Weard networking

I'm doing some Cisco lab. The computer I'm using now has two NIC. One NIC is connected to the Internet (Cable Internet) so I can post here:). The other NIC (192.168.1.10) is connected to a Cisco 2950 switch. The Switch is then connected to the FE0 on Cisco 1750 router (192.168.1.1). The router was wiped clean with "erase start". The following shows I can ping this PC from the router. But strangely Ping can also reach an host 192.168.1.9 that I'm not aware of. How can I find out where this host is? Could this host be from the Internet?

R1#show ip int br
Interface IP-Address OK? Method Status Protocol
Async1 unassigned YES NVRAM down down
FastEthernet0 192.168.1.1 YES manual up up
Serial1 192.168.2.1 YES manual down down
R1#
R1#ping 192.168.1.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R1#ping 192.168.1.9

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R1#

So from the router, I can reach this PC 192.168.1.10. But from this PC, if I try to ping the router's fe0 port 192.168.1.1, it fails. Its ping output looks weird too. The ping went to 24.29.148.249. Where is that? And why does TTL expire?

C:\Users\user>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:
Reply from 24.29.148.249: TTL expired in transit.
Reply from 24.29.148.249: TTL expired in transit.
Request timed out.
Reply from 24.29.148.249: TTL expired in transit.

Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

JoshyJ

Best thing to do would be to do a traceroute to see the path taken to get to that host. Chances are you dont have a route to your lab router and instead are going out through your default gateway.

mdomino

What I would do to make this problem a little easier to swallow is set up two networks. I have my 192.168.1.x network which is connected to the internet and my primary NIC, and then I have the 172.16.x.x network which is connected to my secondary NIC and all of my lab gear. This makes it easier, for me, to troubleshoot because knowing that the devices are on different subnets forces them to cross the router.

Also, on the 192.168.1.9 issue, if this is the same network used by your ISP router that IP could've been issued to an iPad, laptop, cell phone with wifi or a kid outside stealing your internet. You can check that router's DHCP lease table and see to who and what it has given each specific IP.

pamccabe

You can also use arp to get the mac address of the IP. Then, use a tool like wireshark to look up the mac address OUI. See who the manufacturer is, which might help you narrow it down. I had this problem months ago with an IP that was being handed out. Couldn't figure it out until I looked up the mac address. Found it came from a Canon device, and eventually found that the printer under my desk had the wifi enabled. It's worth looking into.

pogue

If you have two network cards active on your PC, remember that your PC will use the internet connection to reach any IP not in it's routing table. (PCs have routing tables as well...)

You can see the PCs routing table (If it is a windows system) by opening up a DOS prompt and typing route print.

In order to tell the PC that you want to reach the 192.168.1.0 network through your second NIC, you have to use the following command in DOS (run CMD.exe as an administrator first) -

route add 192.168.1.0 mask 255.255.255.0 192.168.1.1 -p

The -p is a persistent switch so that the PC will "remember" the manually inputted route across reboots.

Try this first and let us know... This is basically the same thing that you have to do when connecting GNS3 network to your internet connection. Windows by default wants to take one path to all unknown networks...

Another thing to look for.. You do not have a default gateway set on the 192.168.1.10 NIC, do you? This can throw the routing off and give weird results.

Please make sure to update your progress, as some of the other CCNA candidates might run into this issue.

Thanks,

Russ

theodoxa

If the TTL is expiring, you have a routing loop.

[edit] Upon a further look, it appears that the PC is sending the ping out to your ISP. Your ISP's router should simply drop the packet [since its destined for an RFC 1918 address], but for some reason it seems that it is forwarding it from router to router until the TTL [which is intended to kill loops] expires.

alxx

did you erase startup config then restart the router ?

what does show running-config give ?

what does show cdp neighbor give ?

Whats the switches ip ?

pamccabe

Also, the 2950 Catalyst switch series is setup for dhcp autoconfiguration. My guess is that it has been assigned an IP. If you are familiar with the CLI you can check its IP rather easily.

workfrom925

pamccabe wrote: »

Also, the 2950 Catalyst switch series is setup for dhcp autoconfiguration. My guess is that it has been assigned an IP. If you are familiar with the CLI you can check its IP rather easily.

You are right. 192.168.1.9 turns out to be the switch's VLAN1.