Thanks for your post

Here is the status of the fa0/24

test#sh int fa0/24

FastEthernet0/24 is up, line protocol is up (connected)

  Hardware is Fast Ethernet, address is 001c.b18f.ca9a (bia 001c.b18f.ca9a)

  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 100Mb/s, media type is 10/100BaseTX

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output 00:00:08, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     5225 packets input, 811710 bytes, 0 no buffer

     Received 4714 broadcasts (0 multicast)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 2914 multicast, 0 pause input

     0 input packets with dribble condition detected

     7907 packets output, 510983 bytes, 0 underruns

     0 output errors, 0 collisions, 2 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 PAUSE output

     0 output buffer failures, 0 output buffers swapped out

Yes all ports are on vlan1 or they should be because that is the default vlan on all interfaces

Cisco 831 config:

Internet831#sh run

Building configuration...

Current configuration : 9645 bytes

!

! Last configuration change at 11:24:18 EDT Wed Jun 1 2011

! NVRAM config last updated at 11:24:29 EDT Wed Jun 1 2011

!

version 12.4

no service pad

service timestamps debug uptime

service timestamps log datetime localtime show-timezone

service password-encryption

!

hostname Internet831

!

boot-start-marker

boot system flash c831-k9o3sy6-mz.124-13a.bin

boot-end-marker

!

memory-size iomem 5

logging buffered 14096 debugging

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring 1 Sun Apr 0:00 last Sat Oct 0:00

!

!

no ip dhcp use vrf connected

!

ip dhcp pool 0

   network 192.168.4.0 255.255.255.0

   default-router 192.168.4.1

   dns-server 4.2.2.1

!

!

ip cef

!

!

!

!

!

!

!        

!

!

interface Ethernet0

description LAN

ip address 192.168.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Ethernet1

description WAN

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

!

interface Ethernet2

description NOT USED

no ip address

ip nat inside

ip virtual-reassembly

shutdown

!

interface FastEthernet1

description Web/FTP Server/DNS

duplex auto

speed auto

!

interface FastEthernet2

description Exchange/DNS/TFTP/TACACS

duplex auto

speed auto

!

interface FastEthernet3

description Linux Server

duplex auto

speed auto

!

interface FastEthernet4

description Wireless/Multimedia/Cisco Lab

duplex auto

speed auto

!        

!

no ip http server

no ip http secure-server

!

ip nat inside source list 1 interface Ethernet1 overload

!

!

access-list 1 permit 192.168.4.0 0.0.0.255

access-list 23 permit 192.168.4.0 0.0.0.255

access-list 23 permit 192.168.5.0 0.0.0.255

!

tftp-server flash:c831-k9o3sy6-mz.124-2.T4.bin

!

!

control-plane

!

line con 0

logging synchronous

no modem enable

line aux 0

line vty 0 4

access-class 23 in

exec-timeout 30 0

logging synchronous

login

!

scheduler max-task-time 5000

ntp clock-period 17180175

ntp server 128.138.140.44

end

Boyds_Internet831#sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  192.168.4.50            0   Incomplete      ARPA  

Internet  192.168.0.13            -   0011.216f.af12  ARPA   Ethernet1

Internet  192.168.0.1             0   0009.0f59.2236  ARPA   Ethernet1

Internet  192.168.4.1             -   0011.216f.af11  ARPA   Ethernet0

Internet  192.168.4.2             0   0018.8b66.75b8  ARPA   Ethernet0

Internet  192.168.4.22           19   001c.b18f.cac0  ARPA   Ethernet0

I don't think it's anything to do with the Cisco 831 because I connected the Cisco 3400 to my Peplink load balenace router and it did the exact same thing.

Hi,

on the 3400 can you do a debug arp while pinging 4.2.2.1 and on 831 can you do a sh ip int eth0 and a sh ip nat trans at the same time

Also on 831 do a sh ip route.

Post all these here.

Regards.

Alain.

Here is the information you requested
Hope it helps!

test#ping 4.2.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Internet831#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.0.1 to network 0.0.0.0

C    192.168.4.0/24 is directly connected, Ethernet0
     192.168.0.0/26 is subnetted, 1 subnets
C       192.168.0.0 is directly connected, Ethernet1
S*   0.0.0.0/0 [254/0] via 192.168.0.1

Internet831#sh ip int eth0
Ethernet0 is up, line protocol is up
  Internet address is 192.168.4.1/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Feature Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain inside
  BGP Policy Mapping is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled

Internet831#sh ip nat trans
Pro Inside global         Inside local          Outside local         Outside global
icmp 192.168.0.13:17      192.168.4.22:17       4.2.2.1:17            4.2.2.1:17
udp 192.168.0.13:123      192.168.4.50:123      128.138.140.44:123    128.138.140.44:123

ok,

Can you do this on 831:

1) create extended acl permitting pings from any to any

    access-list XXX permit icmp any any

2) direct debug output to buffer

   no logging console debug

  logging buffered 10000

logging buffered debug

3) apply this ACL to a debug

debug ip packet detail XXX

4) run your ping from 192.168.4.2 to 4.2.2.1

5) show log to view the debug output and copy-paste then send here.

Regards.

Alain.

I added into ACL for cisco 831:

access-list 100 permit icmp any any

then ran command:

Ineternet831#debug ip packet detail 100

IP packet debugging is on (detailed) for access list 100

If I ping from the 3400 to the 831 (pinged 192.168.4.1) nothing was logged

If I ping from the 831 to the 3400 (pinged 192.168.4.22) logged the following:

12w0d: IP: tableid=0, s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), routed via FIB

12w0d: IP: s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), len 100, sending

12w0d:     ICMP type=8, code=0

12w0d: IP: tableid=0, s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), routed via FIB

12w0d: IP: s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), len 100, sending

12w0d:     ICMP type=8, code=0

12w0d: IP: tableid=0, s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), routed via FIB

12w0d: IP: s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), len 100, sending

12w0d:     ICMP type=8, code=0

12w0d: IP: tableid=0, s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), routed via FIB

12w0d: IP: s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), len 100, sending

12w0d:     ICMP type=8, code=0

12w0d: IP: tableid=0, s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), routed via FIB

12w0d: IP: s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), len 100, sending

12w0d:     ICMP type=8, code=0

Hi,

That's really weird because we should see the echo-replies and I wonder why the echo-requests aren't seen on the router as you have no ACL denying pings.But that is not the important thing what I wanted to see is if there was a response back from 4.2.2.1  and so the test was pinging 4.2.2.1 while doing the debug but as always I forgot that debug packets are process switched packets and so you'll have to disable cef temporarily to see these debugs.

So let's try it another way: Can you do a traceroute to 4.2.2.1 on 3400.

Regards.

Alain.

test#traceroute 4.2.2.1

Type escape sequence to abort.
Tracing the route to

1  *  *  *

  2  *

23:03:41: IP ARP: rcvd req src 192.168.4.1 0011.216f.af11, dst 192.168.4.50 Vlan

1 *  *

  3  *  *  *

  4  *  *  *

  5  *  *  *1  *  *  *
  2  *
23:03:41: IP ARP: rcvd req src 192.168.4.1 0011.216f.af11, dst 192.168.4.50 Vlan
1 *  *
  3  *  *  *
  4  *  *  *
  5  *  *  *

times out to 30

ok,

so it seems the 831 can't get to 4.2.2.1, can you do a ping from 831 to 4.2.2.1

Regards.

Alain.

4.2.2.1 is just a L3 DNS server

the 831 works fine and I'm online with my PC behind it now

Yes I can ping from the 831 to 4.2.2.1

Internet#ping 4.2.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout in 2 secounds:

!!!!!

Seccess rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20 ms

I know 4.2.2.1 is a dns server but i must admit i'm at loss here wheter it is because i'm very tired or because i'm missing something very obvious i don't know but for me this weird.

let's summarize:

-your 3400 can ping the 831 internal address

-your 831 can ping 4.2.2.1

-your nat is working properly on 831 as we observed

-But you can't ping 4.2.2.1 from 3400 and traceroute miserably fails at first hop which is 831 router

-did we try pinging from 3400 to outside interface of 831 router? did it work? it should

Let's try some more debug if it possible:

while pinging to 4.2.2.1 from 3400( 192.168.4.22) disable cef with global config command no ip cef then redo the debug ip packet detail XXX where XXX is the ACL permitting icmp any any

do also a debug ip nat  XXX

Regards.

