05-26-2021 05:56 AM
Hello everyone, I was working on a packet tracer assignment and i have a problem. For some reason I cant ping between 2 Servers. Even though i have setup ipv4 rip, eigrp, ospf between the routers. I will post a screenshot of the network down below.
Does anyone know what could be going wrong?
Solved! Go to Solution.
05-27-2021 01:25 PM
I don't have access to PT right now but if I remember correctly, you are not advertise anything out of L3 switch. Use show ip route and look for 192.168.2.0 and .3.0 networks. They are missing, right? So you need enable eigrp and advertise networks it has (or ones you want to reach). That's what I meant by enable routing in addition to ip routing command.
All Pings should work now but only traffic from 192.168.2.x to 192.168.3 and vice versa is encrypted, aka going via IPsec tunnel. Others do not; if you want other networks to be encrypted, you will need to add or change access list.
You may need to ping router-to-router once so that tunnel is formed.
I think i saved PT file so i can share it once I at home.
Regards, ML
**Please Rate All Helpful Responses **
05-26-2021 06:22 AM
Local FW (disabled ?) first come to my mind.
Tests :
From Server 0 can you able to ping Gateway ?
Traceroute to Server 2 - how far it go ?
Can server 0 reach 10.0.0.X network IP on Router 1 or 2811 ? ( same from Server 2?)
share the results ?
05-26-2021 06:44 AM
Hello thank you for the reply. From server 0 I can ping to the default gateway with success. And Server 0 can reach the 10.0.0.2 ip on router 1 aswell but it cant reach router 3 (the router that is closest to server 2) same otherway around. Server 2 can ping to router 1 but it cant ping to router 2 (the router that is closest to server 1) And tracer t immediately says request timed out. See screenshots
05-26-2021 06:58 AM - edited 05-26-2021 06:59 AM
Traceroute what hop it failing ( coming started ****) post complete trace
where ever it dropping that is where problem resides, so from that device
post (router 1 guessing here is the issue) show run
show ip route
show ip interface brief
05-26-2021 07:48 AM - edited 05-26-2021 07:50 AM
Hello, it is failing at the first hop already, i will post screenshots of the tests here. Is there anyway i can attach my packet tracer file?
Router 1 sh run :
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 30.0.0.1 255.255.255.0
clock rate 128000
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Serial0/2/0
ip address 20.0.0.2 255.255.255.0
!
interface Serial0/2/1
ip address 10.0.0.2 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
network 30.0.0.0 0.0.0.255
network 10.0.0.0 0.0.0.255
network 20.0.0.0 0.0.0.255
!
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.0.0.255 area 0
network 30.0.0.0 0.0.0.255 area 0
network 20.0.0.0 0.0.0.255 area 0
!
router rip
version 2
network 10.0.0.0
network 20.0.0.0
network 30.0.0.0
no auto-summary
05-26-2021 09:23 AM
You can attach PT file but it must be zip file format. so zip it and then attach it here.
Regards, ML
**Please Rate All Helpful Responses **
05-26-2021 09:42 AM
05-26-2021 10:31 AM
this one was a tricky one. Router 7 points to 2 different ways for 172.16.10 and .30. Router 5 claims he has route that should come from other guy. Same thing on Router 6.
Why do you have 3 different protocols? for testing ? <although should not affect reach-ability, PT may be confused -PT is just a simulator
Solution is
Subnet Mask for 172.16.10.0 and .30.0 is wrong. it is /16 but should be /24.
Regards, ML
**Please Rate All Helpful Responses **
05-26-2021 10:52 AM - edited 05-26-2021 11:05 AM
Martin, thank you so much for your time and help, I appreciate it a lot. Yes the reason why I use 3 different protocols is because I started learning in packet tracer not too long ago. Our teacher wants us to know and be able to use rip, eigrp, ospf protocols. I was actually doubting the subnet for 172.16.10.0 and 30.0 aswell. I asked my teacher what subnet I should use for this address and I was told it should be /16 so thats why I used it. I have another question about the protocols, are rip and eigrp required for the network to function correctly and to be able to ping? Or is one protocol like OSPF enough?
And if you dont mind i've got another thing im struggling to find the solution to so if you have some free time and can take a look at it I would appreciate it.
In the second file, I can't ping from the PC0 network to the vlans on the right network. Do you maybe know why I can't?
Thank you again.
05-26-2021 11:43 AM
172.16.10.0 /16 and 172.16.30.0/16 are on the same subnet, so routers are confused. it should be /24 to make difference and threat them as 2 different networks. If properly advertised by protocol, either one should be ok to use. if you use all 3, then the one with lowest Admin Distance wins. You can test it by removing configs; use rip, then eigrp, ospf.
I take look at your IPSec file later.
Regards, ML
**Please Rate All Helpful Responses **
05-26-2021 06:38 PM - edited 05-26-2021 06:48 PM
Re: IPSec file, Router 2 does not have any routes from L3 switch on right side. So, you need to enable routing on L3 switch and advertise all SVI networks.
router eigrp 1, network 192.168.0.0 0.0.255.255, no auto-summary, exit
Also, you are using IOS 12.x which does auto-summary for eigrp; you must add no auto-summary under eigrp on all eigrp routers. no auto-summary is now default settings for all IOS 15.x routers.
you should be able to ping all PCs now But not all traffic will be encrypted by IPSec (and does not go via tunnel). I guess it should, right? Can you fix it? if not see link below for a hint
Only traffic that is encrypted is from 192.168.2.x to 192.168.3.x and vice versa right now.
see https://www.youtube.com/watch?v=Z7LwU6H5IGE
Note: The video shows alternative option without any routing at all; only with static routes.
Regards, ML
**Please Rate All Helpful Responses **
05-27-2021 12:14 PM
Hello thanks for the reply. I went to the Multilayerswitch which i suppose is what you mean by L3 switch on the right side. I went into the config mode and added the command: int range f0/1-24 ip routing. I think routing should be enabled for all ports now correct? I actually followed the tutorial of that video you linked before for setting up my IPSEC VPN tunnel. I added no auto-summary in eigrp for all routers. But for some reason i still cannot ping. I want to be able to ping from the pc in the 192.168.2.0 network to all pc's that are in the vlans in the right network but it still doesn't work. Ill watch the video again and ill try to see if i can fix it.
05-27-2021 01:25 PM
I don't have access to PT right now but if I remember correctly, you are not advertise anything out of L3 switch. Use show ip route and look for 192.168.2.0 and .3.0 networks. They are missing, right? So you need enable eigrp and advertise networks it has (or ones you want to reach). That's what I meant by enable routing in addition to ip routing command.
All Pings should work now but only traffic from 192.168.2.x to 192.168.3 and vice versa is encrypted, aka going via IPsec tunnel. Others do not; if you want other networks to be encrypted, you will need to add or change access list.
You may need to ping router-to-router once so that tunnel is formed.
I think i saved PT file so i can share it once I at home.
Regards, ML
**Please Rate All Helpful Responses **
05-28-2021 07:37 AM
Hey thank you so much, it worked! I can ping from the 192.168.2.0 network to all the vlans under the multilayer switch. used eigrp in the multilayer switch and added the 192.168.2.0 and 192.168.3.0 and also added the networks i want to reach, so all the vlan adresses in eigrp. Thanks again for explaining and taking the time, I appreciate it a lot and it finally works
05-28-2021 12:48 PM
Kudos, got it working! if you want more practice, go to link below to get similar IPsec issue file. Last one is fixed and ok by George but 2 before last one are still broken. you can practice fixing it. also notice that there are no routing protocols. Fix it without adding any routing protocols just like one in video.
Note that PT is just simulator. Some advanced stuff may not work properly. IPsec tunnel may not come up until you ping router to router and if you make changes to IPsec config, shut interface and no shut may be required.
Regards, ML
**Please Rate All Helpful Responses **
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide