Packet Tracer: OSPF, NAT and Routing Troubleshooting

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this is going to double as a tutorial on how to use packet tracer for Cisco Academy affiliates as well as how to do troubleshooting our goal is simple check this out all we want is for this PC right here to be able to do an FTP log into this FTP server right here the networks are really simple this segment of the network right here is the 10.1 Network over here we have the 10.2 and then we have the 10.3 for this leg of our network right here and we should have a 24 bit mask across the board so we're doing some custom subnetting so what we want to do is have this PC bill to go to the server so what we're going to start with is verify that we can ping that server to begin with so we'll bring up the PC is what I would do I'd say I want to ping two 10.3 to 0.5 and that is by the way the IP address of this server if we hover over the server it'll tell us that the IP address is 10.3 0.5 and this pcs IP address is if I click here is 10.10 dot 5 so we want to try the ping from here down to the serve done the server and we're getting a missing destination host unreachable now that's good news that's somebody on the network telling us hey I don't know how to get there a router I killed your packet I would love to forward it but I don't know how to get there so let's take a look at the default gateway IP config on this device shows that our default gateway is 10.1 dots hero dot 1 I would assume that I can reach this device because it's the guy who told me I can't reach your packet so let's just ping him to be sure 10.10 2 1 and sure enough we can ping from here to our default gateway so we know this leg of our journey is ok let's go to r1 so on our one with you go ask in what's going on and we say can you ping over to 10.30 dot 5 again that's the IP address of this server right here and that is timing out now why can't it get there well let's take a look at the routing table on this we'll do a control shift 6 to break that into a show IP route so what this is good news for r1r one says that he is connected to the 10.10 Network which is right here but this interface is not up and active there's no route for the 10.2 network right here this red indicator inside of pack tracer is also indicating that we have a failure so maybe the interface is shut down that's a good possibility so let's go to our one and check that out show IP interface brief and look at this interface fa0 one shows up down it doesn't say administratively down so it's not shut down manually it's not up the layer to so layer one physical we're connected to that might or might not mean we have a cable attached but up down certainly means that layer two is not happy so what could be causing that well let's take a look at the interface and here is interface fa0 one right here and it looks pretty straightforward we have an IP address we have IP net outside on that interface that's good to be aware of and on fa 0 0 we have IP net inside there so we might have to tackle that later but I don't see anything funny here that would indicate why that interface is down so when we're troubleshooting we want to remember the OSI reference model and troubleshoot from the ground up if we don't have connectivity from r1 to r2 we won't want to physically inspect and verify we have a cable or more importantly the right cable check this out this solid line represents a copper straight through cable that's what that does now that's the perfect cable from a switch to a PC or a hub to a PC or a switch to a router or a hub to a router but if we have to like devices like two routers back-to-back they're both sending on pins 1 & 2 with fast ethernet and as a result they're not able to hear each other because they're both trying to send on the same signals and the other side isn't trying to listen so we need a crossover cable to get the send pins from one side to the received pins on the other so we need to remove the cable I'll get my little X tool we'll take out this straight through cable and we're going to put in a copper crossover cable so I'll click on copper crossover and connect to the available port and the available port and that looks much happier so any like devices we need a crossover cable why because the send and receive pins need to be wired to each other a hover switch is expecting to receive on pins 1 & 2 while a router is expecting to send and receive on pins 1 & 2 not receive so the crossover cable simply fools both sides and makes the send pairs on one side show up at the receive pairs or the other so now that that's in place let's verify our connections on our one show IP route and well at least we have our directly connected network now so r1 says if we do a show IP interface brief our one is saying that we've got 10 dot one which is up and up that's off of FA 0 0 and 10 dot 2.0.1 is up and up and that's here so let's just verify we can ping our neighbor r2 now for convenience sake the last octet I just named the same as the router so our 2's addresses all end in 2 so we try to ping 10.20 2 which is our two's address we might lose one for the ARP and there we go so we have great layer 1 2 & 3 connectivity ICMP is a layer 4 protocol that we use to verify layer 3 connectivity so ping works from here so maybe I could do a ping from PC 1 all the way to r2 and that would verify my conversation so far so let's try a ping from pc1 to this IP address effect I'll copy it 10.20 2 so we'll copy that go back to the PC do a ping and then we'll paste in that answer ok so a ping from here to 10.20 2 now that is not working now we realize that NAT is doing some translation here on r1 perhaps the NAT isn't working correctly let's go investigate so on r1 well this is exactly how we go identify the fault domain identify what is working and then find where it's not working and tear that apart and look at it so for do a show run here our gnat pieces on our 1 FA 0 1 is the outside interface right here because of that command and that's the only reason it's the outside interface is because we configured it that way or somebody did and then FA 0 0 is IP nut inside if we go down further in the config we can see the NAT pools so here we have an app pool called pool 1 which is going to network address translate people into the pool of 2300 1 through 30 with it looks like a 27 bit mask so we're doing some custom subnetting on that as well so that would be that's perfect by the way so those 3 bits from the last octet would equal the valid IP address ranges of 1 through 30 so it happens to be that part is looks pretty good and then we said IP net inside source list 1 meaning anybody who matches access list 1 is allowed to be translated into this pool called pool 1 and access list 1 says anybody who's sourcing their traffic from the 10.10 network based on the wildcard mask so that actually that part looks good I was expecting a problem there but you know the NAT looks ok I don't see any problems with that we can ask our one about that with the show IP net translations and see what he has lady doesn't anything at the moment maybe they timed out let's do a ping again now let's go back and ask r1 if he has any translations currently in the pipe and check that out this is measurable proof that r1 is doing the translation so he's taking the PCs IP address of 10 1:05 and translating into 2300 one and that's perfect that's the first IP address in that pool so that's working what what else is going on well if the packet makes it to the router and the router does NAT and the router forwards it and we know that our one knows how to get to this IP address because it pinged it earlier perhaps r2 can't get back to the 2300 one address that's a that's a possibility let's ask our two if he knows how to reach the 23 network so we'll go to our two and just ask them show IP route says that this router doesn't know how to get to anything except for directly connected networks 10.2 which is this network segment right here and 10.3 is the only two networks and it certainly doesn't know how to get to the 23 network or or even the 10.1 network for that matter so our routing protocols seem like they're not working let's see what routing protocols we have so on our tool do is show IP protocols and that will show us what routing protocols that we have he says we're running OSPF one it states that we're routing for 10 anything so that means that r2 is you know willing to be doing OSPF on these two interfaces because they both start with 10 something let's see if he has any neighbors show IP ospf neighbors no neighbors here's what should happen r2 and r1 should become OSPF neighbors remember all the rules well maybe you're in your studies you haven't gotten to this yet but with OSPF we have to have certain agreements in place it's like being a member of a homeowner's association everybody on the block has to play by certain rules or you get kicked out or at least a fine with OSPF we have to have several things in place the flags all have to be matched up for example a stub area or not so stuff a stub area flags and so forth we also have to have the same OSPF area so maybe this guy thinks it's area zero maybe r1 things is area one also we have to have the same networks in place so here let's take a look at our two and we'll do a show run and let's just take a look at the interface FA 0 0 is 10 to 0 2 with a 3 octet mask so our 2 believes this is the 10.20 Network right here let's see what our one thing's if we take a look at our 1 and take a look at its interface FA 0 1 right here it thinks that it's yeah the 10.20 I'll check it out the mask is wrong now they can still communicate because they both from an IP perspective they can talk to each other but OSPF is more picky OSPF says that if this router believes it's a 24 bit network and this router believes it's a 16-bit network they won't become OSPF neighbors so we need to fix that so we'll go into interface configuration mode for FA 0/1 I'll put my mouse right on it that's where we're configuring right now and I'll simply change the IP address for 24-bit mask just can be 10 to 0.1 with a three octet mask now OSPF once that happens we're gonna have some hellos that go back and forth and wow that was really really quick so the neighbor ship came up and now we have a neighbor ship between r1 and r2 I guess pieces little teeny pieces bit by a bit identifying the fault domains so so far what do we had we had a bad cable that was layer 1 of the OSI reference model we had a bad Oh s PF neighbor ship so they weren't forming a neighbor ship but now they are let's take a look at our 2 and show IP ospf neighbors so sure enough we have a neighbor ship between r2 and r1 let's take a look at the routes ok and so here are 2 knows about the 10.3 network right here r2 is directly connected to the 10.2 Network right here and we have dynamically learned through OSPF the 10.1 Network which is right over here so let's try our ping again from the PC not to 10.20 to now it's still not working why now this is a little bit tricky but if we follow the bouncing ball across the path remember that we're doing network address translation on r1 so we look at the IP net translations this PC is being translated into the source IP address of 2300 won when that packet goes to r2 which is the destination in this case our 2 is asking itself do I know how to return the ICMP echo reply back to the 2300 won and the answer is no I don't have a route for it it doesn't happen now we could solve this by doing a default route on r2 that says send everything dar 1 or or check this out we can of our one advertise the default route that would then