Re: Routing from port connected subnets failing

gregggertsner1 · ‎11-28-2018

Issue

I have several ports configured with IP. Hosts in these subnets can not connect to a remote device. However, devices directly attached can communicate to the remote device.
E.G.
Port 6/6 is configured for connections to the 172.20.61.x Network
Devices traceroute to remote network 172.20.118.x stop at 172.20.61.1 (the core switch)

tracert 172.20.118.156

Tracing route to 172.20.118.156 over a maximum of 30 hops

1 < 1ms <1ms <1ms 172.20.61.1

2 * * * Request timed out

Devices connected directly to the core switch traceroute successfully

traceroute 172.20.118.56
trying to get source for 172.20.118.56
source should be 172.20.21.4
traceroute to 172.20.118.56 (172.20.118.56) from 172.20.21.4 (172.20.21.4), 30 hops max
outgoing MTU = 1500
1 172.20.21.2 (172.20.21.2) 4 ms 3 ms 1 ms
2 172.20.21.225 (172.20.21.225) 2 ms 6 ms 1 ms
3 172.20.21.225 (172.20.21.225) 1 ms
fragmentation required, trying new MTU = 1492
3 * 2 ms
fragmentation required, trying new MTU = 1480
3 * 1 ms
fragmentation required, trying new MTU = 1472
3 10.4.4.2 (10.4.4.2) 4 ms 3 ms 3 ms
4 172.20.118.56 (172.20.118.56) 4 ms 4 ms 4 ms

Traceroutes from the remote server to direct attached devices (172.20.21.x) obviously works

Traceroutes to one of the subnets drop at the NGN Router

Network Diagram

Routing Table

The routing table on the core does show all subnets in question correctly

4506-1#sho ip route
Gateway of last resort is 172.20.250.1 to network 0.0.0.0

O E2 192.168.106.0/24 [110/20] via 172.20.250.1, 01:06:00, Vlan250
137.200.0.0/24 is subnetted, 2 subnets
S 137.200.84.0 [1/0] via 172.20.250.1
S 137.200.35.0 [1/0] via 172.20.250.1
O E2 192.168.104.0/24 [110/20] via 172.20.250.1, 01:06:00, Vlan250
172.20.0.0/16 is variably subnetted, 26 subnets, 3 masks
C 172.20.48.128/25 is directly connected, GigabitEthernet1/1
O IA 172.20.45.128/26 [110/13] via 172.20.250.1, 01:06:00, Vlan250
O 172.20.248.0/24 [110/11] via 172.20.250.1, 01:06:00, Vlan250
C 172.20.250.0/24 is directly connected, Vlan250
C 172.20.61.0/24 is directly connected, GigabitEthernet6/6
S 172.20.62.0/24 [1/0] via 172.20.21.225
C 172.20.48.0/25 is directly connected, GigabitEthernet6/4
C 172.20.49.0/24 is directly connected, GigabitEthernet6/5
C 172.20.45.0/25 is directly connected, GigabitEthernet6/1
C 172.20.46.0/24 is directly connected, GigabitEthernet6/2
C 172.20.47.0/24 is directly connected, GigabitEthernet6/3
S 172.20.30.0/24 [1/0] via 172.20.21.225
S 172.20.16.0/24 [1/0] via 172.20.250.1
C 172.20.21.0/24 is directly connected, Vlan1
O E2 172.20.2.0/24 [110/20] via 172.20.250.1, 01:06:00, Vlan250
S 172.20.120.0/24 [1/0] via 172.20.21.225
S 172.20.113.0/24 [1/0] via 172.20.21.225
S 172.20.114.0/24 [1/0] via 172.20.21.225
O IA 172.20.115.0/24 [110/13] via 172.20.250.1, 01:06:00, Vlan250
S 172.20.116.0/24 [1/0] via 172.20.21.225
S 172.20.117.0/24 [1/0] via 172.20.21.225
S 172.20.118.0/24 [1/0] via 172.20.21.225
S 172.20.95.0/24 [1/0] via 172.20.21.225
S 172.20.81.0/24 [1/0] via 172.20.21.225
C 172.20.78.0/24 is directly connected, Vlan78
C 172.20.66.0/24 is directly connected, Vlan66
172.23.0.0/32 is subnetted, 3 subnets
S 172.23.152.43 [1/0] via 10.21.112.11
S 172.23.152.42 [1/0] via 10.21.112.11
S 172.23.132.14 [1/0] via 10.21.112.14
172.25.0.0/24 is subnetted, 10 subnets
S 172.25.50.0 [1/0] via 172.20.21.225
S 172.25.40.0 [1/0] via 172.20.21.225
[1/0] via 172.20.21.255
S 172.25.20.0 [1/0] via 172.20.21.225
S 172.25.23.0 [1/0] via 172.20.21.225
S 172.25.19.0 [1/0] via 172.20.21.225
S 172.25.29.0 [1/0] via 172.20.21.225
S 172.25.30.0 [1/0] via 172.20.21.255
[1/0] via 172.20.21.225
S 172.25.26.0 [1/0] via 172.20.21.225
S 172.25.10.0 [1/0] via 172.20.21.225
S 172.25.100.0 [1/0] via 172.20.21.225
172.24.0.0/32 is subnetted, 1 subnets
S 172.24.4.236 [1/0] via 10.21.112.14
192.10.200.0/32 is subnetted, 2 subnets
S 192.10.200.117 [1/0] via 172.20.250.1
[1/0] via 172.20.21.254
S 192.10.200.134 [1/0] via 172.20.21.254
10.0.0.0/8 is variably subnetted, 8 subnets, 4 masks
O IA 10.253.253.0/30 [110/1011] via 172.20.250.1, 01:06:02, Vlan250
O IA 10.252.252.0/28 [110/12] via 172.20.250.1, 01:06:02, Vlan250
S 10.252.252.0/24 [1/0] via 172.20.21.225
S 10.30.30.0/24 [1/0] via 172.20.250.1
C 10.1.0.0/20 is directly connected, FastEthernet4/47
S 10.20.60.0/24 [1/0] via 172.20.250.1
O 10.21.112.0/24 [110/11] via 172.20.250.1, 01:06:02, Vlan250
O 10.21.111.0/24 [110/11] via 172.20.250.1, 01:06:02, Vlan250
192.10.202.0/32 is subnetted, 2 subnets
S 192.10.202.60 [1/0] via 172.20.21.254
S 192.10.202.62 [1/0] via 172.20.21.254
S 192.168.254.0/24 [1/0] via 172.20.21.225
O E2 192.168.103.0/24 [110/20] via 172.20.250.1, 01:06:02, Vlan250
O*E2 0.0.0.0/0 [110/10] via 172.20.250.1, 01:06:02, Vlan250

The default gateway also has these routes defined

Current Config, Edited

Current configuration : 11736 bytes

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

power dc input 2500

!

interface GigabitEthernet1/1

description subnet 60 sw closet7-1

no switchport

ip address 172.20.48.129 255.255.255.128

ip helper-address 172.20.21.235

!

interface GigabitEthernet1/2

interface FastEthernet2/38

description Temp FCITY Network

switchport access vlan 78

!

interface FastEthernet2/39

switchport access vlan 78

!

interface FastEthernet2/40

description Temp CCITY Network

switchport access vlan 66

interface FastEthernet4/1

description Fortigate-01-port1

switchport access vlan 250

!

interface FastEthernet4/2

description Fortigate-01-port2

!

interface FastEthernet4/3

description Fortigate-01-port5

switchport access vlan 248

!

interface FastEthernet4/18

description Smartnet-switch-ge0/2

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet4/47

description Dxx Subnet 10.1.10.x

no switchport

ip address 10.1.10.1 255.255.240.0

ip helper-address 172.20.21.235

!

interface FastEthernet4/48

!

interface FastEthernet5/1

description Fortigate-02-port1

switchport access vlan 250

!

interface FastEthernet5/2

description Fortigate-02-port2

!

interface FastEthernet5/3

description Fortigate-02-port5

switchport access vlan 248

!

interface FastEthernet5/7

description link router 172.20.21.1

interface GigabitEthernet6/1

description subnet 45 cw closet 1-1

no switchport

ip address 172.20.45.1 255.255.255.128

ip helper-address 172.20.21.235

!

interface GigabitEthernet6/2

description subnet 46 sw closet2-1

no switchport

ip address 172.20.46.1 255.255.255.0

ip helper-address 172.20.21.235

!

interface GigabitEthernet6/3

description subnet 47 sw closet3-1

no switchport

ip address 172.20.47.1 255.255.255.0

ip helper-address 172.20.21.235

!

interface GigabitEthernet6/4

description subnet 48 sw closet4-1

no switchport

ip address 172.20.48.1 255.255.255.128

ip helper-address 172.20.21.235

!

interface GigabitEthernet6/5

description subnet 49 sw closet5-1

no switchport

ip address 172.20.49.1 255.255.255.0

ip helper-address 172.20.21.235

!

interface GigabitEthernet6/6

description subnet 61 sw closet6-1

no switchport

ip address 172.20.61.1 255.255.255.0

ip helper-address 172.20.21.235

!

interface Vlan1

ip address 172.20.21.11 255.255.255.0 secondary

ip address 172.20.21.2 255.255.255.0

!

interface Vlan66

ip address 172.20.66.1 255.255.255.0

!

interface Vlan78

ip address 172.20.78.1 255.255.255.0

!

interface Vlan248

description MPLS

no ip address

!

interface Vlan250

description FIREWALL

ip address 172.20.250.2 255.255.255.0

!

interface Vlan251

description WSZ

no ip address

!

interface Vlan252

description DMZ

no ip address

router ospf 1

log-adjacency-changes

area 0 range 172.0.0.0 255.0.0.0

network 10.21.111.0 0.0.0.255 area 0

network 172.18.4.0 0.0.0.255 area 0

network 172.20.21.0 0.0.0.255 area 0

network 172.20.45.0 0.0.0.255 area 0

network 172.20.46.0 0.0.0.255 area 0

network 172.20.47.0 0.0.0.255 area 0

network 172.20.48.0 0.0.0.255 area 0

network 172.20.49.0 0.0.0.255 area 0

network 172.20.60.0 0.0.0.255 area 0

network 172.20.61.0 0.0.0.255 area 0

network 172.20.66.0 0.0.0.255 area 0

network 172.20.78.0 0.0.0.255 area 0

network 172.20.250.0 0.0.0.255 area 0

distribute-list 10 in

!

ip default-gateway 172.20.250.1

ip classless

ip route 10.20.60.0 255.255.255.0 172.20.250.1

ip route 10.30.30.0 255.255.255.0 172.20.250.1

ip route 10.252.252.0 255.255.255.0 172.20.21.225

ip route 137.200.35.0 255.255.255.0 172.20.250.1

ip route 137.200.84.0 255.255.255.0 172.20.250.1

ip route 172.20.16.0 255.255.255.0 172.20.250.1

ip route 172.20.30.0 255.255.255.0 172.20.21.225

ip route 172.20.62.0 255.255.255.0 172.20.21.225

ip route 172.20.81.0 255.255.255.0 172.20.21.225

ip route 172.20.95.0 255.255.255.0 172.20.21.225

ip route 172.20.113.0 255.255.255.0 172.20.21.225

ip route 172.20.114.0 255.255.255.0 172.20.21.225

ip route 172.20.116.0 255.255.255.0 172.20.21.225

ip route 172.20.117.0 255.255.255.0 172.20.21.225

ip route 172.20.118.0 255.255.255.0 172.20.21.225

ip route 172.20.120.0 255.255.255.0 172.20.21.225

ip route 172.23.132.14 255.255.255.255 10.21.112.14

ip route 172.23.152.42 255.255.255.255 10.21.112.11

ip route 172.23.152.43 255.255.255.255 10.21.112.11

ip route 172.24.4.236 255.255.255.255 10.21.112.14

ip route 172.25.10.0 255.255.255.0 172.20.21.225

ip route 172.25.19.0 255.255.255.0 172.20.21.225

ip route 172.25.20.0 255.255.255.0 172.20.21.225

ip route 172.25.23.0 255.255.255.0 172.20.21.225

ip route 172.25.26.0 255.255.255.0 172.20.21.225

ip route 172.25.29.0 255.255.255.0 172.20.21.225

ip route 172.25.30.0 255.255.255.0 172.20.21.255

ip route 172.25.30.0 255.255.255.0 172.20.21.225

ip route 172.25.40.0 255.255.255.0 172.20.21.225

ip route 172.25.40.0 255.255.255.0 172.20.21.255

ip route 172.25.50.0 255.255.255.0 172.20.21.225

ip route 172.25.100.0 255.255.255.0 172.20.21.225

ip route 192.10.200.117 255.255.255.255 172.20.250.1

ip route 192.10.200.117 255.255.255.255 172.20.21.254

ip route 192.10.200.134 255.255.255.255 172.20.21.254

ip route 192.10.202.60 255.255.255.255 172.20.21.254

ip route 192.10.202.62 255.255.255.255 172.20.21.254

ip route 192.168.106.0 255.255.255.0 172.18.4.1

ip route 192.168.254.0 255.255.255.0 172.20.21.225

access-list 10 permit any

Any thoughts or suggestions would be appreciated

Jon Marshall · ‎11-29-2018

The NGN router does not have a route for 172.20.61.0/24.

Jon