• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

network lab routing help: part deux

X

xSauronx

Lifer
ok i had a network/routing lab thread a few weeks ago, it was a horrible setup, it has finally been adjusted. ive now got a router on a stick setup inside the campus network...and would like it to get out to the internet.

im adding a craptastic topology made in paint and a trimmed-down version of the running-configs for my gear.

topology
configs

my internet connection is on a 5 meg DSL line, nothing else on campus uses it.

basically in the classroom im working in there is a 2950 for the room w/ gig trunks across campus and one interface on that 2950 going to my 1841 (configured as a router on a stick) ( the 1841 sucks balls and is horrendously slow... lets not get into that)

then the 1841's second interface is subinterfaced, and goes to a trunk port on my lab 2950, other ports from the lab 2950 go to my workstations giving me a segregated network from the rest of the campus.

-the 1841 can ping out to the internet, ping anything on campus, and ping my lab 2950 and workstations

-the lab 2950/workstations cant ping anything past the router (but can ping the router)

Ive had the campus admin trying to help but he's stumped. he says that the vlan he has me using to get out (vlan 251) isnt routed in campus at all and just goes straight to the dsl line (and indeed, you cannot see anything on that vlan from the rest of campus)

an instructor suggested configuring NAT on the router (something I have zero experience with).

Im thinking that since my 1841 can get to the internet, the switch/workstations can send traffic out, but its not getting back in because theres *nothing* pointing back to my campus network. My router has *zero* communication with the 4507 that handles the routing on campus.

any thoughts? what do i need to look into to solve this?

**Note: there are rip network statements on the router, per the administrators suggestion. Im still not sure I understand why he wanted to try them as theres nothing running RIPv2 on campus for my router to talk to...he seemed to think it was necessary for routing between my workstations, but the router has the static, connected routes and (obviously) worked for my LAN without those *Shrug*
 
when you ping the campus/dsl/etc from the 1841, you are sourcing your packets from 192.168.251.9. if nothing in your lab can get out, your lab networks probably don't have a return route.

start pinging/tracing from the 1841 (sourcing your pings from 172.20.200.1) to each device in the chain...2950, then 3750, then 4507, etc. you should eventually find the hop that doesn't return your traffic. from there investigate the devices routing table for those specific networks and figure out where they are going.

based on this and previous posts, your administrator sounds clueless
 
Last edited:
I wouldn't NAT the 1841 as that would get you stuck with double NAT. The DSL modem appears to be doing NAT as the address it is presenting is private. From the looks of it, the DSL modem will need to be provided with routing information (it might support it...) for the internal LANs. Basically you would need to place static routes (since your using them) in the DSL modem so it is knows that the 1841 has those lab vlans. Like jlazzaro said, your not getting a return path. The DSL modem only thinks it has 192.168.251.x and has no information about where to route the return requests to.

PS 1841's are great little routers but they are WAN <=> LAN border routers. See if you can steal that 3750G... that will handle gigabit routing for you...
 
You have two options if you want to get your lab subnets out to the internet:

1) NAT them to the 192.168.251.0/24 subnet on the 1841
2) get the network admin to add routes to your lab subnets in the network zone (and make sure your DSL modem can support a route being added to it back to the other subnet as well)

Yes, double NAT can cause problems, but there is nothing that you should be doing inside your lab that should have problems with double NAT.

However, I do see that you are running RIPv2 on your router. Is that something you're using internally in your lab, or is the campus using it as their routing protocol of choice? If the former, you'll probably want to filter it from going out your fa0/1 interface. If the latter, then you need to figure out why other routers upstream from your 1841 aren't learning your routes.

Each route in the path from start to finish needs to know how to route to and from both the destination and the originating subnets, otherwise it will not know where to send the return packets. If the campus routers don't know your subnets, they won't be able to route to them.

That said, see if you can add a static route to your 172.20.0.0/16 subnet with a gateway of 192.168.251.9. You may also need to modify the source NAT addresses, depending on the DSL modem. It may be that it won't be compatible and you'll be forced to NAT a second time. Although, it should be fairly elementary for them to crossconnect that DSL line to your lab building and you can throw a WIC-1ADSL in your 1841 and just be done with it.
 
drebo said:
You have two options if you want to get your lab subnets out to the internet:

1) NAT them to the 192.168.251.0/24 subnet on the 1841
2) get the network admin to add routes to your lab subnets in the network zone (and make sure your DSL modem can support a route being added to it back to the other subnet as well)

Yes, double NAT can cause problems, but there is nothing that you should be doing inside your lab that should have problems with double NAT.

However, I do see that you are running RIPv2 on your router. Is that something you're using internally in your lab, or is the campus using it as their routing protocol of choice? If the former, you'll probably want to filter it from going out your fa0/1 interface. If the latter, then you need to figure out why other routers upstream from your 1841 aren't learning your routes.
Click to expand...
as i said, the admin wanted me to add them...im still not sure why. again, he seemed to think they were necessary for my subnets. i kept reminding him that the static connected routes are handling that so i finally added them to appease him while he was troubleshooting things.

Each route in the path from start to finish needs to know how to route to and from both the destination and the originating subnets, otherwise it will not know where to send the return packets. If the campus routers don't know your subnets, they won't be able to route to them.
Click to expand...
which is what i have been suspecting. i mentioned this to the admin but he didnt seem to be interested in doing anything about it. i set up a similar situation in packet tracer and everything going back to my network was stopping at the classroom 2950 before it got back to my router.

That said, see if you can add a static route to your 172.20.0.0/16 subnet with a gateway of 192.168.251.9. You may also need to modify the source NAT addresses, depending on the DSL modem. It may be that it won't be compatible and you'll be forced to NAT a second time. Although, it should be fairly elementary for them to crossconnect that DSL line to your lab building and you can throw a WIC-1ADSL in your 1841 and just be done with it.
Click to expand...

the lab ends this week anyway; im not going to be able to get what i need to hookup the dsl to the 1841.

when you ping the campus/dsl/etc from the 1841, you are sourcing your packets from 192.168.251.9. if nothing in your lab can get out, your lab networks probably don't have a return route.

start pinging/tracing from the 1841 (sourcing your pings from 172.20.200.1) to each device in the chain...2950, then 3750, then 4507, etc. you should eventually find the hop that doesn't return your traffic. from there investigate the devices routing table for those specific networks and figure out where they are going.

based on this and previous posts, your administrator sounds clueless
Click to expand...

more accurately I would say that hes rather out of practice and pretty scatterbrained and only somewhat clueless.


thanks for the input everyone. ill see about adding routes back to my 172 network from campus, or implementing NAT if the admin wont let me fiddle with the routing
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top