Questions

Troubleshooting Connectivity in Cisco Lab

Tags:
+
0 Votes
Locked

Troubleshooting Connectivity in Cisco Lab

SGS_GTI_JAY
I'm currently building up a small lab but i've come to a roadblock and wanted to reach out and see what i'm missing from someone elses eyes.

Lab Setup
----------

1 - 3550 (EMI) vlans/ospf configured
1 - 2611xm - ospf
1 - 2511 (access server)

Details
-------
3550 (core switch)
vlan 1 (native) - 10.50.1.1/24
vlan 2 - 10.50.2.1/24
vlan 13 - 10.50.13.1/24
vlan 50 - 10.50.50.1/24
vlan 100 - 10.50.100.1/24
Lo0 - 10.50.250.x/32
ip routing enabled
ip classless

Core R1 (2611xm)
--------
have tried 2 different configurations with this.

tried having 1 interface (FA0/0) on same subnet as core switch (10.50.1.2) and fa0/1 (192.168.1.2) on subnet of WAN side (connected to linksys router)
and defining static route 0.0.0.0 0.0.0.0 192.168.1.1

also tried natting on router so inside declared as fa0/0 , outside fa0/1 (overloaded)

i can not seem to reach inet from inside regardless of config anything that connects to core was defined as part of Area 0 in ospf - i can reach different addresses via ping from devices and also from workstations on different vlans .. can not hit the linksys with any success

any ideas ? all i'm trying to do is have inet connectivity over 1 link to the linksys but keep the lab environment seperate from my home network .. i just need the connectivity for updating OS's as i build my environment up.
  • +
    0 Votes
    CG IT

    couple of IOS commands that should provide output that can be used for troubleshooting.

    sh ip route summary

    sh ip protocol [ospf]

    And your consumer level router "linksys" needs to know the routes because if it doesn't know what to do with packets, it will simply drop them which sounds like what's happening. most importantly the consumer level router doesn't do open shortest path first.

    the other thing is your Vlans. They have to be allowed access to the trunk line. So on the trunk line you need a command similar to

    Breakout your Lammle books, again, reading is fundamental.


    router#[config int]Access VLAN X-X

    and why not simply connect your Windows boxes to the linksys for updating ? eh?

    +
    0 Votes
    SGS_GTI_JAY

    here's the gotcha with the whole scenerio .. i'm aware linksys (or consumer) products are limited. tried defining the routes and still no go .. i've had this working in the past using a 2611xm as a (router on a stick) and did my intervlan routing on it but since i have a 3550 that is capable, why use something else when not needed?

    i've tried with just the 3350 with a routed port to the linksys and static route defined on switch poing to linksys (next hop), i've tried with sw port set as a trunk .. i've tried many things but still the traffic is being dropped at the linksys

    rolling the systems from the lab to the linksys is not ideal because of things like DHCP scopes set up for vlan's, AD, DNS and so on .. to much change to GDC's is not a habit i want to begin. better to try and fix the issue at hand and go from there in my mind.

    +
    0 Votes
    CG IT

    that should be the first question. they both do the same thing.

    again, linksys brand consumer routers don't support open shortest path first. The the question is, why are you running it?

    if a router doesn't know what to do with a packet [not on the subnet], it sends it to the default gateway and let it figure out what to do with it, and if the gateway doesn't know what to do with the packet, drops it.

    +
    0 Votes

    re

    SGS_GTI_JAY

    OSPF on 3550 - previous on 2600 no ospf .. also previous everything was on same subnet

    so 192.168.x.x/24

    current
    10.50.x.x/24 on 3550 | 192.168.x.x on linksys

    i've defined area 0 for only 10.x.x.x network
    with a default route pointing to linksys

    +
    0 Votes
    SGS_GTI_JAY

    I'm trying to build a lab hence utilizing some sort of routing protocol to communicate with "different networks"

    I've looked into running something other than a linksys device , i would gladly get rid of it if it wasn't for UPNP which many "consumer" entertainment devices utilize for connecting to web based services (xbox,ps3 and so on) cisco does not support this functionality on enterprise devices as it's not a needed service for the enterprise .. so this is where my dilema lies with getting rid of that device totally.

    +
    0 Votes
    CG IT

    for the linksys and the 3500. might do auto-summary on the 3500.

    Routing tables on the 3500 and Linksys then can be exchanged. might consider making the linksys a neighbor in RIP for the 3500.

    also the 3500 itself needs to know what the default route is for packets it doesn't know what to do with. Default route for Cisco equipment is to send it to the WAN port. WAN ports on Cisco equipment are serial ports.

    +
    0 Votes
    CG IT

    meaning an incoming packet from the internet which is destined for a subnet on the network is known by the linksys router. If the linksys doesn't know what to do with inbound packets, it will drop it.

    +
    0 Votes

    re

    SGS_GTI_JAY

    linksys will only allow for routes on similar subnet

    so with linksys in "Gateway" mode no routing protocols are used (rip,rip2 etc)

    config attempted on linksys
    set linksys to 10.50.1.2 (internal)
    WAN port - DHCP pulls from provider

    static routes added
    10.50.1.0/24
    10.50.2.0/24
    10.50.13.0/24
    10.50.50.0/24
    10.50.100.0/24

    all point to 10.50.1.1 - Vlan1 interface on 3550 as gateway.

    +
    0 Votes
    CG IT

    because the linksys will perform dynamic NAT for all LAN traffic on it's LAN subnet. No need to do anything else. So all LAN traffic on the Linksys going out, gets NAT. Return traffic the Linksys strips the wrapper and reads the packet for the destination. That would be the 3500 interface on the Linksys LAN. The 3500 needs to know hey, that's my packet. or rather I know where that goes.

    The linksys on the perimeter does RIPv2 which will share summarized routing tables with neighbors also running RIPv2

    +
    0 Votes
    CG IT

    the header of the packet leaving the 3500 to the Linksys has what in it? Routing function routes packets but internet requires many to one NAT. coming back in the perimeter router strips the wrapper and reads the destination.

    So how does the linksys and the 3500 know where to send the packet that originated from a host on a subnet behind the 3500?

    +
    0 Votes
    SGS_GTI_JAY

    DISABLED OSPF - Basic config @ current time

    Scenerio : Connect Lab environment to seperate network/internet

    Topology:
    ISP (Cable) - Linksys Gateway(192.168.1.1 Nat by default) - 2611xm (FA0/1 - 192.168.1.2 - Nat Outside - Overloaded) -- (FA0/0 - 10.50.1.2 - Nat Inside) -- 3550 FA0/3 (TRUNK)


    Problem:

    from the 3550(EMI)
    - Pinging by IP to hosts outside of lan are reachable and nat translations appear to be working correctly

    snet-core-s1#ping 72.14.204.147 (google)

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 72.14.204.147, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 32/36/40 ms

    snet-core-r1#sh ip nat translations
    Pro Inside global Inside local Outside local Outside global
    icmp 192.168.1.2:28 10.50.1.1:28 72.14.204.147:28 72.14.204.147:28

    from a Host in VLAN 2
    - Pinging by IP/DNS name to an outside destination does not resolve at all

    - Pinging to 2611xm FA0/0 (Inside) 10.50.1.2 Not Reachable

    - Pinging to 3550 Int VL1 10.50.1.1 is Reachable showing Inter vlan routing is working


    - Traffic does not appear to be reaching router from host in Vlans

    - No routing protocols are set at current time.

    - CEF is enabled

    - Static route on 3550 (0.0.0.0 0.0.0.0 10.50.1.2)

    - static route on 2611xm (0.0.0.0 0.0.0.0 192.168.1.2)

    * I'm not sure if anything needs to be configured to allow DNS to work through NAT *

    My main goal is to have 2 major networks essentially. 10.0.0.0 (Lab- All Cisco Environment) / 192.168.1.0 (Home network - Running off Linksys) and have Inet connectivity to both

    +
    0 Votes
    CG IT

    post the results of sh ip route

    note: on your linksys, you need to add static routes to the subnets behind it. in the static route configuration page, list your static route leaving the last octet of the address as zero. use the router doing NAT behind the linksys as the default gateway for that route and only on the linksys. assign the hop count. If it's 1 hop behind the linksys, then it's 1.

    +
    0 Votes
    SGS_GTI_JAY

    DISABLED OSPF - Basic config @ current time

    Scenerio : Connect Lab environment to seperate network/internet

    Topology:
    ISP (Cable) - Linksys Gateway(192.168.1.1 Nat by default) - 2611xm (FA0/1 - 192.168.1.2 - Nat Outside - Overloaded) -- (FA0/0 - 10.50.1.2 - Nat Inside) -- 3550 FA0/3 (TRUNK)


    Problem:

    from the 3550(EMI)
    - Pinging by IP to hosts outside of lan are reachable and nat translations appear to be working correctly

    snet-core-s1#ping 72.14.204.147 (google)

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 72.14.204.147, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 32/36/40 ms

    snet-core-r1#sh ip nat translations
    Pro Inside global Inside local Outside local Outside global
    icmp 192.168.1.2:28 10.50.1.1:28 72.14.204.147:28 72.14.204.147:28

    from a Host in VLAN 2
    - Pinging by IP/DNS name to an outside destination does not resolve at all

    - Pinging to 2611xm FA0/0 (Inside) 10.50.1.2 Not Reachable

    - Pinging to 3550 Int VL1 10.50.1.1 is Reachable showing Inter vlan routing is working


    - Traffic does not appear to be reaching router from host in Vlans

    - No routing protocols are set at current time.

    - CEF is enabled

    - Static route on 3550 (0.0.0.0 0.0.0.0 10.50.1.2)

    - static route on 2611xm (0.0.0.0 0.0.0.0 192.168.1.2)

    * I'm not sure if anything needs to be configured to allow DNS to work through NAT *

    My main goal is to have 2 major networks essentially. 10.0.0.0 (Lab- All Cisco Environment) / 192.168.1.0 (Home network - Running off Linksys) and have Inet connectivity to both

  • +
    0 Votes
    CG IT

    couple of IOS commands that should provide output that can be used for troubleshooting.

    sh ip route summary

    sh ip protocol [ospf]

    And your consumer level router "linksys" needs to know the routes because if it doesn't know what to do with packets, it will simply drop them which sounds like what's happening. most importantly the consumer level router doesn't do open shortest path first.

    the other thing is your Vlans. They have to be allowed access to the trunk line. So on the trunk line you need a command similar to

    Breakout your Lammle books, again, reading is fundamental.


    router#[config int]Access VLAN X-X

    and why not simply connect your Windows boxes to the linksys for updating ? eh?

    +
    0 Votes
    SGS_GTI_JAY

    here's the gotcha with the whole scenerio .. i'm aware linksys (or consumer) products are limited. tried defining the routes and still no go .. i've had this working in the past using a 2611xm as a (router on a stick) and did my intervlan routing on it but since i have a 3550 that is capable, why use something else when not needed?

    i've tried with just the 3350 with a routed port to the linksys and static route defined on switch poing to linksys (next hop), i've tried with sw port set as a trunk .. i've tried many things but still the traffic is being dropped at the linksys

    rolling the systems from the lab to the linksys is not ideal because of things like DHCP scopes set up for vlan's, AD, DNS and so on .. to much change to GDC's is not a habit i want to begin. better to try and fix the issue at hand and go from there in my mind.

    +
    0 Votes
    CG IT

    that should be the first question. they both do the same thing.

    again, linksys brand consumer routers don't support open shortest path first. The the question is, why are you running it?

    if a router doesn't know what to do with a packet [not on the subnet], it sends it to the default gateway and let it figure out what to do with it, and if the gateway doesn't know what to do with the packet, drops it.

    +
    0 Votes

    re

    SGS_GTI_JAY

    OSPF on 3550 - previous on 2600 no ospf .. also previous everything was on same subnet

    so 192.168.x.x/24

    current
    10.50.x.x/24 on 3550 | 192.168.x.x on linksys

    i've defined area 0 for only 10.x.x.x network
    with a default route pointing to linksys

    +
    0 Votes
    SGS_GTI_JAY

    I'm trying to build a lab hence utilizing some sort of routing protocol to communicate with "different networks"

    I've looked into running something other than a linksys device , i would gladly get rid of it if it wasn't for UPNP which many "consumer" entertainment devices utilize for connecting to web based services (xbox,ps3 and so on) cisco does not support this functionality on enterprise devices as it's not a needed service for the enterprise .. so this is where my dilema lies with getting rid of that device totally.

    +
    0 Votes
    CG IT

    for the linksys and the 3500. might do auto-summary on the 3500.

    Routing tables on the 3500 and Linksys then can be exchanged. might consider making the linksys a neighbor in RIP for the 3500.

    also the 3500 itself needs to know what the default route is for packets it doesn't know what to do with. Default route for Cisco equipment is to send it to the WAN port. WAN ports on Cisco equipment are serial ports.

    +
    0 Votes
    CG IT

    meaning an incoming packet from the internet which is destined for a subnet on the network is known by the linksys router. If the linksys doesn't know what to do with inbound packets, it will drop it.

    +
    0 Votes

    re

    SGS_GTI_JAY

    linksys will only allow for routes on similar subnet

    so with linksys in "Gateway" mode no routing protocols are used (rip,rip2 etc)

    config attempted on linksys
    set linksys to 10.50.1.2 (internal)
    WAN port - DHCP pulls from provider

    static routes added
    10.50.1.0/24
    10.50.2.0/24
    10.50.13.0/24
    10.50.50.0/24
    10.50.100.0/24

    all point to 10.50.1.1 - Vlan1 interface on 3550 as gateway.

