Identifying and Fixing Misconfigured Subnet Masks in Your Network Environment

Home > Videos > Cisco CCNA > Identifying and Fixing Misconfigured Subnet Masks in Your Network Environment

Identifying and Fixing Misconfigured Subnet Masks in Your Network Environment

Like This Video 0 3Mark Jacob
Added by February 24, 2016

In this video, Cisco CCNA instructor Mark Jacob show how to find and fix misconfigured subnet masks in a typical IT network environment.

 

Video Trascription

Today, I want to talk to you about the possibility of a misconfiguration in your network. Of course, right away you say, “That would never happen in my network.” Just in case it does, or better yet, when you need to blame someone else and you came along after the fact.

I’ll show you a situation where I have, at least in the beginning, on purpose, misconfigured a subnet mask situation or IP address and mask situation. We’re going to run through collecting some information about it, and then we’re going to fix it and make sure it works.

I have here a couple of clients, this is built in GNS3.

001-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

My PCs are really routers, as you all know if you use GNS3, they’re really routers that are configured to act like IP endpoints. All I need is something to generate ping, so that works just fine.

I’m going to try to ping the default gateway, it’s on router three there, the 10.1.1.254, and see if I can get there.

002-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

Let’s go ahead and bring up PC1.

Let’s see what happens if I try to ping 10.1.1.254.

003-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

It’s trying, it’s trying, it’s trying, and we’re going to sit here with a little bit of patience and realize that it’s going to choke and die. This could be a situation where you’ve been notified that the network’s down and there are problems. You can see the connectivity is obviously failing.

One of your first steps is to fire up your packet sniffer. Inside GNS3, I can right click right on the red line and select “Start capture”.

004-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

It gives me the option, because there’s two ends to this cable, of course, and connecting from the R3 side is fine so I’ll select “Ok”.

005-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

Then it will launch Wireshark and it starts capturing information.

006-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

Let me go back to that same ping and try again. I’ll just hit the up arrow and try to ping 10.1.1.254. It’s still going to fail, but now I’m capturing information to find out why.

007-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

Back to Wireshark and you’ll notice I’m getting ping, the request is going there.

008-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

If I slide Wiresahrk out of the way we can see , 10.1.1.129 which is  PC1.

009-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

So the ping request is appearing in my data capture, but I’m not seeing anything happen on my client.

Let’s look at the scenario.

You may be thinking, “What in the world can be the problem?” Your first thing, you look at the subnet mask in the scenario, and they’re all /28.

010-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

They’re the same. However the problem with that is, if you take that /28 and translate that into a decimal subnet mask 255.255.255.240.

011-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

If you’ve read my subnetting blogs then you realize that a 240 mask means you have a network increment of 16.

If I look at the IP addresses of my PC1, my PC2, my router, I realize that the subnet ID for PC1 is the .128. The .129 address is just the first address that’s available.

012-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

If I look at the PC2, it has a 97 address, which means it’s on the 96 subnet.

013-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

Lastly the router, 254, that means it’s on the 240 subnet.

014-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

Those are all multiples of 16. It turns out that even though they have matching subnet mask information, they’re on completely different networks. For instance, the 97 subnet, it’s actually the 96 subnet. 97 is the first address, only extends up to what is 96 plus 16, 112.

If I’m sitting on the .96, and I have an increment of 16, that means the next network behind me, 6 and 6 is 12.

015-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

That means that 112 is the next subnet in this scheme, which means the highest address that could be on the same subnet that I’m in is the .111, which of course would be my broadcast address.

The same reasoning holds true for PC2, it holds true for the router. We see clearly that all of our IP endpoints here are on different networks.

Let’s correct it. Let’s fix the router first. Notice I have the interfaces labeled, to make it easy.

016-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

I want to go on F 0/0 on the router three, but I’m going to make this easy and make them all /24, 24 bit masks. Let’s go into interface, Fastethernet 0/0 on router 3.

Let’s go ahead and go to interface, Fastethernet, 0/0

017-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

And IP address 10.1.1.254, but now a 24 bit mask.

018-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

That’s corrected, I’ll go ahead and save the config.

019-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

Let’s do the same thing on PC1. It’s also interface, Fastethernet  0/0. Config T  interface  Fastethernet 0/0.

020-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

I want IP address 10.1.1, and let’s make sure we’re in the right one here.

021-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

This should be the 129.

Again, the mask, 255.255.255.0, and save my config.

022-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

Let’s do the same thing on PC2, config T, interface Fastethernet 0/0. This guy is the 97 so IP address 10.1.1.97. 24 bit mask.

023-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

024-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

I still have the capture running in Wireshark so let’s verify it.

I’ll select auto scroll so that it keeps running.

025-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

In the meantime, let’s go back to PC1 and try that ping again. Now, I didn’t correct the switch, but the switch really should be secured. I have it set up as a layer two switch, so it should just pass it on through, but let’s go ahead back to PC1.

Let’s clear screen so we’re up at the top again.

026-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

And let’s see if we can ping 10.1.1.254 now.

027-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

Now that we have all actually in the same subnet, success. We’re getting replies.

028-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

If I go back to Wireshark.

029-fixing-misconfigured-subnet-masks-INCD1-Cisco-CCNA

Look at this, echoes and replies are getting to the target and getting back to the initiator of the ping.

Misconfigured subnet masks can mess you up. Again, at first glance, it didn’t even look like a misconfigured because they all matched /28s, but they’re all in different networks. A little bit of experience looking at a packet sniffer to see that there actually is information on the wire, and then the correction to make it work, ping again, save your configs and you’re a happy camper.

Mark Jacob
Cisco and CompTIA Network + Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

How to create a Cisco IOS Banner – Login and MOTD Message of the Day

0 5 0

In this video, Cisco CCNA instructor Mark Jacob shows how to create a Login and Message banner in Cisco IOS.

Fixing a Misconfigured Subnet Mask from within the Router

0 1 0

In a previous video, Mark Jacob discussed identifying and fixing subnet masks in a typical environment. In this video, Mark shows how to find and fix a misconfigured Subnet Mask from within the Router.

Detailed Forensic Investigation of Malware Infections – April 21, 2015

0 12 1

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

Share your thoughts...

Please fill out the comment form below to post a reply.