Inexplicable routing

laviel · ‎08-05-2012

Hi all,

I have a Cisco ME3800X switch to which I've tried to set a default gateway using the command ip default gateway 10.56.116.105 for management purposes. After noticing this switch's management sessions do not go through the ACL on that gateway, I checked the output of show ip route and did see that altough the default gateway is set as 10.56.116.105, the gateway for all hosts on the table goes through 10.56.116.1 (which is a valid GW, but not the one I want to use). Here are the outputs:

Show run:

ME3800X-3#show run | i ip default

ip default-gateway 10.56.116.105

ME3800X-3#

Show IP route:

ME3800X-3#show ip route

Default gateway is 10.56.116.105

Host Gateway Last Use Total Uses Interface

10.56.22.39 10.56.116.1 0:00 2908 GigabitEthernet0/24

10.56.58.45 10.56.116.1 0:00 1537990 GigabitEthernet0/24

10.56.58.34 10.56.116.1 0:00 5216 GigabitEthernet0/24

10.56.58.38 10.56.116.1 0:00 196 GigabitEthernet0/24

10.56.57.36 10.56.116.1 0:00 11936 GigabitEthernet0/24

10.56.56.63 10.56.116.1 0:00 1068500 GigabitEthernet0/24

10.56.57.51 10.56.116.1 0:00 2196 GigabitEthernet0/24

10.56.57.48 10.56.116.1 0:04 74764 GigabitEthernet0/24

10.56.22.101 10.56.116.1 0:00 1822400 GigabitEthernet0/24

10.56.58.68 10.56.116.1 0:00 4427 GigabitEthernet0/24

10.56.56.91 10.56.116.1 0:00 12756 GigabitEthernet0/24

10.56.57.85 10.56.116.1 0:00 1500310 GigabitEthernet0/24

10.56.58.104 10.56.116.1 0:00 81962 GigabitEthernet0/24

10.56.56.111 10.56.116.1 0:00 3408 GigabitEthernet0/24

10.56.58.103 10.56.116.1 0:00 1581270 GigabitEthernet0/24

10.56.22.94 10.56.116.1 0:00 13062 GigabitEthernet0/24

10.56.22.163 10.56.116.1 0:00 74578 GigabitEthernet0/24

10.56.56.130 10.56.116.1 0:00 1776 GigabitEthernet0/24

10.56.56.131 10.56.116.1 0:00 1037550 GigabitEthernet0/24

10.56.56.202 10.56.116.1 0:00 38046 GigabitEthernet0/24

ME3800X-3#

Can anyone suggest why this is happenning and what would be the solution to make the switch forward packets to 10.56.116.105?

Thanks,

Lior

Peter Paluch · ‎08-05-2012

Hello Lior,

Is it possible that the 10.56.116.105 is sending ICMP redirects for all those destinations you see indicated in the show ip route output, claiming that the better gateway would be 10.56.116.1 instead? You should check the routing table on the 10.56.116.105 and see what is its own idea of next hop towards these destinations.

Best regards,

Peter

laviel · ‎08-05-2012

Well, actually, the real GW is indeed 10.56.116.1 and 10.56.116.105 is directing all traffic to it eventually, but I need all traffic going through my network to go through 10.56.116.105 first, as that's my ACL.

If indeed 10.56.116.105 is redirecting ICMP, than I have two additional questions:

1. How can I change that setting?

2. Why would ICMP redirects (which, if I understand correctly, affects only on ICMP packets) would affect traffic by any other protocol (such as telnet, for example)?

Thanks,

Lior

Peter Paluch · ‎08-05-2012

Hello Lior,

If indeed 10.56.116.105 is redirecting ICMP

It is not redirecting ICMP It is sending ICMP Redirect messages. Read more about them here:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094702.shtml

1. How can I change that setting?

By using the no ip redirects command on the gateway's interface having the IP address 10.56.116.105.

2. Why would ICMP redirects (which, if I understand correctly, affects  only on ICMP packets) would affect traffic by any other protocol (such  as telnet, for example)?

ICMP Redirects are signalling messages between a host and its gateway that influence the routing of all traffic. The 'ICMP' in their name refers to the fact that these redirects are carried in ICMP messages but that does not limit their validity to ICMP traffic.

Best regards,

Peter

laviel · ‎08-05-2012

Hi Peter,

Thanks a lot for the informative response I'll try that command on my network and read the document you've linked to.

Best regards,

Lior