Cisco newbie with a routing problem with Cisco 2621

We recently changed providers, which has caused all sorts of headaches
for me. The new ISP does not provide routers, but the sales rep found
us a Cisco 2621 and someone to program it. Seeing as how I have had
to have the programming corrected a couple of times already, I suspect
my routing problem might stem from the Cisco.

We have 4 concurrent Class C addresses, and all but one of the Class
C's are working fine. The last one, xxx.xxx.208.1, will not allow
access to certain (not all) websites or ftp servers. I have
eliminated the DNS and DHCP on my end as the culprit (I believe), so
I'm stuck with thinking the Cisco may be the problem.

I'm at a complete loss here, as I'm not a Cisco person, and really
need some direction. Does any of this make sense? I have posted my
config below, if it is any help.

Thanks for any help anyone can offer me!!

Rick

The current config is below:

Using 1104 out of 29688 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname INET
!
boot-start-marker
boot-end-marker
!
enable password xxxxxxxxxx
!
memory-size iomem 20
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip name-server xx.x.xx.xx
ip name-server xx.x.xx.xx
!
!
!
!
interface FastEthernet0/0
description connected to xxxxxxxx
ip address xx.xxx.xxx.xx 255.255.255.252
no ip proxy-arp
duplex auto
speed auto
arp timeout 30
!
interface FastEthernet0/1
description connected to DHCP
ip address xxx.xxx.206.1 255.255.255.0 secondary
ip address xxx.xxx.207.1 255.255.255.0 secondary
ip address xxx.xxx.208.1 255.255.255.0 secondary
ip address xxx.xxx.205.1 255.255.255.0
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route xxx.xxx.206.0 255.255.255.0 FastEthernet0/0
ip route xxx.xxx.207.0 255.255.255.0 FastEthernet0/0
ip route xxx.xxx.208.0 255.255.255.0 FastEthernet0/0
ip http server
!
snmp-server community xxxxxxxx RO
!
line con 0
line aux 0
line vty 0 4
password xxxxxxxxx
login
!
!
end

 

Ouch, direct ethernet route ;-). You should use

ip route 0.0.0.0 0.0.0.0 x.x.x.x

instead, where "x.x.x.x" is the IP address of the other end of our
FastEthernet0/0 link (your default gateway). If your config works, your
ISP seems to have proxy-arp enabled but this is not a good solution in
my opinion. I avoid such setups strictly.

Ouch again, much more direct ethernet routes ;-). You should remove this
part because:

a) "FastEthernet0/0" seems to be the wrong direction, because your /24s
resides behind "FastEthernet0/1" ?

b) those extra route configurations are superfluous because your cisco
knows the networks already due to the "interface" configuration before

I don't know if this will solve your ftp/webserver problem at all, but
it may be a beginning.

 

Gerald,

Thanks for the response. I don't think it helped my routing issue at
all (I'm still testing), but boy howdy did it affect our network
speed!! Everyone had been complaining about the speed of this new
10mb pipe, but as soon as I made the changes you recommended, network
speed went off the chart! I may still have problems with that fourth
Class C, but right now no one is noticing. Thanks for making my life
at least somewhat better!

By the way, with our old ISP, I was able to use a subnet mask of
255.255.252.0 (the range was xx.xx.124 - xx.xx.127), but it appears I
am unable to use the same with these new addresses. They are
contiguous, but whenever I check a subnet calculator , it tries to
include xxx.xxx.204.xxx. Is that possibly where my routing problem is
originating?

I hadn't planned on becoming Cisco certified, but it looks like I may
not have a choice.

Rick

 

Nice to hear .

Your four /24s aren't contiguous in this way: x.x.204.x - x.x.x.207.x
can be combined to one network with an netmask of 255.255.252.0 but not
x.x.205.x - x.x.x.208.x
So you can't and shouldn't use them as one plain ethernet network and
your DHCP server should be aware of this. He have to serve different
networks and unique def-gateways for each network.

How are your clients configured, especially the ones from the 208
network (netmask and def-gw)?

 

Your four /24s aren't contiguous in this way: x.x.204.x - x.x.x.207.x

Ok, that's correct.

This won't work properly unless you configure some ugly hacks too. Avoid
such things where you can ;-).

If you have still problems accessing the internet from your 208 network you
should do some tests, e.g. trace*) the targeted IP address in the internet
from one of the problematic IP addresses and from an other working IP
address and compare the results.

*) try it with and without name resolving

 

It's to the point where I believe the problem lies with a particular
computer as opposed to the router, as I can ping and trace the
majority of that network from the other network...all but that one
computer. NOW I will get to start tearing that one apart to find out
what the user has done. :^)

Gerald, you have been a tremendous help to me. Thanks again for your
support on this!

Rick