simple ip route command or access list question??

[geranimo666]

Hello-

I want one of my servers to be able to communicate with my router.. I just want to update the bin file that is on a tftp server in my network (172.16.x.x) to a router that has a f0/0 port with a 63.x.x.x address.. could I just create a static route? or acl?

thanks for any support

geranimo

 

[chipk]

Well, the first step would be to ensure the server can actually communicate with this interface. Since it's on a different network, there must be a router in between the server and the router. Can you ping this 63.x.x.x interface?

I guess the other question is, do you really want to restrict traffic between this interface and this server, or are you trying to add functionality with trying to tftp?

Please clarify a little bit and give more information about how these two devices are physically and logically connected.

 

[burtsbees]

The easiest way to do this is to connect a laptop directly to the router via crossover and put them both on the same subnet, and run the tftp service on the laptop and put the IOS (.bin file) directly in the C:\ directory and
router#copy tftp flash
and follow the prompts. Bam. Pow. Boom. Done.

Burt

 

[geranimo666]

All-

Yes I can ping the router from the tftp server but I can't ping the server from the router..

Perhaps, there is something else I need to state. From the router when i run copy tftp flash, it waits about 12 seconds and then it just fails with the message -can't open file... timeout..

but once again, I can't ping the server from the router..

Also, this router is staged as an internet router, so I can't manipulate the subnets, must stay as is..

there's got to be another way to get that bin file on the flash

any ideas?

geranimo

 

[burtsbees]

Show a topology. What interface are you able to ping from the server, like IP address? A default route would probably do it, but you're just not giving enough info, bro.

Burt

 

[chipk]

Just do a "show ip route" and see if that router knows about the 172.x.x.x network; also do a traceroute and see where the echoes die. You need to work out some routing issues before this will work for you. Connecting a laptop to the interface would obviously work as Burt suggested, but if it was me, I'd want to be able to back up the router via tftp occasionally without having to physically connect to it.

 

[geranimo666]

hi Chipk-

Ok, here's my sho ip route.. I definately doesn't know about the 172.x.x.x network.. Yet, I can ping the router from the tftp server.. can't do it the other way around.

MYRouter#sho ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 63.138.xx.xx to network 0.0.0.0

63.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 63.138.xx.xx/28 is directly connected, FastEthernet0/0
C 63.138.xx.xx/30 is directly connected, Serial0/0:0
S* 0.0.0.0/0 [1/0] via 63.138.xx.xx
MyRouter#

when I do a traceroute from the tftp server to the router, here is what I get..

Tracing route to hostblahblah.com [63.138.xx.xx]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms msfcA.myswitch.nyc [172.16.x.x]
2 1 ms 1 ms 1 ms MyRouter [63.138.xx.xx]

Trace complete.

So there is one hop from the server to the router, there is a 6509 switch between the two..

any ideas, just need to get that bin file on the router..

thanks for any support
geranimo

 

[Minue]

Hello
Is the 6509 operating at level 3?Maybe another router between the switch and the server?Any NAT statements?The situation seems simple but yet you haven't given enough information.
Regards

 

[geranimo666]

here is my very modified 6509 config, see what you can find
6509#wr t
Building configuration...

Current configuration : 3841 bytes
!
! Last configuration change at 23:55:01 EST Sat Feb 10 2007 by theman
! NVRAM config last updated at 06:05:51 EST Sun Feb 11 2007 by theman
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname msfcswitcheroo
!
boot system flash mybootflash
boot system tftp myfile
boot bootldr bootflash:myfile
aaa new-model
aaa authentication login default local enable
aaa authentication ppp default local
enable secret 5 encrypted blah blah
!
username myid privilege 15 secret 5 blah blah
clock timezone EST -4
clock summer-time EST date Apr 6 2003 3:00 Oct 26 2003 3:00
ip subnet-zero
!
!
!
!
!
!
interface Vlan1
ip address 172.16.x.x./24
ip helper-address 172.16.x.x
no ip redirects
no ip route-cache
no ip mroute-cache
standby 1 ip 172.x.x.x
standby 1 priority 150
standby 1 preempt
!
interface Vlan2
ip address 172.16.x.x /24
no ip redirects
no ip route-cache
no ip mroute-cache
standby 2 ip 172.16.2.1
standby 2 priority 150
standby 2 preempt
!
interface Vlan5
ip address 172.16.x.x /24
ip helper-address 172.16.x.x
no ip redirects
no ip route-cache
no ip mroute-cache
standby 5 ip 172.16.x.x
standby 5 priority 150
standby 5 preempt
!
interface Vlan6x.x
ip address 172.16.x.x /24
ip helper-address 172.16.x.x
no ip redirects
no ip route-cache
no ip mroute-cache
standby 6 ip 172.16.x.x
standby 6 priority 150
standby 6 preempt
!

no ip mroute-cache
standby 201 ip 172.16.x.x
standby 201 priority 150
standby 201 preempt
!
router eigrp 100
redistribute static
redistribute rip metric 100 100 1 1 1
redistribute bgp 65190
network 10.0.0.0
network 172.16.0.0
no auto-summary
no eigrp log-neighbor-changes
!
router rip
redistribute eigrp 100
network 10.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.x.x
ip route 63.214.x.x 255.255.255.0 172.16.x.x
ip route 63.214.x.x 255.255.255.0 172.16.x.x
ip route 67.104.x.x 255.255.255.255 172.16.x.x
ip route 170.209.x.x 255.255.255.255 172.16.x.x
ip route 170.209.x.x 255.255.255.255 172.16.x.x
ip route 192.168.x.x 255.255.255.0 172.16.x.x
ip route 198.217.x.x 255.255.255.0 172.16.x.x
ip route 198.217.x.x 255.255.255.0 172.16.x.x
ip route 207.174.x.x 255.255.255.0 172.16.x.x
ip route 207.174.x.x 255.255.255.0 172.16.x.x
no ip http server
!
!
logging facility local6
logging source-interface Vlan1
logging 172.16.x.x
access-list 99 permit 10.x.x.x
snmp-server community iswhatitis
snmp-server host 10.x.x.x blahblah
!
tftp-server bootflash
tftp-server bootflash:
tftp-server bootflash:/myfile
!
line con 0
password 7 blah
line vty 0 4
password 7 blah
!
ntp clock-period 17179924
ntp server 172.x.x
end

please let me know if there is a route I can add to just get this done.
thanks
geranimo

 

[chipk]

We need to see a traceroute from the router to the server.

However, if I had to venture a guess, I'd say you just need a static route to your 172.x.x.x network because you don't seem to be using any routing protocols.

Your 6500 must know about the 172.16 network, but do a show ip route there and post the results here just to make sure.

Add a static route for 172.16.x.x on the router like so:

ip route 172.16.x.x 255.255.xxx.xxx fa0/0

This will tell your router that the 172.16 network is out Fastethernet 0/0. If your 6500 knows about the 172.16 network, then this should work.

Overall, if I were you, I'd look at implementing a routing protocol like EIGRP or OSPF so you can get rid of your static routes. Not that there's anything wrong with static routes (and you'll still need the static to the Internet), but that should prevent these types of issues from happening in the future.

 

[burtsbees]

Once again...
Which interface are you able to ping from the server? Fastethernet, serial, or both?

Burt

 

[chipk]

Oh, you've got some "interesting" stuff going on on your 6500. Adding the static route to the router should solve your original problem for you, but you've got more going on than I realized with your routing on the 6500, so disregard my comments about changing that for now.

For one, I'm not sure why you've got RIP and EIGRP running for the same network (10.x.x.x) and you're redistributing RIP into EIGRP. Maybe you've got other routers on the 10.x.x.x network running RIP only?

You've also got other public and private networks statically routed through your 172.16.0.0 network. I guess this network is quite a bit larger than I initially thought. Are those remote public/private routers not running a routing protocol? Do you have control over those?

 

[burtsbees]

Are you just trying to upgrade the router's IOS? What are you tying to do here? Do you have a sh run from the ROUTER???

Burt

 

[geranimo666]

Burtsbees-

Hello and yes, I can ping the router's FastEthernet0/0 interface (63.138.xx.xx/28) on the router from my tftp server but I can't do the opposite. I can't do a tracert from my router to the server, nor can I ping the tftp server from my router. it fails on both issues..

Yes, all I want to do is copy a bin image from my tftp server to this router... that is all I am looking to accomplish.

Chipk, it is a large network.. we have DS3 connections to a 10.x.x.x network on the west coast with another DS3 failover leading to the same location this is why you see all this RIP to EIGRP redistributions..etc

So Chipk, do you think what you stated above would work? just create a static route on the router -->ip route 172.16.x.x 255.255.xxx.xxx fa0/0, the 6509 does in fact know about the 172.x.x.x network.. or would it be easier to take a crossover cable from my laptop to the router and give my laptop a similar address that the FastEthernet 0/0 interface on the router is using? My laptop has TFTP on it no problem.. let me know what you think please...

geranimo

 

[burtsbees]

I told you a while back that was the easiest route.
I am guessing that the topology is
router---6509----tftp server
Correct? But if you want to do this the hard way, we still need a sh run from the router. The router is what is stopping you, not the switch (one way route from server to router, but not vice versa, like an acl is blocking that server address/subnet on the outbound direction of the fastethernet interface of the ROUTER!).

Burt

 

[chipk]

Burt's suggestion is the easier quick fix by far, but as I said, and he has said, it looks like you're either missing a route, or have something blocking traffic to your 172 network. Based on your "show ip route" output, I think it's just a missing route.

 

[geranimo666]

All-

this is the router's "sho ip route"

MyRouter#sho ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 63.138..x.x to network 0.0.0.0

63.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 63.138.x.x/28 is directly connected, FastEthernet0/0
C 63.138.x.x/30 is directly connected, Serial0/0:0
S* 0.0.0.0/0 [1/0] via 63.138.x.x


So yes in fact there is no route from this router to my 172.16.x.x network.. what do yoy think? just create the static route in my router??

Thanks

Geranimo

 

[chipk]

I'm assuming that static route that you have in there is going out the IP on the Serial Interface? (can't tell because you've cut off the last two octets). If that is indeed the case, then yes, just create the static route.

 

[geranimo666]

yes you are correct..

so I should create the static route going out the f0/0 interface, correct? this is the interface I telnet to this router from (F0/0)

Just playing it safe with this question

thanks
geranimo

 

[chipk]

Yup, that should do it.