06-26-2011 04:09 AM - edited 03-07-2019 12:58 AM
Hello All,
I have a cisco 3400 connected to a Cisco 831
The 831 is online and working fine, also the computers connected to it work fine as well
I connected a Cisco 3400 up to it on fa0/24
the light comes the 831 and 3400 just fine
The 3400 and 831 show each other in the ARP tables but they will not ping each other nor will the 3400 get out the the internet
I included my config file and some commands I ran
Any Ideas?
Thank You very much for ready and any help you can provide
Cisco IOS Software, ME340x Software (ME340x-METROACCESS-M), Version 12.2(25)SEG1
, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 07-Aug-06 19:02 by myl
Image text-base: 0x00003000, data-base: 0x00C0489C
ROM: Bootstrap program is ME340x boot loader
BOOTLDR: ME340x Boot Loader (me340x-HBOOT-M) Version 12.2(25r)EX, RELEASE SOFTWA
RE (fc4)
test uptime is 6 hours, 10 minutes
System returned to ROM by power-on
System image file is "flash:me340x-metroaccess-mz.122-25.SEG1/me340x-metroaccess
-mz.122-25.SEG1.bin"
cisco ME-3400-24TS-A (PowerPC405) processor (revision C0) with 118784K/12280K by
tes of memory.
config:
Current configuration : 1684 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname test
!!
no aaa new-model
ip subnet-zero
!
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 250
name MGT
!
interface FastEthernet0/1
shutdown
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
speed 100
duplex full
!
interface GigabitEthernet0/1
port-type nni
!
interface GigabitEthernet0/2
port-type nni
!
interface Vlan1
ip address dhcp
no ip route-cache
!
ip default-gateway 192.168.4.1
no ip http server
!
line con 0
line vty 0 4
password TEST
no login
length 0
line vty 5 15
password TEST
no login
length 0
!
end
test#sh int vlan1
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 001c.b18f.cac0 (bia 001c.b18f.cac0)
Internet address is 192.168.4.22/24 <<<<<<<<<<<<<<-------------------------------------------
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:17:25, output 00:34:03, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
596 packets input, 56255 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
91 packets output, 9931 bytes, 0 underruns
0 output errors, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
test#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 127.0.0.20 - 001c.b18f.ca80 SNAP Virtual1
Internet 192.168.4.1 37 0011.216f.af11 ARPA Vlan1
Internet 192.168.4.22 - 001c.b18f.cac0 ARPA Vlan1
test#ping 4.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout is 2 seconds:
06:15:29: IP: s=192.168.4.22 (local), d=4.2.2.1 (Vlan1), len 100, sending
06:15:29: IP: s=192.168.4.22 (local), d=4.2.2.1 (Vlan1), len 100, sending full p
acket.
06:15:31: IP: s=192.168.4.22 (local), d=4.2.2.1 (Vlan1), len 100, sending
06:15:31: IP: s=192.168.4.22 (local), d=4.2.2.1 (Vlan1), len 100, sending full p
acket.
06:15:33: IP: s=192.168.4.22 (local), d=4.2.2.1 (Vlan1), len 100, sending
06:15:33: IP: s=192.168.4.22 (local), d=4.2.2.1 (Vlan1), len 100, sending full p
acket.
06:15:35: IP: s=192.168.4.22 (local), d=4.2.2.1 (Vlan1), len 100, sending
06:15:35: IP: s=192.168.4.22 (local), d=4.2.2.1 (Vlan1), len 100, sending full p
acket.
06:15:37: IP: s=192.168.4.22 (local), d=4.2.2.1 (Vlan1), len 100, sending
06:15:37: IP: s=192.168.4.22 (local), d=4.2.2.1 (Vlan1), len 100, sending full p
acket.
Success rate is 0 percent (0/5)
Solved! Go to Solution.
07-05-2011 12:59 PM
Hi Christopher
3400 switch is a Metro Ethernet switch.and by default all the ports are in uni mode,except 2 uplinks which are in nni. Uni means user network interface and it is isolated. nni is network node interface. NNI is used to connected to routers or another switch.
we can make 4 ports as nni.
by default on every cisco switch all the ports are in nni. but metro Switches like 34xx and 24xx are uni ports.
06-26-2011 09:20 AM
What the statsus of int FastEthernet0/24? Are the ports in the same VLANs? Post the config of the other side also. I believe routing is not the issue becase you have to directly connected devices.
06-26-2011 07:40 PM
Thanks for your post
Here is the status of the fa0/24
test#sh int fa0/24
FastEthernet0/24 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 001c.b18f.ca9a (bia 001c.b18f.ca9a)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:08, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
5225 packets input, 811710 bytes, 0 no buffer
Received 4714 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 2914 multicast, 0 pause input
0 input packets with dribble condition detected
7907 packets output, 510983 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Yes all ports are on vlan1 or they should be because that is the default vlan on all interfaces
Cisco 831 config:
Internet831#sh run
Building configuration...
Current configuration : 9645 bytes
!
! Last configuration change at 11:24:18 EDT Wed Jun 1 2011
! NVRAM config last updated at 11:24:29 EDT Wed Jun 1 2011
!
version 12.4
no service pad
service timestamps debug uptime
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname Internet831
!
boot-start-marker
boot system flash c831-k9o3sy6-mz.124-13a.bin
boot-end-marker
!
memory-size iomem 5
logging buffered 14096 debugging
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring 1 Sun Apr 0:00 last Sat Oct 0:00
!
!
no ip dhcp use vrf connected
!
ip dhcp pool 0
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server 4.2.2.1
!
!
ip cef
!
!
!
!
!
!
!
!
!
interface Ethernet0
description LAN
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Ethernet1
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
!
interface Ethernet2
description NOT USED
no ip address
ip nat inside
ip virtual-reassembly
shutdown
!
interface FastEthernet1
description Web/FTP Server/DNS
duplex auto
speed auto
!
interface FastEthernet2
description Exchange/DNS/TFTP/TACACS
duplex auto
speed auto
!
interface FastEthernet3
description Linux Server
duplex auto
speed auto
!
interface FastEthernet4
description Wireless/Multimedia/Cisco Lab
duplex auto
speed auto
!
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Ethernet1 overload
!
!
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 23 permit 192.168.4.0 0.0.0.255
access-list 23 permit 192.168.5.0 0.0.0.255
!
tftp-server flash:c831-k9o3sy6-mz.124-2.T4.bin
!
!
control-plane
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 30 0
logging synchronous
login
!
scheduler max-task-time 5000
ntp clock-period 17180175
ntp server 128.138.140.44
end
Boyds_Internet831#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.4.50 0 Incomplete ARPA
Internet 192.168.0.13 - 0011.216f.af12 ARPA Ethernet1
Internet 192.168.0.1 0 0009.0f59.2236 ARPA Ethernet1
Internet 192.168.4.1 - 0011.216f.af11 ARPA Ethernet0
Internet 192.168.4.2 0 0018.8b66.75b8 ARPA Ethernet0
Internet 192.168.4.22 19 001c.b18f.cac0 ARPA Ethernet0
I don't think it's anything to do with the Cisco 831 because I connected the Cisco 3400 to my Peplink load balenace router and it did the exact same thing.
06-26-2011 11:49 PM
Hi,
on the 3400 can you do a debug arp while pinging 4.2.2.1 and on 831 can you do a sh ip int eth0 and a sh ip nat trans at the same time
Also on 831 do a sh ip route.
Post all these here.
Regards.
Alain.
06-27-2011 02:29 AM
Here is the information you requested
Hope it helps!
test#ping 4.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Internet831#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.0.1 to network 0.0.0.0
C 192.168.4.0/24 is directly connected, Ethernet0
192.168.0.0/26 is subnetted, 1 subnets
C 192.168.0.0 is directly connected, Ethernet1
S* 0.0.0.0/0 [254/0] via 192.168.0.1
Internet831#sh ip int eth0
Ethernet0 is up, line protocol is up
Internet address is 192.168.4.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Internet831#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.13:17 192.168.4.22:17 4.2.2.1:17 4.2.2.1:17
udp 192.168.0.13:123 192.168.4.50:123 128.138.140.44:123 128.138.140.44:123
06-27-2011 02:54 AM
ok,
Can you do this on 831:
1) create extended acl permitting pings from any to any
access-list XXX permit icmp any any
2) direct debug output to buffer
no logging console debug
logging buffered 10000
logging buffered debug
3) apply this ACL to a debug
debug ip packet detail XXX
4) run your ping from 192.168.4.2 to 4.2.2.1
5) show log to view the debug output and copy-paste then send here.
Regards.
Alain.
06-27-2011 07:29 PM
I added into ACL for cisco 831:
access-list 100 permit icmp any any
then ran command:
Ineternet831#debug ip packet detail 100
IP packet debugging is on (detailed) for access list 100
If I ping from the 3400 to the 831 (pinged 192.168.4.1) nothing was logged
If I ping from the 831 to the 3400 (pinged 192.168.4.22) logged the following:
12w0d: IP: tableid=0, s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), routed via FIB
12w0d: IP: s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), len 100, sending
12w0d: ICMP type=8, code=0
12w0d: IP: tableid=0, s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), routed via FIB
12w0d: IP: s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), len 100, sending
12w0d: ICMP type=8, code=0
12w0d: IP: tableid=0, s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), routed via FIB
12w0d: IP: s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), len 100, sending
12w0d: ICMP type=8, code=0
12w0d: IP: tableid=0, s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), routed via FIB
12w0d: IP: s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), len 100, sending
12w0d: ICMP type=8, code=0
12w0d: IP: tableid=0, s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), routed via FIB
12w0d: IP: s=192.168.4.1 (local), d=192.168.4.22 (Ethernet0), len 100, sending
12w0d: ICMP type=8, code=0
06-27-2011 11:52 PM
Hi,
That's really weird because we should see the echo-replies and I wonder why the echo-requests aren't seen on the router as you have no ACL denying pings.But that is not the important thing what I wanted to see is if there was a response back from 4.2.2.1 and so the test was pinging 4.2.2.1 while doing the debug but as always I forgot that debug packets are process switched packets and so you'll have to disable cef temporarily to see these debugs.
So let's try it another way: Can you do a traceroute to 4.2.2.1 on 3400.
Regards.
Alain.
06-28-2011 12:31 AM
test#traceroute 4.2.2.1
Type escape sequence to abort.
Tracing the route to
1 * * *
2 *
23:03:41: IP ARP: rcvd req src 192.168.4.1 0011.216f.af11, dst 192.168.4.50 Vlan
1 * *
3 * * *
4 * * *
5 * * *1 * * *
2 *
23:03:41: IP ARP: rcvd req src 192.168.4.1 0011.216f.af11, dst 192.168.4.50 Vlan
1 * *
3 * * *
4 * * *
5 * * *
times out to 30
06-28-2011 12:44 AM
ok,
so it seems the 831 can't get to 4.2.2.1, can you do a ping from 831 to 4.2.2.1
Regards.
Alain.
06-28-2011 12:53 AM
4.2.2.1 is just a L3 DNS server
the 831 works fine and I'm online with my PC behind it now
Yes I can ping from the 831 to 4.2.2.1
Internet#ping 4.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout in 2 secounds:
!!!!!
