Re: 1711 ARP Problem

ssteichmann · ‎04-14-2005

I've searched but can't find anything helpful...

We're rolling out some new network equipment at a number of locations. We've been having some ARP problems. The main router is a 1711, segmenting PC's and an NT print server. When the router is powered off, erasing the ARP table, everything comes up fine. Except the PC's can't print. The printers do not show up in the ARP cache, and the server can't ping them. We have to manually go into the router and ping the printers. Then they show up in ARP, and the print server can see them. We shouldn't have to do this. The people on the install side think it might be the IOS. Anyone have any ideas? TIA

show version

IOS (tm) C1700 Software (C1700-K9O3SY7-M), Version 12.2(15)ZL1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Synched to technology version 12.3(0.1)

ROM: System Bootstrap, Version 12.2(7r)XM4, RELEASE SOFTWARE (fc1)

ROM: C1700 Software (C1700-K9O3SY7-M), Version 12.2(15)ZL1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

System image file is "flash:c1700-k9o3sy7-mz.122-15.ZL1.bin"

ssteichmann · ‎04-14-2005

Oh yeah, ARP debugging only shows that no ARP request is generated when the server tries to ping the printers across the router (before pinging them from the router).

And we also saw the same thing happen with some PC's on the same subnet as the printers, but not using the 1711 as the default gateway. Pinging from the router, and/or changing the default gateway works.

Kevin Dorrell · ‎04-14-2005

There are a number of possible issues here, and I think I would need to see the configuration to know what is going on. Meanwhile, here are a few things to check.

1. Are the printers in the correct same subnet as their router interface?

2. Do you have any overlapping subnets configured?

3. Do you have any static routes that could be messing things up?

4. Is the gateway address set up correctly in each PC and/or printer?

5. Are you using proxy ARP anywhere?

It would be great if you could post the show run of the router, and perhaps also a show ip route.

Kevin Dorrell

Luxembourg

ssteichmann · ‎04-14-2005

1. Yes

2. No

3. Not sure what you mean, but I don't think so.

4. Yes

5. No

Kevin Dorrell · ‎04-14-2005

Well, clearly something is not working, so rather than me just guessing blind, it would be useful to see the configs.

KJD

ssteichmann · ‎04-14-2005

Stripped for security and size:

Current configuration : 4371 bytes

!

version 12.2

service nagle

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

no service dhcp

!

boot system flash:c1700-k9o3sy7-mz.122-15.ZL1.bin

logging queue-limit 100

logging buffered 4096 debugging

!

aaa new-model

!

aaa session-id common

ip subnet-zero

no ip source-route

!

no ip bootp server

ip cef

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

no crypto isakmp enable

!

interface FastEthernet0

ip address 206.x.x.190 255.255.255.128

ip security extended-ignored

ip wccp web-cache redirect out

ip wccp 53 redirect out

ip wccp 60 redirect out

ip wccp 70 redirect out

ip wccp 80 redirect out

ip wccp 81 redirect out

ip wccp 82 redirect out

no ip mroute-cache

speed 100

full-duplex

no cdp enable

!

interface FastEthernet1

no ip address

duplex half

speed 10

no cdp enable

!

interface FastEthernet2

no ip address

duplex half

speed 10

no cdp enable

!

interface FastEthernet3

no ip address

shutdown

duplex half

speed 10

no cdp enable

!

interface FastEthernet4

no ip address

shutdown

no cdp enable

!

interface Async1

no ip address

shutdown

!

interface Vlan1

ip address 204.x.x.161 255.255.255.248

ip tcp adjust-mss 1452

no ip mroute-cache

!

ip classless

no ip forward-protocol udp bootps

no ip forward-protocol udp tftp

no ip forward-protocol udp domain

no ip forward-protocol udp time

no ip forward-protocol udp netbios-dgm

no ip forward-protocol udp tacacs

ip route 0.0.0.0 0.0.0.0 206.x.x.173

ip route 170.34.0.0 255.255.0.0 204.x.x.166

ip route 198.246.8.0 255.255.248.0 204.x.x.166

no ip http server

ip http authentication local

no ip http secure-server

!

access-list 20 permit 192.110.x.0 0.0.0.255

access-list 20 permit 206.x.x.128 0.0.0.127

access-list 20 permit 204.x.x.160 0.0.0.7

access-list 20 deny any log

access-list 50 permit 192.110.x.x

access-list 50 deny any log

snmp-server enable traps tty

no cdp run

!

radius-server authorization permit missing Service-Type

Kevin Dorrell · ‎04-14-2005

Let's see if I have correctly understood something of your configuration.

The main Fa interface, Fa0, is on 206.x.x.190/28. Is this where the PCs are, or is it the printers or the server on this side?

I guess you have a WIC-4ESW, and you have defined VLAN1 to correspond to Fa1 and Fa2 The subnet there is 204.x.x.160/29. On one of those ports you have another router, 204.x.x.166, that is handling the 170.34.0.0/16 and 198.246.8.0/21 networks. On the other port you have a printer, or maybe the print server? The other two ports are unused.

Which side are the printers, which side are the PCs, and which side is the print server?

BTW, the other stuff on the 204.x.x.160/29 subnet - it it configured to use .166 as a gateway or .161?

Kevin Dorrell

Luxembourg

ssteichmann · ‎04-14-2005

Yeah, the printers and PC's are on the 206-side (Fa0). The 204-side is where the server is (out VLAN1). Fa0/1 goes to the server, which uses the rotuer as it's DG. Fa0/2 goes to a satellite PES which handles the remote 170 and 198 networks.

The server cannot reach the printers until we ping them from the router.

ssteichmann · ‎04-21-2005

To help anyone who might run into this in the future...turning off CEF has fixed the problem. Not sure if it's a bug or a config issue.