Ftp/Telnet routing problem

[arkanoidPin]

Hi!
I'm using a cisco router (836 SOHO) to connect two network segments within the same physical interface using primary and secondary ip. The primary ip address is 192.168.0.254 / 24 and 192.168.10.254/24 is the secondary ip address.
The problem is when I try to connect computer A wich is in the primary network segment (192.168.0.2 / 24) to computer B (192.168.10.5 / 24)in the second network segment using FTP or TELNET.
I can ping computer B, (and if in the same segment, I connect without any problem) but I get a time out if I try to TELNET or FTP.

Is there any restriction using secondary ip address in the ethernet interface?

As i'm starting the configuration from scratch do i need to set up NAT / PAT ? Why can i ping but can't connect with ftp or telnet?

Thanks

[Soulblazer91]

hey bud. i gotta get some info from you.

i dunno all the rules about giving us info about stuff so we'll see how this works.

i need you to do a "show startup-config" command in executive mode of the router. now b4 you do this you need to encrypt your passwords so we can't jack with your network.

in case you don't know (but i'm assuming you do knowing that you can setup nat/pat and interfaces) you execute this command in the global configuration mode

service password-encryption

that should encrypt all password with a simple hash to prevent us from seeing your passwords and such.

once we can see your config that would help us determine the problem.

[arkanoidPin]

Hi
Got the problem solved when connecting to a computer (firewall issue).

Still have a problem connecting to an old machine (not a computer).

I can't set a subnet mask or gateway in this machine.
If I'm in the same network segment, I connect (from computer command line) without problems. If I'm in another segment, I can ping but can't connect using ftp or telnet.
Strange thing is that I can´t connect to the machine using telnet from the router (got time out error). Note that the secondary ip of the router interface is in the same network segment!

Other thing is that if I change the primary ip address to secondary and secondary to primary, I can connect from the router using telnet! But still can't connect from computer using ftp ...

Another test I made was trying to connect to an old VMS server (same age of the mentioned machine) using the same protocols (telnet/ftp). It worked...

I really don't know what to do now. I think that the problem is in the machine because it doesn't have gateway...
Are there different versions of FTP ???

Should I try to configure NAT/PAT?

Thanks for the help... Here goes the running-config:


Router#sh run
Building configuration...

Current configuration : 763 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
logging queue-limit 100
enable secret 5 **********
!
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
ip address 192.168.10.254 255.255.255.0 secondary
ip address 192.168.0.254 255.255.255.0
!
interface BRI0
no ip address
shutdown
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
ip classless
no ip http server
no ip http secure-server
!
!
line con 0
stopbits 1
line vty 0
password *******
login
line vty 1 4
login
!
scheduler max-task-time 5000
!
!
end

[Soulblazer91]

so let me get this topology straight. there are two segments, one with a user, and another with an "old machine" that are both connected to one interface on the router? if this is the case then it might be a problem with the whole secondary interface deal.

here's a suggestion...

instead of making a secondary ip on the interface, split the interface into 2 separate sub interfaces. this might solve the problem.

and i'm sorry, i asked the wrong info from your router, i actually needed to see the "sh version" command. if you could post that info that would help in determining what is happening with ftp and telnet.

[arkanoidPin]

Hi there!

Yes, the topology is correct. I want to add these "machines" to my network by creating a different network segment. But I only have this router...


Here's the sh version output:

Cisco Internetwork Operating System Software
IOS (tm) C836 Software (C836-K9O3SY6-M), Version 12.2(13)ZH4, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Synched to technology version 12.2(14.5)T
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Wed 24-Mar-04 18:30 by ealyon
Image text-base: 0x800131E8, data-base: 0x80C30444

ROM: System Bootstrap, Version 12.2(11r)YV, RELEASE SOFTWARE (fc1)
ROM: C836 Software (C836-K9O3SY6-M), Version 12.2(13)ZH4, EARLY DEPLOYMENT RELEA
SE SOFTWARE (fc1)

Router uptime is 6 minutes
System returned to ROM by reload
System image file is "flash:c836-k9o3sy6-mz.122-13.ZH4.bin"

CISCO C836 (MPC857T) processor (revision 0x200) with 44237K/4915K bytes of memory.
Processor board ID AMB082806FJ (4143694155), with hardware revision 0000
CPU rev number 7
Bridging software.
Basic Rate ISDN software, Version 1.1.

1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
1 ATM network interface(s)
128K bytes of non-volatile configuration memory.
12288K bytes of processor board System flash (Read/Write)
2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x2102
----------------------------------------------------------------------

I tried to configure a subinterface, but I got an error :
% Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.

I think that my router isn't capable of dealing with subinterfaces. It doesn't have the encapsulation command available in the interface config. mode. Can this be solved with an IOS upgrade?



Many thanks for your precious help!

[TheWiz]

Hi. You cannot configure sub-interfaces on a Cisco router unles that interface is a 100MB interface which is not the case here. Therefore an IOS upgrade will do nothing to solve the problem.

With the "old machine", does it have a default gateway configured as this sounds like the cause. I assume that PC's on the same segment can connect to it but on a different segment cannot. If this old machine is statically assigned then the gateway address may be wrong etc.

Cheers

Wiz

[Soulblazer91]

if the user on the seperate segment can ping the device then it has a default gateway, otherwise the ping would be unsuccessful. i must say however there is not much else i have to offer. i've typically worked with larger, more powerful routers with more features (such as the ability for sub interfaces). only thing i can say is get a cheap switch or hub and make it just one net instead of two as to eliminate any complications with the two separate segments.

[TheWiz]

Sorry. I reread this and there is a little confusion. You say that you "can't set a subnet mask or gateway in this machine", which explains why it cannot connect to anything that requires a gateway to get to. When you try and connect from the Cisco router, it will use the primary IP address as the source address. If the "old machine" is on a different subnet then of course it will fail. When you change the secondary IP to primary, it uses the same subnet for source address and therefore works. You say a ping works between the subnets which confuses me as this should fail as well. How do you address the "old machine"? Static or DHCP?

[arkanoidPin]

Quote:

Originally Posted by Soulblazer91

if the user on the seperate segment can ping the device then it has a default gateway, otherwise the ping would be unsuccessful. i must say however there is not much else i have to offer. i've typically worked with larger, more powerful routers with more features (such as the ability for sub interfaces). only thing i can say is get a cheap switch or hub and make it just one net instead of two as to eliminate any complications with the two separate segments.

Well, it really is a strange problem, since I can ping... The protocols are different when communicating with FTP or using PING? Can this be the answer for the working ping and not working ftp?

Thank you for te help anyway.

[arkanoidPin]

Quote:

Originally Posted by TheWiz

Sorry. I reread this and there is a little confusion. You say that you "can't set a subnet mask or gateway in this machine", which explains why it cannot connect to anything that requires a gateway to get to. When you try and connect from the Cisco router, it will use the primary IP address as the source address. If the "old machine" is on a different subnet then of course it will fail. When you change the secondary IP to primary, it uses the same subnet for source address and therefore works. You say a ping works between the subnets which confuses me as this should fail as well. How do you address the "old machine"? Static or DHCP?

Hi.
The ip address is a static one. I can assign it using an input interface in this "machine". I can also assign an ip to one ftp server in the "machine", but anyhing else.
When I ping to it, does it receive packets with the other subnet ip addresses as source address? Is there any kind of translation/encapsulation in the router?
It should know where to send the reply right?


Here is a command line output (to see if it can help somehow):
D:\>ipconfig

Windows IP Configuration

Ethernet adapter xxxxx:

Connection-specific DNS Suffix . : xxxxxxxx
IP Address. . . . . . . . . . . . : 192.168.0.236
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.254

D:\>ping 192.168.10.35

Pinging 192.168.10.35 with 32 bytes of data:

Reply from 192.168.10.35: bytes=32 time=4ms TTL=126
Reply from 192.168.10.35: bytes=32 time=3ms TTL=126
Reply from 192.168.10.35: bytes=32 time=4ms TTL=126
Reply from 192.168.10.35: bytes=32 time=4ms TTL=126

Ping statistics for 192.168.10.35:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 4ms, Average = 3ms

D:\>telnet 192.168.10.35
Connecting To 192.168.10.35...Could not open connection to the host, on port 23:
Connect failed

D:\>ftp 192.168.10.35
Connected to 192.168.10.35.
Connection closed by remote host.
-------------------------------------------------------------------------------------

Thanks for your help.

[Soulblazer91]

so layers 1 through 3 are working great, it's the upper layers that seem to be a problem suggesting a firewall issue. i know that it has been avoided throughout the thread.. but i must ask what is this "machine" we're trying to connect?

[arkanoidPin]

Quote:

Originally Posted by Soulblazer91

so layers 1 through 3 are working great, it's the upper layers that seem to be a problem suggesting a firewall issue. i know that it has been avoided throughout the thread.. but i must ask what is this "machine" we're trying to connect?

Hi

It is no secret, I just do not know how to explain it to you, but i'll try.
It is an old loom controller. Manufacturer name is Staubli.

I'm pretty sure it's not a firewall, because it doesn't have one.

[Soulblazer91]

mk. can u use ftp or telnet to any other device in your network through the router?

[arkanoidPin]

Quote:

Originally Posted by Soulblazer91

mk. can u use ftp or telnet to any other device in your network through the router?

Hi.

yes i can connect to other devices such as a computer without any problem.

That is why i ask if setting up NAT/PAT would help. To see if the source address could be in the same network sement of the controller.

[TheWiz]

Quote:

Originally Posted by arkanoidPin

Hi.

yes i can connect to other devices such as a computer without any problem.

That is why i ask if setting up NAT/PAT would help. To see if the source address could be in the same network sement of the controller.

Unfortunately as both subnets reside on the same physical interface, you cannot use NAT/PAT as you need to define inside/outside for translation. I don't see any way this can be done. The controller will never be able to escape its own subnet unless you can find a way to istall a gateway IP for it. Perhaps you can set a "default gateway" through a different syntax or controller option page. Some older machines had a page to set the IP and a different page for default gateway.

Perhaps the only other thing that I can think of is that this machine relies on RIP to get routes for subnets and default gateway. It may be broadcasting RIP now but not getting a response from your router. You could check this by debugging RIP on the router and see if you are getting RIP packets from the controller. If you are, then perhaps you will need to enable RIP routing for your subnets and interface on the router. This would allow your controller to be updated with all routes the router knows including a default gateway.

Cheers,
Wiz

[Soulblazer91]

haha. these old tricks truly are amazing. if that's the problem then wiz is a genious.

[arkanoidPin]

Quote:

Originally Posted by Soulblazer91

haha. these old tricks truly are amazing. if that's the problem then wiz is a genious.

I agree and i will try it out.


Thanks a lot.

[TheWiz]

Try running these commands on your Cisco router to enable RIP for you home based subnets -

Router#conf t
Router(config)#router rip
Router(config-router)#network 192.168.0.0
Router(config-router)#network 192.168.10.0
Router(config-router)#passive-interface default
Router(config-route