Showing results for 
Search instead for 
Did you mean: 



Connectivity issues between subnets connected to the same router.

Core Issue

Networks directly connected to a router are automatically installed into the routing table and are marked as connected, once the IP addresses are configured under the interfaces. Routers are able to route packets between these connected networks without a routing protocol or static routes. Routers are able to route packets between these connected networks. Configuring a routing protocol is not required. Hosts on directly connected subnets might fail to communicate with each other for several reasons, including misconfigurations, lack of system resources, or physical connectivity problems.


To verify basic IP connectivity to a network, issue the ping command in the user EXEC or privileged EXEC mode. Basic IP connectivity can also be tested, and the path to the destination determined by issuing the traceroute command in the user EXEC or privileged EXEC mode. If these tests fail, verify that the destination device is assigned an IP address and that it is correct. Also, check the connectivity to the local gateway, and confirm that subnet and mask information matches. Examine the possibility of duplicate IP addresses.

If this does not resolve the connectivity problem, examine Layer 1 and Layer 2 for a possible source of the problem. Make sure the cables and connectors are correct and that they are properly connected. Verify that the hardware is not faulty.

If the physical layer is found to be fault-free too, check if sufficient router resources are available and verify that memory and CPU utilization are not overstretched. Check for the existence of Access Control Lists (ACLs) that might be dropping packets and for incorrectly configured Network Address Translation (NAT).

If none of these steps lead to a resolution, the upper layer protocols need to be examined for issues such as authentication problems, version mismatches and software incompatibility.

More Information

The Ping Command

The ping command is a very common method for troubleshooting the accessibility of devices. It uses a series of Internet Control Message Protocol (ICMP) Echo messages to determine:

  • Whether a remote host is active or inactive.
  • The round-trip delay in communicating with the host.
  • Packet loss.

The ping command first sends an echo request packet to an address, then waits for a reply. The ping is successful only if:

  • the echo request gets to the destination, and
  • the destination is able to get an echo reply back to the source within a predetermined time called a timeout. The default value of this timeout is two seconds on Cisco routers.

For all the options about this command, see "Ping" under Troubleshooting Commands.

The TTL value of a ping packet cannot be changed.

Here is an output example showing the ping command after enabling the debug ip packet detail command:

warning Warning: Using the debug ip packet detail command on a production router can cause high CPU utilization. This may result in a severe performance degradation or a network outage. We recommend that you carefully read Use the Debug Command before issuing debug commands.

Router1#debug ip packet detail 
IP packet debugging is on (detailed)

Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms 

Jan 20 15:54:47.487: IP: s= (local), d= (Serial0), len 100, 
Jan 20 15:54:47.491: ICMP type=8, code=0

!--- This is the ICMP packet sent to  
!--- ICMP type=8 corresponds to the echo message. 

Jan 20 15:54:47.523: IP: s= (Serial0), d= (Serial0), len 100, 
  rcvd 3
Jan 20 15:54:47.527: ICMP type=0, code=0

!--- This is the answer we get from 
!--- ICMP type=0 corresponds to the echo reply message.  
!--- By default, the repeat count is five times, so there will be five 
!--- echo requests, and five echo replies.

The Traceroute Command

The traceroute command is used to discover the routes that packets actually take when traveling to their destination. The device (for example, a router or a PC) sends out a sequence of User Datagram Protocol (UDP) datagrams to an invalid port address at the remote host.

Three datagrams are sent, each with a Time-To-Live (TTL) field value set to one. The TTL value of 1 causes the datagram to "timeout" as soon as it hits the first router in the path; this router then responds with an ICMP Time Exceeded Message (TEM) indicating that the datagram has expired.

Another three UDP messages are now sent, each with the TTL value set to 2, which causes the second router to return ICMP TEMs. This process continues until the packets actually reach the other destination. Since these datagrams are trying to access an invalid port at the destination host, ICMP Port Unreachable Messages are returned, indicating an unreachable port; this event signals the Traceroute program that it is finished.

The purpose behind this is to record the source of each ICMP Time Exceeded Message to provide a trace of the path the packet took to reach the destination. For all the options about this command, see Trace (privileged).


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Quick Links