, because it must be something simple.
0
 
mikey250Author Commented:
Ive set them back!!

I still CANNOT ping from HOSTC - 172.17.1.2/24 DG172.17.1.1 - i SHOULD be able to!!
I still CANNOT ping from HOSTB - 172.16.1.2/24 DG 172.16.1.1 - i SHOULD be able to!!

see configs below:

Building configuration...

Current configuration : 618 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sanjose1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
 ip address 192.168.2.1 255.255.255.0
!
 interface Serial0
 ip unnumbered Ethernet0
 no fair-queue
!
interface Serial1
 no ip address
 shutdown
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
ip http server
ip classless
ip route 172.16.1.0 255.255.255.0 Serial0
ip route 172.17.1.0 255.255.255.0 Serial0
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
end

sanjose1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.17.0.0/24 is subnetted, 1 subnets
S       172.17.1.0 is directly connected, Serial0
     172.16.0.0/24 is subnetted, 1 subnets
S       172.16.1.0 is directly connected, Serial0
C    192.168.2.0/24 is directly connected, Ethernet0
sanjose1#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
BRI0                       unassigned      YES NVRAM  administratively down down    
BRI0:1                     unassigned      YES unset  administratively down down    
BRI0:2                     unassigned      YES unset  administratively down down    
Ethernet0                  192.168.2.1     YES NVRAM  up                    up      
Serial0                    192.168.2.1     YES TFTP   up                    up      
Serial1                    unassigned      YES NVRAM  administratively down down    
sanjose1#
-----------------------------------------
Building configuration...

Current configuration : 2865 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vista
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
ip cef
!
ip inspect udp idle-time 1800
ip inspect dns-timeout 15
ip inspect name STANDARD ftp
ip inspect name STANDARD http
ip inspect name STANDARD smtp
ip inspect name STANDARD sqlnet
ip inspect name STANDARD tcp
ip inspect name STANDARD tftp
ip inspect name STANDARD udp
ip inspect name STANDARD realaudio
ip audit po max-events 100
!
!
!
interface Serial0/0
 description "FIREWALL"
 ip unnumbered Ethernet1/1
 ip access-group 121 in
 ip access-group 122 out
 ip inspect STANDARD in
 clockrate 56000
!
interface Serial0/1
 no ip address
!
interface Serial0/2
 no ip address
 shutdown
!
interface Serial0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 description DMZ
 ip address 172.16.1.1 255.255.255.0
 ip access-group 111 in
 ip access-group 112 out
 half-duplex
!
interface Ethernet1/1
 description Internal Network
 ip address 172.17.1.1 255.255.255.0
 ip access-group 101 in
 ip access-group 102 out
 ip inspect STANDARD in
 half-duplex
!
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!
access-list 101 permit ip 172.17.1.0 0.0.0.255 any
access-list 101 deny   ip any any
access-list 102 permit icmp any any administratively-prohibited
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any packet-too-big
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny   ip any any
access-list 111 permit ip 172.16.1.0 0.0.0.255 any
access-list 111 deny   ip any any
access-list 112 permit udp any host 172.16.1.2 eq domain
access-list 112 permit tcp any host 172.16.1.2 eq domain
access-list 112 permit tcp any host 172.16.1.2 eq ftp
access-list 112 permit tcp any host 172.16.1.2 eq smtp
access-list 112 permit tcp any host 172.16.1.1 eq www
access-list 112 permit tcp 172.17.1.0 0.0.0.255 host 172.16.1.2 eq pop3
access-list 112 permit tcp 172.17.1.0 0.0.0.255 any eq telnet
access-list 112 permit icmp any any administratively-prohibited
access-list 112 permit icmp any any echo-reply
access-list 112 permit icmp any any packet-too-big
access-list 112 permit icmp any any time-exceeded
access-list 112 permit icmp any any unreachable
access-list 112 deny   ip any any
access-list 121 deny   ip 172.17.1.0 0.0.0.255 any
access-list 121 deny   ip 127.0.0.0 0.255.255.255 any
access-list 121 deny   ip 224.0.0.0 31.255.255.255 any
access-list 121 permit ip any any
access-list 122 permit icmp any any echo-reply
access-list 122 permit icmp any any time-exceeded
access-list 122 deny   ip 172.16.1.0 0.0.0.255 any
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end

