Cisco – Routing Issue – Can’t access internet and home lab at the same time

ciscoroutingsubnet

I'm trying to setup a home lab to study for a Cisco certification. My problem is I'm tired of having to physically plug the console into a different device every single time I want to configure it by CLI. So what I've decided to do is setup 5 simultaneous telnet sessions to these devices. (4 switches, 1 router).

So here is my topology:

PC –> Motorola Cable modem –> R1 –> S1 –> S2
–> S3
–> S4

So basically my cable modem will be connected to both my PC and R1. I'm doing it like this so I don't have to connect my PC to R1 and thus lose internet whenever I need to study.

My PC's IP is dynamically from the Motorola cable modem and R1's IP is statically assigned in the same network. This is subnet 192.168.0.0/24. R1's IP is 192.168.0.155

My PC is 192.168.0.2, the cable modem is 192.168.0.1

R1's interface that faces S1 is 192.168.254.254… S1 is 192.168.254.1… S2 is 192.168.254.2, etc.

I'm able to telnet into R1 without any issues from my PC thus eliminating the need for a console cable AND I can still access the internet at the same time. From R1 I'm able to ping all the switches in the LAN.

Here's the problem: I can't ping the switches from my PC. I just don't understand why that's possible. If I can ping R1 and R1 can ping the switches shouldn't R1 route to the LAN?

Someone please help me out with this. I'm stumped and I know I'm overlooking something simple. The object here is I want to eliminate the need for a console cable and be able to access the internet while simultaneous accessing my home lab.

Best Answer

What you're overlooking is that your PC still has the default gateway of the cable modem and not R1. So all packets being sent to a subnet that isn't within that PC's LAN get sent to the cable modem which has no idea how to get to 192.168.254.0/24.

So you have two options if you want to also keep your internet access (thus, not change your default gateway):

Set a static route on your cable modem to 192.168.254.0/24
Set a static route on your PC to 192.168.254.0/24

Basic Config

As others have mentioned, your configuration is "suboptimal"... ~~the biggest problem you have is that you're not using DHCP on the outside Vlan interface~~ the biggest problem is that your default gw address is assigned to Vlan2... to recover, login to the console and...

copy runn flash:foobar.cfg
config t
configure factory-default 10.1.10.100 255.255.255.0

While you're in config mode, use this configuration...

hostname DTS-ASA
password ChangeMeNow
enable password ChangeMeNow
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Vlan2
 ! I don't think you need this, since it's an SMC MAC addr
 ! However, this illustrates how you can manually change the mac
 ! on your outside Vlan, if Comcast is restricting you
 ! to one mac (and now refuses to change it)
 ! mac-address 78cd.8ed9.fb37
 nameif outside
 security-level 0
 ip address 74.xx.xx.225 255.255.255.248
!
route outside 0.0.0.0 0.0.0.0 74.xx.xx.230
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
end
wr mem

Please change the password :-)... now you need fw rules, but that's a different issue

WAN Validation

Make sure you really do have the Comcast modem attached to Eth0/0... After you're up and running, you should be able to check the address you got from Comcast like this...

DTS-ASA# sh int vlan2
Interface Vlan2 "outside", is up, line protocol is up
  Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
        MAC address 0030.dead.beef, MTU 1500
        IP address 74.xx.xx.225, subnet mask 255.255.255.248     <------------
  Traffic Statistics for "outside":
        108703406 packets input, 119199091796 bytes
        69134254 packets output, 8083775282 bytes
        1654709 packets dropped
      1 minute input rate 2 pkts/sec,  280 bytes/sec
      1 minute output rate 3 pkts/sec,  414 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 3 pkts/sec,  716 bytes/sec
      5 minute output rate 4 pkts/sec,  520 bytes/sec
      5 minute drop rate, 0 pkts/sec
DTS-ASA#

Then check your ping to google's DNS...

DTS-ASA# ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/18/20 ms
DTS-ASA#

If not, be sure you can ping your default-gw...

DTS-ASA# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 74.xx.xx.230 to network 0.0.0.0

C    74.xx.xx.230 255.255.255.248 is directly connected, outside
C    10.1.10.0 255.255.255.0 is directly connected, inside
d*   0.0.0.0 0.0.0.0 [1/0] via 74.xx.xx.230, outside          <------
DTS-ASA#
DTS-ASA# ping 74.xx.xx.230

Best Answer

Related Solutions

Cisco – How to set up secure remote access to the home lab network

Cisco ASA 5505 – Troubleshooting Configuration Issues

Basic Config

WAN Validation

Related Topic