Re: 2951 Routing Issues - Page 2

jbatchos1 · ‎11-07-2013

I have a 2951 and I'm trying to consolidate from 2 ISP connections down to 1. Current setup is 1 ISP is strictly for guest access, the other is for internal office access.

From the console I can ping all interfaces, clients on each interface and I can ping to the outside world. If I put my computer on the guest interface (gig0/1) or the office interface (gig0/2), I can ping only to the local interface I am connected to.

Example. When connected to interface gig0/1 I can ping 10.1.8.1 (ip of int gig0/1) and that's it.

The router config is vanilla, no access-lists, etc. I pulled it out ,configured the hostname, interfaces, and set an IP route.

Show IP route and Show Run to follow.

Gateway of last resort is 192.168.10.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.10.1

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks

C 10.1.0.0/24 is directly connected, GigabitEthernet0/2

L 10.1.0.7/32 is directly connected, GigabitEthernet0/2

C 10.1.8.0/21 is directly connected, GigabitEthernet0/1

L 10.1.8.1/32 is directly connected, GigabitEthernet0/1

192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.10.0/24 is directly connected, GigabitEthernet0/0

L 192.168.10.2/32 is directly connected, GigabitEthernet0/0

Building configuration...

Current configuration : 4487 bytes

!

! Last configuration change at 09:22:28 Eastern Thu Nov 7 2013 by admin

! NVRAM config last updated at 09:24:02 Eastern Thu Nov 7 2013 by admin

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname XXXX

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

clock timezone Eastern -5 0

clock summer-time Eastern recurring

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-3345044724

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3345044724

revocation-check none

rsakeypair TP-self-signed-3345044724

!

crypto pki certificate chain TP-self-signed-3345044724

certificate self-signed 01

quit

no ipv6 cef

ip source-route

ip cef

!

ip domain name <REMOVED>

ip name-server 8.8.8.8

ip name-server 8.8.4.4

!

multilink bundle-name authenticated

!

voice-card 0

!

license udi pid CISCO2951/K9 sn <REMOVED>

hw-module pvdm 0/0

!

username <REMOVED>

!

redundancy

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description GATEWAY

ip address 192.168.10.2 255.255.255.0

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description GUEST Network

ip address 10.1.8.1 255.255.248.0

duplex auto

speed auto

!

interface GigabitEthernet0/2

description OFFICE Network

ip address 10.1.0.7 255.255.255.0

duplex auto

speed auto

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip route 0.0.0.0 0.0.0.0 192.168.10.1

!

access-list 199 permit ip any any

!

nls resp-timeout 1

cpd cr-id 1

!

control-plane

!

mgcp profile default

!

gatekeeper

shutdown

!

line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

privilege level 15

login local

transport input telnet ssh

line vty 5 15

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

ntp server 64.113.32.5 prefer

ntp server 216.171.148.102

end

Richard Burts · ‎11-08-2013

Jason

Sorry that did not fix the issue. Perhaps when you are ready to work on this again it might help to give us some understanding of how things were/are that is working and what you are changing to that is not working.

HTH

Rick

HTH

Rick

Richard Burts · ‎11-08-2013

Jason

It was late when the thought occurred to me that the problem might be address translation and I posted my suggestion about doing translation. In the clarity of morning when I look at my suggestion I see a flaw in what I suggested. In addition to those commands you should also do

interface gig0/0

ip nat outside

interface gig0/1

ip nat inside

interface gig0/2

ip nat inside

When you get a chance to get back to it give this a try and let us know if it helps.

HTH

Rick

HTH

Rick

jbatchos1 · ‎11-08-2013

Rick,

Thank you I will give that a try as soon as I can. In the mean time, here's a quick drawing of how we are now and what I'm trying to do.

Richard Burts · ‎11-08-2013

Jason

Thanks for the drawing. I have a couple of questions based on that but probably should wait until you are ready to work on this again to get into them (especially when we know whether the revised address translation is helpful).

HTH

Rick

HTH

Rick

Talha Ansari · ‎11-07-2013

Few things that erupted in my mind...

- Lets assume the translation is happening correctly then are you able to ping the outside world from your router if interface gig0/1 or 0/2 is chosen as source?

Whats the result of this ---- # ping 8.8.8.8 source gig 0/1

Also, would suggest you to remove these two lines from the config if you are not using these features -

# ip source-route

# ip forward-protocol nd

Negate the above commands if these features aren't used and let us know if there is any difference.

Regards,

Talha.

jbatchos1 · ‎11-07-2013

ping 8.8.8.8 source gig0/2 --- Does not work.

negated the commands:

# ip source-route

# ip forward-protocol nd

above ping still does not work.

Talha Ansari · ‎11-07-2013

If that is not working then try the extended ping.

# ping ---- hit enter

.

Target IP Address : 8.8.8.8

.

Extended Command : Y

.

Source Address Or Interface : gigabitethernet0/2 ---- or type in the gig 0/2 interface ip address

.

After negating the said commands are you able to ping all the router interfaces from your desktop?

Regards,

Talha

jbatchos1 · ‎11-07-2013

Did not work.