From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Thu Jul 01 2004 - 22:09:16 GMT-3
You might first try correcting the static route that points to yourself
;-)
interface Ethernet0/0
ip address 66.102.3.6 255.255.255.248
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 66.102.3.6 250
^^^^^^^^^^
Also there could be issues outside of the router's configuration that
are causing the problem but having the router route packets back to
itself isn't normal ;-) Here is the debug ip packet capture with a
similar static route:
Rack1SW2#sho ip int brief fa0/3
Interface IP-Address OK? Method Status
Protocol
FastEthernet0/3 162.1.38.8 YES manual up
up
Rack1SW2#sho run | in ip route 0.0.0.0
ip route 0.0.0.0 0.0.0.0 FastEthernet0/3 162.1.38.8
Rack1SW2#deb ip pack 100
IP packet debugging is on for access list 100 <-- permits ICMP only
Rack1SW2#ping 10.35.35.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.35.35.3, timeout is 2 seconds:
03:48:47: datagramsize=100, IP 46: s=162.1.38.8 (local), d=10.35.35.3,
totlen 100, fragment 0, fo 0, cef process switched
03:48:47: datagramsize=100, IP 46: s=162.1.38.8 (local), d=10.35.35.3
(FastEthernet0/3), totlen 100, fragment 0, fo 0, sending
03:48:47: datagramsize=114, IP 46: s=162.1.38.8 (FastEthernet0/3),
d=10.35.35.3 (FastEthernet0/3), totlen 100, fragment 0, fo 0, rcvd local
pkt.
03:48:49: datagramsize=100, IP 47: s=162.1.38.8 (local), d=10.35.35.3,
totlen 100, fragment 0, fo 0, cef process switched
03:48:49: datagramsize=100, IP 47: s=162.1.38.8 (local), d=10.35.35.3
(FastEthernet0/3), totlen 100, fragment 0, fo 0, sending
03:48:49: datagramsize=114, IP 47: s=162.1.38.8 (FastEthernet0/3),
d=10.35.35.3 (FastEthernet0/3), totlen 100, fragment 0, fo 0, rcvd local
pkt. ^^^^^^^^^^
^^^
<snip>
Now fix the static route:
Rack1SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1SW2(config)#no ip route 0.0.0.0 0.0.0.0 FastEthernet0/3 162.1.38.8
Rack1SW2(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/3
Rack1SW2(config)#^Z
Rack1SW2#un all
All possible debugging has been turned off
Rack1SW2#ping 10.35.35.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.35.35.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Rack1SW2#
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
rexperts
Sent: Thursday, July 01, 2004 5:44 PM
To: ccielab@groupstudy.com
Subject: Real World: Access List/NAT Issue
After my last posting I got request for more real world issues, so here
is another:
When the serial interface goes down, the ethernet interface comes up but
no one can get to the internet I think beacuse of an error in the access
list or NAT translations.
Thanks in advance
- - - - -
ip subnet-zero
!
!
no ip domain lookup
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.10.100 192.168.10.255
!
ip dhcp pool data
network 192.168.10.0 255.255.255.0
dns-server 24.29.99.17 24.29.99.18
default-router 192.168.10.1
lease 7
!
no ip cef
!
!
!
!
interface Ethernet0/0
ip address 66.102.3.6 255.255.255.248
ip nat outside
half-duplex
!
interface FastEthernet0/0
ip address 192.168.10.1 255.255.255.0
ip nat inside
speed auto
!
interface Serial1/0
description T1 to AMP
ip address 12.34.47.6 255.255.255.248
ip nat outside
backup delay 5 20
backup interface Ethernet0/0
down-when-looped
service-module t1 timeslots 1-24
!
ip nat inside source list 2 interface Serial1/0 overload
ip nat inside source list 3 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1/0 10
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 66.102.3.6 250
no ip http server
!
access-list 2 permit 192.168.10.0 0.0.0.255
access-list 3 permit 192.168.10.0 0.0.0.255
!
!
!
end
---------------------------------
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:44 GMT-3