Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2674
Views
0
Helpful
23
Replies

unable to ping other subnets from router

Go to solution
bericaleb
Level 1
Level 1

‎12-11-2007 06:09 PM - edited ‎03-05-2019 07:57 PM

I have a new router which I just configured and installed on SITE B which is connected to an X.21 DTU. The link to site A is up and I'm able to ping to Site A and all the way to Headoffice. I have a EIGRP 5 configured on both site A and site B routers. when I execute a command show ip route 1.1.1.0 on router at site B it's telling the subnet is not in the subnet table. When I do a ip eigrp 5 topology, I can only see site A and not the headoffice routes. I've now since added static routing on site B router. But it's still not helping. What am I missing, pls help

Labels:
0 Helpful
23 Replies 23

Go to solution
bericaleb
Level 1
Level 1
In response to Edison Ortiz

‎12-18-2007 09:38 PM

The device 160.8.32.21 is a main gateway switxh which does layer 3 too (ip routing). it does have a route for 160.8.86.0/24 configured on. On this switch there is a RCST with the address 10.254.4.9 that's directly connected to it. This is the device that server the link between our headoffice, the network provider and the site A & B. Site B goes via Site A in order for it to ride on this link back to head office.

Didn't quiet get you last last statement. Pls explain again.

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to bericaleb

‎12-19-2007 07:01 AM

Please post the show ip route from this device as well.

You should consider implementing some kind of dynamic routing protocol on all devices. It will help you on situations like this....

You mentioned before that you were able to ping from SiteB LAN to those devices but not access the applications ? Then it sound like an ACL issue somewhere in the path.

0 Helpful

Go to solution
bericaleb
Level 1
Level 1
In response to Edison Ortiz

‎12-19-2007 03:25 PM

We use EIGRP 5 as our dynamic routing protocol. The Network Service provider (for the link between SITE A and Headoffice )doesn't use the same dynamic routing protocol as ours. It's got it's own. So that is why it's a bit hard for us in this kind of situation. Yes I can ping the devices hosting these applications from SITE B, but I can't access the applications themselves.

You're right in saying it could be an ACL issue somewhere in the path as we're suspecting the Network Service provider could have some ACLs on their VSAT router.

I've requested if I could have a look at the configs which I haven't received.

I've attached here a show ip route for 160.8.32.21

Preview file
32 KB
0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to bericaleb

‎12-19-2007 04:18 PM

If you can ping them, then you have network reachability.

ACL must be the culprit.

0 Helpful

Go to solution
bericaleb
Level 1
Level 1
In response to Edison Ortiz

‎12-19-2007 04:41 PM

These are the ACLs on the Network Service Provider router.

access-list 10 permit 192.168.0.0 0.0.255.255

access-list 10 permit 10.254.0.0 0.0.255.255

access-list 101 permit tcp any any

access-list 103 permit tcp any 192.168.150.0 0.0.0.255

access-list 104 permit tcp 192.168.150.0 0.0.0.255 any

access-list 105 permit tcp 192.168.150.0 0.0.0.255 10.254.0.0 0.0.255.255

access-list 105 permit ip any 10.254.0.0 0.0.255.255

access-list 105 permit tcp 192.168.150.0 0.0.0.255 202.170.46.0 0.0.0.255

access-list 105 permit ip any 202.170.46.0 0.0.0.255

access-list 106 permit ip 10.254.0.0 0.0.255.255 192.168.200.0 0.0.0.255

access-list 110 deny tcp any any range 1433 1434

access-list 110 deny udp any any range 1433 1434

access-list 110 deny tcp any any eq 3128

access-list 110 deny tcp any any eq 3306

access-list 110 deny tcp any any eq 4444

access-list 110 deny tcp any any eq 6129

access-list 110 deny tcp any any eq 8967

access-list 110 deny udp any any eq 8998

access-list 110 deny tcp any any eq 11768

access-list 110 deny tcp any any eq 15118

access-list 110 deny tcp any any eq 20168

access-list 110 permit ip any any

access-list 111 permit ip any 10.254.4.0 0.0.0.7

access-list 111 permit ip any 160.8.85.0 0.0.0.255

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to bericaleb

‎12-19-2007 05:07 PM

I don't know where they are applied :)

Those can be security ACLs, QoS ACLs or Route-map ACLs.

Can't the Service Provider fix their own problem ? Not much of a 'service' from that provider :)

If you really need to get this going, you need to post the whole config.

0 Helpful

Go to solution
bericaleb
Level 1
Level 1
In response to Edison Ortiz

‎12-19-2007 05:26 PM

The full config is attached. Pls note the VLAN belonging to us on the config has a comment in brackets.

Preview file
8 KB
0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to bericaleb

‎12-19-2007 09:43 PM

______________

interface Vlan7 (THIS IS US)

description #### BSP VLAN ####

ip address 10.254.4.6 255.255.255.252

______________

This connects to what device ? It's not directly connected to SiteA's router.

Do me a favor, draw a diagram of this network.

My previous understanding you had:

(SiteB)->serial->(SiteA)->serial->(Head Office).

New routers are showing up and you aren't running any dynamic protocol between them. This is becoming a bit messy.

A diagram is needed, please.

0 Helpful

Go to solution
glen.grant
VIP Alumni
VIP Alumni

‎12-12-2007 04:40 PM

You dont have a network statement for your connection to the headoffice , add that and see what happens . Headoffice ip address does not fall under your 1 network statement . Check the headoffice end for the same thing.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card