Question

Locked

Cisco Router Configuration

By Dan ·
I am trying to set up a lab environment using a Cisco Router. It could be any of the following, 1720, 1721 or 2621. I have run into the same problem with all three. I have started with a clean router by erasing the NVRAM so there are no extraneous commands floating around.
Router with two Ethernet ports:
192.168.1.1 255.255.255.0
192.168.2.1 255.255.255.0
Two Computers.
192.168.1.2 255.255.255.0 Gateway 192.168.1.1
192.168.2.2 255.255.255.0 Gateway 192.168.2.1
I am trying to ping from one computer to another. The ping never makes it. Ether computer can ping both ports on the router with no problem. Ether gateway can ping the computer connected to it with no problem. I can get the computers to talk if I use NAT. This is not what I want. I just want the router to route packets between the 192.168.1.0 and 192.168.2.0 networks. I must be missing something obvious.

Thanks
Dan

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Answers

Collapse -

tell the router what to do with the ICMP packets.

by CG IT In reply to Cisco Router Configuratio ...

since from your description you didn't tell it what to do with them, it drops the packets.

Collapse -

Have you enabled routing yet

by BizIntelligence In reply to Cisco Router Configuratio ...

to route packets your need to turn the routing on...you can do it by configuring routing protocol RIP2 (for startup). or you can enter Static routes....

Collapse -

Routing

by Mohammad Oweis In reply to Have you enabled routing ...

Yes, you have to enable a routing protocol.
RIP2, EIGRP, OSPF,...
Otherwise packets will not move from one interface to another one.

Collapse -

Try this

by NetMan1958 In reply to Cisco Router Configuratio ...

On the router, enter the following:
term mon
debug ip packet

Then try your ping and post the output from the debug back here.

Collapse -

Debug commands.

by Dan In reply to Try this

I have played with some of the debug commands, but not that one. (There are tons!) I think it will come in very useful. Any other debug you would suggest to become familiar with as ?You may not need it right now but trust me you will!?
Thanks,
Dan

Collapse -

Debugging

by NetMan1958 In reply to Debug commands.

I originally suspected that the windows firewall was the culprit but one thing you said made me hesitate to suggest it. You said that either computer could ping both router interfaces. So if the computer with IP 192.168.1.2 could ping the router interface with IP 192.168.2.1, then the reply would be coming from 192.168.2.1 which is on a different subnet than the computer.

Regarding the debugs, first a standard disclaimer: Be very careful with "debug ip packet" in a production network. It can bring a device to it's knees. If I use it in a live network, I always try to qualify it with an access list. In a test lab you usually don't have enough traffic for it to bog down the device and you can always power-cycle the device if it does.

As for other useful debugs, as you said there are tons of them and which one to use is dependent on what you are trying to trouble-shoot.

Collapse -

Re-Debugging

by Dan In reply to Debugging

"If I use it in a live network, I always try to qualify it with an access list."

Do you mean that you limit access to the debug commands using an ACL? I understand how to do that, no problem.
Or, do you mean that you use the ACL to limit where the debug command allows the packets from?
As in "I want to debug packets from 192.168.1.1,-5, but I don't want to debug packets from 192.168.1.10-15."
That would be fantastic! I could tell it to not debug packets from my servers, just get them from a few computers.
I will have to look that up!

Collapse -

Debug ACL

by NetMan1958 In reply to Re-Debugging

You can limit the packets that debug acts on with an ACL. For instance:
"access-list 101 permit ip host 10.1.81.1 host 10.1.**.1"

"debug ip packet 101"

Collapse -

The routers work fine

by Dan In reply to Cisco Router Configuratio ...

OK, I feel silly. I looked at the responses and thought "Yep, did that, did that too". Then a light bulb went on.
The issue was not with the router. It was the firewall on the computers. I control the firewall entirely thru group policy. I completely forgot it was there. The Test IP addresses I was using are not on the subnet that the rest of the network was on so Windows firewall blocked the packets. Once I turned off the firewall everything worked as it should.
Thanks for the responses. Sometimes you have to ask the question to see the answer that is in front of you.

Dan

Back to Networks Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums