Help with Home Lab...

bbbngowc

Hello, I've just started my studies (again) for the CCNA Exam. I have a home lab with:

2 x 2500 Router
1 x 1912 Switch

I also have a DSL connection and a Linksys Router. The linksys router is configured as a gateway and connected directly to my DSL Modem. I've already configure my E0 interface on one of the routers with a private address and subnet mask. I've also configured the default gateway. I would like to access the router from remote locations to practice some commands, so, I configured my Linksys Router with Port Forward (port 23) to my Cisco Router however, I can't telnet to it from outside my LAN. Can you help me get this working?

DSL Mode --> Linksys Router (with port forwarding) --> Cisco 2514 Router

I can access the router from any computer on my lan without any problems but I can not access it from the internet, nor can the router ping any Internet Addresses.

.....

Danman32

Does the router have the correct default gateway and IP in relation to the private address of the Linksys router? If the router doesn't have a default gateway configured to the IP address of the linksys, it won't know where to send packets that need to exit the LAN to the internet. It also won't be able to send a respond packet to the forwarded packet it can receive for the same reason.

It might help to see the network diagram for the other router, the 1912 switch and the other PCs. If you have the PC's behind the 2514, then the linksys may not have a route to get to the network on the far side of the 2514. That's a common mistake I used to and sometimes still make: forget about the route back to the source host for the response packet coming back from the internet. But if that was the problem, the PCs would not be able to get on the internet through the router.

But I think what you are saying is the PCs are connected to the linksys which is also a switch, and the router is connected simply as a host for now. In that case, it sounds like the router doesn't have a default gateway configured.

bbbngowc

Hey Man, thanks for responding.

At present, my pc's all connect directly/wirelessly through the linksys router so they're fine and they can browse the internet without any problems. The other router and switch is not connected as yet. Just the one 2514 router.

Yes the Default Gateway IP is correct....

Dsl Modem --> Linksys --> 2514.

Danman32

bbbngowc wrote:

Yes the Default Gateway IP is correct....

Dsl Modem --> Linksys --> 2514.

On the 2514 router? Can you ping the Linksys?

Maybe you can post the relevant portions of the router config script?

bbbngowc

Yes I can ping the gateway with no problems.

2514#sh run
Building configuration...

Current configuration : 697 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 2514
!
enable secret 5 $1$nJMM$Nk8AA6O6IX.zNciQHqOJM0
!
ip subnet-zero
no ip domain-lookup
!
!
!
!
interface Ethernet0
ip address 192.168.1.2 255.255.255.0
no ip mroute-cache
no mop enabled
!
interface Ethernet1
ip address 192.168.2.1 255.255.255.0
no ip mroute-cache
!
interface Serial0
no ip address
no ip mroute-cache
shutdown
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
!
ip default-gateway 192.168.1.1
ip classless
ip http server
!
!
!
line con 0
password 7 1508021B002531777B
line aux 0
line vty 0 4
password 7 05110F182543545A4A
login
!
end

Danman32

Hmm, everything looks correct, assuming you are connected to the correct interface, but if you weren't, then the other PCs would not be able to telnet to the router, nor could the router ping the Linksys.

Maybe its something screwy on the Linksys that's not accepting the IP or mac address of the 2514 to pass through to the internet.

mikej412

bbbngowc wrote:

Yes I can ping the gateway with no problems.

So your linksys internal IP is 192.168.1.1
Your 2514 is 192.168.1.2
The rest of your PCs are also on the 192.168.1.0 network, right?

PCs are wireless? wired? both? And they all work, right?

All your local machines can telnet and http to the router, right?
Your router can ping the linksys internal IP and the rest of the local PCs, right?

All the PCs can access the internet, right?

Now for the real questions -- what did you ping on the internet from the router? Did you ping something like www.yahoo.com from a PC to get an IP address (and make sure the server responds to pings) and then ping that ip address from the router?

Did you do a traceroute from the router? How far did/does it get?

You should be able to ping something on the internet. The default-gateway command should send local router packets out... but you could always add a default static route on the 2514 to the linksys and make sure ip routing is enable on the router.... (yeah, shouldn't have to right now with just the one router, but then it should be working).

Does your linksys have a valid public IP address on its external (WAN) interface? Or does your DSL modem also do NAT? [hint] if you don't pass through the public IP to your Linksys, you may be trying to telnet to your DSL modem and it would never hit your linksys to get forwarded through [/hint]

bbbngowc

Hey Mike, thanks....to answer your questions....

The rest of your PCs are also on the 192.168.1.0 network, right? YES

PCs are wireless? wired? both? And they all work, right? BOTH / THEY WORK.

All your local machines can telnet and http to the router, right? YES

Your router can ping the linksys internal IP and the rest of the local PCs, right? YES

All the PCs can access the internet, right? YES

Now for the real questions -- what did you ping on the internet from the router? I TRIED TO PIND GOOGLE.COM AND YAHOO.COM FROM THE 2514, DIDN'T GET A RESPONSE FROM EITHER SITE.

Did you ping something like www.yahoo.com from a PC to get an IP address (and make sure the server responds to pings) and then ping that ip address from the router? YES I DID THIS. GOT REPLIES FROM GOOGLE.COM AND YAHOO.COM ON THE SERVER, DIDN'T GET REPLIES WHEN PINGED FROM THE ROUTER.

Did you do a traceroute from the router? How far did/does it get? TRACEROUTE TIMESOUT AT THE ROUTER. IT DOES NOT ATTEMPT TO CONNECT TO THE DEFAULT GATEWAY.

You should be able to ping something on the internet. The default-gateway command should send local router packets out... but you could always add a default static route on the 2514 to the linksys and make sure ip routing is enable on the router.... (yeah, shouldn't have to right now with just the one router, but then it should be working). I'LL GIVE THIS A TRY AND LET YOU KNOW HOW IT WENT.

Danman32

I too thought about the possible double nat issue between the modem and the linksys router, which would explain the inability to telnet to the router from the internet. However, it would not explain why the router could not ping internet IPs whereas the PCs could. Right now, the router is no different than the PCs.

I have seen situations where traceroute fails at the IP before the IP of the router that is causing the problem. At least I have when tracerouting from a PC, not as sure about traceroute from a Cisco router.

I too was wondering if you wer pinging something that was resolveable and would accept pings. Google does accept pings. Note thought that your Cisco router is not configured for DNS, so you can only ping by IP from there, not by name.

www.google.com is IP 64.233.167.99 and google.com is same (used to be different). As you know, it does respond to pings.
Did an NSLookup on www.google.com and google.com, there are other IPs for those FQDNs.

sprkymrk

Could this be something as simple as requiring an uplink connection to the Linksys from the Cisco instead of plugging into one of the switch ports? Crossover cable?
When everything else seems correct, go back to layer 1, then test layer 2, etc.
I also agree a double NAT issue could be the problem.

mikej412

Well... the double NAT could be the next problem for the inbound connection.

Since this should be working now (as just another dumb IP host).... it might be something as silly as an IOS bug with the default-gateway command....

We need an update! and maybe some debug output next!

bbbngowc

hello gents:

Well I didn't set the static route on the router but I did set a gateway of last resort and I am now able to telnet to my router from outside my network.

Thanks to the pros who offered suggestions.

Off to CCNA end of July (perhaps early August).

Danman32

bbbngowc wrote:

hello gents:

Well I didn't set the static route on the router but I did set a gateway of last resort and I am now able to telnet to my router from outside my network.

Thanks to the pros who offered suggestions.

Off to CCNA end of July (perhaps early August).

Isn't that what 'ip default-gateway 192.168.1.1' is supposed to do?

I suppose we should have displayed the routing table.

I knew it couldn't be a physical problem like a crossover cable, or else no other hosts would be able to reach the Cisco router, or vice versa.

Double nat again could have played into not being able to telnet from the outside, but should not have affected pinging from the router out any more than it did for the PCs.

Glad you got it resolved though. So you basically added a static route to network 0.0.0.0 0.0.0.0 via 192.168.1.1?

sprkymrk

Danman32 wrote:

I knew it couldn't be a physical problem like a crossover cable, or else no other hosts would be able to reach the Cisco router, or vice versa.

Not really. The other computers would have been only accessing the Cisco via the switch, no problem there. The router-to-router connection could have been affected though. Remember the Linksys router has 2 parts - a WAN port (hooked to the modem) and 4 LAN ports that are basically just a 4 port switch. Anything talking on the switch was fine, but the router portion of the Linksys could have had trouble talking to the Cisco. I have seen this in some other situations, not necessarily with this setup, but similar.

bbbngowc

Danman32 wrote:

So you basically added a static route to network 0.0.0.0 0.0.0.0 via 192.168.1.1?

Well I didn't use the "static" command. If it sets the route as static then...I simply typed: ip route 0.0.0.0 0.0.0.0 192.168.1.1

And before that (actually before I posted) I had typed: ip default-gateway 192.168.1.1. I wasn't able to connect until I set the gateway of last resort.

Danman32

sprkymrk wrote:

Danman32 wrote:

I knew it couldn't be a physical problem like a crossover cable, or else no other hosts would be able to reach the Cisco router, or vice versa.

Not really. The other computers would have been only accessing the Cisco via the switch, no problem there. The router-to-router connection could have been affected though. Remember the Linksys router has 2 parts - a WAN port (hooked to the modem) and 4 LAN ports that are basically just a 4 port switch. Anything talking on the switch was fine, but the router portion of the Linksys could have had trouble talking to the Cisco. I have seen this in some other situations, not necessarily with this setup, but similar.

That shouldn't be the case. The router is simply an internal connection to a virtual 5th port on the built-in switch. Most switches today will do auto-crossover anyway.

Now a misconfiguration of a duplex setting could cause issues. But not crossover. The switch's port's tranceiver's transmitter has to be connected to the reciever on the host, no matter if the host is a router or a PC. And the switch port's reciever to the to the other host's transmitter. It won't work if the transmitter is wired to the transmitter and the reciever to the receiver. Even if the switch employs cut-through, each port has its own transciever. The switching circuitry simply connects the reciever of one port to the transmitter of another, and vice versa.

I have had a problem with my Belkin barfing communications when I forced one of my PCs to full duplex because the interface kept trying to re-negotiate auto-speed and disconnecting while it did. The switch on these all-in-one consumer routers don't have any appreciable buffering, which caused dropped packets. That was only evident though in large TCP transmissions, such as file transfers. Pinging which has such a small connectionless packet was not an issue.

sprkymrk

Danman32 wrote:

sprkymrk wrote:

Danman32 wrote:

I knew it couldn't be a physical problem like a crossover cable, or else no other hosts would be able to reach the Cisco router, or vice versa.

Not really. The other computers would have been only accessing the Cisco via the switch, no problem there. The router-to-router connection could have been affected though. Remember the Linksys router has 2 parts - a WAN port (hooked to the modem) and 4 LAN ports that are basically just a 4 port switch. Anything talking on the switch was fine, but the router portion of the Linksys could have had trouble talking to the Cisco. I have seen this in some other situations, not necessarily with this setup, but similar.

That shouldn't be the case. The router is simply an internal connection to a virtual 5th port on the built-in switch. Most switches today will do auto-crossover anyway.

Now a misconfiguration of a duplex setting could cause issues. But not crossover.

Maybe, but it happened to me twice, and until I used a crossover cable it simply didn't work the way it should. Once was a Cisco 2500 and a 3COM Office Connect Internet Firewall (a higher-end SOHO kind of router) about 4 years ago and I don't remember what hardware was in use the other time. I've only been in networking for about 8 years, and I've already seen some wierd stuff with those SOHO switches and routers.

Danman32

I suppose a cheap switch could make a direct electrical connection between two ports without electrical buffering (like using a CMOS switch), but the switch has to buffer the frame at least to the destination address unless it connects all ports together up until the destination address is determined, but that would cause runts with every single frame.