Hi Peter, thanks for the suggestions

The 2960 has no arp entry for the problem address, and is not directly connected to it.I did clear arp on all devices and it doesn't appear to be an arp problem.

The 2960 has a single IP address.

I did all kind of traceroutes and troubleshooting coming to the conclusion that the 3560 discards the packet.

I don't know of any troubleshooting command for hardware switching.

As mentioned, as I change the default gateway on 2960 to use a 1801 instead of 3560, everything works.

I will try an update and reload later today.

Hi Paolo,

You are welcome, although obviously I did not help.

Regarding the debug command to troubleshoot hardware switching, the only command coming to my mind is the show ip cef exact-route but I don't know if that is going to be helpful. Perhaps invalidating the entire CEFand letting the switch reinitialize it using the commands clear adjacency and clear cef table ipv4 would prove helpful.

Nevertheless, packets with expiring TTL should be punted to the CPU and the debug ip packet and debug ip icmp should display such packets or corresponding ICMP Unreachable messages. Are these messages generated at least for the successful traceroute? Having no packets displayed in these debugs at all makes me wonder whether the packets are traversing the 3560 at all.

Best regards,

Peter

I tried these commands to no avails Everythign looks as it should except it doesn't work.

In case of succesful ping/traceroute, the packets are shown by debugs.

On the 2960, debug ip packets show the packet is being sent. And when using a 1801 as default-gw instead of 3560, is handled normally.

I've figured this out. The 2960 had installed an ICMP redirect pointing to an address not in service.

That was the address of the alternate 1801, so testing with it revealed no problem.

Once cleared the redirect, all is good.

Thank you Peter for your suggestions and courtesy1