Re: Changing IPs
- From: Trendkill <jpmason@xxxxxxxxx>
- Date: Thu, 29 May 2008 17:39:13 -0700 (PDT)
On May 29, 8:29 pm, "Tom Linden" <t...@xxxxxxxxxxxxxx> wrote:
On Thu, 29 May 2008 15:59:20 -0700, Trendkill <jpma...@xxxxxxxxx> wrote:
On May 29, 6:41 pm, "Tom Linden" <t...@xxxxxxxxxxxxxx> wrote:
Have a 2621 running 12.3
Got a new set of IPs and serial line(T1)
from the console # prompt can't ping the first two
but can the last one, f0/1
f0/0
s0/0
f0/1
I modified an existing config to reflect the new values for f0/0
and s0/0
ideas?
--
PL/I for OpenVMSwww.kednos.com
Your config may also be helpful.
CISCO2#sho ip int brief
Interface IP-Address OK? Method
Status Protocol
FastEthernet0/0 12.70.58.129 YES manual
up up
Serial0/0 12.89.208.122 YES manual
down down
FastEthernet0/1 10.0.0.1 YES manual
up up
CISCO2#ping 12.70.58.129
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.70.58.129, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CISCO2#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
CISCO2#ping 12.89.208.122
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.89.208.122, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CISCO2#sho config
Using 3309 out of 29688 bytes
!
! Last configuration change at 14:27:47 PST Thu May 29 2008
! NVRAM config last updated at 14:27:53 PST Thu May 29 2008
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CISCO2
!
boot-start-marker
boot-end-marker
!
logging buffered 65535 debugging
logging console informational
enable secret 5 $1$4TwO$cwJqY4fRqc2Yqvi8MpoHG0
!
clock timezone PST -8
no aaa new-model
ip subnet-zero
ip cef
!
!
ip domain name Kednos.com
ip name-server 12.70.58.130
ip name-server 12.70.58.132
ip name-server 12.70.58.133
ip name-server 12.70.58.134
ip name-server 12.70.58.135
ip name-server 12.70.58.137
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description OUTSIDE INTERFACE TO THE INTERNET
ip address 12.70.58.129 255.255.255.128
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
speed auto
full-duplex
no cdp enable
!
interface Serial0/0
ip address 12.89.208.122 255.255.255.252
ip access-group 101 in
ip access-group 102 out
ip nat outside
no ip mroute-cache
!
interface FastEthernet0/1
description INSIDE INTERFACE TO PRIVATE NETWORK
ip address 10.0.0.1 255.0.0.0
ip nat inside
duplex auto
speed auto
!
ip nat inside source list 1 interface FastEthernet0/0 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 12.89.208.121
!
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 101 remark PREVENT UNWANTED ACCESS
access-list 101 remark DENY RFC 1918 SOURCES
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.0.15.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 remark ANTI-SPOOFING PROTECTION
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 224.0.0.0 31.255.255.255 any
access-list 101 remark DENY BROADCASTS
access-list 101 deny ip 255.0.0.0 0.255.255.255 any
access-list 101 deny ip any 255.0.0.0 0.255.255.255
access-list 101 remark PERMIT/DENY a few knowns
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 deny icmp any any echo
access-list 101 remark PREVENT ANY INBOUND SNMP
access-list 101 deny udp any any eq snmp
access-list 101 deny udp any any eq snmptrap
access-list 101 remark ICMP TYPES
access-list 101 deny icmp any any
access-list 101 remark PREVENT CISCO CODE VULNERABILITY
access-list 101 deny 53 any any
access-list 101 deny 55 any any
access-list 101 deny 77 any any
access-list 101 deny pim any any
access-list 101 remark PERMIT everything else
access-list 101 permit ip any any
access-list 102 permit ip 12.70.58.128 0.0.0.127 any
access-list 102 permit ip host 12.89.208.122 any
access-list 102 deny ip any any
dialer-list 1 protocol ip permit
!
!
!
!
!
banner exec ^CC
You have entered $(hostname).$(domain) on line $(line) ($(line-desc)) ^C
!
line con 0
exec-timeout 0 0
stopbits 1
flowcontrol software
line aux 0
line vty 0 4
password 7 000B03030A4D06151D2E4F451A
login
!
ntp clock-period 17181129
ntp server 192.83.249.28
ntp server 204.74.68.55
ntp server 216.27.190.202
!
end
--
PL/I for OpenVMSwww.kednos.com
Your first issue is that your serial interface to your provider is
down, meaning the logical interface is down, meaning you will not be
able to ping it. As to your other issue, I'm thinking it could be an
ACL but I'm not totally sure yet. Can you source the ping from the
10.0.0.1 interface by typing ping, then enter, then pick the
destination IP, and when it asks you for extended commands type yes
and use 10.0.0.1 as the source interface. I don't think this will
work either, but I'm wondering if that deny echo in ACL 101 is
stopping it. I would consider yanking 101 for a minute to see what
happens and make sure that is not what is blocking the ping. The only
other thing could be the NAT itself, but a router should use its
closest logical interface as the source for a ping, and therefore it
really can't be a routing issue. So, fix the serial for starters,
take off ACL 101 off the f0/0 interface and do the ping test, if that
don't work, put it back, hopefully by then me or someone else will
have some more ideas for f0/0.
.
- Follow-Ups:
- Re: Changing IPs
- From: Tom Linden
- Re: Changing IPs
- References:
- Changing IPs
- From: Tom Linden
- Re: Changing IPs
- From: Trendkill
- Re: Changing IPs
- From: Tom Linden
- Changing IPs
- Prev by Date: Re: Changing IPs
- Next by Date: Re: Changing IPs
- Previous by thread: Re: Changing IPs
- Next by thread: Re: Changing IPs
- Index(es):
Relevant Pages
|
