Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
0
Helpful
6
Replies

No ICMP host unreachable for non-existing host

mo01
Level 1
Level 1

‎02-21-2025 06:30 AM

Hello!

I have a C886va with 15.9(3)M7. If packets are being sent to a non-existing IPv4 host, no ICMP destination unreachable is being sent. In other cases (e.g. ACL blocks the original packet), it is being sent. ip debug icmp confirms that no such packet is being created.

ip unreachables is enabled on the interface.

The ARP table shows the entry as incomplete.

What are the settings to look for?

It works for IPv6, but this is a different protocol with different settings.

 

kind regards

Marco

 

 

Labels:
0 Helpful
6 Replies 6

MHM Cisco World
VIP
VIP

‎02-21-2025 06:33 AM - edited ‎02-21-2025 06:34 AM

Ip unreachable must config in interface recieve icmp ping.

Show ip interface x/x <<- share this 

MHM

0 Helpful

mo01
Level 1
Level 1
In response to MHM Cisco World

‎02-21-2025 06:39 AM

Vlan 10 is the interface where the non-existent host will be pinged and the ARP request goes out.

 

router#sh ip int vlan10 
Vlan10 is up, line protocol is up
  Internet address is 172.25.0.1/16
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain inside
  BGP Policy Mapping is disabled
  Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decrption, MCI Check
  Output features: NAT Inside, Common Flow Table, Stateful Inspection, Firewall (NAT), Firewall (inspect), NAT ALG proxy
router#
router#sh ip int vlan2  
Vlan2 is up, line protocol is up
  Internet address is 172.17.0.1/16
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is vlan2-out-ipv4
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain inside
  BGP Policy Mapping is disabled
  Input features: CEF Packet Capture, Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
  Output features: NAT Inside, Common Flow Table, Stateful Inspection, Firewall (NAT), Access List, Firewall (inspect), NAT ALG proxy
  Post encapsulation features: CEF Packet Capture
  Inbound inspection rule is spi-fw-vlan2-v4
router#

 

 

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to mo01

‎02-21-2025 01:00 PM

this lab explain what you see 
in R2 f0/0 10.0.0.0/24 and f1/1 100.0.0.0/24

in R1 f0/0 100.0.0.0/24 and have default route toward R2 
NOW 

when R1 ping 10.0.0.3 which is IP in same subnet of f0/0 but there is no host have this IP the R2 not generate icmp unreachable 
when R1 ping 11.0.0.3 which is IP not connect to any interface of R2 and R2 have no route to this prefix the R2 generate icmp unreachable 

MHM

Screenshot (943).png

0 Helpful

mo01
Level 1
Level 1
In response to MHM Cisco World

‎02-21-2025 11:13 PM

Thanks, this describes the situation. But why it is not generating host unreachable?

With IPv6 it does.

0 Helpful

MHM Cisco World
VIP
VIP
In response to mo01

‎02-21-2025 11:32 PM

For ipv4 and ipv6 if router not have IP (direct connect) in same subnet of packet destination or not have route to these IP the router will send IP unreachable.

If not then it will not send IP unreachable 

MHM

0 Helpful

mo01
Level 1
Level 1
In response to MHM Cisco World

‎02-22-2025 02:04 AM

This doesn't apply for my case with IPv6.

ICMP unreachable is being sent even if the non-existing IP is on a subnet directly connected.

C   2A01:170:118F:3::/64 [0/0]
     via Vlan3, directly connected
L   2A01:170:118F:3::1/128 [0/0]
     via Vlan3, receive
#This is from  2a01:170:118f:2::xyz
m@ryz:~$ ping 2A01:170:118F:3::5
PING 2A01:170:118F:3::5 (2a01:170:118f:3::5) 56 data bytes
From 2a01:170:118f:2::1 icmp_seq=1 Destination unreachable: Address unreachable
^C
0 Helpful
Customers Also Viewed These Support Documents