DSL/CAble->NT Server--> two Cisco Router/ Routing Prob

How are the 2501 and 2507 connected?

can you see them via "cdp neighbor detail" Do your connected interfaces show as up/up when you do a "show ip interface brief"

Hi

That's what I get when with "s ip int brief"

2501#s ip int brief
Interface IP-Address OK? Method Status Protocol
Ethernet0 10.0.0.6 YES manual up up
Serial0 unassigned YES unset administratively down down
Serial1 172.16.10.2 YES manual up up
2501#

They are connected through serial cable DTE/DCE.

Regards

First thing I notice is that you are using RIP, which is a classful routing protocol.

You entered your ethernet IP as 10.0.0.x 255.255.255.0 - so you are setting up IP addresses as if they were /24 or class C addresses. Then, you setup RIP as if you intended the network to be a /8 or Class A address. RIP is classful, so it is going to see the network as a Class A.

Something very similar happens with your serial connections - you set them up as 172.16.10.x with subnet of 255.255.255.0, yet when advertised by RIP, they are seen as 172.16.0.0 - a class B network.

It appears that you are assigning IP addresses that are different than the networks that RIP recognizes with your entries.

If you want to keep the same IP addresses, use a subnet of 255.0.0.0 for the 10.x.x.x network, and a subnet of 255.255.0.0 for the 172.16.x.x network.

Here is the info from the other router:
Cisco2507#s ip int brief
Interface IP-Address OK? Method Status Protocol
Ethernet0 10.0.0.7 YES manual up up
Serial0 unassigned YES unset administratively down down
Serial1 172.16.10.4 YES manual up up
Cisco2507#

I do see now that you are running RIP version 2 - which can handle non-classful advertisements, but....

You also have the "no ip classless" command in place - which leads me to think that either you are wanting specifically to play with RIP version 2, but forgot to use the ip classless command, OR you might want to use RIP version 1.

Unless you are getting wild and crazy here

) and playing with RIP version 2 - which isn't covered on the CCNA exam, then I would suggest using plain old RIP.

I still have the same problem, I can't ping the Ether from the either router.

That what I have now for the both Routes:

interface Ethernet0
description connected to EthernetLA
ip address 10.0.0.7 255.0.0.0
no ip directed-broadcast
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1
description connected to 2501
bandwidth 56
ip address 172.16.10.3 255.255.0.0
no ip directed-broadcast
clockrate 56000
!
router rip
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
no ip classless
!
banner motd ^CRouter 2507^C
!
line con 0
exec-timeout 0 0
password 7 030D5F010718
login
transport input none
line aux 0
line vty 0 4
password 7 030D5F010718
login
!
end

2501

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname 2501
!
enable password idjaw
!
ip subnet-zero
ip name-server 10.0.0.1
!
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 10.0.0.6 255.0.0.0
no ip directed-broadcast
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1
description connected to Cisco2507
ip address 172.16.10.2 255.255.0.0
no ip directed-broadcast
!
router rip
network 10.0.0.0
network 172.16.0.0
!
no ip classless
!
!
line con 0
exec-timeout 0 0
password idjaw
login
transport input none
line aux 0
line vty 0 4
password idjaw
login
!
end

LOL.

It just dawned on me that you don't even need a routing protocol for this setup!

What you've got is 2 routers back to back - no need to advertise routes, since all networks are directly connected - shouldn't hurt though.

Can you ping the serial interfaces? You now have me wondering whether you are using a straight through ethernet cable or crossover? You should probably be using a crossover cable for this setup.

I am trying to ping the Ethernet of 2501 from 2507, and vice versa, and still it doesn't work.

I am using a stright through cable from a the CABLE/Router to 2501 Eth (10.0.0.6) and connecting my PC to the 2507 Router/Hub thorugh a straight through cable.

from the 2501 I can ping IP on the LAN, since it is hooked to the HUB in the CABLE/Router.

Yes I can ping the serial int. from either router, but I can't go beyond the Serial port. Just for testing I connected the Ethernet cable from ethernet port on 2501 into the Hub the of the 2507, the ping will work, but it will not through the Serial ports.

what your saying that I need to get rid of RIP?

No, I'm not saying you need to get rid of RIP. Originally, it looked like you were connecting the two ethernet ports directly to each other, the same as your serial connection between the routers[in that case RIP would be unnecessary], but I think maybe I was just confused by the fact that you assigned the ethernet port on the 2501 an address on the same network as the IP address you assigned to the ethernet interface on the 2507. Unless those 2 ethernet ports are connected to each other, they need to be on different networks.

Let's clarify - the 2 routers are connected only by a DCE and DTE serial cables, correct? There is no ethernet cable connecting the two routers, right?

IF - that is correct - then you definitely need RIP [or at least a routing protocol] - but you need to assign IP addresses on the ethernet interfaces on 2 different networks. Then change your RIP network entries to match the connected networks for each router.

What address did you assign the ethernet card on the PC?

Let me see if I understand your setup:

Internet -->DSL/CABLE NAT Device--> NT Server-->Eth0(10.0.0.6)-2501CISCO-S1(172.16.10.2)-->
S1(172.16.10.3)2507-Eth0(10.0.0.7)-> Internal Network

If that is how you have it set up, then you definitely need to put the eth0's on each router on different networks.

Say that you change the Eth0 on the 2507 to 192.168.1.1 subnet 255.255.255.0, then you would have on ....

Router 2501:
router rip
network 10.0.0.0
network 172.16.0.0

Router 2507
router rip
network 172.16.0.0
network 192.168.1.0

Also, to access the internet, make sure your Internal Network has the default gateway set to the Eth IP of the 2507.

YOUR RIGHT, YOUR DA MANNNNNNNNNNNNNNNNN

Finaly it worked, I change the IP address of the 2501 router to 192.168.x.x and configured RIP accordingly and that fixed the problem,

So, that means that the routers when they where on the same network RIP got confuse and didn;t where to route?

Does that make sence what I said?

Thanks

Ok, so you are using serial 1 and did not mention that the routers are connected to each others ethernet ports via a crossover, hub, or switch.

This means that you have two 172.16.0.0 networks with a 10.0.0.0 network between them. They aren't going to talk.

The routers are connected with each other only through the Serial Ports.

It is not that rip didn't know how to route. It is that each router had a direcly connected route to the 172.16 network. It will always send all packets for the 172.16. network out ethernet 0, never serial 1.

wgeorges wrote:

Finaly it worked, I change the IP address of the 2501 router to 192.168.x.x and configured RIP accordingly and that fixed the problem,

So, that means that the routers when they where on the same network RIP got confuse and didn;t where to route?

Does that make sence what I said?

Yes, it makes sense. And yes, that is basically correct. It doesn't work to setup a route to a network when it's being advertised as being in two different places at once.

Anyway, the reason I was initially confused by your setup was because I thought "obviously" you wouldn't have both ethernet connections on the same network if they weren't connected and actually on the same network. Then it dawned on me that was exactly the mistake - that they should be on different networks.

If I would have not overlooked your diagram at the very top, I should've spotted it immediately.

Glad you are working.

I thought maybe a better explanation is in order. Especially since this is a good learning experience for studying for the CCNA.

When you had two separate networks on the 10.0.0.0 network setup on each ethernet interface on each router, the ip route table would give an administrative distance [AD] of 0 since each router sees the 10.0.0.0 network as a "connected" network.

Each router would also have an AD of 120 for the remote 10.0.0.0 network that it learned via RIP.

The connected network will always take priority since it has the lowest AD, so when you try to ping the remote 10.0.0.0 network, it will always send out traffic to the locally connected network - which explains why you could ping with your serial connection, but not through to the remote ethernet interface.

Thanks a lot for your help, I really appriciated the info you gave me, that helped a lot.

I have one more qtion for you, it is regarding the security.

The way my routers are configured, is there any security being set, I am more used to a NAT firewall were I block ports, what about access-list .... whats the best practice for securing the routers and the network?

Regards

wgeorges wrote:

what about access-list .... whats the best practice for securing the routers and the network?

I'm no expert on security - that's a whole 'nother can of worms, but I might just mention that you are behind NAT, which provides some security by making your network all private IP space.

Beyond that, it's really up to you - from a hardware firewall to a software firewall, to fiddling with access lists on your Cisco routers.

Personally, I'm fine with being behind NAT and running the XP SP2 firewall - but again, I'm pretty much a security neophyte.

Good luck