Solved: Re: Routing

Senbonzakura · ‎03-30-2020

I'm trying to do something a little bit different. I'll lay it out for you because I want to try and make something else work.

So the modem - > Firewall then the firewall connects to two different ISRs, the reason why two is because I'm running HSRP on them and the second ISR is for redundancy only which are both hooked up into a switch. Right now, I'm only trying to ping the main ISR and I can ping the gateway but when I try to ping the exit port I don't get anything back.

Experimental setup here.

On switch:

Interfance G1/0/35

Switchport mode trunk

VLAN 250

192.168.0.2 255.255.255.0

On Router: (HSRP isn't setup yet but will be)

Interface G0/0.1

Encapsulation DOTQ1 VLAN 250

192.168.0.1 255.255.255.0

Interface G0/1

208.165.100.2 255.255.255.252

IP Route 0.0.0.0 0.0.0.0 208.165.100.1

IP Route 192.168.0.0 208.165.100.1

On Firewall:

Interface E0/3

208.165.100.1 255.255.255.252

Route Inside 0.0.0.0 0.0.0.0 208.165.100.2

then after it goes through the firewall I want it to go to the modem which is bridged. Lets say E0/1 interface is 68.36.235.5 255.255.252.0

Network: 68.36.232.0

Gateway: 68.36.232.1

Should I configure the Firewall to hand out DHCP or the ISR, which would be recommended?

Now i'm still trying to learn how to configure the firewall properly but I cannot ping the routers exit interface and the firewalls interface from the VLAN 250 within the switch. What am I doing wrong or missing?

Richard Burts · ‎03-31-2020

You raise several questions. So let me try to provide several answers. A significant question is the one about whether to use a dynamic routing protocol or to use static routing. There are pro and con sides to both alternatives. And which alternative is better very much depends on the particular environment. Dynamic routing is better suited to larger and more complex networks while static routing is better suited to smaller and more simple networks. Dynamic routing is more complex to configure and will dynamically react to changes in the network topology (if there is a problem on one link and an alternate path is available dynamic routing will automatically change over to use the alternate path) while static routing is easier to configure but requires manual effort to react to changes in the network topology. For the network that you suggest with only 2 routers and no alternate paths I see no advantage for dynamic routing and would suggest that you are better suited to use static routing for it.

You offer a significant observation "When I try to route, it only wants to do the next hop" and that is very true. Forwarding decisions for an IP packet are made hop by hop. Every device that forwards any IP packet may know where the destination is located but makes the forwarding decision only about which interface to use and what next hop to send the packet to.

You ask this question " is it better just to have it statically configured or to have a default route?" and I am puzzled about it. You sound like you think that a default route is separate and different from static routing. But it is very possible to configure a static default route.

You also ask this question "Also, wouldn't it be easier to just use RIP or NAT?" and that is a puzzling question. It sounds like they are equivalent ways to achieve some objective. But they are very different things. RIP is a dynamic routing protocol and it deals with finding optimum paths through the network. NAT is about address translation where you need to change a source or a destination address.

HTH

Rick

View solution in original post

omz · ‎03-30-2020

A picture (topology diagram) is worth a thousand words ... :) just saying ..

Richard Burts · ‎03-30-2020

Some additional information might help us to better understand the issue. Would you post the output of these commands on both the router and the switch.

show ip interface brief

show arp (or perhaps show ip arp depending on platform)

I wonder about the firewall having its default route forward through interface inside with the router as the next hop.

HTH

Rick

Georg Pauwen · ‎03-30-2020

Hello,

--> Right now, I'm only trying to ping the main ISR and I can ping the gateway but when I try to ping the exit port I don't get anything back.

With 'exit port' I assume you cannot ping 208.165.100.2 ?

Try and remove the static route:

ip route 192.168.0.0 208.165.100.1

Senbonzakura · ‎03-30-2020

That seemed to work, now is it better just to have it statically configured or to have a default route? Also, wouldn't it be easier to just use RIP or NAT?

What is your personal thoughts on that? I've always had a hard time figuring out how to properly configure routing. When I try to route, it only wants to do the next hop which would be the interface of the next router generally.

Lets say we have 3 VLANS:

Interface 0/1.1 192.168.1.1 /24

Interface 0/1.2 192.168.2.1 /24

Interface 0/1.3 192.168.3.1 /24

Interface 0/0 is 192.168.100.1 255.255.255.252 which is connected to another router that's interface is 192.168.100.2 255.255.255.2. How would I route traffic from the 3 VLANS to that other Router?

Richard Burts · ‎03-31-2020

You raise several questions. So let me try to provide several answers. A significant question is the one about whether to use a dynamic routing protocol or to use static routing. There are pro and con sides to both alternatives. And which alternative is better very much depends on the particular environment. Dynamic routing is better suited to larger and more complex networks while static routing is better suited to smaller and more simple networks. Dynamic routing is more complex to configure and will dynamically react to changes in the network topology (if there is a problem on one link and an alternate path is available dynamic routing will automatically change over to use the alternate path) while static routing is easier to configure but requires manual effort to react to changes in the network topology. For the network that you suggest with only 2 routers and no alternate paths I see no advantage for dynamic routing and would suggest that you are better suited to use static routing for it.

You offer a significant observation "When I try to route, it only wants to do the next hop" and that is very true. Forwarding decisions for an IP packet are made hop by hop. Every device that forwards any IP packet may know where the destination is located but makes the forwarding decision only about which interface to use and what next hop to send the packet to.

You ask this question " is it better just to have it statically configured or to have a default route?" and I am puzzled about it. You sound like you think that a default route is separate and different from static routing. But it is very possible to configure a static default route.

You also ask this question "Also, wouldn't it be easier to just use RIP or NAT?" and that is a puzzling question. It sounds like they are equivalent ways to achieve some objective. But they are very different things. RIP is a dynamic routing protocol and it deals with finding optimum paths through the network. NAT is about address translation where you need to change a source or a destination address.

HTH

Rick

Richard Burts · ‎03-31-2020

I am glad that my explanations have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick