Solved

Problems with beginning Cisco router configuration

Posted on 2010-09-05
22
428 Views
Last Modified: 2012-05-10
I am having a problem getting my first router setup  to work.

I have a 2621 router which has two fast Ethernet ports on it.
Main network is a 192.168.1.0/24 address.
Router port FastEthernet0/1 has an address of 192.168.1.8/24
Router port FastEthernet0/0 has an address of 192.168.2.1/24

The gateway address on the 192.168.1.0 network is 192.168.1.3

From the 0/0 port, I have a cable connecting to a laptop which has a static address of:
IP: 192.168.2.20
Mask: 255.255.255.0
Gateway: 192.168.2.1

From the router console, I can ping 192.168.1.3, 192.168.1.8, and 192.168.2.1
From the computer, I can ping 192.168.2.1 and 192.168.1.8, but ping to 192.168.1.3 fails

The router table looks like this:
Cisco-2621#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.3 to network 0.0.0.0

C    192.168.1.0/24 is directly connected, FastEthernet0/1
C    192.168.2.0/24 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 [1/0] via 192.168.1.3

I tried entering static routes for the 192.168.2.0 network, but they are rejected I figured out that a direct connect route address does not do anything because the router already knows about that network. I added the default route to take all unknown traffic to my gateway address. It seems like the default route entry would make the ping work to 192.168.1.3, but it does not. I really don’t understand what I am doing wrong and could use some help.

Here is the brief configuration of the Ethernet ports:
Cisco-2621#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.2.1     YES NVRAM  up                    up
FastEthernet0/1            192.168.1.8     YES NVRAM  up                    up

Also from the router console, I can ping 192.168.2.20 but a traceroute to the same address fails.

Does anyone see a problem anywhere here? Or, can you point me to more information?
I am working on my CCENT/CCNA certifcation and have read a lot about routing so far.
0
Comment
Question by:dna86
  • 9
  • 8
  • 3
  • +2
22 Comments
 
LVL 24

Expert Comment

by:rfc1180
Comment Utility
I believe you will need to add a route in 192.168.1.3 to tell it where 192.168.2.0/24 can be reached. WHat type of device is 192.168.1.3?

Billy
0
 
LVL 7

Expert Comment

by:GridLock137
Comment Utility
i see you can't ping your gateway are you doing this from a PC?
0
 
LVL 7

Expert Comment

by:GridLock137
Comment Utility
my mistake i see you have a laptop connected to the 2.0 network, but you can't ping 1.3 interface, is this interface a serial interface?
0
 
LVL 15

Expert Comment

by:deepdraw
Comment Utility
you have no routing set up.
you could use rip or eigrp then packets can be routed from one network to another.
The default route is only for sending packets to which the router does not have an entry for, this is normally the interent.
 
Greg
0
 
LVL 7

Expert Comment

by:GridLock137
Comment Utility
also make sure you are running a routing protocol like rip, you can enter the following from global config:

router rip
ver 2

then enter your network statements:

network 192.168.2.0
network 192.168.1.0

also, on the 2.0 network add a route back to the 1.0 network
0
 
LVL 2

Expert Comment

by:rbartczak
Comment Utility
On 192.168.1.3 device set routing to network 192.168.2.0 via 192.168.1.8 router interface.
This device must know where is this network.
0
 

Author Comment

by:dna86
Comment Utility
Thanks for all the suggestions. I have some additional questions after your suggestions

My 192.168.1.3 device is a netgear wireless router.
I thought that by typing IP ROUTING that routing would be enabled. Is that not correct? Do I have to turn on RIP or something else to make it work?

What commands specifically would I need to type in to get the static routes setup to make this work?
0
 
LVL 24

Expert Comment

by:rfc1180
Comment Utility
>thought that by typing IP ROUTING that routing would be enabled. Is that not correct? Do I have to turn on RIP or something else to make it work?

yes, IP routing is enabled based on your output. You do not need to run RIP; however, it is highly recommended that you run a dynamic routing protocol. If you have only one route, then you probably can do with static routing. One netgear, you should have the abliity to add a static route.

Static route:

destination: 192.168.2.0
Next hop: 192.168.1.8

I am not sure if the netgears support RIP, I do know that some of the Linksys gear do, so you might be in luck. In my opioion you do not need RIP or any other dynamic routing protocol if all you have is one network. If you are studying for the CCNA, you might want to do it both ways; static and dynamic.

Good Luck
Billy

Billy
0
 

Author Comment

by:dna86
Comment Utility
I tried enabling RIP and that did not do anything. Here's a smaller question. I can do a ping from the router console to 192.168.2.20 (the laptop PC) and it works. However, a traceroute does not work. Should this work and is this an indication of a problem?
0
 
LVL 24

Expert Comment

by:rfc1180
Comment Utility
>I tried enabling RIP
on what, the Cisco and Netgear?

What is the make and model of the netgear?

>can do a ping from the router console to 192.168.2.20 (the laptop PC) and it works.
sure, it is directly connected, the Netgear does NOT have a route back to 192.168.2.0, so you will need to add a static route on the netgear

>however, a traceroute does not work. Should this work and is this an indication of a problem?
Nope, if you can ping to 192.168.2.20 then you are good to go. Maybe you have iptables/firewall on the host that you are trying to traceroute to (Some Traceroute applications use UDP and not ICMP).
0
 

Author Comment

by:dna86
Comment Utility
The netgear is a Rangemax Wireless N router. The ping/tracert from the router to the PC does not involve the path to the netgear.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 24

Expert Comment

by:rfc1180
Comment Utility
model number?
0
 

Author Comment

by:dna86
Comment Utility
WNDR3700 is the model of the Netgear router.

More info:

I tried simplifying the situation. I now have 1 laptop connected to the 192.168.1.8 port with an address of 192.168.1.20. The other laptop is connected to the 192.168.2.1 port and has an address of 192.168.2.20. From either laptop, I can ping both of the router addresses, however, I can not ping the other laptop. I feel like I am missing something basic here. What is the command that will make the two laptops accessible to each other across the router?
0
 
LVL 24

Expert Comment

by:rfc1180
Comment Utility
please output:

show ip protocols?
show ip route
show ip int bri
Billy
0
 

Author Comment

by:dna86
Comment Utility
Cisco-2621#show ip protocols
Routing Protocol is "rip"
  Sending updates every 30 seconds, next due in 8 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Redistributing: rip
  Default version control: send version 2, receive version 2
    Interface             Send  Recv  Triggered RIP  Key-chain
    FastEthernet0/0       2     2
    FastEthernet0/1       2     2
  Automatic network summarization is in effect
  Maximum path: 4
  Routing for Networks:
    192.168.1.0
    192.168.2.0
  Routing Information Sources:
    Gateway         Distance      Last Update
  Distance: (default is 120)

Cisco-2621#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.1.0/24 is directly connected, FastEthernet0/1
C    192.168.2.0/24 is directly connected, FastEthernet0/0
Cisco-2621#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.2.1     YES NVRAM  up                    up
FastEthernet0/1            192.168.1.8     YES NVRAM  up                    up
0
 
LVL 24

Expert Comment

by:rfc1180
Comment Utility
>I can not ping the other laptop. I feel like I am missing something basic here.

ip routing is enabled, the networks are directly attached, so as long as you are using the correct gateways you should be fine. What about posting the config?

What about the arp table, are you getting arp on the router for the PCs?

Billy
0
 

Author Comment

by:dna86
Comment Utility
PC1:

192.168.1.20
255.255.255.0
gateway: 192.168.1.8

PC2:

192.168.2.20
255.255.255.0
gateway: 192.168.2.1

Cisco-2621#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.1.8             -   00b0.6435.2941  ARPA   FastEthernet0/1
Internet  192.168.2.1             -   00b0.6435.2940  ARPA   FastEthernet0/0
Internet  192.168.1.20            0   0019.b982.0563  ARPA   FastEthernet0/1
Internet  192.168.2.20            0   001e.33c1.26dc  ARPA   FastEthernet0/0
Internet  192.168.1.240           0   Incomplete      ARPA

0
 
LVL 24

Expert Comment

by:rfc1180
Comment Utility
please check for firewalls on the hosts, do you have any ACLs applied?

show ip int fast0/0
show ip int fast0/1

Billy
0
 

Author Comment

by:dna86
Comment Utility
I do not see any ACLs, here is the output

Cisco-2621#show ip int fast 0/0
FastEthernet0/0 is up, line protocol is up
  Internet address is 192.168.2.1/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.9
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Fast switching turbo vector
  IP multicast fast switching is disabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
  BGP Policy Mapping is disabled
Cisco-2621#sh ip int fast 0/1
FastEthernet0/1 is up, line protocol is up
  Internet address is 192.168.1.8/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.9
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Fast switching turbo vector
  IP multicast fast switching is disabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
  BGP Policy Mapping is disabled
0
 
LVL 24

Expert Comment

by:rfc1180
Comment Utility
router appears to be clear of any issues; I would check on the hosts. Do you have Windows firewall enabled on the interfaces?
0
 

Author Comment

by:dna86
Comment Utility
I turned off the firewall on both machines. Now, I can ping from 192.168.2.20 to 192.168.1.20 but not the other way around. Also, I can ping both machines from the router.
0
 
LVL 24

Accepted Solution

by:
rfc1180 earned 125 total points
Comment Utility
>I turned off the firewall on both machines. Now, I can ping from 192.168.2.20 to 192.168.1.20 but not the other way around. Also, I can ping both machines from the router.

if you can ping one way and not the other, the IP routing is work, you still have a filtering issue somewhere.

As far as the original issue, again, you will need to tell the netgear where 192.168.2.0 can be located (either via by RIP or a static route).

At any rate, enable RIP or add a static route on the netgear:

http://kb.netgear.com/app/answers/detail/a_id/12454


Billy
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now