Solved: Cannot ping its own router interface

andromeda · ‎01-15-2020

Hello everyone,

I must be missing something basic here but here is the issue:

Have 2 cisco routers interconnected via

Gig interfaces 0/0, configured with 10.10.10.1/24 (R1) and 10.10.10.2/24 (R2)

sh ip

int bri reveals on each router the

Gig 0/0

being up up, however I cannot ping the local interfaces from each router?

sh ip

route reveals on each router a C route

10.10.10.0/24 via G0/0 and L 10.10.10.1/32 via G0/0

What Am I missing in this so basic scenario?

Thanks!

Georg Pauwen · ‎01-15-2020

Hello,

try and remove:

ip verify unicast source reachable-via any

on both interfaces...

View solution in original post

Richard Burts · ‎01-15-2020

You have given us a general description but not enough detail for us to understand the issue or to give you good advice. It might help us if you would provide these things from each of the routers:

- configuration of interface Gi0/0

- output of the command show interface Gi0/0

- output of the command show cdp neighbor

- show arp

HTH

Rick

HTH

Rick

andromeda · ‎01-15-2020

Thanks Richard.

FWA<------->R1<------>R2<------>FWB

I can ping from FWA to FWB, and from FWB to FWA, all static routes in place ok.

R1 connect to R2 via 10.10.10.0/24.




R1: sh run int G0/0

ip address 10.10.10.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip verify unicast source reachable-via any




ping R2's G0/0 (10.10.10.2) ok 

ping 10.10.10.1 NOT ok




sh cdp neigh 

devide ID             Local Interface      Hold time Capability   Platform    Port  ID

R2                        G0/0                    167              RSI         Cisco3925   G0/0




R2: sh run int G0/0

ip address 10.10.10.2 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip verify unicast source reachable-via any




ping R1's G0/0 (10.10.10.1) ok 

ping 10.10.10.2 NOT ok







sh cdp neigh 

devide ID             Local Interface      Hold time Capability   Platform    Port  ID

R1                        G0/0                    170              RSI         Cisco3925   G0/0

Georg Pauwen · ‎01-15-2020

Hello,

try and remove:

ip verify unicast source reachable-via any

on both interfaces...

andromeda · ‎01-15-2020

Thanks this worked! Now trying to fig out why?

Richard Burts · ‎01-15-2020

This is a bit after the fact, and congratulations to @Georg Pauwen for suggesting removal of ip verify unicast, but let us try to clarify a few things about this issue. Using a straight through cable would not cause this kind of issue. Depending on the platform (and perhaps version of code) it could cause the routers to not be able to communicate with each other. In fact it was that type of possible issue that I was looking for when I asked for the information that you posted. Especially show cdp neighbor would show whether the routers were able to communicate at layer 2 and could indicate that it was a layer 3 issue. (which did turn out to be the case) I had not correctly understood the issue. I had assumed that the issue was not being able to ping the neighbor address. Your additional information made it clear that pinging the neighbor address did work and the problem was pinging your own address.

The issue was the effect of ip verify unicast. This command is used to improve security in the network and looks for "spoofed" packets. When the simple version of that command is used one result is that you can no longer ping your own interface. This discussion from the Cisco Learning Network has a nice explanation of why that is the case.

https://learningnetwork.cisco.com/thread/121952

and it shows the optional parameter which can be used so that you can protect your network and still be able to ping your own interface.

HTH

Rick

HTH

Rick

Georg Pauwen · ‎01-15-2020

Hello,

is this a real network with real routers or a simuator ? Are you using a cross cable for connecting the two routers ?

andromeda · ‎01-15-2020

Thanks. Cant check that now, as Im not there...Real network.

Will the use of straight thru cable between the 2 routers cause this type of issue (ping the remote end but not its own IP)? remember I can ping from FWAto FWB through these 2 routers...Thought they were autonsensing?