Solved: 2901 routing issues

nestorq · ‎02-02-2013

I have 2901 i cant reach next hop, here is the configurations and pings..

Somebody can help me

Router#sh run

Building configuration...

Current configuration : 1249 bytes

!

! Last configuration change at 17:39:44 UTC Sat Feb 2 2013

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

no ipv6 cef

ip source-route

ip cef

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

voice-card 0

!

license udi pid CISCO2901/K9 sn FTX170280F4

hw-module pvdm 0/0

!

hw-module pvdm 0/1

!

redundancy

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address dhcp

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 172.16.2.1 255.255.255.0

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

control-plane

!

mgcp profile default

!

gatekeeper

shutdown

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

end

Router#

===================================================================================

Ping from Router to PC

Router#ping 172.16.2.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Router#

===================================================================================

Router#sh ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.1.1

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

C 172.16.2.0/24 is directly connected, GigabitEthernet0/1

L 172.16.2.1/32 is directly connected, GigabitEthernet0/1

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.1.0/24 is directly connected, GigabitEthernet0/0

L 192.168.1.10/32 is directly connected, GigabitEthernet0/0

Router#

===================================================================================

Ping from PC to router interface WAN

Pinging 192.168.1.10 with 32 bytes of data:

Reply from 192.168.1.10: bytes=32 time<1ms TTL=255

===================================================================================

Ping from PC to Router nexthop

Pinging 192.168.1.1 with 32 bytes of data:

Request timed out.

===================================================================================

Ping from router to nexthop

Router#ping 192.168.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Router#

patrickherborn · ‎02-02-2013

Nestor,

at no point have you explicitly stated that 192.168.1.1 has a route to 172.16.2.0/24; your last statement could be interpreted to mean either :

a) "192.168.1.1 gives out an address to the 2901 via DHCP and 192.168.1.1 also has a route to 172.16.2.0/24 that goes via the 2901. It knows how to get to that network but it still doesn't work!" [ie "he" is referring to 192.168.1.1]

or

b) "192.168.1.1 gives out an address to the 2901 via DHCP but 192.168.1.1 does not have a route to the 172.16.2.0/24 network. I just expect it to work because the 2901 knows how to get to that network". [ie "he" is referring to the 2901]

If statement a) is true then it sounds more like an ACL type problem, most likely on 192.168.1.1.

If statement b) is true then it will not "just work". 192.168.1.1 *MUST* know how to get to 172.16.2.0/24 in order for it to correctly reply to traffic it receives. It could be as simple as setting a static default route via 192.168.1.10 (but that doesn't seem very sensible), it could be a static route that lists 192.168.1.10 as the correct next hop to get to 172.16.2.0/24 or you could setup a routing protocol so that 192.168.1.10 can advertise a route to 172.16.2.0/24 that 192.168.1.1 can then learn. In any event it must be able to send reply traffic back to 192.168.1.10 so that the 2901 can then forward it back to the 172.16.2.0/24 network.

Please can you confirm whether or not a route to 172.16.2.0/24 exists in the 192.168.1.1 machine ?

Cheers,

Pat.

View solution in original post

patrickherborn · ‎02-02-2013

Nestor,

Check that the machine at 192.168.1.1 has a route to 172.16.2.0/24 via 192.168.1.10.

Cheers,

Pat.

nestorq · ‎02-02-2013

i dont care, becasue i try to reach 192.168.1.1 from 172.16.2.0 via 192.168.1.10..

cadet alain · ‎02-02-2013

Hi,

just make sure that 192.168.1.1 has a route for the 172.16.2.0/24 network or use NAT.

Regards

Alain

Don't forget to rate helpful posts.

nestorq · ‎02-02-2013

the 192.168.1.1 give to the 2901 DHCP and he is routing 172.16.2.0..

patrickherborn · ‎02-02-2013

Nestor,

at no point have you explicitly stated that 192.168.1.1 has a route to 172.16.2.0/24; your last statement could be interpreted to mean either :

a) "192.168.1.1 gives out an address to the 2901 via DHCP and 192.168.1.1 also has a route to 172.16.2.0/24 that goes via the 2901. It knows how to get to that network but it still doesn't work!" [ie "he" is referring to 192.168.1.1]

or

b) "192.168.1.1 gives out an address to the 2901 via DHCP but 192.168.1.1 does not have a route to the 172.16.2.0/24 network. I just expect it to work because the 2901 knows how to get to that network". [ie "he" is referring to the 2901]

If statement a) is true then it sounds more like an ACL type problem, most likely on 192.168.1.1.

If statement b) is true then it will not "just work". 192.168.1.1 *MUST* know how to get to 172.16.2.0/24 in order for it to correctly reply to traffic it receives. It could be as simple as setting a static default route via 192.168.1.10 (but that doesn't seem very sensible), it could be a static route that lists 192.168.1.10 as the correct next hop to get to 172.16.2.0/24 or you could setup a routing protocol so that 192.168.1.10 can advertise a route to 172.16.2.0/24 that 192.168.1.1 can then learn. In any event it must be able to send reply traffic back to 192.168.1.10 so that the 2901 can then forward it back to the 172.16.2.0/24 network.

Please can you confirm whether or not a route to 172.16.2.0/24 exists in the 192.168.1.1 machine ?

Cheers,

Pat.

nestorq · ‎02-02-2013

Hi the answer is some mistake with access list, i create NAT and the access list.. here is the configurations

thanks everybody

Router#sh run

Feb 3 01:16:14.771: %SYS-5-CONFIG_I: Configured from console by console

Building configuration...

Current configuration : 1569 bytes

!

! Last configuration change at 01:16:14 UTC Sun Feb 3 2013

! NVRAM config last updated at 01:13:09 UTC Sun Feb 3 2013

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

no ipv6 cef

ip source-route

ip cef

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

voice-card 0

!

license udi pid CISCO2901/K9 sn FTX170280F4

hw-module pvdm 0/0

!

hw-module pvdm 0/1

!

redundancy

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 172.16.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 101 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

access-list 101 permit ip 172.16.2.0 0.0.0.255 any

!

control-plane

!

mgcp profile default

!

gatekeeper

shutdown

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

end