Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3179
Views
0
Helpful
5
Replies

missing something simple; static route not being used using on dgw

Go to solution
btmbmonitor
Level 1
Level 1

‎12-21-2012 02:19 AM - edited ‎03-04-2019 06:28 PM

I must be doing something dumb, but its baffling me, the router has a static route for a network 192.168.31.0/24 for example (in fact its ignoring all the 192.168.x.x entries in its table that use the 192.168.0.62 as next hop) but instead of using this route its simply using the gateway of last resort.

192.168.0.62 is pingable.

The default route is a firewall and when pinging 192.168.31.10 (for example) i see the packets hit the firewall, i.e ignore the route

idc01wancr01#sh ip route 192.168.31.0 255.255.255.0

% Network not in table

idc01wancr01#sh ip route 192.168.31.0 255.255.255.0 long

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       a - application route

       + - replicated route, % - next hop override

Gateway of last resort is 10.50.15.1 to network 0.0.0.0

I must be missing something simple as we have far more complex configs however i'm not seeing it.

config below...

Current configuration : 6704 bytes

!

! Last configuration change at 10:02:13 UTC Fri Dec 21 2012 by admin

! NVRAM config last updated at 22:15:59 UTC Thu Dec 20 2012 by admin

! NVRAM config last updated at 22:15:59 UTC Thu Dec 20 2012 by admin

version 15.3

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname idc01wancr01

!

boot-start-marker

boot system flash0:c3900-universalk9-mz.SPA.153-1.T.bin

boot system flash0:c3900-universalk9-mz.SPA.153-1.T.bi

boot-end-marker

!

!

logging buffered 51200

logging console critical

enable secret 5 <snip>

enable password 7 <snip>

!

no aaa new-model

!

!

crypto pki trustpoint TP-self-signed-2721064940

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2721064940

revocation-check none

rsakeypair TP-self-signed-2721064940

!

!

crypto pki certificate chain TP-self-signed-2721064940

certificate self-signed 01

<snip>

        quit

ip cef

!

!

!

!

!

!

ip flow-cache timeout active 1

no ip bootp server

ip domain list ocslms.co.uk

ip domain lookup source-interface GigabitEthernet0/1.25

ip multicast-routing

login on-failure log

login on-success log

ipv6 multicast rpf use-bgp

no ipv6 cef

!

multilink bundle-name authenticated

!

!

license udi pid C3900-SPE100/K9 sn FOC16140M7H

!

!

username admin privilege 15 password 7 <snip>

username livemon privilege 15 password 7 <snip>

!

redundancy

!

!

!

!

!

ip tcp synwait-time 10

csdb tcp synwait-time 30

csdb tcp idle-time 3600

csdb tcp finwait-time 5

csdb tcp reassembly max-memory 1024

csdb tcp reassembly max-queue-length 16

csdb udp idle-time 30

csdb icmp idle-time 10

csdb session max-session 65535

!

!

interface Null0

no ip unreachables

!

interface Embedded-Service-Engine0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

!

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$FW_INSIDE$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

duplex full

speed 1000

no mop enabled

!

interface GigabitEthernet0/1.25

description ***IDC01 MGMT***$FW_INSIDE$

encapsulation dot1Q 25

ip address 10.0.25.30 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

!

interface GigabitEthernet0/1.831

description ***WAN_TRANSIT***$FW_INSIDE$

encapsulation dot1Q 831

ip address 10.50.15.30 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip flow egress

!

interface GigabitEthernet0/2

description ***Uplink to WAN Aggregation switch Hyperion***

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

duplex full

speed 1000

no mop enabled

!

interface GigabitEthernet0/2.901

description ***94575***$FW_OUTSIDE$

encapsulation dot1Q 901

ip address 192.168.0.61 255.255.255.252

no ip redirects

no ip unreachables

ip verify unicast reverse-path

ip nbar protocol-discovery

ip flow ingress

ip flow egress

!

ip forward-protocol nd

!

ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip flow-export source GigabitEthernet0/1.831

ip flow-export version 9

ip flow-export destination 10.50.13.11 2055

!

ip route 0.0.0.0 0.0.0.0 10.50.15.1

ip route 10.0.10.172 255.255.255.255 10.0.25.1

ip route 192.168.24.0 255.255.252.0 192.168.0.62

ip route 192.168.99.0 255.255.255.0 192.168.0.62

ip route 192.168.254.0 255.255.255.0 10.0.25.1

ip route 196.168.9.0 255.255.255.0 192.168.0.62

ip route 196.168.24.0 255.255.252.0 192.168.0.62

ip route 196.168.28.0 255.255.255.0 192.168.0.62

ip route 196.168.29.0 255.255.255.0 192.168.0.62

ip route 196.168.31.0 255.255.255.0 192.168.0.62

ip route 196.168.32.0 255.255.255.0 192.168.0.62

ip route 196.168.77.0 255.255.255.0 192.168.0.62

!

ip sla auto discovery

ip sla 1

udp-jitter 192.168.0.62 5000 source-ip 192.168.0.61 codec g729a

ip sla schedule 1 life forever start-time now

logging trap debugging

no cdp run

!

!

snmp-server community <snip> RO 11

snmp-server ifindex persist

snmp-server location IDC01 R3R16

snmp-server contact IDC01 Operations <snip>

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps envmon

snmp-server enable traps entity-sensor threshold

snmp-server enable traps config

snmp-server enable traps ipsla

!

control-plane

!

!

!

line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

access-class 10 in

privilege level 15

password 7 <snip>

login local

transport input telnet ssh

line vty 5 15

access-class 10 in

privilege level 15

password 7 <snip>

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

scheduler interval 500

ntp server 10.0.10.172 source GigabitEthernet0/1.25

!

end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
BSOC support
Level 1
Level 1
In response to btmbmonitor

‎12-24-2012 05:39 AM

Hi Adam,

Just tried to call you but you wern't available so though I would update you here.

I believe the issue is with your static routes as the statics appear to be typo'ed:

ip route 196.168.9.0 255.255.255.0 192.168.0.62

ip route 196.168.24.0 255.255.252.0 192.168.0.62

ip route 196.168.28.0 255.255.255.0 192.168.0.62

ip route 196.168.29.0 255.255.255.0 192.168.0.62

ip route 196.168.31.0 255.255.255.0 192.168.0.62

ip route 196.168.32.0 255.255.255.0 192.168.0.62

ip route 196.168.77.0 255.255.255.0 192.168.0.62

I believe these should be 192.168 not 196.168 hence them not appearing in the table (or am I missing something).

I would also suggest removing the encrypted passwords from your post as these can be easily decrypted (as I'm sure you're aware).

Regards,

Michael Wensley

Virgin Media Operations

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎12-21-2012 02:45 AM

Hello btmbmonitor,

it looks like the router treats the next-hop 192.168.0.62 as unreachable.

ip routing should be enabled according to the show ip route you showed us.

Can you check if:

the router can ping the 192.168.0.62

and what is more important does an ARP entry exist for 192.168.0.62?

show ip arp 192.168.0.62

If no ARP entry exists for the IP address the router will not use any static route using the IP address as next-hop.

If this is the case you need to check connectivity

Hope to help

Giuseppe

0 Helpful

Go to solution
btmbmonitor
Level 1
Level 1
In response to Giuseppe Larosa

‎12-21-2012 03:24 AM

thats the thing, on the router ping 192.168.0.62 (the other end) is fine.

Ping 192.168.0.61 (my interface ip) does NOT work.

idc01wancr01#ping 192.168.0.61

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.61, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

idc01wancr01#ping 192.168.0.62

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.62, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms

if i remove ip verify unicast reverse-path then i CAN ping 192.168.0.61

0 Helpful

Go to solution
btmbmonitor
Level 1
Level 1
In response to Giuseppe Larosa

‎12-21-2012 03:28 AM

oh, and yes, arp entry is fine, i can telnet to that router that end etc.  Traffic flows UP the link and INTO this router as the default routes point that way.  Its just the explicit statics are being ignored.

idc01wancr01#sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  1.2.3.4                 -   2c54.2d26.6c00  ARPA   GigabitEthernet0/0

Internet  10.0.25.1               0   0029.3287.32ce  ARPA   GigabitEthernet0/1.25

Internet  10.0.25.30              -   2c54.2d26.6c01  ARPA   GigabitEthernet0/1.25

Internet  10.0.25.42            134   70ca.9b17.1981  ARPA   GigabitEthernet0/1.25

Internet  10.50.15.1              3   5057.a8e1.4691  ARPA   GigabitEthernet0/1.831

Internet  10.50.15.30             -   2c54.2d26.6c01  ARPA   GigabitEthernet0/1.831

Internet  192.168.0.61            -   2c54.2d26.6c02  ARPA   GigabitEthernet0/2.901

Internet  192.168.0.62           88   2c54.2de5.3740  ARPA   GigabitEthernet0/2.901

0 Helpful

Go to solution
btmbmonitor
Level 1
Level 1
In response to btmbmonitor

‎12-21-2012 05:10 AM

if i get a device in the network (for example 192.168.31.11) for ping the route, then its it magically gets an entry in the routing table... its like its learning routes only when an entry from that network has traffic.

0 Helpful

Go to solution
BSOC support
Level 1
Level 1
In response to btmbmonitor

‎12-24-2012 05:39 AM

Hi Adam,

Just tried to call you but you wern't available so though I would update you here.

I believe the issue is with your static routes as the statics appear to be typo'ed:

ip route 196.168.9.0 255.255.255.0 192.168.0.62

ip route 196.168.24.0 255.255.252.0 192.168.0.62

ip route 196.168.28.0 255.255.255.0 192.168.0.62

ip route 196.168.29.0 255.255.255.0 192.168.0.62

ip route 196.168.31.0 255.255.255.0 192.168.0.62

ip route 196.168.32.0 255.255.255.0 192.168.0.62

ip route 196.168.77.0 255.255.255.0 192.168.0.62

I believe these should be 192.168 not 196.168 hence them not appearing in the table (or am I missing something).

I would also suggest removing the encrypted passwords from your post as these can be easily decrypted (as I'm sure you're aware).

Regards,

Michael Wensley

Virgin Media Operations

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card