Help with static routes. Host cant ping other networks

lildeezul · April 2008

Hi, im reading Lammle book, and i just begining ip routing.
well i configured all three of my routers with static routes of other networks not directly connected to them.
Heres the diagram

My problem is that host1 can ping 2501-2 or 2501-1 * why is that? host1 is running Xp pro

Also my second question is how come when a router ping a router on a different network its only 40-60% successful, why not 80-100%. can you please explain this to me.

My goal is to have host 1 ping atleast 2501-2, and vice versa, so that i could upload a IOS to my 2501 * becuase i dont have a transciever)

here are the running config of each router

2501-1#sh run
Building configuration...

Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 2501-1
!
enable secret 5 $1$FCwX$xUJ4UtQp1fZio8pVoR.m00
!
ip host 2501-1 192.168.30.2
ip host 2501-2 192.168.30.1 192.168.20.2
ip host 2611-1 192.168.10.1
ip host host1 192.168.10.2
!
!
!
!
process-max-time 200
!
interface Ethernet0
no ip address
shutdown
!
interface Serial0
description Connected to 2501-2
ip address 192.168.30.2 255.255.255.0
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
shutdown
!
ip classless
ip route 192.168.10.0 255.255.255.0 192.168.30.0 permanent
ip route 192.168.20.0 255.255.255.0 192.168.30.0 permanent
!
tftp-server flash c2500-is56i-l.113-11b.T2.bin-zero
tftp-server flash c2500-is56i-l.113-11b.T2.bin
banner motd ^C authorized permission only ^C
alias exec copy running-config startup-config wr
!
line con 0
password 7 00071C0817540703
logging synchronous
login
line aux 0
line vty 0 4
password 7 08354942071C11
login
!
end

2501-2#sh runBuilding configuration...

Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2501-2
!
enable secret 5 $1$SVJE$i1CIT3Gm/hY8EzNnnbHaW1
!
username cisco privilege 15 password 0 cisco
ip subnet-zero
ip host 2611-1 192.168.20.1 192.168.10.1
ip host 2501-1 192.168.30.2
ip host 2501-2 192.168.20.2 192.168.30.1
ip host host1 192.168.10.2
!
!
!
!
process-max-time 200
!
interface Ethernet0
no ip address
shutdown
!
interface Serial0
description DCE Connected to 2501-1
ip address 192.168.30.1 255.255.255.0
clockrate 125000
!
interface Serial1
description Connected to 2611-1
ip address 192.168.20.2 255.255.255.0
!
ip http server
ip http authentication local
no ip classless
ip route 192.168.10.0 255.255.255.0 192.168.20.0 permanent
!
banner login ^C
Final warning before you are terminated. Please disconnect if permission is not granted!!! ^C
banner motd ^C
Authorized access allowed. Please disconnect if permission is not granted. ^C
!
line con 0
password 7 110A160B041D0709
logging synchronous
login
line aux 0
password 7 094D5B11
login
line vty 0 4
password 7 06120A2D424B1D
login
!
end

2611-1#sh ru
Building configuration...

Current configuration : 1272 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2611-1
!
boot-start-marker
boot system flash c2600-i-mz.123-13.bin
boot-end-marker
!
enable secret 5 $1$.Yi8$o9cbns0KzNUCYzorpjXYG.
!
no aaa new-model
ip subnet-zero
ip cef
!
!
ip host 2611-1 192.168.10.1 192.168.20.1
ip host 2501-2 192.168.20.1 192.168.30.1
ip host 2501-1 192.168.30.2
ip host host1 192.168.10.2
!
!
username cisco privilege 15 password 0 cisco
!
!
!
interface Ethernet0/0
description Conneted To Host
ip address 192.168.10.1 255.255.255.0
full-duplex
!
interface Serial0/0
description WAN link DCE to 2501-2 DTE
bandwidth 64
ip address 192.168.20.1 255.255.255.0
clockrate 115200
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
ip http server
ip http authentication local
ip classless
ip route 192.168.30.0 255.255.255.0 192.168.10.0
ip route 192.168.30.0 255.255.255.0 192.168.20.0
!
!
tftp-server system
!
line con 0
password 7 0605002F5F41051C
logging synchronous
login local
line aux 0
line vty 0 4
privilege level 15
password 7 1403170702013E
login local
transport input telnet
line vty 5 15
privilege level 15
password 7 1403170702013E
login local
transport input telnet
!
!
end

Claymoore · April 2008

Have you checked the default gateway and other IP address settings on Host1?

