Basic Cisco network troubleshooting

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello guys welcome back my name is david and today we are going to troubleshoot simple cisco network so what i mean is i have one com one computer and one router this router was configured to pass the traffic to translate this traffic into a public ip so the computer can surf the internet now what i did i broke the configuration in several places and we are going to start from beginning to the end we'll find all the problems and try to fix that stay with me okay let's start this is my computer this comes supposed to have the ip address and dns iprs right and the gateway of course then traffic comes here on the cisco router and then from the router it goes to the internet but here we need to do net right network address translations so let's start and find all the problems i caused in the configuration so in order for the traffic to leave the computer computer is supposed to have the ipad so let's make sure the computer has the ip address and when we say let's make sure computer has the ip address let's test the actual status of the ip address not the configuration and what i mean by that is you can go into a configuration and make sure the configuration is there by clicking this button but that's not the way i want you to test it i want to test it the actual status of the configuration that means you can either click here details or in the cli now what's the difference you must say the difference is that sometimes when you configure the ip address windows is not taking this ip address for some reason there can be many many reasons but the configuration doesn't always work so when you check the configuration on the ip address it's not necessary the computer is using that ipr so what we want to do we want to check the actual status of this configuration okay so let's see what we have we have the ip address here as you can see and we have the gateway so we know the ip address is there and probably the ipaddress works we can ping the ip address itself and yes well ipstac tcp stack works on the computer that's good so now let's test the gateway make sure the gateway works here's the gateway and we want to ping that gateway to make sure the gateway is on the network now you might already see that gateway is that one on the topology so the gateway is wrong but let's try and ping it ping 192 168.1.254 and the gateway is not pingable and how do let's say we don't know the if the gateway is correct or not or we know the gateway is correct but we are not sure why we don't ping it ping could could be closed nobody close icmp on the gateway but let's say it's closed you want to make sure the gateway is on the network and for that we can check the r and let's go ahead on the windows machine type r iphone a and this will show you arp cache and you know the ip address mapped to the macro so let's see if we have 254 here in the arc cache and we don't have it but we have that one and let's try and think it dot one it's not pingable that's weird but well at least we know it's that one but let's go ahead and change that one you know what we have the cisco router and we have the interface g3 w3 and let's see what's the ipad address on the interface show run not sure our show interface address and as you can see this is the ip address of the cisco router so yes the computer is supposed to have that one as a gateway not 254 so let's go ahead and fix that on the computer we are just one step closer to the fixing the problem and let's do one now remember that one wasn't pingable from the computer and we want to find out why we cannot ping it should we pingable should it not and let's go ahead and check if there is any access list on the cisco router on the inside interface show run inside interface gear v3 and pipe in for the inboard and sure there is an access list and let's check what's inside okay we have permit ip192.168.3 okay and slash24 so the access list is not permitting our traffic coming from the computer because remember our ip address our subnet on the computer is 192.168.1 not three but one on the third octa and access list on the cisco hour is not having this dot one so let's go ahead and fix that we need to go into access list extend it inside by inbound and you know we know for sure that they're not there's not supposed to be the three network on this lan right so it's okay to remove this ip address and fix that node 20 and then permit ip192.168.1.0 and any okay now it looks great let's see if we can ping the router okay we can ping the router great now let's check do we have the internet and no we don't okay let's see what else we are missing here do we have the route now actually let's make sure the cisco hour has the internet ping made updated doesn't have the internet let's fix that so what do you need on the router to have the internet you need the ip address you need the next hope which is that one and you need connection between isp and the router let's check what is the interface on the gear with one and what is the ip address here okay that's great now what's the gateway show ip route and our gateway is that three but remember our isp has that one not that three so let's go ahead and fix that too here's my route which i need to remove and add the new one now remember if you just add the route you'll have two routes it's not gonna replace even though it has the same destination it's not going to replace so you want to remove the old route and add the new one okay now we have the route and the routing table proper now let's see if we can ping the google ping from the cisco hour okay cisco router has the internet now let's come back on the computer and just see if computers also has the internet well no computer doesn't have the internet okay let's think what do we need to do what do we need to have on the cisco router to allow the internet to access uh from the computer so the computer can serve the internet sites websites okay so first the computer has the private ipads you see and the cisco router external interface is the public ip address so we want to translate our private ips subnet into a public iprs of the router and for that we need to do the net and let's make sure we have the nut translations on the cisco router so let's go ahead and try ping actually that's not let's ping and come back here and see if we have no translations and we have some not translations which is not our google ip addresses so let's clear up our ip not translations dynamic i believe here no just just everything okay show ipmap translations we don't have new translations that means cisco router is not translating our traffic from private subnet into public ip and let's troubleshoot that we need to have the configuration for that right so let's let's go ahead and do this show run defensive gear three and does it have the net configuration on the gearb3 it does and it has not ip not inside that's great now inside interface is supposed to have ip not inside the outside default though supposed to have ip nut outside let's check that oh outside the face doesn't have ip not outside at all so let's go ahead and configure that ipnot outside and now we fixed not well at least partially on the cisco router now we know that the inside the face and outside the face they both have not configuration on them let's go ahead and check ipnot translation again all right we have some traffic here this is our ip address right right and this is what we are trying to ping and this is the icmp protocol and this is the ip address we are translated into so if we check this ip address on interface that's our ip address we know that cisco router translates the packet into public ip now what we need to do is we know traffic comes here on the router is translated and we need to make sure traffic can leave the interface now how do we check that well usually if you have the route and there is no restriction on the interface traffic leaves the interface so let's go ahead and check that do we have any access list we don't but do we want to put the access list to make sure traffic leaves the interface you know you can use probably packet capture if you know how to do that but if not what you can do is do a quick configuration show ip access list extended for example and match our traffic in our case let's say outside isp is going to be no i thought outside that's the access list name and permit our traffic what is our traffic ip host 192 168.1.10 into google dns and we want it to be icmp but ip will work for as well but let's do icmp only and now we want to assign this access list on the public interface but remember right now the interface doesn't have the access which means once you assign this access list you'll permit only the things you have in the access list and in our case that's only icmp packet coming from our computer going to the google but for the rest of the users we're gonna break the internet well if they have already so what we want to do is to add permit any any at the end of the access list which means if we assign this access list on the outbound interface for the outbound traffic we'll get the match here and hit count will increase if the packet leaves the router and for the rest of the traffic to not block them here's the permit ip and then so let's go ahead and do in gigabit estimate one ip access group outside outbound and outbound packets so we want to do out and now now you see there is a match on ipm en probably some kind of you know uh different traffic coming from the computer checking the updates or something like that but our traffic doesn't have the match let's generate the traffic on the computer this is our traffic one two okay and now let's check if we have the match on the access list we don't but that's weird isn't our ap address oh oh i'm sorry guys this ridiculous remember we translated traffic into public ip so there's no way to match the 192.168.1.10 on the aggress interface so if we want to do something else let's go ahead and you know fix that we want to remove line 10 and add the new new line ip icmp host what's the our public ip address of the router it is 100 that 100 i believe this is the ip address and then we are going to ping google dns here's the axle list now now we need to renumber this because it's incorrectly we want to have permit any at the end so remove 20 permit any any and now it's correct okay now let's ping and let's see if packet leaves the router we still don't have the match on the interface okay here's the match i was like what's going on so we have match and that confirms two things not two actually several we have the working gateway for the cisco router so traffic can leave the interface now because the match is for the public ip address we also know that the traffic is being translated so even if you didn't check the iphone translation this confirms that there was a translation and the private ipad is translated into public ipads and the third packet leaves the router okay now that's good it leaves the router is it coming back no it might be coming back or it it's my not coming back depends on the problems on the internet so since this video about the troubleshooting let's make sure the traffic is coming back and for that we again can capture the traffic or we can assign the similar access list on the inbound traffic extend it and that would be outside inbound and now what do we want to match here we won't match google dns as a source because remember answer is coming from google now and we want to do destination is going to be our ip address on the public interface on the outside interface and the protocol is icmp also you can use echo reply if you want not necessary for this purpose but you can because like if you are troubleshooting with someone else on the other side and they are pinging your ip address as well you might want to add echo reply to make sure this is your reply not their ping but google is not going to ping us so it's okay to not put the echo reply any any icmp we match here we know it's our reply from google dns and now let's permit any any because we don't want to block any other traffic on the interface because right now there is no access to the game there is no access list and if we assign the axle list we'll block everything that is not permitted on the access list so let's go ahead and configure the internet gigabyte gigabit ethernet one ip access list not access access group and here we use inbound okay in now let's check what match do we have on the interface for inbound traffic is there any reply from google and there is reply so we know now that the traffic not only leaves the router but it's also coming back from google so internet in between google dns and our isp is okay we receive the traffic but computers still cannot ping that how come we need the ping on the computer so what else are left when traffic comes back to the router let me try to draw it here where traffic lives okay we we have this traffic it left the router went to dsp not sp google dns and coming back and it comes here we have this match on this interface now what's supposed to happen well nat will catch the traffic will check the port translations and we'll figure out okay that's the returning traffic for this ping this guy is pinging from the windows 7 machine and now this packet sorry now this package supposed to leave this interface okay to to be delivered to the computer and let's make sure that is happening for that what we are going to do is we are for that we are going to check if the traffic leaves the cisco router again this is the same as we did on the outside interface you can capture traffic if you know how to capture if not you can assign the interface on the address let's first make sure there is no access list on the router and let's do out there is an access list okay now let's check what this access list has in it does it have any match and it doesn't but look at this this subnet is not what we are expecting to have because remember our subnet is 192 161.10 and here we see two so again the subnet on the axle is wrong let's try and fix that now it's correct so remember the traffic leaves the router so the source here is going to be any in our case it's google dns and destination is our computer so the access list order like from any tool subnet is correct and let's see if we can finally ping it we still cannot bring it wow let's see what's going on is it leaving the interface it is actually it's my bad i did two again okay this is wrong ah this is what happened when you rush and actually turn and then we need to do one yeah once you remove the all lines from the axles that actually doesn't work anymore so there's no denying any at the end if there's no any line in the axis so as soon as we removed 10 we start pinging it and now and then we added correct line here and we can still ping it and we have hit counts so this is how you troubleshoot simple basic cisco network not only cisco network pretty much any network you need to know what your troubleshooting you need to know how traffic goes what gateway are you supposed to have on the computer you need to know all the things to troubleshoot and after some several months or years you have the enough experience to skip some of the steps for example you might know the gateway on the router is correct because you connected to the router remotely and from the internet so the router most likely has the default gateway or you might know that the the access is not supposed to be checked on the inside device because user told you that they can ping the ip address of the gateway so many many things can be skipped based on your experience but this is from starting to the end you check from the beginning where you have the problem you don't check at the end if the cisco has the internet first you make sure you have everything you need to leave the uh area to leave the subnet now let's see if you can paint google the google website directly using dns and we can ping so if i go on the browser here i'll try to open the google website i should be able to open it and sure enough i can open it and it works perfect i hope this was useful for you guys and at some point you'll use it that's it so guys if you like this videos please like the video and hit the subscribe button if you want to see more videos like this also i'm looking for an ideas what kind of videos to create so if you have any idea and you're looking for some kind of configuration on the cisco or similar network you can put in the comments what do you want to see in the next video thanks for watching and have a good one you

Info

Channel: IT Solutions Network

Views: 70

Rating: undefined out of 5

Keywords: network troubleshooting, help desk, how to troubleshoot network, network troubleshooting interview questions, networking troubleshooting, network troubleshooting steps, network troubleshooting commands, network troubleshooting tools, networking fundamentals, network troubleshooting at the command line, network troubleshooting windows 10

Id: 5vReeF1GupQ

Channel Id: undefined

Length: 23min 36sec (1416 seconds)

Published: Tue Nov 30 2021