Routing & ACL question

I was just wondering what the "MOST" recent running config was. I was not sure if the first one was your current running config or not. So what we are looking at here is the networks which are the ones you said worked correctly, correct?


Edit: can you post the other config and label the commands you used to make the changes? Basically I want to put the config that works side-by-side with the one that doesn't so I can determine why it doesn't.

Currently it looks as if it should work as discribed and you might have fat fingered something and simply got it right when you made changes. I don't know to be honest I'm simply not seeing it.

Sorry, missed that one!

Can you give the ACL's a try and let us know of the results ?

Thanks

Chris,

I think we discuss the ACL in other thread.. www.firewall.cx/ftopict-8099.html

I was just wondering what the "MOST" recent running config was. I was not sure if the first one was your current running config or not. So what we are looking at here is the networks which are the ones you said worked correctly, correct?


Edit: can you post the other config and label the commands you used to make the changes? Basically I want to put the config that works side-by-side with the one that doesn't so I can determine why it doesn't.

Currently it looks as if it should work as discribed and you might have fat fingered something and simply got it right when you made changes. I don't know to be honest I'm simply not seeing it.

Nevins,

I will post the configuration...Need to reconfigure back the router base on the above situation.

Currently i'have change the configuration..

Router 1 Config [/b]"]

router-1#sh run
Building configuration...


Current configuration : 2902 bytes
!
! Last configuration change at 09:08:17 UTC Wed Feb 9 2011 by admin
! NVRAM config last updated at 08:48:34 UTC Mon Feb 7 2011 by admin
!
version 12.x
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname HQ
!
boot-start-marker
boot-end-marker
!
logging count
logging buffered 4096
logging monitor informational
enable secret 5 xxxxxxxxxxxxxxxx
!
aaa new-model
!
!
!
!
aaa session-id common
dot11 syslog
!
!
ip cef
!
!
ip domain name www.test.com
multilink bundle-name authenticated
!
voice-card 0
no dspfarm
!

!
username admin secret 5 xxxxxxxxxxxxxxxx/
archive
log config
hidekeys
!
!
ip ssh version x
!
!
!
!
interface GigabitEthernet0/0
description ####### Network 1 ########
ip address 172.16.10.1 255.255.255.0
duplex full
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description ##### Network 2 ######
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface FastEthernet0/0/0
description ######## MAN Connection ########
ip address 10.1.1.1 255.255.255.252
duplex full
speed auto
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.16.1.1
ip route 172.16.20.0 255.255.255.0 172.16.10.1
ip route 172.16.21.0 255.255.255.0 172.16.10.1
ip route 172.16.22.0 255.255.255.0 172.16.10.1
ip route 172.16.30.0 255.255.255.0 10.1.1.2
ip route 172.16.31.0 255.255.255.0 10.1.1.2
ip route 172.16.32.0 255.255.255.0 10.1.1.2
!
!
no ip http server
no ip http secure-server
!
!
access-list 1 deny 192.168.0.0 0.0.0.255 log
access-list 1 permit any log
access-list 2 permit 192.168.0.0 0.0.0.255 log
access-list 2 deny any log

!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
password 7 051F0B012ABABABABA
line aux 0
line vty 0 4
password 7 08354140QWERTYU
transport input ssh
!
scheduler allocate 20000 1000
ntp clock-period 17179798
ntp server time.sirim.my
!
end

router-1#

Router 2 Config [/b]"]
router-2#sh run
Building configuration...


Current configuration : 2804 bytes
!
version 12.x
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname branch
!
boot-start-marker
boot-end-marker
!
logging count
logging buffered 16777216
enable secret 5 $1$lCSg$ptxxryynki666
!
aaa new-model
!
!
!
!
aaa session-id common
dot11 syslog
!
!
ip cef
!
!
ip domain name www.test.com
multilink bundle-name authenticated
!
voice-card 0
no dspfarm
!
!
!
!
voice service voip
allow-connections h323 to h323
!
!
!
!
username admin secret 5 $1$CBgg$z2Vekdcrftyhujuj
archive
log config
hidekeys
!
!
!
!
!
!
interface GigabitEthernet0/0
description ####### Network 1 ########
ip address 172.16.10.2 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description ##### Network 2 ######
ip address 192.168.0.2 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface FastEthernet0/0/0
description ######## MAN Connection ########
ip address 10.1.1.2 255.255.255.252
duplex full
speed auto
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
!
no ip http server
no ip http secure-server
!
access-list 1 deny 192.168.0.0 0.0.0.255 log
access-list 1 permit any log
access-list 2 permit 192.168.0.0 0.0.0.255 log
access-list 2 deny any log
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
password 7 00101E080frfrgtgt
line aux 0
line vty 0 4
password 7 14031F0xxxxxxeeeee
transport input ssh
!
scheduler allocate 20000 1000
ntp server time.sirim.my
!
end

router-2#

Test PING From Router 1

router-1#sh run int gi 0/1
Building configuration...

Current configuration : 152 bytes
!
interface GigabitEthernet0/1
description ##### Network 2 ######
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
media-type rj45
end

##### PING From Router 1 To Interface Gi 0/1 At Router 1 #########
router-1#ping 192.168.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

##### PING From Router 1 To Interface Gi 0/1 At Router 2 #########
router-1#ping 192.168.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
router-1#

Test PING From Router 2

router-1#sh run int gi 0/1
Building configuration...

Current configuration : 152 bytes
!
interface GigabitEthernet0/1
description ##### Network 2 ######
ip address 192.168.0.2 255.255.255.0
duplex auto
speed auto
media-type rj45
end

##### PING From Router 2 To Interface Gi 0/1 At Router 2 #########
router-2#ping 192.168.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

##### PING From Router 2 To Interface Gi 0/1 At Router 1 #########
router-2#ping 192.168.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
router-2#

Lets probe deeper.

Please provide ping information for router 1 fa0/0 to router 2 fa0/0.

Lets probe deeper.
Please provide ping information for router 1 fa0/0 to router 2 fa0/0.

this discussion become more interesting... colorful thread...

attach here with the diagram for this situation

Uploaded with ImageShack.us

so this is the fa0/0 and Ga 0/0 PING result from both router :

Test PING From Router 1
router-1#sh run int gi 0/1
Building configuration...

Current configuration : 152 bytes
!
interface GigabitEthernet0/1
description ##### Network 2 ######
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
media-type rj45
end

##### PING From Router 1 To Interface Fa 0/0/0 At Router 1 #########
router-1#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

##### PING From Router 1 To Interface Fa 0/0/0 At Router 2 #########
router-1#ping 10.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

##### PING From Router 1 To Interface Gi 0/0 At Router 1 #########
router-1#ping 172.16.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

##### PING From Router 1 To Interface Gi 0/0 At Router 2 #########
router-1#ping 172.16.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Test PING From Router 2

router-1#sh run int gi 0/1
Building configuration...

Current configuration : 152 bytes
!
interface GigabitEthernet0/1
description ##### Network 2 ######
ip address 192.168.0.2 255.255.255.0
duplex auto
speed auto
media-type rj45
end

##### PING From Router 2 To Interface Fa 0/0/0 At Router 2 #########
router-2#ping 10.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

##### PING From Router 2 To Interface Fa 0/0/0 At Router 1 #########
router-2#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

##### PING From Router 2 To Interface Gi 0/0 At Router 2 #########
router-2#ping 172.16.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

##### PING From Router 2 To Interface Gi 0/0 At Router 1 #########
router-2#ping 172.16.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms