Do I need to use the loopback interface? I thought I had it disabled by putting the ! infront of the lines. When I do show interfaces it says that it is down. Should I put it up? What exactly would you use the loopback interface for in the routers? What type of address show it get?

Thanks

Glenn

You do not need a loopback address in this case.

A loopback address is a virtual, always up, interface.

It is not tried to any physical interfaces, and therefore would bot be effected if one fialed. Although you path to the loopback int may be affected if a particular interface fails.

With the current config, by putting the ! before the commands does not load it correct? It makes it as a comment in the file? Like I said, when I do show interfaces, it says the loopback is down. I just can't understand why the two interfaces are not routing between each other. I can ping the router from either network, from a telnet session into the router, I can ping outside networks so its routing table seems to be working, but for some reason if i try to ping one local network from the other it doesn't want to work? I must be missing something in the routing section?

Also, what are the Bridge Group commands used for, I saw these on the internet, and wondered if I need to use the Bridge commands?

Thanks

Glenn

type 'sh ip route'

and verify the two entries with a c infront

it sounds very much like the clients on the lan do not have gateways set or are not set to bet the local router interface.

bridge groups are to allow layer 2 traffic to pass across layer 3 interfaces - not for here.

I checked the show ip route yesterday and both entries where in there for the two interfaces w/ the C. I did have the default gateway to 10.68.21.1, for the client on the 10.68.21.0 network. I'll play around with it more on Monday. I just wasn't sure if I had a problem with my configuration of the router because it didn't appear to be routing.

Thanks again.

Now I have a weird problem. I have gotten the router to partially work, clients on the 10.68.20.0 network can ping the client on the otherside of the router, I have the dhcp server setup so it will give the 10.8.21.0 network address, but for some strange reason, the client on the 10.68.21.0 network can ping most of clients on the 10.68.20.0 network, but it can't ping certain ones? I can't ping our pix firewall which has an address of 10.68.20.4, or out VPN Conncentrator 10.68.20.5. From a telnet session of the router I can ping any address out on the internet along w/ the PIX. But as soon as I try it from a client on the 10.68.21.0 network it does not work? Do I have to use access lists or something? The routing table on the client is correct, it will access certain hosts. Also, what is the reason when you do a ping that the first attempt times out then the last three are successful? Is that normal because of the time required to locate the host?

Any suggestions? I've included the config / show route commands

boston#show ip route

Gateway of last resort is 10.68.20.4 to network 0.0.0.0

10.0.0.0/24 is subnetted, 2 subnets

C 10.68.20.0 is directly connected, Ethernet0/0

C 10.68.21.0 is directly connected, Ethernet0/1

S* 0.0.0.0/0 [1/0] via 10.68.20.4

boston#

---

boston#show running-config

Building configuration...

Current configuration:

!

version 12.1

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service udp-small-servers

service tcp-small-servers

!

hostname boston

!

no logging console

enable secret 5 $1$vVrn$lp8ockz/lJwDvizeFdhH..

!

!

memory-size iomem 10

ip subnet-zero

!

voice-port 1/0/0

!

voice-port 1/0/1

!

voice-port 1/1/0

!

voice-port 1/1/1

!

interface Loopback0

no ip address

shutdown

!

interface Ethernet0/0

ip address 10.68.20.1 255.255.255.0

!

interface Serial0/0

description Frame Relay #1 (MCI)

no ip address

encapsulation frame-relay

no ip mroute-cache

shutdown

no fair-queue

frame-relay lmi-type cisco

!

interface Serial0/0.1 point-to-point

description PVC to Boulder

shutdown

frame-relay interface-dlci 16

!

interface Ethernet0/1

ip address 10.68.21.1 255.255.255.0

ip helper-address 10.68.20.20

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.68.20.4

ip http server

!

!

line con 0

exec-timeout 0 0

transport input none

line aux 0

line vty 0 4

login

!

no scheduler allocate

end

When you ping from the router console, the router uses the interface closest to the destination as the source address. So when you are pinging from the router to a host on the 10.68.20.0 network the router uses 10.68.20.1 as the source address. Devices on that subnet can simply reply - no default gateway is needed. In order to ping from one subnet to another from a host, both hosts need to have a default gateway set.

Do this: from a host on the 10.68.20.0 network check that the default gateway is set to 10.68.20.1 Then ping 10.68.20.1 Does it work? It should. If it does, you know that the router and the host can communicate. Then ping 10.68.21.1 Does it work? It should. If it does, you know that the router is routing and you can reach any host on the 10.68.21.0 network.

But that doesn't mean that everything is good. It only means that you can get to the other host - it doesn't mean that the other host can get back. Try to ping a known good host on the 10.68.21.0 network from your host on the 10.68.20.0 network. If it works, troubleshoot the others indivually (check the IP address, mask, and default gateway. If it doesn't work, do all of these steps from the host on the 10.68.21.0 network. Somewhere along the way you will find your problem.

Let us know what you find or if you need more help. Good hunting.

Mike,

I've checked out all the settings, I can ping either interface of the router from either network. I can also ping certain hosts on the network. For example from the 10.68.21.10 host, I can ping the servers on the 10.68.20.0 network and various hosts. For some reason I can not ping 2 devices, the PIX 515, and the VPN conncentrator, 10.68.20.4/5 respectively. But what confuses me, is that I can ping them find from the 10.68.20.0 network, and also fine from the router itself, I can ping the 10.68.21.10 device from the VPN Conncentrator (10.68.20.5), but I can't ping the 10.68.21.10 device from the pix (10.68.20.4), which might mean the problem lies in the PIX, but the pix has the correct IP configurations. I just wasn't sure if there was anything else I had to do to the router to get it working... I'll keep playing around..

Glenn

Mike,

I ended up figuring it out. It was an issue with the PIX and the VPN conncentrator not having the default gateway specified correctly, so they didn't know how to get back to the 10.68.21.0 network.. Thank again guys for the info...

Glenn

Glad you found the problem. Like I said, trouble shoot individual problems. Sounds like that is what you did. Keep in mind for the future - host to host on the same subnet = address and mask ; host to host on serarate subnets = address, mask and default gateway.