Cannot Ping Cisco Router

[kwmarc]

As some of you probably recognize (since I posted something about going for my CCENT last week) I am in the middle of studying for the exam. Currently I have the following configuration:

1 Cisco 2611XM Router

1 Cisco 2611 Router

Both routers have only 2 Fast-Ethernet ports and I have configured each of them with a different network. So, I have a total of 4 networks between the 2 routers. The routers are both plugged into a switch and all FastEthernet ports are showing a link-state of "UP" and line-protocol state of "UP". If I login to each router I can successfully ping each interface that is local to that router. I currently have RIP setup on both of these routers and each router is receiving the RIP updates/advertisements correctly as I can run the "debug ip rip" on both routers and see that each router receives the updates and knows of the other networks/routers. I can even run a "show ip route" command on either router and I can see the other routers "networks" in my routing table as defined by RIP as well as the local networks that are directly connected (obviously).

Here is my problem.....I cannot seem to ping anything from either router other than the directly connected networks that sit locally on FastEthernet 0/0 or 0/1. Is there something special that I need to do to allow ICMP requests or do I not have this setup fully configured? I would assume that if the routers can see each others RIP advertisements and know about the far networks that they could be pingable but maybe I am wrong. I have tried all of the debug commands I can find but none seem to show me anything that happens when an ICMP requests leaves Router1 destined for Router2. Any help would be appreciated!!

 

[bobdole369]

All traffic by default is denied. Look into the ACL's on each interface. If I recall at the end of each ACL is an inherent "deny all" phrase (damn my ios is rusty).

 

[just2cool]

Ok, slow down a bit!

You have R1 and R2. They are connected with a fastE link.

Say you have 10.1.1.1/24 on R1 and 10.1.1.2/24 on R2 on that same link. Can you ping 10.1.1.2 from R1 and vice-versa?

If that's good... do your RIP routes ever disappear from the table? Do you ever get "is possibly down" next to them?

If that's good... what are you pinging and where are you pinging from? If you're pinging from the router without specifying what interface IP to use, it will use the "closest" one to the destination. I can explain this further, but check the basic connectivity first.

And no -- you don't need to turn ICMP on -- provided that you did not define ACLs on your interfaces (by default, there are no ACLs).

 

[xphil3]

Here is my problem.....I cannot seem to ping anything from either router other than the directly connected networks that sit locally on FastEthernet 0/0 or 0/1. Is there something special that I need to do to allow ICMP requests or do I not have this setup fully configured? I would assume that if the routers can see each others RIP advertisements and know about the far networks that they could be pingable but maybe I am wrong. I have tried all of the debug commands I can find but none seem to show me anything that happens when an ICMP requests leaves Router1 destined for Router2. Any help would be appreciated!!

Nothing special to be configured. If you don't have any ACL's applied to the interfaces anything is allowed in and to be traversed. Run a debug on ICMP, if that doesn't yeild anything I would just do a debug ip packet. Im going to make an assumption that your encapsulation is failing(layer 2). If you have a full routing table do a

sh ip route <prefix>, make sure that it recurses to the exit interface properly.

sh ip arp, make sure that you resolved the mac address of your neighbor that you're trying to ping. Dont think that just becuase you have RIP working L3 communication to the neighbor is working.. RIP is a multicast technology.

All traffic by default is denied.

Negative

 

[kwmarc]

I dont think these routers have anymore than the basic IOS installed. Neither are running the advanced-security IOS images. Router1 is running 12.2 and Router2 is running 12.4. I will check though and see. You very well maybe right. Thanks for the idea!

 

[xphil3]

I dont think these routers have anymore than the basic IOS installed. Neither are running the advanced-security IOS images. Router1 is running 12.2 and Router2 is running 12.4. I will check though and see. You very well maybe right. Thanks for the idea!

IOS has nothing to do with it, RIP will be in a standard IPsvcs IOS release all the way down to 10.0. What you're going to want to do is verify your L2 functionality. Run the debugs and see if you're encapsulation is failing.

Run a debug ip packet on the router you are trying to ping, if you see nothing then you know the problem is with the packets getting there.... so either routing(which you said you have a full RIB) or L2 resolution.

 

[kwmarc]

Here is the routing table for each router:

Router1:

C 160.81.0.0/16 is directly connected, Ethernet0/0
R 12.0.0.0/8 [120/1] via 15.1.1.1, 00:00:15
C 150.80.0.0/16 is directly connected, Ethernet0/1
R 15.0.0.0/8 [120/1] via 12.1.1.1, 00:00:15

Router2:

R 160.81.0.0/16 [120/1] via 150.80.1.1, 00:00:15
C 12.0.0.0/8 is directly connected, FastEthernet0/1
R 150.80.0.0/16 [120/1] via 160.81.1.1, 00:00:15
C 15.0.0.0/8 is directly connected, FastEthernet0/0

And like i described earlier, if I am logged into Router1 or Router2, I can ping the directly connected interfaces just fine as well as run my "debug ip rip" command and see the RIP updates/advertisements happen in real time but I just cant ping anything on either end of the opposite router. Hopefully I am making myself clear, but maybe not.....Thanks for the help so far.


Btw, I do have 2 sets of Serial WIC's coming via Ebay so once I get those installed I can setup a "true" WAN PPP connection between each router and hopefully getting it working that way...

 

[kwmarc]

Here is the output from my "debug ip packet" command. Thanks xphil

IP packet debugging is on

Baltimore#

*Mar 27 14:44:36.460: IP: s=160.81.1.1 (FastEthernet0/0), d=224.0.0.9, len 52, r
cvd 2
*Mar 27 14:44:36.460: IP: s=160.81.1.1 (FastEthernet0/1), d=224.0.0.9, len 52, r
cvd 2
*Mar 27 14:44:36.460: IP: s=150.80.1.1 (FastEthernet0/0), d=224.0.0.9, len 52, r
cvd 2
*Mar 27 14:44:36.464: IP: s=150.80.1.1 (FastEthernet0/1), d=224.0.0.9, len 52, r
cvd 2
*Mar 27 14:44:37.963: IP: s=12.1.1.1 (local), d=224.0.0.9 (FastEthernet0/1), len
52, sending broad/multicast
*Mar 27 14:44:37.963: IP: s=12.1.1.1 (FastEthernet0/0), d=224.0.0.9, len 52, rcv
d 2
*Mar 27 14:44:57.567: IP: s=15.1.1.1 (local), d=224.0.0.9 (FastEthernet0/0), len
52, sending broad/multicast
*Mar 27 14:44:57.567: IP: s=15.1.1.1 (FastEthernet0/1), d=224.0.0.9, len 52, rcv
d 2
*Mar 27 14:45:04.134: IP: s=12.1.1.1 (local), d=224.0.0.9 (FastEthernet0/1), len
52, sending broad/multicast
*Mar 27 14:45:04.134: IP: s=12.1.1.1 (FastEthernet0/0), d=224.0.0.9, len 52, rcv
d 2
*Mar 27 14:45:05.372: IP: s=160.81.1.1 (FastEthernet0/0), d=224.0.0.9, len 52, r
cvd 2
*Mar 27 14:45:05.372: IP: s=160.81.1.1 (FastEthernet0/1), d=224.0.0.9, len 52, r
cvd 2
*Mar 27 14:45:05.372: IP: s=150.80.1.1 (FastEthernet0/0), d=224.0.0.9, len 52, r
cvd 2
*Mar 27 14:45:05.376: IP: s=150.80.1.1 (FastEthernet0/1), d=224.0.0.9, len 52, r
cvd 2
*Mar 27 14:45:24.415: IP: s=15.1.1.1 (local), d=224.0.0.9 (FastEthernet0/0), len
52, sending broad/multicast
*Mar 27 14:45:24.415: IP: s=15.1.1.1 (FastEthernet0/1), d=224.0.0.9, len 52, rcv
d 2
*Mar 27 14:45:33.642: IP: s=12.1.1.1 (local), d=224.0.0.9 (FastEthernet0/1), len
52, sending broad/multicast
*Mar 27 14:45:33.642: IP: s=12.1.1.1 (FastEthernet0/0), d=224.0.0.9, len 52, rcv
d 2
*Mar 27 14:45:34.311: IP: s=160.81.1.1 (FastEthernet0/0), d=224.0.0.9, len 52, r
cvd 2
*Mar 27 14:45:34.311: IP: s=160.81.1.1 (FastEthernet0/1), d=224.0.0.9, len 52, r
cvd 2
*Mar 27 14:45:34.315: IP: s=150.80.1.1 (FastEthernet0/0), d=224.0.0.9, len 52, r
cvd 2
*Mar 27 14:45:34.315: IP: s=150.80.1.1 (FastEthernet0/1), d=224.0.0.9, len 52, r
cvd 2

Router#no debug ip packet

IP packet debugging is off

Using my limited knowledge I would say that it is receiving packets just fine from the opposite network just not ICMP packets....



After enabling the "debug ip packet" command and then trying to ping the far routers Ethernet interface I receive the following output:

Baltimore# ping 160.81.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 160.81.1.1, timeout is 2 seconds:

*Mar 27 14:50:46.503: IP: s=12.1.1.1 (local), d=160.81.1.1, len 100, unroutable.

*Mar 27 14:50:48.506: IP: s=12.1.1.1 (local), d=160.81.1.1, len 100, unroutable.

*Mar 27 14:50:50.509: IP: s=12.1.1.1 (local), d=160.81.1.1, len 100, unroutable.

*Mar 27 14:50:52.513: IP: s=12.1.1.1 (local), d=160.81.1.1, len 100, unroutable.

*Mar 27 14:50:54.512: IP: s=12.1.1.1 (local), d=160.81.1.1, len 100, unroutable.

Success rate is 0 percent (0/5)


Why would it show unroutable when I have RIP enabled on both. RIP is a routing protocol and it knows of these distant networks. What would be stopping it from routing these packets across? I am learning a lot btw....

 

[kwmarc]

Im assuming my network addresses and subnets are all correct on each router. I have the following configured:

Router1:

FastEthernet 0/0:

160.81.1.1 255.255.0.0

FastEthernet 0/1:

150.80.1.1 255.255.0.0

Router2:


Ethernet 0/0:

12.1.1.1 255.0.0.0


Ethernet 0/1

15.1.1.1 255.0.0.0

 

[just2cool]

Yeah, that's your problem. Your next hops are invalid.

Router1:

C 160.81.0.0/16 is directly connected, Ethernet0/0
R 12.0.0.0/8 [120/1] via 15.1.1.1, 00:00:15
C 150.80.0.0/16 is directly connected, Ethernet0/1
R 15.0.0.0/8 [120/1] via 12.1.1.1, 00:00:15

How do you get to 12.0.0.0/8 from here? You need to forward it to 15.1.1.1. How do you get to 15.1.1.1? You need to use the 15.0.0.0/8 route, which needs 12.1.1.1. How do you get to 12.1.1.1? 12.0.0.0/8... see the problem?

You need to have matching networks on both sides. The reason why it updates works is because as xphil3 said.. they're sent via multicast. Don't worry about that yet though.. that's more advanced.

 

[xphil3]

Here is the routing table for each router:

Router1:

C 160.81.0.0/16 is directly connected, Ethernet0/0
R 12.0.0.0/8 [120/1] via 15.1.1.1, 00:00:15
C 150.80.0.0/16 is directly connected, Ethernet0/1
R 15.0.0.0/8 [120/1] via 12.1.1.1, 00:00:15

Ive bolded out your problem. You have a routing/recusrsion loop. Your routes are never recursing to physical exists, which is a problem. Bascially, you have physically disabled splithorizon with using the switch. c

 

[kwmarc]

Thanks for the help! But...how do I make those next hops valid? Do I setup a static route to them...? I guess I am having a hard time wrapping my head around it because I was under the impression that RIP took care of that. I understand the reason why the routers get the updates because they are being sent via multicast but I still dont quite see how I am going to get each router to know of the other network and to route properly between them.

 

[kwmarc]

Ahhh, thanks phil. What would you recommend to rectify that problem. I am sorry if I am asking too much but I really dont fully understand things until I see them correct for myself.

 

[just2cool]

We're not going to spoil this one for you -- you'll need to figure this one out.

The clues are in the last few posts here. Look closely at what I said about matching networks on both sides and do a little reading.

To save you a little time, static routes will not solve your problem, but it was a good thought.

 

[xphil3]

Thanks for the help! But...how do I make those next hops valid? Do I setup a static route to them...? I guess I am having a hard time wrapping my head around it because I was under the impression that RIP took care of that. I understand the reason why the routers get the updates because they are being sent via multicast but I still dont quite see how I am going to get each router to know of the other network and to route properly between them.

Read my post above. RIP does utilize split horizon but thats only valid when your recieving updates out of the SAME interface that it was sent out on. Since you have two interfaces on the same broadcast domain you have created a loop which split horizon cannot fix. With other routing protocols you will get messages spit back about not exisiting on the same subnet which is a routing loop give away.

Ahhh, thanks phil. What would you recommend to rectify that problem. I am sorry if I am asking too much but I really dont fully understand things until I see them correct for myself.

Again, read my post above. Ill make it a bit clearer too:

EDIT: As per just2cools response ;-)
One more hint....Again, if things are on the same broadcast domain and we dont want them to be... what do we have to do?

 

[kwmarc]

Okay, fair enough. Then let me ask you this: Those "routing" loops that are in the table were created by RIP after it got its advertisements/updates. Im guessing there is an error in my RIP configuration on both routers and that is causing my loop? Wouldnt RIP be smart enough to rectify this problem on its own

If i do a show run this is the snipet of my config that shows my RIP configuration:

router rip
version 2
no validate-update-source
network 12.0.0.0
network 15.0.0.0
neighbor 160.81.0.0
neighbor 150.80.0.0

I really dont see where else I could be creating a routing loop.

 

[xphil3]

Okay, fair enough. Then let me ask you this: Those "routing" loops that are in the table were created by RIP after it got its advertisements/updates. Im guessing there is an error in my RIP configuration on both routers and that is causing my loop? Wouldnt RIP be smart enough to rectify this problem on its own

If i do a show run this is the snipet of my config that shows my RIP configuration:

router rip
version 2
no validate-update-source
network 12.0.0.0
network 15.0.0.0
neighbor 160.81.0.0
neighbor 150.80.0.0

I really dont see where else I could be creating a routing loop.

First thing is first, you have a physical loop, which more often then not will cause logical(l3) routing loops if not properly taken care of.

no validate-update-source <---- remove this, this will disable those messages I told you about in a previous post, about the source of the routing updates not being on the same subnet. Looking at your config more closely... you have some work to do.

 

[kwmarc]

I had to leave the router setup but I really appreciate your help phil. I think i finally figured it out. I have a router with 2 interfaces and 2 "networks" assigned to each of those interfaces that are on the same subnet, which as you said, creates the split horizon/routing loop issue that is causing my ICMP requests to not reach their intended destination.

When i get back to the router, if i create DIFFERENT networks on DIFFERENT subnets for each interface on EACH router (I only have 2), I should then not have the issue of RIP not properly routing between the two? By taking care of this routing loop issue, will RIP then take care of the routing for my ICMP requests or will I need to specify a default route or static route for each network on each router? That I am still a little shaky on...

This was a really good exercise and I greatly appreciate the help from everyone.

 

[xphil3]

I had to leave the router setup but I really appreciate your help phil. I think i finally figured it out. I have a router with 2 interfaces and 2 "networks" assigned to each of those interfaces that are on the same subnet, which as you said, creates the split horizon/routing loop issue that is causing my ICMP requests to not reach their intended destination.

When i get back to the router, if i create DIFFERENT networks on DIFFERENT subnets for each interface on EACH router (I only have 2), I should then not have the issue of RIP not properly routing between the two? By taking care of this routing loop issue, will RIP then take care of the routing for my ICMP requests or will I need to specify a default route or static route for each network on each router? That I am still a little shaky on...

This was a really good exercise and I greatly appreciate the help from everyone.

Like I said, you need to really look at your configuration and think about how its incorrectly configured. Look specifically at the interface subnets. You have 4 different subnets between two routers. There are no links on a common subnet, this will never work. You need one interface on one router to be the same as another interface on the other router. Think of it as a point to point connection. If all the interfaces are on different subnets, sure you're routing protocols will come up becuase they are using well known multicast groups but you're going to have routing resolution/looping issues all over the place

Think about how routing protocols are supposed to work, and think about your subnets very carefully. Like I said, remove the no validate-update-source command and see what happens. You have to manually put that in to get RIP to work, didn't you. There is a reason why this command is not configured by default.

 

[kwmarc]

Everything is working. Everything (all interfaces) can ping each other and I receive all of the correct routing/rip updates, etc. I wanted to thank you all for the help.

One last question:

The only way I can get these routers to correctly communicate is to connect them together via switches. When I try to use my 160.80.1.10/30 network that I setup as a point to point connection between the routers using a crossover cable I do not get a link light. I tested the cross over cable and it works so I am wondering if it is because I have one 2611XM router that has a full-duplex fastethernet 10/100 port AND the other router is a half-duplex Ethernet 10 mbps port. Does the difference in ports and the fact that the one router is so old have anything to do with why I cannot get at least a link light to come on between the two interfaces? As soon as I put a switch in between the two routers (and obviously change cables to straight through cables) make sense? I have also tried to scale down the 2611XM to half-duplex and change its operating speed to match the older router, but still nothing...

 

[xphil3]

Everything is working. Everything (all interfaces) can ping each other and I receive all of the correct routing/rip updates, etc. I wanted to thank you all for the help.

One last question:

The only way I can get these routers to correctly communicate is to connect them together via switches. When I try to use my 160.80.1.10/30 network that I setup as a point to point connection between the routers using a crossover cable I do not get a link light. I tested the cross over cable and it works so I am wondering if it is because I have one 2611XM router that has a full-duplex fastethernet 10/100 port AND the other router is a half-duplex Ethernet 10 mbps port. Does the difference in ports and the fact that the one router is so old have anything to do with why I cannot get at least a link light to come on between the two interfaces? As soon as I put a switch in between the two routers (and obviously change cables to straight through cables) make sense? I have also tried to scale down the 2611XM to half-duplex and change its operating speed to match the older router, but still nothing...

GJ, now tell me something... you had to make sure that each interface on each router was on a common subnet, correct?
IE.
R1:
f0/0 1.1.1.1/24
R2
f0/0 1.1.1.2/24
and on the same VLAN.

Tell me why you were still seeing routing updates? Did you re-enable the subnet verification? What did you see?

To answer you question:
Duplex and speed would not cause a link to not come up, but it would cause a massive amount of collisions and errors under the interface. If the interface is not coming up(down/down) its a layer 1 issue. You should be using a cross-over cable, so you're good there. Try another cable.

 

[kwmarc]

Yes, I re-enabled the subnet verification using validate-update-source. I still see all of the routing updates if i use the rip/ip debug commands. You are saying I shouldn't see those?

In regards to the cabling issue, I tried another cable and also checked it with a cable tester but I still dont get a link light. I understand that it must be some physical layer issue but I really cant think of what it could be. I am sure it has something to do with the old POS 2611 im using that only has 10 Mb Ethernet ports on it that run in half-duplex. Maybe not be with the speed/duplex but possibly some issue with that its not auto-sensing...IDK.

 

[kwmarc]

And yes, Phil, I made the common link between the two routers on the same subnet /30 (essentially setting up a PPP connection between the two routers). I do understand now why everything was broken before. My bad on that one...

 

[xphil3]

And yes, Phil, I made the common link between the two routers on the same subnet /30 (essentially setting up a PPP connection between the two routers). I do understand now why everything was broken before. My bad on that one...

Good. and its XphilE.....ive been signed up here since I was a freshmen in HS(like 10 year) but my old account got hosed in the database switchover but still exists. The mods refuse to unlock it because they don't believe its me... oh well, so I have to use this retarded spelling.