vista#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     172.17.0.0/24 is subnetted, 1 subnets
C       172.17.1.0 is directly connected, Ethernet1/1
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Ethernet1/0
S*   0.0.0.0/0 is directly connected, Serial0/0
vista#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  172.17.1.1      YES TFTP   up                    up      
Serial0/1                  unassigned      YES NVRAM  down                  down    
Serial0/2                  unassigned      YES NVRAM  administratively down down    
Serial0/3                  unassigned      YES NVRAM  administratively down down    
Ethernet1/0                172.16.1.1      YES NVRAM  up                    up      
Ethernet1/1                172.17.1.1      YES NVRAM  up                    up      
vista#

0
 
JFrederick29Commented:
Honestly, I really wouldn't drive yourself crazy with this.  IP Unnumbered is a legacy way of doing things and isn't worth the effort.  I would simply go with using real IP's on the serial interfaces and proceed that way.
0
 
mikey250Author Commented:
fair enough. win some loose some!! thanks for your help.
0
 
JFrederick29Commented:
If you really want, I can try to gather some equipment and get this working using your configs.  It may take awhile...let me know.  Otherwise, if you are all set with this question, please go ahead and finalize it.  Thanks.
0
 
mikey250Author Commented:
ive even removed the "IP Unnumbered" and although serial interfaces are showing as UP UP and ive double checked IP Addresses for both serial interfaces are correct.  Ive tried for the last time to ping from both HOSTB & HOSTC to sanjose1 router ethernet.

Its either something to do with maybe the IP Addresses im using for the serial interfaces although there is no mismatch. or whether there is some rule I dont know! maybe my IOS version although it has took the command.

oh well I will leave it and gonna remove this config now so I can carryon with something else.

thanks!
0
 
JFrederick29Commented:
You're welcome.  Glad to assist.
0
 
mikey250Author Commented:
the only thing is as ive only had 2 crossover cables instead of 3 to play with, Ive had to be aware to make sure for the 2 tests that should have pinged made sure was plugged into right positions.  i dont think this has any issue but thought I would mention.

ie cable for HOSTC & cable for HOSTA
then switched over
ie cable for HOSTB & cable for HOSTA
0
 
mikey250Author Commented:
ok i will leave my routers as they are and let me know it would just be nice to complete it and now the reasoning behind it although a LEGACY.  i have though in the UK seen in a couple of instances it being used but did not know at the time what it was except wondering why the serial interface was using the ethernet, but now I know why!

how long do you want?
0
 
JFrederick29Commented:
The PC's need to use crossover cables to the ports but it looks like it was okay since your ethernet interfaces were up/up so that doesn't appear to be the issue.
0
 
mikey250Author Commented:
yes all cables are crossover and all show as up up with green lights but for the purposes of my 2 tests to PING from both HOSTB & HOSTC TO HOSTA SHOULD be successful!

so if I pinged from HOSTB to HOSTA, I borrowed cable from HOSTC to plug into HOSTA & vice versa, but ensuring at all times UP UP SHOWED for serial interfaces and relevant ethernet port 0 or 1!
0
 
JFrederick29Commented:
Okay, so it might take awhile to find equipment so you may want to just move on.  The bottomline is that IP Unnumbered is the issue here, not CBAC or your configuration.  I would move...
0
 
mikey250Author Commented:
If you dont MIND then I dont mind I would like to know the answer?
0
 
JFrederick29Commented:
Okay, so I don't have the equipment it turns out.  I need a router with a serial interface for the IP Unnumbered which it turns out I don't have at the moment.
0
 
mikey250Author Commented:
ok.  thanks for trying anyway!!  if you do in future for whatever reason then let me know because Ive also saved the config and can try it at a later date.  But as you say it is LEGACY!!
0
 
JFrederick29Commented:
Okay, will do.
0
 
JFrederick29Commented:
Can you close out this question now?  I'll add to this thread once I can get some equipment.
0
 
mikey250Author Commented:
although it hasnt worked my config appears correct, but as "IP Unnumbered" is LEGACY I will not worry about this although I get the analogy behind it now with the advice also given.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.