Isaac A
asked on
Static route problem?
Hi, I would appreciate any help on this issue.
Cisco switch 3750 that is connected to a CenturyLink home modem\wifi-router (192.168.0.1\255.255.255.0
PC1: 192.168.0.4 \ 255.255.255.0 \ 192.168.0.61- connected to cisco. (fa3/0/5) - vlan1 = default
PC2: 172.24.164.200 \ 255.255.255.0 \ 172.24.164.1- connected to cisco. (fa3/0/6) - vlan 172
PC1 can ping PC2 & 8.8.8.8
PC2 can ping to PC1 but not to 8.8.8.8. also, can NOT ping to 192.168.0.1
I would like that PC's from vlan 172 (PC2) will be able to 'talk' with the 192 (PC1) network (its works now) + to be able to ping to 8.8.8.8 as well.
cisco logs attached.
sh-ip-int-br.txt
sh-run.txt
sh-vlan.txt
Cisco switch 3750 that is connected to a CenturyLink home modem\wifi-router (192.168.0.1\255.255.255.0
PC1: 192.168.0.4 \ 255.255.255.0 \ 192.168.0.61- connected to cisco. (fa3/0/5) - vlan1 = default
PC2: 172.24.164.200 \ 255.255.255.0 \ 172.24.164.1- connected to cisco. (fa3/0/6) - vlan 172
PC1 can ping PC2 & 8.8.8.8
PC2 can ping to PC1 but not to 8.8.8.8. also, can NOT ping to 192.168.0.1
I would like that PC's from vlan 172 (PC2) will be able to 'talk' with the 192 (PC1) network (its works now) + to be able to ping to 8.8.8.8 as well.
cisco logs attached.
sh-ip-int-br.txt
sh-run.txt
sh-vlan.txt
ASKER
Hi, thanks for your replay.
as you said, the CenturyLink device is doing the NAT, the new network is NOT. should I natted it as well?
I add a static route on the CenturyLink device, but I still can NOT ping to the 192 network. (from PC2)
ideas?
Traceroute.JPG
static-route.JPG
as you said, the CenturyLink device is doing the NAT, the new network is NOT. should I natted it as well?
I add a static route on the CenturyLink device, but I still can NOT ping to the 192 network. (from PC2)
ideas?
Traceroute.JPG
static-route.JPG
Any traffic sent to internet need to be natted.
Static route looks good, but looks like CenturyLink is also firewall, that can be a problem.
Since you are able to ping 192.168.0.61 from new network (and you are able to ping hosts in 192.168.0.0/24 subnet) and from CenturyLink check firewall configuration on CenturyLink (you can turn it off for testing).
Static route looks good, but looks like CenturyLink is also firewall, that can be a problem.
Since you are able to ping 192.168.0.61 from new network (and you are able to ping hosts in 192.168.0.0/24 subnet) and from CenturyLink check firewall configuration on CenturyLink (you can turn it off for testing).
ASKER
FW is down. same thing.
if the Centuly link is doing the NAT, why the new network 172 needs a NAT as well?
any chance that the the Century link must get the same network (192) to sent a replay?
if the Centuly link is doing the NAT, why the new network 172 needs a NAT as well?
any chance that the the Century link must get the same network (192) to sent a replay?
I expected that 192.168.0.1 is IP address of CenturyLink device. :)
ASKER
that's correct. am I missing here something ? :(
Have no idea what you are missing.
Generally what I would do (depending on CenturyLink device capabilities):
Create 2 VLANs for hosts (192.168.0.0/24 & 172.24.164.0/24) + routed interface (or VLAN) for transit traffic. Default route should point to Century link. CenturyLink should have static route(s) to point to networks configured on switch.
Generally what I would do (depending on CenturyLink device capabilities):
Create 2 VLANs for hosts (192.168.0.0/24 & 172.24.164.0/24) + routed interface (or VLAN) for transit traffic. Default route should point to Century link. CenturyLink should have static route(s) to point to networks configured on switch.
ASKER
thank you. appreciate your help.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
This one is problem:
- you need to add static route on CenturyLink
ip route 172.24.164.0 255.255.255.0 192.168.0.61 <-- I don't know how to do it on CenturyLink
(reason why can NOT ping to 192.168.0.1 - CenturyLink does not know where 172.24.164.0/24 network is located)
This is potential problem:
- CenturyLink device is performing NAT. Is new network 172.24.164.0/24 natted?
Route:
ip route 192.168.0.0 255.255.255.0 192.168.0.1
is not needed - it is directly connected network.