10-08-2009 01:01 AM - edited 03-04-2019 06:17 AM
Hi!
I have a strange problem:
I have a connecton between 2 routers; Our router (a C1721) and an ISP (a C1812). The ISP router is at our location, and they use it to establish VPN connections to third party service providers.
Currently, we have 2 third party service providers through that link. They have one VLAN each, connected through a Trunk to the ISP router.
Following ip addresses has been assigned (in our router) to communicate over the trunk:
Our router (C1721):
interface Vlan910
ip address 172.18.1.6 255.255.255.252
interface Vlan911
ip address 172.18.1.2 255.255.255.252
At start, I can ping their counterparts on the ISP router; 172.181.1.1 and 172.18.1.5, and the connections to the third party SP works fine.
But then, after some random time, I cannot ping 172.181.1.1 and 5 anymore, and the connection to the SP's (of course) goes down.
But if I do a "clear arp" on our router, it starts to work again.. for a while.
I have checked the arp tables on both routers.
They look the same when it works and when it does not work:
Here are the tables:
Our router (C1721):
172.18.1.6 - 000d.bd64.a8cf ARPA Vlan910
172.18.1.5 7 0023.5e80.c1c4 ARPA Vlan910
172.18.1.2 - 000d.bd64.a8cf ARPA Vlan911
172.18.1.1 0 0023.5e80.c1c4 ARPA Vlan911
ISP router (C1812)
172.18.1.2 0 000d.bd64.a8cf Vlan911
172.18.1.1 - 0023.5e80.c1c4 Vlan911
172.18.1.6 9 000d.bd64.a8cf Vlan910
172.18.1.5 - 0023.5e80.c1c4 Vlan910
I notice the MAC addresses are the same on both VLANS and both adresses.. can this be correct?
What could cause this error?
I found a workaround for it, by setting the arp timeout to 120 seconds on the interfaces, but that does of course not take away the underlying error.
Thank you.
10-08-2009 03:49 AM
Hello Oystein,
>>I notice the MAC addresses are the same on both VLANS and both adresses.. can this be correct?
this is correct if the router uses two Vlan subinterfaces taken from the same physical interface like
int f0/0.900
enc dot1q 900
ip address ...
int f0/0.910
enc dot1q 910
ip address ...
So this shouldn't be the cause of your problem.
Verify if you are using IP next-hops with your static routes or not.
If you are not using them this can cause the router to build a very big ARP table that you clear.
Hope to help
Giuseppe
10-08-2009 04:54 AM
Thanks for answering.
I'm not sure what you mean, but I don't use IP next-hop, just "regular" route entries. This is for VLAN 911:
ip route 193.214.20.81 255.255.255.255 172.18.1.1
ip route 193.214.20.211 255.255.255.255 172.18.1.1
This is a router with multiple IP NAT OUTSIDE interfaces, so I use route-maps to direct traffic properly.
Should I put an IP NEXT-HOP in there instead?
Shouldn't think routes has anything to do with it, since the traffic stop already at next hop, which is directly connected. That should never be unreachable, unless physically disconnected, right?
Anyway, the arp table on the router is not big at any time.
Right now there are only 26 entries in it.
10-08-2009 05:07 AM
Hello Oystein,
an IP nexthop is like in your static routes:
ip route 193.214.20.81 255.255.255.255 >>>172.18.1.1
using an interface as outgoing interface is like
ip route 10.10.101.0 255.255.255.0 fas0/0.900
What you have done is good and as you say ARP table is never big.
You should see if ARP entries change over time when you have the issue, you have written that they look like the same.
Before doing clear arp take the arp table.
Hope to help
Giuseppe
10-09-2009 02:56 AM
Hello again.
As I mentioned in my first post, the arp entries does not change.
That's why I don't understand what this could be, and was hoping for some help with the pros :)
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide