Solved: Cant ping other side of network

mparisse · ‎05-03-2022

Hey yall i need some help with a network im building in packet tracer. For some reason the router is acting like a brick wall. I can ping between devices on the same side as the graphic but the moment i ping one on the other side it wont work i was wondering if yall could help me troubleshoot

This is the router,

Current configuration : 984 bytes
!
version 15.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R1
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
username cisco secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
!
!
!
!
ip ssh version 2
ip domain-name cisco
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/1
 ip address 192.168.2.1 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 ip address 10.1.2.1 255.255.255.0
!
router rip
!
ip classless
!
ip flow-export version 9
!
!
!
banner motd ^CUnathorized Access Prohibited!^C
!
!
!
!
!
line con 0
 password 7 0822455D0A16
 login
!
line aux 0
!
line vty 0 4
 login local
 transport input ssh
line vty 5 15
 login local
 transport input ssh
!
!
!
end

This is switch 1,

Current configuration : 2418 bytes
!
version 15.0
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S1
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky 
 switchport port-security violation restrict 
 switchport port-security mac-address sticky 00D0.BC87.7701
!
interface FastEthernet0/2
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky 
 switchport port-security violation restrict 
 switchport port-security mac-address sticky 000C.CFB3.22ED
!
interface FastEthernet0/3
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky 
 switchport port-security violation restrict 
 switchport port-security mac-address sticky 0009.7CA2.1400
!
interface FastEthernet0/4
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky 
 switchport port-security violation restrict 
 switchport port-security mac-address sticky 00D0.BCA1.B48A
!
interface FastEthernet0/5
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky 
 switchport port-security violation restrict 
 switchport port-security mac-address sticky 0001.6330.8966
!
interface FastEthernet0/6
 shutdown
!
interface FastEthernet0/7
 shutdown
!
interface FastEthernet0/8
 shutdown
!
interface FastEthernet0/9
 shutdown
!
interface FastEthernet0/10
 shutdown
!
interface FastEthernet0/11
 shutdown
!
interface FastEthernet0/12
 shutdown
!
interface FastEthernet0/13
 shutdown
!
interface FastEthernet0/14
 shutdown
!
interface FastEthernet0/15
 shutdown
!
interface FastEthernet0/16
 shutdown
!
interface FastEthernet0/17
 shutdown
!
interface FastEthernet0/18
 shutdown
!
interface FastEthernet0/19
 shutdown
!
interface FastEthernet0/20
 shutdown
!
interface FastEthernet0/21
 shutdown
!
interface FastEthernet0/22
 shutdown
!
interface FastEthernet0/23
 shutdown
!
interface FastEthernet0/24
 shutdown
!
interface GigabitEthernet0/1
 shutdown
!
interface GigabitEthernet0/2
 shutdown
!
interface Vlan1
 ip address 192.168.1.12 255.255.255.0
!
ip default-gateway 192.168.1.1
!
banner motd ^CUnauthorized Use Strictly Prohibited!^C
!
!
!
line con 0
 password cisco
 login
!
line vty 0 4
 login
line vty 5 15
 login
!
!
!
!
end

and this is switch 2,

Current configuration : 1120 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname S2
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.168.1.13 255.255.255.0
!
ip default-gateway 192.168.2.1
!
!
!
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
!
!
!
end

David Ruess · ‎05-03-2022

Hello,

Looking at the diagram for SW 1 you have 4 PCs. and 1 connection to the router. However you have 5 port security ports (and the rest shutdown) with only 1 MAC allowed. If one of those ports are connected to the router you need to remove that. Its possible the reason you can ping inside your network is the only MAC the switch interface can learn is the routers so its able to hit its default gateway and that's it. YOU need to remove all port security from the SW1 connection to the router and do a 'shutdown' 'no shutdown' command to reset it.

I copied your config with the exception of the port security on the interface connecting the switch and router and it worked. I can attach the packet tracer file if needed.

**Also make sure your PCs have their respective default GW (Router interface IPs) configured on the PC for that subnet.

-David

View solution in original post

MHM Cisco World · ‎05-03-2022

in each PC config it GW which is router interface IP for that subnet,
this make PC connect to each other in different subnet.

MHM Cisco World · ‎05-03-2022

your PC missing default GW you need to config in PC.

in PC

192.168.1.1

in PC of other side
192.168.2.1

Jon Marshall · ‎05-03-2022

Switch 2 should have an IP from the 192.168.2.x range.

For the PCs etc. what are you using as the default gateways ?

They should be the respective IP on the router ie. 192.168.1.1 or 192.168.2.1.

Jon

mparisse · ‎05-03-2022

Im not sure what port i would change the ip address on on the switch but the whole left side of the diagram is 192.168.1.1 and the left side is 192.168.2.1 for the gateways

Jon Marshall · ‎05-03-2022

I meant the vlan 1 interface on switch 2 is using 192.168.1.13 as it's IP but it should be a 192.168.2.x IP.

Jon

mparisse · ‎05-03-2022

ohhh okay gotcha so i did that and added the default gateways on each device but not much has changed

MHM Cisco World · ‎05-03-2022

one Question,
are the interface connect both SW to router is UP/UP ?

David Ruess · ‎05-03-2022

Hello,

Looking at the diagram for SW 1 you have 4 PCs. and 1 connection to the router. However you have 5 port security ports (and the rest shutdown) with only 1 MAC allowed. If one of those ports are connected to the router you need to remove that. Its possible the reason you can ping inside your network is the only MAC the switch interface can learn is the routers so its able to hit its default gateway and that's it. YOU need to remove all port security from the SW1 connection to the router and do a 'shutdown' 'no shutdown' command to reset it.

I copied your config with the exception of the port security on the interface connecting the switch and router and it worked. I can attach the packet tracer file if needed.

**Also make sure your PCs have their respective default GW (Router interface IPs) configured on the PC for that subnet.

-David

mparisse · ‎05-11-2022

Hey david I couldn't get it to work and apologize for such a late reply but if you still have that PT file that would be a HUGE help for me

Thank you

Georg Pauwen · ‎05-11-2022

Hello,

can you post the zipped Packet Tracer project (.pkt) file you are working on ?

David Ruess · ‎05-12-2022

Hello,

I wont be able to get to it until later today. However if you remove all port security on all ports and start there to see if you have connectivity, you can add it back port by port. Or you can upload your pkt file and I'm sure a few folks would be happy to help. If they haven't by then Ill upload my file.

-David

paul driver · ‎05-12-2022

Hello
Looks like your port security is negating connectivity as at least 2 of the switchports connect to the rtr
I assume also you are manually providing the ip addressing to the end hosts?

For basic connectivity

To do:
RTR
conf t
default interface vlan 1
ip routing

Sw1 & 2
en
Conf t
default interface vlan 1
default interface range fa0/1 -5

int fa0/1
description link to RTR
switchport mode access
spanning-tree portfast

interface range fa0/2 -5
description link to hosts
switchport mode access
spanning-tree portfast

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul