cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
668
Views
0
Helpful
2
Replies

router that does not route

armandschindler
Level 1
Level 1

I was CCNP but for sure a little bit too long to be efficient in routing. We received a new router (CISCO2901/K9) but I’m not able to use it.

Very easy scenario : 2 subnet : 1 WAN and 1 LAN.

 

 

Cisco router configuration :

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname int-xxxxx

!

boot-start-marker

boot system flash0:c2900-universalk9_npe-mz.spa.152-4.m6a.bin

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

memory-size iomem 10

!

!

!

!

!

!

!

ip domain name xxxxx.xxx

ip name-server 8.8.8.8

ip name-server 8.8.4.4

ip cef

no ipv6 cef

multilink bundle-name authenticated

!

!

!

crypto pki trustpoint TP-self-signed-13405798

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-13405798

 revocation-check none

!

!

crypto pki certificate chain TP-self-signed-13405798

 certificate self-signed 01

  3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

……

        quit

license udi pid CISCO2901/K9 sn FTX180883V6

!

!

username cisco privilege 15 password 7 0822455D0A16

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 ip address 62.119.117.65 255.255.255.224

 duplex auto

 speed auto

!

interface GigabitEthernet0/1

 ip address 26.130.21.150 255.255.255.252

 duplex full

 speed 100

!

ip forward-protocol nd

!

no ip http server

ip http access-class 23

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 26.130.21.149

ip route 62.119.117.96 255.255.255.224 62.119.117.66

!

access-list 23 permit X.X.X.X 0.0.0.255

access-list 23 permit X.X.X.X 0 0.0.0.255

!

!

snmp-server community XXXXXXXX RO 23

snmp-server enable traps entity-sensor threshold

!

control-plane

!

!

banner login ^CCCCCCCCCCCCCC

--------------------------------------------------------------------

--   All logins are logged   --   Private and restricted access   --

--                                                                --

--                       Property of XXXXXX                        --

--                                                                --

--                                                                --

--------------------------------------------------------------------

^C

!

line con 0

 login local

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 access-class 23 in

 privilege level 15

 login local

 transport input ssh

!

scheduler allocate 20000 1000

!

End

int-xxxx#sh ver

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9_NPE-M), Version 15.2(4)M6a, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2014 by Cisco Systems, Inc.

Compiled Tue 15-Apr-14 09:45 by prod_rel_team

 

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

 

int-xxxx uptime is 3 hours, 31 minutes

System returned to ROM by reload at 21:08:06 UTC Fri Jun 27 2014

System image file is "flash0:c2900-universalk9_npe-mz.spa.152-4.m6a.bin"

Last reload type: Normal Reload

Last reload reason: Reload Command

 

 

 

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

 

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

 

If you require further assistance please contact us by sending email to

export@cisco.com.

 

Cisco CISCO2901/K9 (revision 1.0) with 475136K/49152K bytes of memory.

Processor board ID FTX180883V6

2 Gigabit Ethernet interfaces

1 terminal line

DRAM configuration is 64 bits wide with parity enabled.

255K bytes of non-volatile configuration memory.

250880K bytes of ATA System CompactFlash 0 (Read/Write)

 

 

License Info:

 

License UDI:

 

-------------------------------------------------

Device#   PID                   SN

-------------------------------------------------

*0        CISCO2901/K9          XXXXXX

 

 

 

Technology Package License Information for Module:'c2900'

 

-----------------------------------------------------------------

Technology    Technology-package           Technology-package

              Current       Type           Next reboot

------------------------------------------------------------------

ipbase        ipbasek9      Permanent      ipbasek9

security      None          None           None

uc            None          None           None

data          None          None           None

 

Configuration register is 0x2102

Desktop Configuration :

Ethernet adapter Ethernet:

 

   Connection-specific DNS Suffix  . :

   IPv4 Address. . . . . . . . . . . : 62.119.117.71

   Subnet Mask . . . . . . . . . . . : 255.255.255.224

   Default Gateway . . . . . . . . . : 62.119.117.65

Issue Description :

I’m able to ping internet from my router :

int-xxxx#ping 8.8.8.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

!!!!!

From my desktop I’m able ton ping LAN and WAN interface of the router :

C:\Users\ars16537>ping 62.119.117.65

 

Pinging 62.119.117.65 with 32 bytes of data:

Reply from 62.119.117.65: bytes=32 time=1ms TTL=255

Reply from 62.119.117.65: bytes=32 time=1ms TTL=255

Reply from 62.119.117.65: bytes=32 time=1ms TTL=255

C:\Users\ars16537>ping 26.130.21.150

 

Pinging 26.130.21.150 with 32 bytes of data:

Reply from 26.130.21.150: bytes=32 time=1ms TTL=255

Reply from 26.130.21.150: bytes=32 time=1ms TTL=255

 

But not internet of the router next hop :

C:\Users\ars16537>ping 157.130.21.149

 

Pinging 26.130.21.149 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

 

So the router doesn’t want routing. Any Idea ?

2 Replies 2

Hello The first part of your post -show the defaults routes and wan-LAN interfaces? The second part show a IP address/subnet mask-default-gateway - Is all the configuration off the same device It hard to make out? Also can you ping your ISPs next hop from the router? Your static route back into your LAN points to a .66 ip but the second half of the config shows a .71 ip Can you clarify what configuration is related to what device? Res Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi armandschindler,

I think you are missing something. make sure your lan interfaces are public ip. May be not, so your isp have no information about these routes 62.119.117.64 /27 eventually ping fail.

In this case you need nat on this router.

ping from your router is successful because Its public ip and your isp has information how to route back.

 

Regards,

kazim

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: