3800RG, Cisco Routers and Static IPs

Question

I've got a block of 8 static IPs, one A.B.C.64 /29 - A.B.C.70 is my default gateway, my Cisco E2000 router runs my main home LAN and is doing just fine. I am using two of the RG's ports to run my U-verse set-top boxes via Ethernet, one for the WAN link on the E2000 and one goes to a 4-port DLink switch that then goes to a Cisco 2621XM. Everythings works super except the 2621... I have fa0/1 setup to A.B.C.66 (the E2000 is .65, btw) and I have fa0/0 set to 172.16.1.1 /24 and one PC connected to it set to 172.16.1.10 /24 with a default gateway of 172.16.1.1. I can ping A.B.C.70 from the 2621 just fine and I can ping an outside address such as Google, Apple, etc just fine. What is puzzling me to no end is why I CAN ping A.B.C.66 from the PC, and I CANNOT ping A.B.C.70???? What the heck, it's a directly connected interface; I cannot for the life of me understand this. The only thing I can come up with is that somehow the RG is not setting up a return route.

SomeJoe7777 · Accepted Answer

Two issues:1. The ip nat inside source statement is NATting to the wrong interface. Correct line:ip nat inside source list 1 interface FastEthernet0/1 overload2. The inside interface needs to be marked as such. Add this line in the FastEthernet0/0 interface config:ip nat insideThe reason you need both the ip default-gateway statement as well as the static default route statement is that the Cisco's use those two statements in different ways. The static default route statement affects packets that are passing through the router (i.e. being routed). The ip default gateway statement affects packets originating or terminating on the router (i.e. a ping command given at the Cisco IOS prompt).

SomeJoe7777 · Accepted Answer

You should be able to telnet into xxx.xxx.xxx.66.

Try to telnet into that address from a computer that's connected directly to the 2Wire router and on a private IP address (192.168.x.x). This will rule out any issue with the Cisco R1 router.

If that works, you should be able to telnet in from outside on the Internet as well.

Make sure the firewall is turned off for the Cisco (on the 2Wire router, go to Settings -> LAN -> IP Address Allocation, look for the Cisco R1 device, and set the firewall to disabled.)

Note that if you disable the firewall like this, you probably will want to enable some kind of firewall on the Cisco. Use the Context-Based Access Control (CBAC) style of firewall, it's the easiest to set up.

SomeJoe7777 · Answer

I've seen this happen on some Cisco's I've configured, and it's usually because there is a small issue in the Cisco config. A lot of times it's because you don't have NAT set up right. When you ping .70 from the Cisco, the Cisco is using .66 as the source, which doesn't involve NAT. When you ping .66 from the PC, the Cisco responds without invoking NAT. When you try to ping .70 from the PC, NAT has to be working right to get responses.

Post the Cisco config (xxx out your public IPs and any passwords) and we'll take a look.

ttx336 · Answer

I tried this before using NAT and with NAT, same result, this current config has NAT turned on. I am a novice so it is quite likely I have something setup wrong. For instance, it seems redundant to have both a default gateway to xxx.xxx.xxx.70 and also a quad-zero route, but I tried it just to see if it fixed it and haven't turned the default gateway back off. Another odd thing is that if I set up a quad-zero pointing directly to the fa0/1 it won't ping to the WAN, Google, Apple, etc, I must use the 0.0.0.0 0.0.0.0 xxx.xxx.xxx.70, why is that?

Here's my current config:

Building configuration...

Current configuration : 823 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 10
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 172.16.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address xxx.xxx.xxx.66 255.255.255.248
 ip nat outside
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
!
ip default-gateway xxx.xxx.xxx.70
ip nat inside source list 1 interface FastEthernet0/0 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.70
!
!
access-list 1 permit 172.16.1.0 0.0.0.255
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
!
end

ttx336 · Answer

thanks for the reply, I have corrected these via http and will test it when I get home tonight.

SomeJoe7777 · Answer

Very cool, let us know if it works.By the way, on your last question about why the static default route has to point to xxx.xxx.xxx.70 vice pointing to FastEthernet0/1 is because having a default route point to an interface is a valid configuration only for point-to-point interfaces, like T1, Frame-Relay, serial, etc. In the point-to-point interface case, there is only one other host that the interface can talk to.FastEthernet is a multipoint interface, so pointing the default route to the interface itself is not valid. It must point to an IP address within the subnet of that interface so that a single host on that logical network is designated as the default gateway.

ttx336 · Answer

awww geez! now I feel stupid!!! since you expalined it, that makes perfect sense, there's my inexperience showing, I have never used a static route except in lab and always pointing to a point-to-point connected interface...

btw, I had my son wake up the computer at home and I pinged it, it replied so I may be good now!! Once I get home and check it out and am sure I will post that this is solved....

Thanks, -Gary

ttx336 · Answer

my son tested pings to xxx.xxx.xxx.70 as well as out to the WAN and said it reported 100% success!! it's so nice to have computer literate kids at home, lol!! Thanks again so very much,Gary

SomeJoe7777 · Answer

Glad everything's working!

ttx336 · Answer

I've hit another snag in trying to get my complete lab running... R1 is doing great thanks to you... I added on R2 and R3 via WIC2T cards and Smart Serial cables. I have S0/0 on R1 set to 10.0.0.1 /30 and S0/1 set to 10.0.0.10 /30, R2 has S0/0 set to 10.0.0.2 /30 and S0/1 set to 10.0.0.5 /30; R3 has S0/1 set to 10.0.0.6 /30 and S0/0 set to 10.0.0.9 /30 I have EIGRP set up, all of the serial routes seems fine, but once again, I cannot ping the xxx.xxx.xxx.70 I took some shots in the dark with various static routes and NAT but to no avial. I have an EIGRP advertised route on R1 = xxx.xxx.xxx.64 and used "redistribute static"

so that 0.0.0.0 0.0.0.0 xxx.xxx.xxx.70 is shown as "gateway of last resort" on the other two routers.

I thought I had this working before, but maybe not, I had copied the running-config to the startup-config so they are as they were before I shut them (R2 and R3) off to concentrate on getting R1 working. It seems like with the PC connected to R1 being able to ping the .70 address the other two router surely should be able to, but that is not the case.

AT&T Community Forums

ttx336

3800RG, Cisco Routers and Static IPs

SomeJoe7777

SomeJoe7777

SomeJoe7777

ttx336

ttx336

SomeJoe7777

ttx336

ttx336

SomeJoe7777

ttx336

Did this help you?

ttx336

3800RG, Cisco Routers and Static IPs

SomeJoe7777

SomeJoe7777

SomeJoe7777

ttx336

ttx336

SomeJoe7777

ttx336

ttx336

SomeJoe7777

ttx336

Related Conversations

Did this help you?

Tags