Solved: Ping through 2800 series Router - Page 2

Brian AD · ‎02-17-2025

I run a networking lab at a University. We are introducing routers, IP subnetting, and routing this week. There are two switches connected to a single router (FE0/0 and FE0/1, respectively). I am attaching the workstation IP address configs, and router show ip interface brief and show ip route outputs. The workstations can ping their local router port (default gateway), the remote router port, but not any devices beyond the remote router port. There are no ACLs established. I believe there is something simple I am missing, but cannot put my finger on it.

Thank you,

Brian

Brian AD · ‎02-17-2025

liviu.gheorghe · ‎02-17-2025

Can you also provide show arp from both routers and show mac address-table from the switches?

Regards, LG
*** Please Rate All Helpful Responses ***

Brian AD · ‎02-17-2025

liviu.gheorghe · ‎02-17-2025

Everything look ok in the switch config, mac address table on the switch and arp table for the router. I think the problem is the firewall on the PC's you are testing with. Try disabling it on both PC's and do the ping test again.

Regards, LG
*** Please Rate All Helpful Responses ***

Brian AD · ‎02-17-2025

The firewalls are disabled on all PCs in the lab. I think there is something inside the router that is not translating quite right. Each "side" can ping its local router port and can ping the remote router port, but when I use tracert, the remote router port does not respond. Pinging to the remote network gets no response.

liviu.gheorghe · ‎02-17-2025

Ok, I understand. Can you share the router config as well?

Regards, LG
*** Please Rate All Helpful Responses ***

Brian AD · ‎02-17-2025

liviu.gheorghe · ‎02-17-2025

So, you are able to ping from a PC, 192.168.1.11 for example, the router interface on the other LAN - 192.168.11.1. This fact is an indication that routing works. Traffic originating from your PC is usually permitted by the firewall in the outgoing direction. It's the incoming part that is usually denied.

Can you please double check the FW in those PC's?

Regards, LG
*** Please Rate All Helpful Responses ***

Brian AD · ‎02-17-2025

liviu.gheorghe · ‎02-17-2025

Can you try using the tracert -n version of the command?

Regards, LG
*** Please Rate All Helpful Responses ***

Brian AD · ‎02-17-2025

My workstations are not liking the -n switch for tracert.

liviu.gheorghe · ‎02-17-2025

Sorry tracert -d is the correct option for windows.

Regards, LG
*** Please Rate All Helpful Responses ***

liviu.gheorghe · ‎02-17-2025

If re-verifying the PC doesn't show us anything new, I have another idea on how to test the connectivity. It involves using the switches to test the connectivity between LANs.

First configure an IP address on interface Vlan1:

Sw1-1:

interface Vlan1
ip address 192.168.1.101 255.255.255

Sw3-1:

interface Vlan1
ip address 192.168.11.101 255.255.255

Make sure Sw3-1 has also configured ip default-gateway 192.168.11.1

Now from the switch Sw1-1 console/vty perform a ping to the other switch Vlan1 interface:

Sw1-1#ping 192.168.11.101

Regards, LG
*** Please Rate All Helpful Responses ***

Brian AD · ‎02-17-2025

OK. After setting the IP information for VLAN 1 on both switches, I was able to ping from switch to switch. However, Switch 1 still could not ping the remote workstation. After reviewing the firewall settings, I did find one setting that was still on. Once I turned that off, the packets seem to be going through.

For the record, I am not sure how they were turned on. I am using a DeepFreeze like utlility and had turned that feature off on all workstations some time ago. When I looked at the workstations, the master firewall setting was off. I did find that the public network setting was still turned on.

Thank you all for your time. My apologies for taking so much of it.

liviu.gheorghe · ‎02-17-2025

No worries about the fw setting - it happens.

And you are welcome. I am happy to help.

Regards, LG
*** Please Rate All Helpful Responses ***