Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1639
Views
0
Helpful
1
Replies

Cisco 2911 configured with subinterfaces cannot traceroute to outside IP

richreitenauer
Level 1
Level 1

‎01-11-2012 08:16 AM - edited ‎03-07-2019 04:17 AM

I have a Cisco 2911 with multiple sub interfaces configured.  I have the last resort route set and computers within the LAN can get out to the internet fine and can traceroute fine without a problem.  It's only when I try from the router, is when I have the issue.  When I traceroute from the router, it goes to the last resort 172.18.200.1 but just times out from there.  The reason I am asking is due to wanting to send netflow data to a server that is at a different location for monitoring...if this cannot be done, we can purchase the software to run in our other network.

Building configuration...

Current configuration : 3921 bytes

!

! Last configuration change at 16:02:26 UTC Wed Jan 11 2012 by

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname

!

boot-start-marker

boot system flash:c2900-universalk9-mz.SPA.150-1.M7.bin

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

multilink bundle-name authenticated

!

!

!

!

license udi pid CISCO2911/K9 sn FTX1527AMN7

!

!

username

username

username

!

!

buffers tune automatic

!

!

!

!

interface GigabitEthernet0/0

description

no ip address

ip flow ingress

ip flow egress

duplex auto

speed auto

!

interface GigabitEthernet0/0.1

description

encapsulation dot1Q 1 native

ip address 192.168.7.2 255.255.240.0

ip flow ingress

ip flow egress

ip policy route-map impulse

!

interface GigabitEthernet0/0.2

encapsulation dot1Q 2

ip address 192.168.150.1 255.255.255.0

ip flow ingress

ip policy route-map impulse

!

interface GigabitEthernet0/0.19

encapsulation dot1Q 19

ip address 192.168.19.2 255.255.255.0

!

interface GigabitEthernet0/0.20

description

encapsulation dot1Q 20

ip address 192.168.20.2 255.255.255.224

ip flow ingress

ip flow egress

ip policy route-map impulse

!

interface GigabitEthernet0/0.21

description

encapsulation dot1Q 21

ip address 192.168.22.2 255.255.254.0

ip policy route-map impulse

!

interface GigabitEthernet0/0.22

description Claire-Hall-2ndFlr

encapsulation dot1Q 22

ip address 192.168.24.2 255.255.254.0

ip policy route-map impulse

!

interface GigabitEthernet0/0.23

description

encapsulation dot1Q 23

ip address 192.168.26.2 255.255.254.0

ip policy route-map impulse

!

interface GigabitEthernet0/0.50

description

encapsulation dot1Q 50

ip address 192.168.50.2 255.255.254.0

ip flow ingress

ip flow egress

!

interface GigabitEthernet0/1

description Connection to

ip address 172.18.200.2 255.255.255.252

duplex full

speed 1000

hold-queue 5000 out

!

interface GigabitEthernet0/2

description to SafeConnect Enforcer

ip address 172.17.200.1 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

no ip address

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

ip flow-export version 5

ip flow-export destination 172.17.200.2 50001

ip flow-export destination External IP 2055

!

ip route 0.0.0.0 0.0.0.0 172.18.200.1

ip route 198.31.193.211 255.255.255.255 172.17.200.2 --- For SafeConnect Appliance

!

ip access-list extended impulse_block

deny   udp any any eq domain

deny   udp any any eq bootpc

permit ip any host 198.31.193.211

ip access-list extended intranet

permit tcp any host 10.10.7.22 eq 389

permit tcp any host 10.10.7.13 eq 389

permit tcp any host 10.10.7.31 eq 389

permit tcp any host 10.10.7.45 eq 389

permit tcp any host 10.10.17.3 eq 389

permit ip any host 172.19.200.2

permit ip any host 10.10.7.33

permit ip any host 10.10.7.31

permit ip any host 192.168.15.7

!

!

route-map impulse deny 10

match ip address intranet

!

route-map impulse permit 20

match ip address impulse_block

set ip next-hop 172.17.200.2

!

!

snmp-server community

snmp-server community

!

control-plane

!

!

line con 0

privilege level 15

logging synchronous

login local

line aux 0

line vty 0 4

privilege level 15

password 7

logging synchronous

login local

transport input telnet ssh

line vty 5 15

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

end

Labels:
0 Helpful
1 Reply 1

acampbell
VIP Alumni
VIP Alumni

‎01-11-2012 08:47 AM

Hi,

When you run the trace command from the router are you specifying an interface as the source or just a blind

trace a.b.c.d

Regards

Alex

Regards, Alex. Please rate useful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card