tell our two to send everything or we could create a static route on our - that says to get back to that 2300 one range go ahead and send it to our one or lots of options we could create a static route on our one that says I know how to get to the 23 network and then redistribute that into OSPF in the real world that would be our preferable treatment because in the real world we're going to have more routers than just this guy and default routes are not to be played lightly with in the real world either just saying hey yeah send everything my way because you probably don't want everything the entire internet for example sent your way so what we'll do this on our one we're going to create a static route for that range of addresses in the pool so if we go up to the config which I'll show you again show IP or show run packet tracer doesn't have all the shortcuts as the iOS does but it's got a really big set of tools that's fantastic so we want to create a route to the 203 0 0 1 through 2300 30 with that mask so what that would equate to is the 23000 network with a 27 bit mask if we create a static route for that and then we point that to null 0 which is the bit bucket we can then advertise that route out to all our buddies via OSPF so what's going to happen is our - if he has a packet for the 23 Network he's going to forward it over to our one and our ones gonna have a static route for that but it's also kind of a more detailed route for the NAP translation that it just created for PC 1 so r1 will take it and forward it that may be a little bit advanced but you know what it's good to see how it works so let's go ahead and do the static route IP route spelled correctly Keith's going to and let's see that range is going to be 10 actually 23 that 0.020 that's a 27 bit mask right there and I need to say that's going to go to null 0 which is the bit bucket so right now we have this 27 bit route that that says iris end to the bitbucket now fortunately if we're doing network address translation for people we're going to have their 32 bit IP address we know exactly how to reach them so let's do this let's add that route to OSPF so show IP protocols is going to show us what OS PF process we're running which is OSPF one let's say redistribute static now that says any static routes that I have go ahead and put into OSPF so what's going to happen is r1 is going to take the static route for the 23 Network put it into OSPF and now it's going to advertise that specific route via OSPF to r2 so our two should have they'll went well our two should have a external OSPF route right here that it learned from 10.20 dot one regarding the 23000 / 27 network which is perfect now could we have done this with a slash 16 or 24 bit mask yes it would work the same but this is nice and tidy just for that pool of addresses that were nodding for so now that that's done let's see if PC one can go ahead and successfully ping r2 and it can so we've had a couple challenges so far we're almost done so the PC has been added at r1 that netted address pinging our to Arc two replies but our goal was for this PC to talk to this FTP server so let's see if we can do the home hole hole run here so we're going to do a ping to 10.3 to 0.5 that is the server and that is not working ok so we're almost home let's go take a look at the server and here in packet tracer which is a really great tool for Cisco Academy affiliates let's go ahead and take a look at the desktop go to the command prompt on the server and do an IP config it's 10 3:05 and it's default gateway is right there and that is wrong the default gateway should be 10 30.2 this interface right here of our - should be our next top we'll need to fix that so we'll go to fastethernet and we'll go to the global settings and the default gateway should be too so once we've made that change we can close this window actually we'll go back to it and we'll test with the ping so let's go to the desktop command prompt and let's do a ping of 10.3 let's just come in again make sure took and we'll do a ping to 10.3 that 0.2 okay that works so now the server has the correct default gateway finally let's go back to the PC and see if the PC can actually get there 10 3:05 Wow full connectivity life is good one last piece can we open up an FTP session to it so do FTP to 10.3 2:05 and it's trying it is trying now here's the kicker we know that we have connectivity from a routing perspective so what could stop an FTP session from working well it could be an access list stopping the TCP FTP well-known port of 21 anywhere on these routers that could be the case or it could be the server itself that is simply not running FTP so let's take a look at the server and under the config under FTP services we probably should enable it so we're going to enable FTP on that server and now that is enabled let's go back to the PC and try it again and there's our prompt the user name and password Cisco Cisco by default and we have FTP successfully in the back in this troubleshooting lab we highlighted the features of Cisco's packet tracer for the network Academy which is a fantastic tool and we've also troubleshot OSPF with adjacencies physical issues with the wrong type of cable between two like devices we had the FTP server with a wrong default gateway we also had a situation where the network didn't know how to reach the 23 network address and that was the pool of addresses that we were using for a network address translation I've enjoyed walking you through this troubleshooting tutorial I hope you had fun and I look forward to seeing you in another video have a great day you

Info

Channel: Keith Barker

Views: 32,975

Rating: undefined out of 5

Keywords: ccent, ccna, icnd, ospf, cisco, troubleshoot

Id: qqEquf07fqY

Channel Id: undefined

Length: 20min 33sec (1233 seconds)

Published: Wed Jan 05 2011