Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
557
Views
0
Helpful
6
Replies

Ping 1941 through non-Cisco router

Greenchris
Level 1
Level 1

‎06-05-2017 02:42 AM - edited ‎03-05-2019 08:39 AM

Hi all,

Apologies for asking what may be an idiot question, but it involves such vague terms that it is difficult to google. Also this might not be entirely a Cisco question, I'm not certain. So I'm sorry if this is inappropriate, or wasting your time.

So apologies out of the way, I have a 1941 router which I'm trying to set up from scratch, working with a Juniper SSG20 firewall (which is also a router). My problem is:

PC1 ---<CAT5>--- 1941 = can ping in both directions

PC1 ---<CAT5>--- JUNIPER ---<CAT5> PC2 = Can ping in both directions

PC1 ---<CAT5>--- JUNIPER ---<CAT5>--- 1941 = Cannot ping

FYI:

PC1 = 192.168.27.201

PC2 = 192.168.32.171

1941 = 192.168.32.81

So hopefully you can see why I'm struggling to "blame" either the 1941 or the Juniper config for this. Its almost like its a combination of the two.

If pinging is all I want to do, what is the difference between a 1941 and a PC? I would have thought nothing, but it seems I might be wrong in this.

Obviously I'm not asking you fine people to comment on the Juniper, but the Juniper seems to be doing its job just fine with everything except the 1941 - of course, any ideas as to how the Juniper might be stopping this working are welcome, but as you see above, it works with a PC. And the Juniper has been working in production for some time, connecting 192.168.27.0, 192.168.32.0 and 192.168.60.0 to the WAN and to each other.

Thanks for taking the time to read this, and a huge thank you to anyone who can suggest any help towards this at all.

Cisco running config is pretty much default, but included here. I won't include the Juniper config as it is really not relevant to discuss on a Cisco forum.

Current configuration : 1334 bytes

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTBEAR
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 ###
enable password ###
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef

!
no ip domain lookup
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9 sn ###
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.32.81 255.255.255.0
duplex auto
speed auto
no mop enabled
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
dialer-list 1 protocol ip permit
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password ###
login
transport input all
!
scheduler allocate 20000 1000
end

Labels:
0 Helpful
6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

‎06-05-2017 03:40 AM

Unless you are doing NAT on the Juniper device the router will need a route ie. -

"ip route 192.168.27.0 255.255.255.0 <Juniper 192.168.32.x IP>"

you could of course use a default route instead.

Jon

0 Helpful

Greenchris
Level 1
Level 1
In response to Jon Marshall

‎06-05-2017 07:21 AM

Hi Jon, thanks for responding. I could be wrong, but I don't think you've understood the problem, which might be my fault. I have now since "solved" the problem, but now want to understand the issue.

Forget about the outside world for the minute. And think of the Cisco device as the end of the line - I want to send a ping from PC2, which is 192.168.32.171 through the Juniper to the Cisco 1941 which is on 192.168.32.171. The way the Juniper is set, it should just be a switch in this instance, as both devices are on the same network. But I can't ping the PC from the 1941 or vice versa.

Now, it turns out that if I turn on DHCP on the Juniper and issue 192.168.32.81 and 255.255.255.0 the 1941 picks it up and everything works. But if I assign this address and subnet myself, nothing. For the record, the PCs in the scenario described above are all static IPs.

Does anyone know what I'm missing here?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Greenchris

‎06-05-2017 07:37 AM

Okay your original description talked about the ping from PC1 which is on a different subnet.

Now I understand it is indeed weird.

So the PCs did not use DHCP but were static and it worked fine ?

If so can you on the router do "no ip routing", then assign the IP statically and see what happens. Obviously you don't need a default gateway as they are on the same IP subnet.

Not sure it will make any difference but worth a try.

Jon

0 Helpful

Greenchris
Level 1
Level 1
In response to Jon Marshall

‎06-05-2017 08:43 AM

Hold on, I think I've screwed something up here in my explanation. In my previous post I said that PC2 and the Cisco 1941 both had the same IP address, this is not true. The root problem is still there and still the same, but I need to explain properly.

Let me knock something up in Visio which explains the situation better. Thanks for your time, it is appreciated.

0 Helpful

Greenchris
Level 1
Level 1
In response to Greenchris

‎06-05-2017 09:39 AM

AAAAARGH!! The DHCP was assigning a gateway, and I wasn't! PROBLEM SOLVED!! I told you it was just me being an idiot... :-)

However, since I went through the below, I might as well post it in the vain hope that one day it helps another idiot. Jon, thanks for your help.

OK, so this is the actual setup.

Orange arrows are physical Cat5 cables, Blue/Green is just to show subnets, White are dumb switches

But I don't want to over-complicate things. To be clear:

NARWHAL can ping BEAR and vice versa. Narwhal is DHCP. Bear is static. But I have changed these to static/DHCP with no effect (as it should be). It is irrelevant to the current discussion, but both of these can also ping the WAN - I am writing this on NARWHAL. That plus months of day to day use in production should (hopefully) eliminate Juniper routing from the equation.

I'll put in exactly what I do on the 1941 to be as clear as possible.

1941 commands:

conf ter

int GigabitEthernet 0/1

ip address 192.168.32.99 255.255.255.0

end

ping 192.168.32.11 --- SUCCESS

ping 192.168.27.201 --- FAIL

ping 8.8.8.8 --- FAIL

Then:

conf ter

int GigabitEthernet 0/1

no ip address

ip address dhcp

end

(wait for DHCP assign - 2-3 seconds)

ping 192.168.32.11 --- SUCCESS

ping 192.168.27.201 --- SUCCESS

ping 8.8.8.8 --- SUCCESS

The DHCP server inside Juniper is assigning ONLY IP and netmask...

(This is the point where I went to check that statement, discovered the gateway and facepalmed so hard it hurt...)

Preview file
27 KB
0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Greenchris

‎06-05-2017 10:11 AM

So it was the default gateway after all.

Makes perfect sense :)

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card