Alain.

I do thank you for your help

I just wanted to make sure you knew what the 4.2.2.1 is

no it can not (-your 3400 can ping the 831 internal address)

yes it can (-your 831 can ping 4.2.2.1)

yes it is (-your nat is working properly on 831 as we observed)

correct (-But you can't ping 4.2.2.1 from 3400 and traceroute miserably fails at first hop which is 831 router)

yes we did and it didn't (-did we try pinging from 3400 to outside interface of 831 router? did it work? it should)

no ip cef is not a command

test(config)#no ip cef
                            ^
% Invalid input detected at '^' marker.

test(config)#no ip ?

Global IP configuration subcommands:

  access-list           Named access-list

  accounting-list       Select hosts for which IP accounting information is kept

  accounting-threshold  Sets the maximum number of accounting entries

  accounting-transits   Sets the maximum number of transit entries

  address-pool          Specify default IP address pooling mechanism

  alias                 Alias an IP address to a TCP port

  arp                   IP Arp features

  default-gateway       Specify default gateway (if not routing IP)

  dhcp                  Configure DHCP server and relay parameters

  dhcp-client           Configure parameters for DHCP client operation

  dhcp-server           Specify address of DHCP server to use

  domain                IP DNS Resolver

  domain-list           Domain name to complete unqualified host names.

  domain-lookup         Enable IP Domain Name System hostname translation

  domain-name           Define the default domain name

  finger                finger server

  ftp                   FTP configuration commands

  gdp                   Router discovery mechanism

  gratuitous-arps       Generate gratuitous ARPs for PPP/SLIP peer addresses

  host                  Add an entry to the ip hostname table

  gdp                   Router discovery mechanism

  gratuitous-arps       Generate gratuitous ARPs for PPP/SLIP peer addresses

  host                  Add an entry to the ip hostname table

  host-routing          Enable host-based routing (proxy ARP and redirect)

  hp-host               Enable the HP proxy probe service

  http                  HTTP server configuration

  icmp                  ICMP options

  igmp                  IGMP global configuration

  local                 Specify local options

  name-server           Specify address of name server to use

  radius                RADIUS configuration commands

  rcmd                  Rcmd commands

  reflexive-list        Reflexive access list

  security              Specify system wide security information

  source                IP source

  source-route          Process packets with source routing header options

  sticky-arp            Allow the creation of sticky ARP entries

  subnet-zero           Allow 'subnet zero' subnets

  tacacs                TACACS configuration commands

  tcp                   Global TCP parameters

  telnet                Specify telnet options

  tftp                  tftp configuration commands

ok,

so for cef you could try interface command( on the 831) : no ip route-cache cef on both ethernet interfaces.

But you're saying: we can't ping 831 interfaces and 4.2.2.1 but at the same time your nat translation is done( which is done after routing so we know nat and routing on the 831 is ok but it is also confirmed by the fact the 831 can ping 4.2.2.1.

But looking at all your previous tests we know the 3400 and the 831 each have the correct MAC in their arp cache  so L2 connectivity between the 2 should be good and at the same time when pinging from 3400 to 831 showed nothing in the debug but pings from 831 to 3400 showed the echo-requests going out without any problem but the ping was unsuccessful so there is a problem on the 3400 or the link between 3400 and 831

Can you do a sh mac address-table dynamic vlan 1 as  well as sh int f0/24 switchport

Regards.

Alain.

you are correct in your statements above

Here are the commands you requested:

test# sh mac address-table dynamic vlan 1
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    0011.216f.af11    DYNAMIC     Fa0/1
Total Mac Addresses for this criterion: 1

test#sh int f0/24 switchport

Name: Fa0/24
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Capture Mode Disabled
Capture VLANs Allowed: ALL

Unknown unicast blocked: disabled
Unknown multicast blocked: disabled

Appliance trust: none

I would update the IOS on the switch to see if that fixes it but it will not route anything

I have a cisco corp acct or whatever where I can download all the IOS's I want