Trouble with an ROAS config

veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
I did an Router-on-a-Stick (ROAS) lab and although I setup everything like the lab said, I can't ping from one subnet to another. I can ping the gateway from host to gateway, but not across subnets. I used my 2501s as host since I didn't have extra PCs. Here is a diagram of my lab and the sho runs.



PC Left:

R1#sho run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R1
!
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 172.12.2.2 255.255.255.0
no ip directed-broadcast
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip default-gateway 172.12.2.1
ip classless
!
!
line con 0
transport input none
line aux 0
line vty 0 4
!
end


PC Right:

R2#sho run
Building configuration...

Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname R2
!
!
!
interface Ethernet0
ip address 172.12.4.2 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
ip default-gateway 172.12.4.1
no ip classless
!
line con 0
line aux 0
line vty 0 4
login
!
end

Router:

Router-on-a-Stick#sho run
Building configuration...

Current configuration : 946 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router-on-a-Stick
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 172.12.2.1 255.255.255.0
!
interface FastEthernet0/0.4
encapsulation dot1Q 4
ip address 172.12.4.1 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

Switch:

Switch#sho run
Building configuration...

Current configuration : 858 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 2
!
interface FastEthernet0/2
switchport access vlan 4
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
switchport mode trunk
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
!
line con 0
line vty 5 15
!
!
end

Comments

  • MrBrianMrBrian Member Posts: 520
    I think I know what's going on here. Try doing a "no ip routing" on the two routers that you want to act as PC's. If you want a cisco router to emulate a PC you have to turn off ip routing.

    The two 2501 routers you're using to emulate PC's are still acting as routers, I believe. If you have ip routing enabled on the router, then the "ip default-gateway" command won't do anything. That command is only good for switches or other non-routers. In other words, since IP routing is still enabled, the router will examine it's routing table to forward traffic. You can ping the router on a stick because the two "pc's", which are actually still acting as routers, are looking at their routing table and see they are directly connected to those networks, so they just arp for it. So when the left "pc" tries to ping 172.12.4.2, it will see if it has a route in its routing table, which it doesn't. When you turn off ip routing then it will send it to the default-gateway, which is your ROAS.

    To recap, try "no ip routing" on the router you want to act as a PC, then add your default-gateway command to it, then do "sho ip route" and you should see one line stating the default gateway address and you won't see a routing table anymore until you reactivate ip routing. Everything else appears to be configured right I think.. Hth
    Currently reading: Internet Routing Architectures by Halabi
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Sure enough! I guess that was a good learning experience, and one I'm not likely to forget any time soon.
  • MrBrianMrBrian Member Posts: 520
    Haha, yea I was looking over your configs for awhile and I'm thinking.. it looks fine to me.. so what the heck is going on here. Then I reread and find your key words "I used my 2501's as pc's." And I've set up labs like that before and this same thing happened to me. Good times.

    Also, check out this video. It's what I came across when it happened to me, and it's cleared things up a lot at the time. This guy makes some great vids, highly recommended. Default-Gateway vs Default-Network Cisco - YouTube
    Currently reading: Internet Routing Architectures by Halabi
  • alan2308alan2308 Member Posts: 1,854 ■■■■■■■■□□
    Sure enough! I guess that was a good learning experience, and one I'm not likely to forget any time soon.

    You say that now, but if I had a nickel for every time I forgot to check the return path or Windows firewall on the remote host when a ping failed... icon_mrgreen.gif
Sign In or Register to comment.