problem in my home lab
the_return_of_the_Ring
Member Posts: 119
in CCNP
Although passed CCNA, I have to say I'm still bad at making a network.
Above is my lab. I got ospf working ok, can see every network in every router. From PC1, "ipconfig" shows "default gateway", "dns server" and "dhcp server" are 192.168.0.1, which is the wireless router's setup. PC2 works fine, can go to the internet. I configured 2600 as dhcp server to try if the new-released ip can work.
Here are the problems:
1.telnet into 2600, "sh ip dhcp binding" shows nothing! but from PC3, "ipconfig" shows its ip is 172.18.10.52. what's going on?
2. PC3 can't go to the internet, but PC3 can ping 192.168.0.1. why?
here's the configuration
2620:
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2620
!
enable secret 5 $1$rv50$/EjYIG4Ry6uCOV/vCt0ej0
enable password cisco
!
ip subnet-zero
!
!
ip dhcp excluded-address 172.18.10.1 172.18.10.50
!
ip dhcp pool 172.18.10.0/24
network 172.18.10.0 255.255.255.0
default-router 172.18.10.1
!
!
interface FastEthernet0/0
ip address 172.18.10.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
ip address 172.18.1.18 255.255.255.252
!
router ospf 11
log-adjacency-changes
network 172.18.0.0 0.0.255.255 area 0
!
ip classless
ip http server
ip pim bidir-enable
!
!
line con 0
top2520
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service tcp-small-servers
!
hostname top2520
!
boot-start-marker
boot system flash c2500-i-l.123-6.bin
boot-end-marker
!
enable secret 5 $1$CXdJ$pWkqsBrO/tkmVjbmnxvXJ0
enable password cisco
!
no aaa new-model
ip subnet-zero
!
!
interface Ethernet0
ip address 192.168.0.123 255.255.255.0
ip nat outside
no ip route-cache
!
interface Serial0
ip address 172.18.1.10 255.255.255.252
ip nat inside
no ip route-cache
clockrate 64000
!
interface Serial1
ip address 172.18.1.13 255.255.255.252
ip nat inside
no ip route-cache
!
interface Serial2
no ip address
shutdown
!
interface Serial3
no ip address
shutdown
!
interface BRI0
no ip address
no ip route-cache
shutdown
!
router ospf 3
log-adjacency-changes
network 172.18.0.0 0.0.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
!
ip nat pool goout 192.168.0.123 192.168.0.123 netmask 255.255.255.0
ip nat inside source list 2 pool goout overload
no ip http server
ip classless
!
!
access-list 2 permit 172.18.0.0 0.0.255.255
!
line con 0
Comments
-
Danman32
Member Posts: 1,243
For one thing, your 2620 is pointing to itself as the default gateway. It should be pointing to the directly connected interface of the bottom router, which you provided no specs for.
Overall, your diagram appears incomplete. All networks, all router interfaces need to be labeled.
I am assuming the wireless router is providing NAT? If not, then the router ahead of it (between it and the internet) may not know about the networks behind the wireless.
Even with NAT, I find it strange that you could ping the wireless private IP from PC3, since I would venture to guess that it does not have a routing table other than the default gateway to the internet. In such a case, it could receive packets from the 'far' networks (such as the network PC3 is attached to) but would not know where to send the response packets.
Remember when troubleshooting routing, packets have to travel both ways. I myself sometimes forget this, and assume default gateways alone would work, which is true for getting the packet out to the internet, but forget to trace packet routes from the internet back to the deepest (farthest away from the internet) host. -
the_return_of_the_Ring
Member Posts: 119
I realized, thanks for clearing. I'll make the change and see what happensDanman32 wrote:For one thing, your 2620 is pointing to itself as the default gateway. It should be pointing to the directly connected interface of the bottom router, which you provided no specs for.
I don't need to use those interfaces this time. Is there a convention to configure the interfaces even u don't use them?Danman32 wrote:Overall, your diagram appears incomplete. All networks, all router interfaces need to be labeled.
that's why i set up NAT on "top2520". I know that the wireless router will NAT/PAT the 192.168.0.X into a public address, so turning any 172.18.X.X into 192. will do it(i hope). This leads to my other question: How can I be sure the IP of "e0" of top2520(192.168.0.123) will be translated because it's not assigned by the wireless router. I simply think if PC3 can ping 192.168.0.1 will prove this, i might be wrong. But someone give me a clear explanation?Danman32 wrote:Even with NAT, I find it strange that you could ping the wireless private IP from PC3, since I would venture to guess that it does not have a routing table other than the default gateway to the internet. In such a case, it could receive packets from the 'far' networks (such as the network PC3 is attached to) but would not know where to send the response packets.
what about the first problem? -
Danman32
Member Posts: 1,243
Interfaces that you claim to be unused might end up being used when dealing with dynamic routing, unless something makes the cost force them to be lower priority. Shutting then down would take them off of being potential route paths.
So you have a double NAT. That sometimes can be a problem.
Can you get to the wireless router's HTTP configuration page from PC3? If so, that rules out routing and port blocking up to and including the wireless router itself.
I haven't seen a broadband router that is performing NAT care if it issued a backend host the IP address or if the IP address was static, as long as it is in the same network thus not violating routing rules, and isn't being blocked by firewall configs.
If for some reason the internet response being translated by the wireless ends up appearing as a separate communications. The overload keyword should be tracking this however.
Perhaps you might find the issue by SHOWing IP NAT TRANSLATIONS and DEBUG IP NAT.
I don't have enough experience configuring/troubleshooting DHCP on Cisco. However, on PC3 you can type IPCONFIG /ALL and it will display the IP address of the DHCP that it got the address from. -
rossonieri#1
Member Posts: 799 ■■■□□□□□□□
hello,
ok, your pc3 can ping the wireless router - simply because true that you have the same netmask by NAT of your top2520, but you dont have the authentication to go to the internet (the wireless router perform a basic function just like windows ICS:small DNS server etc...).
configure your top 2520 e0 to obtain DHCP is simply :
intf#ip address negotiate
cheers... : )the More I know, that is more and More I dont know. -
the_return_of_the_Ring
Member Posts: 119
thank you, ross! you gave real help. Now, the problem still the same. And I found some new interesting thing.
I'll post the new config of top2520, middle2520, 2620, and then show you the interesting stuff.
top2520
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service tcp-small-servers
!
hostname top2520
!
boot-start-marker
boot system flash c2500-i-l.123-6.bin
boot-end-marker
!
enable secret 5 $1$CXdJ$pWkqsBrO/tkmVjbmnxvXJ0
enable password cisco
!
no aaa new-model
ip subnet-zero
!
interface Ethernet0
ip address dhcp
ip nat outside
no ip route-cache
!
interface Serial0
ip address 172.18.1.10 255.255.255.252
ip nat inside
no ip route-cache
clockrate 64000
!
interface Serial1
ip address 172.18.1.13 255.255.255.252
ip nat inside
no ip route-cache
!
interface Serial2
no ip address
shutdown
!
interface Serial3
no ip address
shutdown
!
interface BRI0
no ip address
no ip route-cache
shutdown
!
router ospf 3
log-adjacency-changes
network 172.18.0.0 0.0.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
!
ip nat inside source list 2 interface Ethernet0 overload
no ip http server
ip classless
!
!
access-list 2 permit 172.18.0.0 0.0.255.255
!
line con 0
middle2520
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service tcp-small-servers
!
hostname middle2520
!
boot-start-marker
boot system flash c2500-i-l.123-6.bin
boot-end-marker
!
enable secret 5 $1$YBk4$S9gg.6FOBHS/4CNBDJEMe/
enable password cisco
!
no aaa new-model
ip subnet-zero
ip name-server 192.168.0.1
!
!
interface Ethernet0
no ip address
no ip route-cache
!
interface Serial0
ip address 172.18.1.5 255.255.255.252
no ip route-cache
clockrate 64000
!
interface Serial1
ip address 172.18.1.14 255.255.255.252
no ip route-cache
clockrate 64000
!
interface Serial2
no ip address
shutdown
!
interface Serial3
no ip address
shutdown
!
interface BRI0
no ip address
no ip route-cache
shutdown
!
router ospf 8
log-adjacency-changes
network 172.18.0.0 0.0.255.255 area 0
!
no ip http server
ip classless
!
!
line con 0
2620
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2620
!
enable secret 5 $1$rv50$/EjYIG4Ry6uCOV/vCt0ej0
enable password cisco
!
ip subnet-zero
!
!
ip dhcp excluded-address 172.18.10.1 172.18.10.50
!
ip dhcp pool 172.18.10.0/24
network 172.18.10.0 255.255.255.0
dns-server 192.168.0.1
default-router 172.18.10.1
!
interface FastEthernet0/0
ip address 172.18.10.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
ip address 172.18.1.18 255.255.255.252
!
router ospf 11
log-adjacency-changes
network 172.18.0.0 0.0.255.255 area 0
!
ip default-gateway 192.168.0.1
ip classless
ip http server
ip pim bidir-enable
!
!
line con 0
With the config above, I ping some websites from top2520 and middle2520.
top2520#ping www.yahoo.com
Translating "www.yahoo.com"...domain server (192.168.0.1) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.73.186.238, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/64/76 ms
top2520#ping www.ebay.com
Translating "www.ebay.com"...domain server (192.168.0.1) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.135.192.124, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
top2520#ping www.amazon.com
Translating "www.amazon.com"...domain server (192.168.0.1) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 207.171.166.102, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
middle2520#ping www.yahoo.com
Translating "www.yahoo.com"...domain server (192.168.0.1) [OK]
Translating "www.yahoo.com"...domain server (192.168.0.1) [OK]
Translating "www.yahoo.com"...domain server (192.168.0.1) [OK]
Translating "www.yahoo.com"...domain server (192.168.0.1) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.73.186.238, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
middle2520#ping www.ebay.com
Translating "www.ebay.com"...domain server (192.168.0.1) [OK]
Translating "www.ebay.com"...domain server (192.168.0.1) [OK]
Translating "www.ebay.com"...domain server (192.168.0.1) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.135.192.123, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
We can see, on top 2520 I can ping yahoo.com(also can ping my own website) but can't ping amazon and ebay. On middle2520, can't ping any outside website. Isn't this weired? I still can't go to the internet from pc3, if I didn't do the right thing in my lab, why top2520 can ping some of outside world? -
mikej412
Member Posts: 10,086 ■■■■■■■■■■
mwgood wrote:Can you post the routing table for each router?
and a traceroute?
You might want to check this link
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094374.shtml
Have you setup a default route within OSPF?
You've got your DNS server running on an IP that can be reached with your routing protocols-- so you've got the remote IP address -- but do you have a default route in your routing table? It still sounds like a simple routing issue (rather than a big fat fuzzy NAT issue).
If you create a static route on the 26xx using the 25xx NAT router as the destination -- does it work then? (ethernet 0 is going to the wireless/cable router, right?).
Amazon and eBay probably have security set not to allow ICMP traffic -- so stick with testing with yahoo.:mike: Cisco Certifications -- Collect the Entire Set! -
BubbaJ
Member Posts: 323
On the top2520, I wouldn't put the 192.168.0.0/16 in the OSPF process unless you make the interface passive, or you redistribute it to OSPF. You are sending hellos out of that interface which may not hurt anything, but it is a poor practice that can be a security hole. I doubt your wireless router knows anything about OSPF so it is not doing it any good.
You don't need to advertise that network into OSPF if you use the default-information originate always command. I don't know about now, but, once upon a time, this command (and the various ways it is used) were required knowledge for CCNP candidates. -
BubbaJ
Member Posts: 323
I don't believe you understand the ip default-gateway command that you have on the 2620. This is used when ip routing is turned off. Per Cisco:
This is where the default-information originate command on the top2520 will help you.To define a default gateway (router) when IP routing is disabled, use the ip default-gateway command in global configuration mode.
mikej412 is correct about Internet pings. They are very hit-or-miss; many sites now ignore ICMP. Find one that responds and stick with it. -
Danman32
Member Posts: 1,243
Just checked and verified Ebay and Amazon do not respond to pings.
I know google does, I use it all the time.
Note though that yahoo worked (responded) on TOP, but not MIDDLE, yet it was able to resolve through the wireless router.
I still would observe NAT translations. If there is indeed a routing problem, at least for outbound, you should see that, since if no NAT is attempted, the packet probably isn't getting to TOP to be translated. However, if TOP gets a reply and translates it, then there most likely is a route back problem.
How about showing the resulting route tables on the 3 routers? -
the_return_of_the_Ring
Member Posts: 119
Ok, let's make it simply now.
I'll tell you guys what each router can do under the newest configuration, then I post the newest configuration of top2520, middle2520, 2620, then the route table of them.
Still the same topology, now on top2520 i can ping any pingable websites, this is understandable because the e0 of top2520 got an 192.168.0.X ip from the wireless router automatically, just like pc1. The wireless's default gateway is 192.168.0.1, so it is the ip of dns server, dhcp server.
Except top2520, any device in my network can't ping outside world. but they can reach the dns server of the wireless router and get the ip of the unknown websites back. This means the packets can go through top2520 and come back! then why they can't ping outside?
Let's just make the question simple. Forget about 2620 and pc3, who can help me make the middle2520 ping the internet?
top2520
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service tcp-small-servers
!
hostname top2520
!
boot-start-marker
boot system flash c2500-i-l.123-6.bin
boot-end-marker
!
enable secret 5 $1$CXdJ$pWkqsBrO/tkmVjbmnxvXJ0
enable password cisco
!
no aaa new-model
ip subnet-zero
!
!
interface Ethernet0
ip address dhcp
ip nat outside
no ip route-cache
!
interface Serial0
ip address 172.18.1.10 255.255.255.252
ip nat inside
no ip route-cache
clockrate 64000
!
interface Serial1
ip address 172.18.1.13 255.255.255.252
ip nat inside
no ip route-cache
!
interface Serial2
no ip address
shutdown
!
interface Serial3
no ip address
shutdown
!
interface BRI0
no ip address
no ip route-cache
shutdown
!
router ospf 3
log-adjacency-changes
network 172.18.0.0 0.0.255.255 area 0
network 192.168.0.0 0.0.0.255 area 0
!
ip nat inside source list 2 interface Ethernet0 overload
no ip http server
ip classless
!
!
access-list 2 permit 172.18.0.0 0.0.255.255
!
line con 0
middle2520
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service tcp-small-servers
!
hostname middle2520
!
boot-start-marker
boot system flash c2500-i-l.123-6.bin
boot-end-marker
!
enable secret 5 $1$YBk4$S9gg.6FOBHS/4CNBDJEMe/
enable password cisco
!
no aaa new-model
ip subnet-zero
ip name-server 192.168.0.1
!
!
!
interface Ethernet0
no ip address
no ip route-cache
!
interface Serial0
ip address 172.18.1.5 255.255.255.252
no ip route-cache
clockrate 64000
!
interface Serial1
ip address 172.18.1.14 255.255.255.252
no ip route-cache
clockrate 64000
!
interface Serial2
no ip address
shutdown
!
interface Serial3
no ip address
shutdown
interface BRI0
no ip address
no ip route-cache
shutdown
!
router ospf 8
log-adjacency-changes
network 172.18.0.0 0.0.255.255 area 0
!
no ip http server
ip classless
!
!
!
line con 0
2620
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2620
!
enable secret 5 $1$rv50$/EjYIG4Ry6uCOV/vCt0ej0
enable password cisco
!
ip subnet-zero
!
!
ip host 2620
ip name-server 192.168.0.1
ip dhcp excluded-address 172.18.10.1 172.18.10.50
!
ip dhcp pool 172.18.10.0/24
network 172.18.10.0 255.255.255.0
dns-server 192.168.0.1
default-router 172.18.10.1
!
!
interface FastEthernet0/0
ip address 172.18.10.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
ip address 172.18.1.18 255.255.255.252
!
router ospf 11
log-adjacency-changes
network 172.18.0.0 0.0.255.255 area 0
!
ip classless
ip http server
ip pim bidir-enable
!
!
line con 0
middle2520#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.18.0.0/16 is variably subnetted, 5 subnets, 2 masks
O 172.18.1.16/30 [110/933] via 172.18.1.6, 00:26:04, Serial0
C 172.18.1.12/30 is directly connected, Serial1
O 172.18.10.0/24 [110/934] via 172.18.1.6, 00:26:04, Serial0
O 172.18.1.8/30 [110/128] via 172.18.1.6, 00:26:04, Serial0
[110/128] via 172.18.1.13, 00:26:04, Serial1
C 172.18.1.4/30 is directly connected, Serial0
O 192.168.0.0/24 [110/74] via 172.18.1.13, 00:26:05, Serial1
top2520#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.0.1 to network 0.0.0.0
172.18.0.0/16 is variably subnetted, 5 subnets, 2 masks
O 172.18.1.16/30 [110/933] via 172.18.1.9, 00:26:54, Serial0
C 172.18.1.12/30 is directly connected, Serial1
O 172.18.10.0/24 [110/934] via 172.18.1.9, 00:26:54, Serial0
C 172.18.1.8/30 is directly connected, Serial0
O 172.18.1.4/30 [110/128] via 172.18.1.9, 00:26:54, Serial0
[110/128] via 172.18.1.14, 00:26:54, Serial1
C 192.168.0.0/24 is directly connected, Ethernet0
S* 0.0.0.0/0 [254/0] via 192.168.0.1
2620#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
172.18.0.0/16 is variably subnetted, 5 subnets, 2 masks
C 172.18.1.16/30 is directly connected, Serial0/0
O 172.18.1.12/30 [110/192] via 172.18.1.17, 00:29:39, Serial0/0
C 172.18.10.0/24 is directly connected, FastEthernet0/0
O 172.18.1.8/30 [110/128] via 172.18.1.17, 00:29:39, Serial0/0
O 172.18.1.4/30 [110/128] via 172.18.1.17, 00:29:39, Serial0/0
O 192.168.0.0/24 [110/138] via 172.18.1.17, 00:29:39, Serial0/0
middle2520#ping www.yahoo.com
Translating "www.yahoo.com"...domain server (192.168.0.1) [OK]
Translating "www.yahoo.com"...domain server (192.168.0.1) [OK]
Translating "www.yahoo.com"...domain server (192.168.0.1) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.73.186.238, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
middle2520# -
Danman32
Member Posts: 1,243
I got it. Top knows how to get to any internet address (S* 0.0.0.0/0 [254/0] via 192.168.0.1 ) but middle does not. It only knows about 192.168.0.x, but not how to go to any addresses beyond that. Remeber, it isn't the internet destined address that gets translated, but what the internet sees as the calling address.
The DNS proxy (your wireless router) is reachable because it is in a routable address, so www.yahoo.com becomes resolvable, but the resolved address 209.73.186.238 is not routable; not in any routing entry in Middle. Add a route of last resort to middle and 2620, or get TOP to advertise the default, and I bet it will all work. -
BubbaJ
Member Posts: 323
You are not distributing the default route so the other routers have no way of knowing where anything not on the 192.168.0.0/16 and 172.18.0.0/16 networks is. If you will remove the 192.168.0.0/16 from OSPF on your top router, and use the default-information originate command, you should be successful.madonion wrote:Except top2520, any device in my network can't ping outside world. but they can reach the dns server of the wireless router and get the ip of the unknown websites back. This means the packets can go through top2520 and come back! then why they can't ping outside?
Let's just make the question simple. Forget about 2620 and pc3, who can help me make the middle2520 ping the internet?
The other routers and host will know all about the 172.18.0.0/16 networks, and anything they don't know about will go to top2520 that knows to send them out to your wireless router.
You have to remember, you are not getting OSPF from the wireless router or the Internet. You have to do something to address the unknown Internet addresses that you are trying to ping.
Properly, top2520 is an ASBR, but you are not letting it be one. Instead, you are trying to use the wireless router as an ASBR, but it doesn't run OSPF. -
the_return_of_the_Ring
Member Posts: 119
thanx! guys, especially danman32 and mike! It's just the "route of last resort" problem. after I added the command to middle2520, bottom2520, 2620, it all works, pc3 can go to internet.
maybe when it's hard to solve a problem, we better go down to the "packet" level. This morning while having breakfast, i let me think like i'm a packet, my mind got clear. Open the computer, danman32 just spoke out. thanks again! I think the different use of command in different IOS blew my mind out, plus i was a bit vague about the concept.
now, oops, another crisis
http://www.techexams.net/forums/viewtopic.php?t=16530 -
BubbaJ
Member Posts: 323
I still think you are doing it the hard way, and, if this is to be a practice lab, not the the Cisco way.
-
Danman32
Member Posts: 1,243
madonion wrote:maybe when it's hard to solve a problem, we better go down to the "packet" level. This morning while having breakfast, i let me think like i'm a packet, my mind got clear. Open the computer, danman32 just spoke out. thanks again! I think the different use of command in different IOS blew my mind out, plus i was a bit vague about the concept.
Yup, trace the packet flow. As I have said before though, don't forget the packet coming back with the response, as I often do with static (default) routes. -
the_return_of_the_Ring
Member Posts: 119
BubbaJ wrote:I still think you are doing it the hard way, and, if this is to be a practice lab, not the the Cisco way.
are you talking about double PAT and the advertising of 192.168.0.0/24 on top2520 in ospf, Bub? I tested it, while top2520 allow inside traffic out&in, traffic originated from outside can't ping inside devices. say, on pc1, you can't ping any node inside.
the cisco way is what i'm trying to learn, any opnion or suggestion is extremely welcomed. -
BubbaJ
Member Posts: 323
Not the double PAT, but that top2520 is an ASBR. Since it has a default route out, you should propagate that through OSPF rather than a setting on each router.madonion wrote:are you talking about double PAT and the advertising of 192.168.0.0/24 on top2520 in ospf, Bub?
PC1 has a default gateway to the wireless router. The wireless router has no knowledge of the 172.18.0.0/16 network so it sends those destinations to the Internet. Some wireless routers (I don't know your brand or model) can run RIP. If that is the case, you could run RIP between it and top2520, then redistribute OSPF to RIP which would let top2520 know about 172.18.0.0/16.madonion wrote:I tested it, while top2520 allow inside traffic out&in, traffic originated from outside can't ping inside devices. say, on pc1, you can't ping any node inside.
