Cisco newbie with a routing problem with Cisco 2621

We recently changed providers, which has caused all sorts of headaches for me. The new ISP does not provide routers, but the sales rep found us a Cisco 2621 and someone to program it. Seeing as how I have had to have the programming corrected a couple of times already, I suspect my routing problem might stem from the Cisco.

We have 4 concurrent Class C addresses, and all but one of the Class C's are working fine. The last one, xxx.xxx.208.1, will not allow access to certain (not all) websites or ftp servers. I have eliminated the DNS and DHCP on my end as the culprit (I believe), so I'm stuck with thinking the Cisco may be the problem.

I'm at a complete loss here, as I'm not a Cisco person, and really need some direction. Does any of this make sense? I have posted my config below, if it is any help.

Thanks for any help anyone can offer me!!

Rick

The current config is below:

Using 1104 out of 29688 bytes ! version 12.3 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname INET ! boot-start-marker boot-end-marker ! enable password xxxxxxxxxx ! memory-size iomem 20 no aaa new-model ip subnet-zero ip cef ! ! ! ip name-server xx.x.xx.xx ip name-server xx.x.xx.xx ! ! ! ! interface FastEthernet0/0 description connected to xxxxxxxx ip address xx.xxx.xxx.xx 255.255.255.252 no ip proxy-arp duplex auto speed auto arp timeout 30 ! interface FastEthernet0/1 description connected to DHCP ip address xxx.xxx.206.1 255.255.255.0 secondary ip address xxx.xxx.207.1 255.255.255.0 secondary ip address xxx.xxx.208.1 255.255.255.0 secondary ip address xxx.xxx.205.1 255.255.255.0 duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 ip route xxx.xxx.206.0 255.255.255.0 FastEthernet0/0 ip route xxx.xxx.207.0 255.255.255.0 FastEthernet0/0 ip route xxx.xxx.208.0 255.255.255.0 FastEthernet0/0 ip http server ! snmp-server community xxxxxxxx RO ! line con 0 line aux 0 line vty 0 4 password xxxxxxxxx login ! ! end

Reply to
Rick Bruner
Loading thread data ...

Rick Bruner schrieb:

Ouch, direct ethernet route ;-). You should use

ip route 0.0.0.0 0.0.0.0 x.x.x.x

instead, where "x.x.x.x" is the IP address of the other end of our FastEthernet0/0 link (your default gateway). If your config works, your ISP seems to have proxy-arp enabled but this is not a good solution in my opinion. I avoid such setups strictly.

Ouch again, much more direct ethernet routes ;-). You should remove this part because:

a) "FastEthernet0/0" seems to be the wrong direction, because your /24s resides behind "FastEthernet0/1" ?

b) those extra route configurations are superfluous because your cisco knows the networks already due to the "interface" configuration before

I don't know if this will solve your ftp/webserver problem at all, but it may be a beginning.

-- Gerald (ax/tc)

Reply to
Gerald Krause

Gerald,

Thanks for the response. I don't think it helped my routing issue at all (I'm still testing), but boy howdy did it affect our network speed!! Everyone had been complaining about the speed of this new

10mb pipe, but as soon as I made the changes you recommended, network speed went off the chart! I may still have problems with that fourth Class C, but right now no one is noticing. Thanks for making my life at least somewhat better!

By the way, with our old ISP, I was able to use a subnet mask of

255.255.252.0 (the range was xx.xx.124 - xx.xx.127), but it appears I am unable to use the same with these new addresses. They are contiguous, but whenever I check a subnet calculator , it tries to include xxx.xxx.204.xxx. Is that possibly where my routing problem is originating?

I hadn't planned on becoming Cisco certified, but it looks like I may not have a choice.

Rick

Reply to
Rick Bruner

Rick Bruner schrieb:

Nice to hear :).

Your four /24s aren't contiguous in this way: x.x.204.x - x.x.x.207.x can be combined to one network with an netmask of 255.255.252.0 but not x.x.205.x - x.x.x.208.x So you can't and shouldn't use them as one plain ethernet network and your DHCP server should be aware of this. He have to serve different networks and unique def-gateways for each network.

How are your clients configured, especially the ones from the 208 network (netmask and def-gw)?

-- Gerald (ax/tc)

Reply to
Gerald Krause

Ok, that's correct.

This won't work properly unless you configure some ugly hacks too. Avoid such things where you can ;-).

If you have still problems accessing the internet from your 208 network you should do some tests, e.g. trace*) the targeted IP address in the internet from one of the problematic IP addresses and from an other working IP address and compare the results.

*) try it with and without name resolving
Reply to
Gerald Krause

It's to the point where I believe the problem lies with a particular computer as opposed to the router, as I can ping and trace the majority of that network from the other network...all but that one computer. NOW I will get to start tearing that one apart to find out what the user has done. :^)

Gerald, you have been a tremendous help to me. Thanks again for your support on this!

Rick

Reply to
Rick Bruner

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.