Network-Troubleshooting
Network Connectivity Issues

Network Connectivity Troubleshooting between windows PC and EVE-NG LAB

Issue Summary:

Problem: Unable to ping router interface (192.168.10.254) which is the inside interface inside my EVE-NG LAB from PC (192.168.2.11). Symptoms: Router could reach the PC, but PC could not reach the router. Resolution: The issue was caused by firewall settings on the PC. The firewall was blocking ICMP requests. Solution: Created specific firewall rules to allow ICMPv4 echo requests and replies, ensuring secure network connectivity.

Table of Contents

  1. Initial Setup Verification
  2. Clearing ARP Cache
  3. Firewall Configuration
  4. Verifying NAT Translations
  5. Extended Ping Test
  6. Checking Routing and ARP Entries
  7. Packet Capture
  8. Traceroute
  9. Review Router Logs

Initial Setup Verification

  1. Check PC's Route Table:
    • Windows: route print
    • Linux: ip route show
  2. Check Router’s Route Table:
    • Ensure the routing table includes routes to both networks: 
      show ip route

Clearing ARP Cache

  1. On PC (Windows): 
    arp -d *
  2. On Router: 
    clear arp

Firewall Configuration

Creating ICMPv4 Rule in Windows Firewall

Using Windows Defender Firewall with Advanced Security (GUI)

  1. Open Windows Defender Firewall with Advanced Security:
    • Press Win + R, type wf.msc, and press Enter.
  2. Create a New Inbound Rule:
    • In the left pane, click Inbound Rules.
    • In the right pane, click New Rule....
  3. Select Rule Type:
    • Select Custom and click Next.
  4. Specify Rule Details:
    • Program: Select All programs and click Next.
    • Protocol and Ports: Select ICMPv4 and customize for Echo Request.
    • Click Next.
  5. Scope:
    • Specify IP addresses or select Any IP address.
    • Click Next.
  6. Action:
    • Select Allow the connection and click Next.
  7. Profile:
    • Select Domain, Private, and/or Public.
    • Click Next.
  8. Name the Rule:
    • Name the rule (e.g., Allow ICMPv4 Echo Request).
    • Click Finish.

Using Command Line (PowerShell)

  1. Open PowerShell as Administrator:
    • Press Win + X and select Windows PowerShell (Admin).
  2. Create the Rule: 
    New-NetFirewallRule -DisplayName "Allow ICMPv4 Echo Request" -Protocol ICMPv4 -IcmpType 8 -Direction Inbound -Action Allow -Profile Any

Secure Solution to Manage Domain Firewall Settings

  1. Create an Outbound Rule for ICMPv4:

    New-NetFirewallRule -DisplayName "Allow Outbound ICMPv4" -Protocol ICMPv4 -Direction Outbound -Action Allow -Profile Any

  2. Configure Specific ICMP Traffic for Domain Profile Only:

    • Ensure the rule applies only to the Domain profile for security.
    Set-NetFirewallRule -Name "Allow ICMPv4 Echo Request" -Profile Domain
Set-NetFirewallRule -Name "Allow Outbound ICMPv4" -Profile Domain

Verifying NAT Translations

  1. Check NAT Translations on the Router: 
    show ip nat translations
  2. Clear NAT Translations: 
    clear ip nat translation *

Extended Ping Test

  1. Perform an Extended Ping from the Router: 
    ping 192.168.2.11 source 192.168.10.254

Checking Routing and ARP Entries

  1. Verify Router's IP Route Table: 
    show ip route
  2. Check ARP Entries on the Router: 
    show arp
  3. Check ARP Entries on the PC (Windows): 
    arp -a

Packet Capture

  1. Use Wireshark on PC to Monitor ICMP Traffic:
    • Install and open Wireshark.
    • Start a capture on the network interface connected to 192.168.2.0/24.
    • Ping from the PC to the router (192.168.10.254).
    • Check Wireshark for ICMP echo replies.

Traceroute

  1. Perform Traceroute from the PC:
    • Windows: tracert 192.168.10.254
    • Linux: traceroute 192.168.10.254

Review Router Logs

  1. Check the Router Logs for Errors or Dropped Packets: 
    show log

Additional Steps

  1. Verify Interface Configurations on the Router: 
    show running-config interface FastEthernet0/0
show running-config interface FastEthernet1/0
  2. Check for Overlapping Subnets or IP Conflicts:
    • Ensure there are no overlapping subnets or IP conflicts in the network setup.
  3. Check Firewall Rules on the Router:
    • Ensure there are no ACLs or firewall rules blocking ICMP.
    show access-lists

By systematically following these steps, you should be able to identify and resolve the connectivity issues between your PC and the router in a secure manner.

1.installing NetboxAdding Ssh Key to Cat8k