04-02-2010 12:28 PM - edited 03-06-2019 10:26 AM
Hi all,
i've setup a basic routing infrastructure with vlans, the cisco (GE0/0 208.105.69.43, GE 0/1 vlan local) is attached to the cable modem (208.105.69.41).
if i ping google from the cisco it goes fine:
blackDevil# ping google.it
Translating "google.it"...domain server (24.29.99.35) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.85.229.104, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/92/96 ms
blackDevil#
but from a local computer i can:
ping 10.0.102.10
PING 10.0.102.10 (10.0.102.10): 56 data bytes
64 bytes from 10.0.102.10: icmp_seq=0 ttl=255 time=1.382 ms
64 bytes from 10.0.102.10: icmp_seq=1 ttl=255 time=1.549 ms
64 bytes from 10.0.102.10: icmp_seq=2 ttl=255 time=1.345 ms
^C
--- 10.0.102.10 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.345/1.425/1.549/0.089 ms
but if i try to ping google.it i get "unknown host google.it"
the following is the "debug ip detail accesslist 195"
*Apr 2 18:14:13.348: IP: s=10.0.102.56 (GigabitEthernet0/1.2), d=10.0.102.10, len 55, input feature
*Apr 2 18:14:13.348: UDP src=60800, dst=53, MCI Check(66), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 2 18:14:13.348: FIBipv4-packet-proc: route packet from GigabitEthernet0/1.2 src 10.0.102.56 dst 10.0.102.10
*Apr 2 18:14:13.348: FIBfwd-proc: Default:10.0.102.10/32 recieve entry
*Apr 2 18:14:13.348: FIBipv4-packet-proc: packet routing failed
*Apr 2 18:14:13.348: IP: tableid=0, s=10.0.102.56 (GigabitEthernet0/1.2), d=10.0.102.10 (GigabitEthernet0/1.2), routed via RIB
*Apr 2 18:14:13.348: IP: s=10.0.102.56 (GigabitEthernet0/1.2), d=10.0.102.10 (GigabitEthernet0/1.2), len 55, rcvd 3
*Apr 2 18:14:13.348: UDP src=60800, dst=53
*Apr 2 18:14:13.348: IP: s=10.0.102.56 (GigabitEthernet0/1.2), d=10.0.102.10, len 55, stop process pak for forus packet
*Apr 2 18:14:13.348: UDP src=60800, dst=53
*Apr 2 18:14:13.348: IP: s=10.0.102.56 (GigabitEthernet0/1.2), d=10.0.102.10, len 55, input feature
*Apr 2 18:14:13.348: UDP src=46368, dst=53, MCI Check(66), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 2 18:14:13.348: FIBipv4-packet-proc: route packet from GigabitEthernet0/1.2 src 10.0.102.56 dst 10.0.102.10
*Apr 2 18:14:13.348: FIBfwd-proc: Default:10.0.102.10/32 recieve entry
*Apr 2 18:14:13.348: FIBipv4-packet-proc: packet routing failed
as you can see it receives the dns request and the routing fails, do you think is something about vlan routing ? seams strange to me... i didn't yet tried without...here is my configuration:
blackDevil#show run
Building configuration...
Current configuration : 5176 bytes
!
! Last configuration change at 16:36:02 UTC Fri Apr 2 2010 by admin
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname blackDevil
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip domain list mydomain.org
ip domain name mydomain.org
ip host cisco 10.0.102.10
ip name-server 24.29.99.35
ip name-server 24.29.99.36
ip name-server 10.0.102.7
!
multilink bundle-name authenticated
!
username admin privilege 15 secret 5 $1$..B6$69fkXasdefgEyWTeeogA.
!
redundancy
!
interface GigabitEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$FW_OUTSIDE$$ETH-WAN$
ip address 208.105.69.43 255.255.255.248 secondary
ip address 208.105.69.46 255.255.255.248
ip broadcast-address 208.105.69.47
duplex auto
speed auto
!
!
interface GigabitEthernet0/1
description $FW_INSIDE$
ip address 10.0.101.1 255.255.255.0
duplex auto
speed auto
!
!
interface GigabitEthernet0/1.1
description DMZ
encapsulation dot1Q 4
ip address 10.0.104.1 255.255.255.0
!
interface GigabitEthernet0/1.2
description MZ (trace ny private zone)
encapsulation dot1Q 2
ip address 10.0.102.10 255.255.255.0
!
ip forward-protocol nd
!
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip default-network 208.105.69.41
ip route 0.0.0.0 0.0.0.0 208.105.69.41 permanent
!
access-list 1 permit 10.0.102.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 195 permit ip 0.0.0.56 255.255.255.0 any
!
control-plane
!
!
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
what do you think ?
thanks a lot!
kky
Solved! Go to Solution.
04-02-2010 12:35 PM
kky
Where is NAT occuring to change the 10.x.x.x addresses to public internet addresses ? Is it on the cable modem
Also what DNS server is configured on the client. If windows client can you post "ipconfig /all" from the pc.
Can you ping IP internet IP addresses from the client ?
Jon
04-02-2010 12:35 PM
kky
Where is NAT occuring to change the 10.x.x.x addresses to public internet addresses ? Is it on the cable modem
Also what DNS server is configured on the client. If windows client can you post "ipconfig /all" from the pc.
Can you ping IP internet IP addresses from the client ?
Jon
04-02-2010 01:04 PM
good questions ! just what i needed on a friday afternoon..
so i've configured the nat and changed the dns from the router to the cable modem and it works !
thanks !!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide