Today, I want to talk to you about the possibility of a misconfiguration in your network. Of course, right away you say, “That would never happen in my network.” Just in case it does, or better yet, when you need to blame someone else and you came along after the fact.

I’ll show you a situation where I have, at least in the beginning, on purpose, misconfigured a subnet mask situation or IP address and mask situation. We’re going to run through collecting some information about it, and then we’re going to fix it and make sure it works.

I have here a couple of clients, this is built in GNS3.

My PCs are really routers, as you all know if you use GNS3, they’re really routers that are configured to act like IP endpoints. All I need is something to generate ping, so that works just fine.

I’m going to try to ping the default gateway, it’s on router three there, the 10.1.1.254, and see if I can get there.

Let’s go ahead and bring up PC1.

Let’s see what happens if I try to ping 10.1.1.254.

It’s trying, it’s trying, it’s trying, and we’re going to sit here with a little bit of patience and realize that it’s going to choke and die. This could be a situation where you’ve been notified that the network’s down and there are problems. You can see the connectivity is obviously failing.

One of your first steps is to fire up your packet sniffer. Inside GNS3, I can right click right on the red line and select “Start capture”.

It gives me the option, because there’s two ends to this cable, of course, and connecting from the R3 side is fine so I’ll select “Ok”.

Then it will launch Wireshark and it starts capturing information.

Let me go back to that same ping and try again. I’ll just hit the up arrow and try to ping 10.1.1.254. It’s still going to fail, but now I’m capturing information to find out why.

Back to Wireshark and you’ll notice I’m getting ping, the request is going there.

If I slide Wiresahrk out of the way we can see , 10.1.1.129 which is PC1.

So the ping request is appearing in my data capture, but I’m not seeing anything happen on my client.

Let’s look at the scenario.

You may be thinking, “What in the world can be the problem?” Your first thing, you look at the subnet mask in the scenario, and they’re all /28.

They’re the same. However the problem with that is, if you take that /28 and translate that into a decimal subnet mask 255.255.255.240.

If you’ve read my subnetting blogs then you realize that a 240 mask means you have a network increment of 16.

If I look at the IP addresses of my PC1, my PC2, my router, I realize that the subnet ID for PC1 is the .128. The .129 address is just the first address that’s available.

If I look at the PC2, it has a 97 address, which means it’s on the 96 subnet.

Lastly the router, 254, that means it’s on the 240 subnet.

Those are all multiples of 16. It turns out that even though they have matching subnet mask information, they’re on completely different networks. For instance, the 97 subnet, it’s actually the 96 subnet. 97 is the first address, only extends up to what is 96 plus 16, 112.

If I’m sitting on the .96, and I have an increment of 16, that means the next network behind me, 6 and 6 is 12.

That means that 112 is the next subnet in this scheme, which means the highest address that could be on the same subnet that I’m in is the .111, which of course would be my broadcast address.

The same reasoning holds true for PC2, it holds true for the router. We see clearly that all of our IP endpoints here are on different networks.

Let’s correct it. Let’s fix the router first. Notice I have the interfaces labeled, to make it easy.

I want to go on F 0/0 on the router three, but I’m going to make this easy and make them all /24, 24 bit masks. Let’s go into interface, Fastethernet 0/0 on router 3.

Let’s go ahead and go to interface, Fastethernet, 0/0

And IP address 10.1.1.254, but now a 24 bit mask.

That’s corrected, I’ll go ahead and save the config.

Let’s do the same thing on PC1. It’s also interface, Fastethernet 0/0. Config T interface Fastethernet 0/0.

I want IP address 10.1.1, and let’s make sure we’re in the right one here.

This should be the 129.

Again, the mask, 255.255.255.0, and save my config.

Let’s do the same thing on PC2, config T, interface Fastethernet 0/0. This guy is the 97 so IP address 10.1.1.97. 24 bit mask.

I still have the capture running in Wireshark so let’s verify it.

I’ll select auto scroll so that it keeps running.

In the meantime, let’s go back to PC1 and try that ping again. Now, I didn’t correct the switch, but the switch really should be secured. I have it set up as a layer two switch, so it should just pass it on through, but let’s go ahead back to PC1.

Let’s clear screen so we’re up at the top again.

And let’s see if we can ping 10.1.1.254 now.

Now that we have all actually in the same subnet, success. We’re getting replies.

If I go back to Wireshark.

Look at this, echoes and replies are getting to the target and getting back to the initiator of the ping.

Misconfigured subnet masks can mess you up. Again, at first glance, it didn’t even look like a misconfigured because they all matched /28s, but they’re all in different networks. A little bit of experience looking at a packet sniffer to see that there actually is information on the wire, and then the correction to make it work, ping again, save your configs and you’re a happy camper.