05-26-2017 01:31 PM
I have attached paint picture of network devices and wondering why I can't ping or telnet these devices.
Here is my router config:
SG3# sh run
Building configuration...
Current configuration : 6910 bytes
!
! Last configuration change at 16:12:53 cst Wed May 24 2017
!
version 15.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname SG3
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$V.6M$Km4uy0BEkLJd//F/MeYbo.
enable password 7 04581E041C
!
aaa new-model
!
!
aaa authentication login default enable
!
!
!
!
!
aaa session-id common
clock timezone cst -6 0
clock summer-time cst recurring 2 Sun Mar 4:00 2 Sun Nov 4:00
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.201.30.253 10.201.30.254
ip dhcp excluded-address 10.201.15.253 10.201.15.254
ip dhcp excluded-address 10.201.35.253 10.201.35.254
!
ip dhcp pool data
!
ip dhcp pool VLAN_DATA-30
network 10.201.30.0 255.255.255.0
default-router 10.201.30.254
lease 0 12
!
ip dhcp pool VLAN_PHONE-35
network 10.201.35.0 255.255.255.0
default-router 10.201.35.254
lease 0 12
!
ip dhcp pool VLAN_WIRELESS-15
network 10.201.15.0 255.255.255.0
default-router 10.201.15.254
lease 0 12
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1941/K9 sn FTX191383R8
!
!
username cubs privilege 15 password 7 082943420d1c0b5a435b5d
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.201.1.3 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/0.15
encapsulation dot1Q 15
ip address 10.201.15.254 255.255.255.0
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 10.201.30.254 255.255.255.0
!
interface GigabitEthernet0/0.35
encapsulation dot1Q 35
ip address 10.201.35.254 255.255.255.0
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
!
router eigrp 1
network 10.201.0.0 0.0.255.255
passive-interface GigabitEthernet0/0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
ip access-list standard snmp_acl
permit 10.201.30.100
ip access-list standard ssh_acl
permit any log
!
!
!
snmp-server community NF8Y3%MC!KS RO snmp_acl
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps transceiver all
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps license
snmp-server enable traps envmon
snmp-server enable traps flash insertion removal low-space
snmp-server enable traps auth-framework sec-violation auth-fail
snmp-server enable traps c3g
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps mac-notification
snmp-server enable traps trustsec-sxp conn-srcaddr-err msg-parse-err conn-config-err
snmp-server enable traps bgp cbgp2
snmp-server enable traps isis
snmp-server enable traps ospfv3 state-change
snmp-server enable traps ospfv3 errors
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps cef resource-failure peer-state-change
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity-ext
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps mempool
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps vtp
snmp-server enable traps waas
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps ipsla
snmp-server enable traps bfd
snmp-server enable traps gdoi gm-start-registration
snmp-server enable traps gdoi gm-registration-complete
snmp-server enable traps gdoi gm-re-register
snmp-server enable traps gdoi gm-rekey-rcvd
snmp-server enable traps gdoi gm-rekey-fail
snmp-server enable traps gdoi ks-rekey-pushed
snmp-server enable traps gdoi gm-incomplete-cfg
snmp-server enable traps gdoi ks-no-rsa-keys
snmp-server enable traps gdoi ks-new-registration
snmp-server enable traps gdoi ks-reg-complete
snmp-server enable traps firewall serverstatus
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps rf
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server enable traps ethernet cfm alarm
snmp-server host 10.201.30.100 version 2c nf8y3%mc!ks
!
!
!
control-plane
!
!
banner motd ^Cotd#Welco^C
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 01100f175804
transport input ssh
!
scheduler allocate 20000 1000
!
end
Switch config:
W-SD-Admin-SG3-000#sh run
config-file-header
W-SD-Admin-SG3-000
v1.4.2.4 / R800_NIK_1_4_194_194
CLI v1.0
set system mode switch
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
default-vlan vlan 30
exit
vlan database
vlan 1,15,35
exit
voice vlan id 35
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00800f Mtitel_phone_____
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
voice vlan oui-table add 08000f Mitel_phone
no bonjour enable
hostname W-SD-Admin-SG3-000
no passwords complexity enable
passwords complexity min-classes 2
passwords aging 0
username cubs password encrypted 4084766cc943de81941d2a2df329b264b3642e84 privilege 15
username admin password encrypted d92342976d720ff38cf5dcb329be41959ab1ba6c privilege 15
ip ssh server
ip ssh password-auth
snmp-server server
snmp-server community NF8Y3%mC!Ks ro 10.201.30.100 view Default
no ip http server
clock timezone CST -6
clock summer-time DST recurring usa
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 10.201.30.254
ip telnet server
!
interface vlan 1
ip address 10.201.30.2 255.255.255.0
no ip address dhcp
!
interface vlan 15
name Wireless
!
interface vlan 35
name Voice
!
interface gigabitethernet1
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet2
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet3
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet4
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet5
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet6
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet7
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet8
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet9
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet10
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet11
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet12
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet13
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet14
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet15
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet16
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet17
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet18
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet19
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet20
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet21
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet22
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet23
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet24
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet25
spanning-tree link-type point-to-point
switchport trunk allowed vlan add 15,35
macro description switch
switchport default-vlan tagged
!next command is internal.
macro auto smartport dynamic_type unknown
!
interface gigabitethernet26
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet27
switchport trunk allowed vlan add 15,35
!
interface gigabitethernet28
switchport trunk allowed vlan add 15,35
!
exit
banner login ^C
ThIS IS A PRIVATE SYSTEM This system and all related equipment are only for authorized use. Unauthorized use may subject you to criminal prosecution. Use of this system constitutes consent to monitoring for these purposes.
^C
macro auto processing type host enabled
macro auto processing type router enabled
macro auto built-in parameters printer $native_vlan 30
macro auto built-in parameters desktop $max_hosts 10 $native_vlan 30
macro auto built-in parameters host $max_hosts 10 $native_vlan 30
macro auto built-in parameters ip_phone $max_hosts 10 $native_vlan 35
macro auto built-in parameters ip_phone_desktop $max_hosts 10 $native_vlan 30
macro auto built-in parameters switch $native_vlan 30
macro auto built-in parameters router $native_vlan 30
macro auto built-in parameters ap $native_vlan 15
ip default-gateway 10.201.30.100
W-SD-Admin-SG3-000#
06-01-2017 12:01 PM
Here is what I changed:
Router:G0/0.1 shutdown
Laptop: 10.201.30.4 255.255.255.0 10.201.30.254
I am now able to ping back forth between switch and router but not Cisco 5505 firewall.
Any suggestions?
06-01-2017 12:13 PM
Not sure of the significance of shutting down the G0/0.1 interface. Might want to send updated configs since so much has been done. As far as the firewall is concerned:
What is the IP of the firewall, which switchport is it connected to and what VLAN should it be in?
Does the router have an interface in the same network as the firewall. If so, can the firewall's IP be seen in the router's ARP table? Can you ping the firewall from the router?
Do you know if the firewall has the route to the 10.201.30.4 host?
Also, not 100% percent sure the firewall will respond to pings. Sometimes that is denied as part of the security policy.
06-01-2017 02:01 PM
06-02-2017 03:39 AM
Not familiar with the firewall side of things. From a network perspective if you are connecting the firewall to the G0/1 interface of the router, simply give the router interface the appropriate IP for connectivity to the firewall. Configure the LAN routes in the firewall to the router and depending on your network either create a default route in the router to the firewall or for whatever networks you want.
Regards
06-05-2017 07:30 AM
Hi Chris,
Here is what I have now:
Firewall:
Port 0 connect to GE0/0 on the router
Port 1 connect to laptop.
Router:
Added GE0/1 192.168.1.10.255.255.255.0
Laptop: 10.201.30.4 255.255.255.0 10.201.30.254
I can ping everything on the router from the firewall, but can't ping anything on the switch from the firewall.
What do you recommend?
Thanks
06-05-2017 07:44 AM
So you have a laptop connected to the firewall (with what IP?) and your other laptop (10.201.30.4) connected to the switch. You can ping all the router's interfaces from the laptop connected to the firewall, but you cannot ping the switch or laptop from the firewall. Correct?
Can you ping the switch and laptop (10.201.30.4) from the router?
Can you ping the switch and laptop (10.201.30.4) from the router using the G0/1 (192.168.1.10) interface as source?
06-05-2017 11:45 AM
1.That's correct.
2. No
3. How do you do that?
06-05-2017 11:57 AM
Your earlier post said you were able to ping between the switch and router. Has anything changed? Wouldn't worry about #3 until you can ping between the router and switch and laptop. I guess post the switch and router configs once again if you want.
06-05-2017 12:37 PM
06-06-2017 03:36 AM
On the switch try adding VLAN 30 as an allowed VLAN on the trunk to the router. Also, whatever port on the switch your 10.201.30,4 laptop is connected needs to be put in VLAN 30 also.
06-06-2017 09:32 AM
The laptop is connected to the firewall port 1 not the switch. Only connection on the switch is port1 going to Router GE0/1.
06-06-2017 09:45 AM
So if the laptop IP is 10.201.30.4 and is connected to the firewall and can't ping the router and switch?
If that is the case and the router and switch are 10.201.30.254 and .2 it won't work. You can't have the laptop behind the firewall with that address and have to cross the 192.168.1.x network to get to the same network.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide