Basic Cisco Routing Issue
Hello, I am new to Cisco routing and I have a very basic configuration set up. I cannot get traffic to pass between my FE0/0 and S0/0 interfaces. From the router itself I can ping across the internet to IP addresses, domains, etc. on the S0/0 interface and I can ping my directly connected host on the FE0/0 interface. But, from that directly connected host I cannot ping past the S0/0 interface, not even to the default g/w address.
My directly connected host is at 70.254.55.2/24
Here is the configuration, please help.
Building configuration...
Current configuration : 863 bytes
!
version 12.2
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Tyler_Backup
!
logging buffered 51200 warnings
!
username xxxxxxxx privilege 15 password xxxxxxxxxxxxxxxxxxx
no ip subnet-zero
!
!
ip name-server 151.164.1.8
!
!
!
!
interface FastEthernet0/0
ip address 70.254.55.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
description Uplink to AT&T (SBC)
no ip address
encapsulation frame-relay IETF
fair-queue
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
ip address 70.246.168.138 255.255.255.252
frame-relay interface-dlci 707
!
ip classless
ip route 0.0.0.0 0.0.0.0 70.246.168.137
no ip http server
!
!
line con 0
login local
line aux 0
line vty 0 4
login local
transport input telnet
transport output telnet
!
end
My directly connected host is at 70.254.55.2/24
Here is the configuration, please help.
Building configuration...
Current configuration : 863 bytes
!
version 12.2
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Tyler_Backup
!
logging buffered 51200 warnings
!
username xxxxxxxx privilege 15 password xxxxxxxxxxxxxxxxxxx
no ip subnet-zero
!
!
ip name-server 151.164.1.8
!
!
!
!
interface FastEthernet0/0
ip address 70.254.55.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
description Uplink to AT&T (SBC)
no ip address
encapsulation frame-relay IETF
fair-queue
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
ip address 70.246.168.138 255.255.255.252
frame-relay interface-dlci 707
!
ip classless
ip route 0.0.0.0 0.0.0.0 70.246.168.137
no ip http server
!
!
line con 0
login local
line aux 0
line vty 0 4
login local
transport input telnet
transport output telnet
!
end
ASKER
I was just using that address temporarily for testing with my laptop connected via a crossover cable.
We have the entire 70.254.55.0/24 range of addresses assigned to us. Also, we are using BGP and our primary router is routing all traffic for this network across the secondary link; i.e. the one that did not fail. As it turns out, our T1 card is bad, that's why the primary link went down.
I connected a backup router (with a T1 card in it) to the circuit that went down and gave it the same IP address (70.254.55.1) on the FE0/0 interface just for testing purposes.
Could it be that the ping requests were being routed back out of AT&T's network to our primary router through the secondary provider instead of coming back to me? If so, then how come I could ping (when consoled in) from the backup router itself to DNS addresses across the internet, just not from my laptop that was directly connected on ethernet to FE0/0?
We have the entire 70.254.55.0/24 range of addresses assigned to us. Also, we are using BGP and our primary router is routing all traffic for this network across the secondary link; i.e. the one that did not fail. As it turns out, our T1 card is bad, that's why the primary link went down.
I connected a backup router (with a T1 card in it) to the circuit that went down and gave it the same IP address (70.254.55.1) on the FE0/0 interface just for testing purposes.
Could it be that the ping requests were being routed back out of AT&T's network to our primary router through the secondary provider instead of coming back to me? If so, then how come I could ping (when consoled in) from the backup router itself to DNS addresses across the internet, just not from my laptop that was directly connected on ethernet to FE0/0?
I think you are correct with your assumption - the return pings will be going back via the primary link.
From the router you are pinging from the serial interface - 70.246.168.138 / 30 which is directly connected to the isp's router on 70.246.168.137 so the return packets are coming back OK. If on the router you told it to ping via the fa interface (Ping X.X.X.X source fa 0/0) your ping should then fail.
To fix this the route for the 70.254.55.0 / 24 network will need to be changed with your isp to travel via 70.246.168.138.
If you are actively participating in routing with your isp (rare but possible - we do) you will just need to set up routing on your backup internet router to talk with the isp's router. However if like most people the route to 70.254.55.0 / 24 is set statically within the isp's network you will need to contact them to have the change made(and unmade once your primary link is fixed). Depending on your relationship with your ISP this could take an hour or a week. Good Luck !
From the router you are pinging from the serial interface - 70.246.168.138 / 30 which is directly connected to the isp's router on 70.246.168.137 so the return packets are coming back OK. If on the router you told it to ping via the fa interface (Ping X.X.X.X source fa 0/0) your ping should then fail.
To fix this the route for the 70.254.55.0 / 24 network will need to be changed with your isp to travel via 70.246.168.138.
If you are actively participating in routing with your isp (rare but possible - we do) you will just need to set up routing on your backup internet router to talk with the isp's router. However if like most people the route to 70.254.55.0 / 24 is set statically within the isp's network you will need to contact them to have the change made(and unmade once your primary link is fixed). Depending on your relationship with your ISP this could take an hour or a week. Good Luck !
ASKER
OK, i think I understand, can you confirm my thoughts...
If I ping directly from the router out the S0/0 interface then AT&T sees this as being sourced from 70.246.168.138 and it knows how to route those ping replies back to it.
But, if I try to ping 70.246.168.137 (or anything else) from my laptop (with IP 70.254.55.2) on a crossover cable connected to FE0/0 (which has 70.254.55.1) then AT&T sees this as being sourced from the 70.254.55.0/24 network and it takes a different route for the reply packets - back out through the secondary provider.
Whew... Is my thinking correct?
If I ping directly from the router out the S0/0 interface then AT&T sees this as being sourced from 70.246.168.138 and it knows how to route those ping replies back to it.
But, if I try to ping 70.246.168.137 (or anything else) from my laptop (with IP 70.254.55.2) on a crossover cable connected to FE0/0 (which has 70.254.55.1) then AT&T sees this as being sourced from the 70.254.55.0/24 network and it takes a different route for the reply packets - back out through the secondary provider.
Whew... Is my thinking correct?
Yep, that's basically right.
The outgoing ping from the laptop would follow your default route out to the ISP router at 70.246.168.137. But the ISP router currently doesn't know how to get back to the 70.254.55.0 network.
If you are plugged in exactly as the failed T1 router was then it is likely that you were actively participating in routing with the isp, so it should be a simple matter to set that up again.
What was the routing setup on the original router with the failed T1 card? Can you post that part of the config?
Cheers
The outgoing ping from the laptop would follow your default route out to the ISP router at 70.246.168.137. But the ISP router currently doesn't know how to get back to the 70.254.55.0 network.
If you are plugged in exactly as the failed T1 router was then it is likely that you were actively participating in routing with the isp, so it should be a simple matter to set that up again.
What was the routing setup on the original router with the failed T1 card? Can you post that part of the config?
Cheers
ASKER
BigBlake, I apologize it has taken me so long to respond. The primary router config is attached. After several tests with the isp, it appears our T1 WIC went bad.
Can you check my thinking on this thought also? I've been doing a lot of reading.
I think the isp (AT&T) DOES know how to route packets to the 70.254.55.0/24 network, but it is just not through them at the moment, it's through the 2nd isp. I say this b/c we have BGP routing the 70.254.55.0/24 range down both providers, but right now since the T1 link on the AT&T side is down, then BGP has updated all routes for the 70.254.55.0/24 range to the other isp. So, my ping replies *I think* were being routed back out across the internet to the 2nd isp and therefore never making it back to my laptop. Is that right?
Also, if you look at the BGP config, you will see the AS number for each provider. I have another question on the 'ip as-path access-list' - What does the ^$ do? I see the other line which specifies a specific AS number, but this one does not. I don't understand what this means.
Thank you in advance.
config.txt
Can you check my thinking on this thought also? I've been doing a lot of reading.
I think the isp (AT&T) DOES know how to route packets to the 70.254.55.0/24 network, but it is just not through them at the moment, it's through the 2nd isp. I say this b/c we have BGP routing the 70.254.55.0/24 range down both providers, but right now since the T1 link on the AT&T side is down, then BGP has updated all routes for the 70.254.55.0/24 range to the other isp. So, my ping replies *I think* were being routed back out across the internet to the 2nd isp and therefore never making it back to my laptop. Is that right?
Also, if you look at the BGP config, you will see the AS number for each provider. I have another question on the 'ip as-path access-list' - What does the ^$ do? I see the other line which specifies a specific AS number, but this one does not. I don't understand what this means.
Thank you in advance.
config.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks BigBlake, I really appreciate the assistance (and the education). I'm not sure which way I will go yet but this gives me well defined options.
Thanks again!
Thanks again!
Unless you have been assigned this IP address by your isp they will be routing the return packets elsewhere to the customer they have assigned the address too.