Cisco newbie with a routing problem with Cisco 2621

Discussion in 'Cisco' started by Rick Bruner, Oct 25, 2006.

  1. Rick Bruner

    Rick Bruner Guest

    We recently changed providers, which has caused all sorts of headaches
    for me. The new ISP does not provide routers, but the sales rep found
    us a Cisco 2621 and someone to program it. Seeing as how I have had
    to have the programming corrected a couple of times already, I suspect
    my routing problem might stem from the Cisco.

    We have 4 concurrent Class C addresses, and all but one of the Class
    C's are working fine. The last one, xxx.xxx.208.1, will not allow
    access to certain (not all) websites or ftp servers. I have
    eliminated the DNS and DHCP on my end as the culprit (I believe), so
    I'm stuck with thinking the Cisco may be the problem.

    I'm at a complete loss here, as I'm not a Cisco person, and really
    need some direction. Does any of this make sense? I have posted my
    config below, if it is any help.

    Thanks for any help anyone can offer me!!

    Rick

    The current config is below:

    Using 1104 out of 29688 bytes
    !
    version 12.3
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname INET
    !
    boot-start-marker
    boot-end-marker
    !
    enable password xxxxxxxxxx
    !
    memory-size iomem 20
    no aaa new-model
    ip subnet-zero
    ip cef
    !
    !
    !
    ip name-server xx.x.xx.xx
    ip name-server xx.x.xx.xx
    !
    !
    !
    !
    interface FastEthernet0/0
    description connected to xxxxxxxx
    ip address xx.xxx.xxx.xx 255.255.255.252
    no ip proxy-arp
    duplex auto
    speed auto
    arp timeout 30
    !
    interface FastEthernet0/1
    description connected to DHCP
    ip address xxx.xxx.206.1 255.255.255.0 secondary
    ip address xxx.xxx.207.1 255.255.255.0 secondary
    ip address xxx.xxx.208.1 255.255.255.0 secondary
    ip address xxx.xxx.205.1 255.255.255.0
    duplex auto
    speed auto
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
    ip route xxx.xxx.206.0 255.255.255.0 FastEthernet0/0
    ip route xxx.xxx.207.0 255.255.255.0 FastEthernet0/0
    ip route xxx.xxx.208.0 255.255.255.0 FastEthernet0/0
    ip http server
    !
    snmp-server community xxxxxxxx RO
    !
    line con 0
    line aux 0
    line vty 0 4
    password xxxxxxxxx
    login
    !
    !
    end
     
    Rick Bruner, Oct 25, 2006
    #1
    1. Advertising

  2. Rick Bruner schrieb:
    > ip route 0.0.0.0 0.0.0.0 FastEthernet0/0


    Ouch, direct ethernet route ;-). You should use

    ip route 0.0.0.0 0.0.0.0 x.x.x.x

    instead, where "x.x.x.x" is the IP address of the other end of our
    FastEthernet0/0 link (your default gateway). If your config works, your
    ISP seems to have proxy-arp enabled but this is not a good solution in
    my opinion. I avoid such setups strictly.

    > ip route xxx.xxx.206.0 255.255.255.0 FastEthernet0/0
    > ip route xxx.xxx.207.0 255.255.255.0 FastEthernet0/0
    > ip route xxx.xxx.208.0 255.255.255.0 FastEthernet0/0


    Ouch again, much more direct ethernet routes ;-). You should remove this
    part because:

    a) "FastEthernet0/0" seems to be the wrong direction, because your /24s
    resides behind "FastEthernet0/1" ?

    b) those extra route configurations are superfluous because your cisco
    knows the networks already due to the "interface" configuration before

    I don't know if this will solve your ftp/webserver problem at all, but
    it may be a beginning.

    --
    Gerald (ax/tc)
     
    Gerald Krause, Oct 25, 2006
    #2
    1. Advertising

  3. Rick Bruner

    Rick Bruner Guest

    Gerald,

    Thanks for the response. I don't think it helped my routing issue at
    all (I'm still testing), but boy howdy did it affect our network
    speed!! Everyone had been complaining about the speed of this new
    10mb pipe, but as soon as I made the changes you recommended, network
    speed went off the chart! I may still have problems with that fourth
    Class C, but right now no one is noticing. Thanks for making my life
    at least somewhat better!

    By the way, with our old ISP, I was able to use a subnet mask of
    255.255.252.0 (the range was xx.xx.124 - xx.xx.127), but it appears I
    am unable to use the same with these new addresses. They are
    contiguous, but whenever I check a subnet calculator , it tries to
    include xxx.xxx.204.xxx. Is that possibly where my routing problem is
    originating?

    I hadn't planned on becoming Cisco certified, but it looks like I may
    not have a choice.

    Rick

    On Wed, 25 Oct 2006 19:52:53 +0200, Gerald Krause <>
    wrote:

    >Rick Bruner schrieb:
    >> ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

    >
    >Ouch, direct ethernet route ;-). You should use
    >
    > ip route 0.0.0.0 0.0.0.0 x.x.x.x
    >
    >instead, where "x.x.x.x" is the IP address of the other end of our
    >FastEthernet0/0 link (your default gateway). If your config works, your
    >ISP seems to have proxy-arp enabled but this is not a good solution in
    >my opinion. I avoid such setups strictly.
    >
    >> ip route xxx.xxx.206.0 255.255.255.0 FastEthernet0/0
    >> ip route xxx.xxx.207.0 255.255.255.0 FastEthernet0/0
    >> ip route xxx.xxx.208.0 255.255.255.0 FastEthernet0/0

    >
    >Ouch again, much more direct ethernet routes ;-). You should remove this
    >part because:
    >
    >a) "FastEthernet0/0" seems to be the wrong direction, because your /24s
    >resides behind "FastEthernet0/1" ?
    >
    >b) those extra route configurations are superfluous because your cisco
    >knows the networks already due to the "interface" configuration before
    >
    >I don't know if this will solve your ftp/webserver problem at all, but
    >it may be a beginning.
     
    Rick Bruner, Oct 26, 2006
    #3
  4. Rick Bruner schrieb:
    > Gerald,
    >
    > Thanks for the response. I don't think it helped my routing issue at
    > all (I'm still testing), but boy howdy did it affect our network
    > speed!! Everyone had been complaining about the speed of this new
    > 10mb pipe, but as soon as I made the changes you recommended, network
    > speed went off the chart! I may still have problems with that fourth
    > Class C, but right now no one is noticing. Thanks for making my life
    > at least somewhat better!


    Nice to hear :).

    > By the way, with our old ISP, I was able to use a subnet mask of
    > 255.255.252.0 (the range was xx.xx.124 - xx.xx.127), but it appears I
    > am unable to use the same with these new addresses. They are
    > contiguous, but whenever I check a subnet calculator , it tries to
    > include xxx.xxx.204.xxx. Is that possibly where my routing problem is
    > originating?


    Your four /24s aren't contiguous in this way: x.x.204.x - x.x.x.207.x
    can be combined to one network with an netmask of 255.255.252.0 but not
    x.x.205.x - x.x.x.208.x
    So you can't and shouldn't use them as one plain ethernet network and
    your DHCP server should be aware of this. He have to serve different
    networks and unique def-gateways for each network.

    How are your clients configured, especially the ones from the 208
    network (netmask and def-gw)?

    --
    Gerald (ax/tc)
     
    Gerald Krause, Oct 26, 2006
    #4
  5. >> Your four /24s aren't contiguous in this way: x.x.204.x - x.x.x.207.x
    >> can be combined to one network with an netmask of 255.255.252.0 but not
    >> x.x.205.x - x.x.x.208.x
    >> So you can't and shouldn't use them as one plain ethernet network and
    >> your DHCP server should be aware of this. He have to serve different
    >> networks and unique def-gateways for each network.
    >>
    >> How are your clients configured, especially the ones from the 208
    >> network (netmask and def-gw)?

    >
    > Everyone, regardless of the network they are using, is configured with
    > 255.255.255.0 as the netmask. The gateway is defined by their network, so
    > all 208s have 208.1 as their gateway, 207s use 207.1, etc.


    Ok, that's correct.

    > I also tried setting 208 to use 205.1 as the gateway, but that didn't
    > change my problem.


    This won't work properly unless you configure some ugly hacks too. Avoid
    such things where you can ;-).

    If you have still problems accessing the internet from your 208 network you
    should do some tests, e.g. trace*) the targeted IP address in the internet
    from one of the problematic IP addresses and from an other working IP
    address and compare the results.

    *) try it with and without name resolving

    --
    Gerald (ax/tc)
     
    Gerald Krause, Oct 26, 2006
    #5
  6. Rick Bruner

    Rick Bruner Guest

    On Thu, 26 Oct 2006 16:38:22 +0200, Gerald Krause <>
    wrote:

    >>> Your four /24s aren't contiguous in this way: x.x.204.x - x.x.x.207.x
    >>> can be combined to one network with an netmask of 255.255.252.0 but not
    >>> x.x.205.x - x.x.x.208.x
    >>> So you can't and shouldn't use them as one plain ethernet network and
    >>> your DHCP server should be aware of this. He have to serve different
    >>> networks and unique def-gateways for each network.
    >>>
    >>> How are your clients configured, especially the ones from the 208
    >>> network (netmask and def-gw)?

    >>
    >> Everyone, regardless of the network they are using, is configured with
    >> 255.255.255.0 as the netmask. The gateway is defined by their network, so
    >> all 208s have 208.1 as their gateway, 207s use 207.1, etc.

    >
    >Ok, that's correct.
    >
    >> I also tried setting 208 to use 205.1 as the gateway, but that didn't
    >> change my problem.

    >
    >This won't work properly unless you configure some ugly hacks too. Avoid
    >such things where you can ;-).
    >
    >If you have still problems accessing the internet from your 208 network you
    >should do some tests, e.g. trace*) the targeted IP address in the internet
    >from one of the problematic IP addresses and from an other working IP
    >address and compare the results.
    >
    >*) try it with and without name resolving


    It's to the point where I believe the problem lies with a particular
    computer as opposed to the router, as I can ping and trace the
    majority of that network from the other network...all but that one
    computer. NOW I will get to start tearing that one apart to find out
    what the user has done. :^)

    Gerald, you have been a tremendous help to me. Thanks again for your
    support on this!

    Rick
     
    Rick Bruner, Oct 27, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Weiguang Shi

    Help: 2621 DHCP server problem

    Weiguang Shi, Oct 16, 2003, in forum: Cisco
    Replies:
    10
    Views:
    10,437
    Aaron Leonard
    Oct 27, 2003
  2. Peter
    Replies:
    2
    Views:
    4,707
    Walter Roberson
    Jan 6, 2004
  3. jwinters

    Newbie routing problem.

    jwinters, Jan 12, 2005, in forum: Cisco
    Replies:
    17
    Views:
    844
  4. dmc

    cisco 2621 problem

    dmc, Feb 26, 2006, in forum: Cisco
    Replies:
    22
    Views:
    16,777
    stefanx
    Oct 19, 2006
  5. Replies:
    2
    Views:
    437
Loading...

Share This Page