    +
    0 Votes
    CG IT

    because the linksys will perform dynamic NAT for all LAN traffic on it's LAN subnet. No need to do anything else. So all LAN traffic on the Linksys going out, gets NAT. Return traffic the Linksys strips the wrapper and reads the packet for the destination. That would be the 3500 interface on the Linksys LAN. The 3500 needs to know hey, that's my packet. or rather I know where that goes.

    The linksys on the perimeter does RIPv2 which will share summarized routing tables with neighbors also running RIPv2

    +
    0 Votes
    CG IT

    the header of the packet leaving the 3500 to the Linksys has what in it? Routing function routes packets but internet requires many to one NAT. coming back in the perimeter router strips the wrapper and reads the destination.

    So how does the linksys and the 3500 know where to send the packet that originated from a host on a subnet behind the 3500?

    +
    0 Votes
    SGS_GTI_JAY

    DISABLED OSPF - Basic config @ current time

    Scenerio : Connect Lab environment to seperate network/internet

    Topology:
    ISP (Cable) - Linksys Gateway(192.168.1.1 Nat by default) - 2611xm (FA0/1 - 192.168.1.2 - Nat Outside - Overloaded) -- (FA0/0 - 10.50.1.2 - Nat Inside) -- 3550 FA0/3 (TRUNK)


    Problem:

    from the 3550(EMI)
    - Pinging by IP to hosts outside of lan are reachable and nat translations appear to be working correctly

    snet-core-s1#ping 72.14.204.147 (google)

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 72.14.204.147, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 32/36/40 ms

    snet-core-r1#sh ip nat translations
    Pro Inside global Inside local Outside local Outside global
    icmp 192.168.1.2:28 10.50.1.1:28 72.14.204.147:28 72.14.204.147:28

    from a Host in VLAN 2
    - Pinging by IP/DNS name to an outside destination does not resolve at all

    - Pinging to 2611xm FA0/0 (Inside) 10.50.1.2 Not Reachable

    - Pinging to 3550 Int VL1 10.50.1.1 is Reachable showing Inter vlan routing is working


    - Traffic does not appear to be reaching router from host in Vlans

    - No routing protocols are set at current time.

    - CEF is enabled

    - Static route on 3550 (0.0.0.0 0.0.0.0 10.50.1.2)

    - static route on 2611xm (0.0.0.0 0.0.0.0 192.168.1.2)

    * I'm not sure if anything needs to be configured to allow DNS to work through NAT *

    My main goal is to have 2 major networks essentially. 10.0.0.0 (Lab- All Cisco Environment) / 192.168.1.0 (Home network - Running off Linksys) and have Inet connectivity to both

    +
    0 Votes
    CG IT

    post the results of sh ip route

    note: on your linksys, you need to add static routes to the subnets behind it. in the static route configuration page, list your static route leaving the last octet of the address as zero. use the router doing NAT behind the linksys as the default gateway for that route and only on the linksys. assign the hop count. If it's 1 hop behind the linksys, then it's 1.

    +
    0 Votes
    SGS_GTI_JAY

    DISABLED OSPF - Basic config @ current time

    Scenerio : Connect Lab environment to seperate network/internet

    Topology:
    ISP (Cable) - Linksys Gateway(192.168.1.1 Nat by default) - 2611xm (FA0/1 - 192.168.1.2 - Nat Outside - Overloaded) -- (FA0/0 - 10.50.1.2 - Nat Inside) -- 3550 FA0/3 (TRUNK)


    Problem:

    from the 3550(EMI)
    - Pinging by IP to hosts outside of lan are reachable and nat translations appear to be working correctly

    snet-core-s1#ping 72.14.204.147 (google)

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 72.14.204.147, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 32/36/40 ms

    snet-core-r1#sh ip nat translations
    Pro Inside global Inside local Outside local Outside global
    icmp 192.168.1.2:28 10.50.1.1:28 72.14.204.147:28 72.14.204.147:28

    from a Host in VLAN 2
    - Pinging by IP/DNS name to an outside destination does not resolve at all

    - Pinging to 2611xm FA0/0 (Inside) 10.50.1.2 Not Reachable

    - Pinging to 3550 Int VL1 10.50.1.1 is Reachable showing Inter vlan routing is working


    - Traffic does not appear to be reaching router from host in Vlans

    - No routing protocols are set at current time.

    - CEF is enabled

    - Static route on 3550 (0.0.0.0 0.0.0.0 10.50.1.2)

    - static route on 2611xm (0.0.0.0 0.0.0.0 192.168.1.2)

    * I'm not sure if anything needs to be configured to allow DNS to work through NAT *

    My main goal is to have 2 major networks essentially. 10.0.0.0 (Lab- All Cisco Environment) / 192.168.1.0 (Home network - Running off Linksys) and have Inet connectivity to both