Also, 2611-1 has two routes to 192.168.30.0:

ip route 192.168.30.0 255.255.255.0 192.168.10.0
ip route 192.168.30.0 255.255.255.0 192.168.20.0

One of those isn't correct, but the router will still load balance the routes since they have the same AD. That means either 2 or 3 packets (of the 5) will fail leading to a 60% or 40% fail rate. This configuration can also be responsible for your other packet failures.

lildeezul · April 2008

Aww. i see. so i should delete one, and try pinging again.??

my defualt gateway on my computer is 2611-1 E0/0 192.168.10.1

lildeezul · April 2008

HaHa. yep that was it.!! I deleted the ip route 192.168.10.0

thanks man.

But i still cant ping my host1 from 2501-1 or 2501-2

Claymoore · April 2008

You're welcome. It was probably not an intended outcome of this lab, but now you know how a router will load balance links.

For your next trick, try either disabling the windows firewall completely or enabling ICMP execptions in the windows firewall on Host1.

lildeezul · April 2008

Windows xp pro: doenst have firewalll, IFC is also turned off

lildeezul · April 2008

Ok. Hmm... i still cant figure it out.

host1 cant ping 2501-2 or 2501-1

even though i entered static routes, do i have to enable a routing protocol for host1 to be able to communicate with 2501-2 and 2501-1??

gojericho0 · April 2008

Can host 1 ping the 2611 on both the serial and Ethernet interfaces?

georgemc · April 2008

Double check where your static routes are pointing to. If you're not sure what I mean then re-read the rules for static routes in whatever book you're using.

George

hint: .0

lildeezul · April 2008

gojericho0 wrote:

Can host 1 ping the 2611 on both the serial and Ethernet interfaces?

Hi. host1 can only ping the ethernet interface of 2611. It cant ping the ser0/0 (192.168.20.1)

mikearama · April 2008

Throw up a "sh ip route" for the three routers... let have a looksee.

lildeezul · April 2008

2501-1#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR

Gateway of last resort is not set

C 192.168.30.0/24 is directly connected, Serial0
S 192.168.10.0/24 [1/0] via 192.168.30.0
S 192.168.20.0/24 [1/0] via 192.168.30.0
2501-1#

2501-2#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR

Gateway of last resort is not set

C 192.168.30.0/24 is directly connected, Serial0
S 192.168.10.0/24 [1/0] via 192.168.20.0
C 192.168.20.0/24 is directly connected, Serial1
2501-2#

2611-1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

S 192.168.30.0/24 [1/0] via 192.168.20.0
C 192.168.10.0/24 is directly connected, Ethernet0/0
C 192.168.20.0/24 is directly c

mikearama · April 2008

Can someone confirm this? I don't have any 2500's to try it on.

Deezul's got static entries that point to networks as next hops, not actual interfaces. IE,

ip route 192.168.30.0 255.255.255.0 192.168.20.0

So in the routing table, he has: S 192.168.30.0/24 [1/0] via 192.168.20.0

I can't find a single device on my network that has this kind of syntax. All of my static routes, in the routing table, point to actual interfaces (either next hop IP, or local interface). So the above line would read:

S 192.168.30.0/24 [1/0] via 192.168.20.2

Significant?

mwgood · April 2008

Why not just use next-hop IPs for your static routes?

Why are you using network addresses? And why "permanent?"

IMO, that confuses the matter.

gojericho0 · April 2008

I find it weird that he can't ping the serial interface on the first router...

By chance does the PC you are pinging from have a firewall on it? Since the Ethernet interface is on the same network and acts as the default gateway, it may have some allow rule on it allowing ICMP or ping traffic.

Since the serial belongs to a different network a firewall might consider this network "untrusted" and block the traffic

gojericho0 · April 2008

I would also run "debug ip icmp" on the 2611 to see if it is receiving the ping from the host on its serial int

lildeezul · April 2008

my firewall is off.

Hmm... How would i go about using the next hop address, instead of using the network address.

Or using the actual interface like mikearama

should i set them that way??

mwgood · April 2008

Next hop address static route...

For example (2501-1)

ip route 192.168.10.0 255.255.255.0 192.168.30.1

Use this format for the rest of the routes, ip route [network] [subnet mask] [next-hop ip]

lildeezul · April 2008

Ok i changed the routes. Check them and see if there ok!

2501-1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR

Gateway of last resort is not set

C 192.168.30.0/24 is directly connected, Serial0
S 192.168.10.0/24 [1/0] via 192.168.30.1
S 192.168.20.0/24 [1/0] via 192.168.30.1

2501-2#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR

Gateway of last resort is not set

C 192.168.30.0/24 is directly connected, Serial0
S 192.168.10.0/24 [1/0] via 192.168.20.1
C 192.168.20.0/24 is directly connected, Serial1

2611-1#sh ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

S 192.168.30.0/24 [1/0] via 192.168.20.2
C 192.168.10.0/24 is directly connected, Ethernet0/0
C 192.168.20.0/24 is directly connected, Serial0/0

ok after i configured them. i tried pinging again. no success

2501-1#ping 192.168.10.2Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
2501-1#

2501-2#ping 192.168.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Soulreaver · April 2008

im kind of a noob @ cisco but i dont really see no shutdown on those interfaces according to the config

lildeezul · April 2008

they up, because i can ping everything but the host

mikearama · April 2008

You won't see "no shutdown" if the interface is up. You will, however, see "shutdown" if the interface is down (note the e0 int's on the 2501's).

Also, deezul confirms the interfaces are up by pinging between the routers... it's just the 2611 that won't pass traffic from the host.

Weird.

lildeezul · April 2008

yep thats right.

Th 2611-1 wont pass the traffic.

but yeah each router can ping each routers interface.

gojericho0 · April 2008

did you try the debup ip snmp command? It will let you know any sent or received icmp traffic on that interface.

mikearama · April 2008

Hey deezul, here's a thought...

Let's rule out the host as a possible cause of the problem. How about taking the 2501-1, configuring the e0 interface to sit on the 192.168.10.0 lan (don't forget to add routes to the 20.0 network using 10.1 as your gateway), remove the host, and move it (the 2501-1) to the 10.0 network.

Now ping through the 2611... try to hit 20.1 and 20.2.

Might be interesting to see if the router has better results.

If it works, put the host on the 30.0 network, and see if you can ping 30.1 (which you should), and 20.2 (which, if it doesn't work, would mimic what you have happening right now from the 10 to 20 networks).

Mike

lildeezul · April 2008

i would try that if i could, but unfortunately i dont have any AUI transceiver, but i do have another 2611 router to try it on.

but once i get an transceiever i will try it out

lildeezul · April 2008

YES. I figured it out....

Ok this is what i did. my computer (host1) has 2 nic cards, one to my network, and the other to the internet.

I unplugged my internet and bam i could ping from host to all my routers, and routers to all my host.

Such a little thing cuased a big problem.

Does anyone know why this happened???

Thanks Mikearama, gojericho0, and mwgood, and everyone else who helped me.

Aaronfb · April 2008

Do you have the IP address and default gateway for your nic connected to your lab network set up right?

Claymoore · April 2008

lildeezul wrote:

YES. I figured it out....

Ok this is what i did. my computer (host1) has 2 nic cards, one to my network, and the other to the internet.

I unplugged my internet and bam i could ping from host to all my routers, and routers to all my host.

Such a little thing cuased a big problem.

Does anyone know why this happened???

Thanks Mikearama, gojericho0, and mwgood, and everyone else who helped me.

Having two NICs in the host isn't really a 'little thing'. That information would have been handy when I asked you to check your default gateway and other IP settings many posts ago.

Windows only supports multiple default gateways for redundancy - meaning the other gateway is only used when the NIC fails or is unplugged. If you had gone to a command prompt (Start-Run-Cmd) on your XP client and typed 'route print', the 0.0.0.0 route would have shown that you were using the other interface for your default gateway and not the interface connected to the 2611. That's why you couldn't ping the other router interfaces - the PC had no route to them. That's also why the other routers couldn't ping the host, because the host didn't have a way to send the response back to them. Although you can add static routes to your XP Client using the 'route add' command, which would also be good practice for your future corporate endeavors. Never know when that ability might come in handy.

At its most basic level, routing is routing whether it's done by Windows or Cisco.

Help with static routes. Host cant ping other networks

Comments