Seccess rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20 ms
06-28-2011 01:53 AM
I know 4.2.2.1 is a dns server but i must admit i'm at loss here wheter it is because i'm very tired or because i'm missing something very obvious i don't know but for me this weird.
let's summarize:
-your 3400 can ping the 831 internal address
-your 831 can ping 4.2.2.1
-your nat is working properly on 831 as we observed
-But you can't ping 4.2.2.1 from 3400 and traceroute miserably fails at first hop which is 831 router
-did we try pinging from 3400 to outside interface of 831 router? did it work? it should
Let's try some more debug if it possible:
while pinging to 4.2.2.1 from 3400( 192.168.4.22) disable cef with global config command no ip cef then redo the debug ip packet detail XXX where XXX is the ACL permitting icmp any any
do also a debug ip nat XXX
Regards.
Alain.
06-28-2011 02:45 AM
I do thank you for your help
I just wanted to make sure you knew what the 4.2.2.1 is
no it can not (-your 3400 can ping the 831 internal address)
yes it can (-your 831 can ping 4.2.2.1)
yes it is (-your nat is working properly on 831 as we observed)
correct (-But you can't ping 4.2.2.1 from 3400 and traceroute miserably fails at first hop which is 831 router)
yes we did and it didn't (-did we try pinging from 3400 to outside interface of 831 router? did it work? it should)
no ip cef is not a command
test(config)#no ip cef
^
% Invalid input detected at '^' marker.
test(config)#no ip ?
Global IP configuration subcommands:
access-list Named access-list
accounting-list Select hosts for which IP accounting information is kept
accounting-threshold Sets the maximum number of accounting entries
accounting-transits Sets the maximum number of transit entries
address-pool Specify default IP address pooling mechanism
alias Alias an IP address to a TCP port
arp IP Arp features
default-gateway Specify default gateway (if not routing IP)
dhcp Configure DHCP server and relay parameters
dhcp-client Configure parameters for DHCP client operation
dhcp-server Specify address of DHCP server to use
domain IP DNS Resolver
domain-list Domain name to complete unqualified host names.
domain-lookup Enable IP Domain Name System hostname translation
domain-name Define the default domain name
finger finger server
ftp FTP configuration commands
gdp Router discovery mechanism
gratuitous-arps Generate gratuitous ARPs for PPP/SLIP peer addresses
host Add an entry to the ip hostname table
gdp Router discovery mechanism
gratuitous-arps Generate gratuitous ARPs for PPP/SLIP peer addresses
host Add an entry to the ip hostname table
host-routing Enable host-based routing (proxy ARP and redirect)
hp-host Enable the HP proxy probe service
http HTTP server configuration
icmp ICMP options
igmp IGMP global configuration
local Specify local options
name-server Specify address of name server to use
radius RADIUS configuration commands
rcmd Rcmd commands
reflexive-list Reflexive access list
security Specify system wide security information
source IP source
source-route Process packets with source routing header options
sticky-arp Allow the creation of sticky ARP entries
subnet-zero Allow 'subnet zero' subnets
tacacs TACACS configuration commands
tcp Global TCP parameters
telnet Specify telnet options
tftp tftp configuration commands
06-28-2011 03:32 AM
ok,
so for cef you could try interface command( on the 831) : no ip route-cache cef on both ethernet interfaces.
But you're saying: we can't ping 831 interfaces and 4.2.2.1 but at the same time your nat translation is done( which is done after routing so we know nat and routing on the 831 is ok but it is also confirmed by the fact the 831 can ping 4.2.2.1.
But looking at all your previous tests we know the 3400 and the 831 each have the correct MAC in their arp cache so L2 connectivity between the 2 should be good and at the same time when pinging from 3400 to 831 showed nothing in the debug but pings from 831 to 3400 showed the echo-requests going out without any problem but the ping was unsuccessful so there is a problem on the 3400 or the link between 3400 and 831
Can you do a sh mac address-table dynamic vlan 1 as well as sh int f0/24 switchport
Regards.
Alain.
06-28-2011 04:00 AM
you are correct in your statements above
Here are the commands you requested:
test# sh mac address-table dynamic vlan 1
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0011.216f.af11 DYNAMIC Fa0/1
Total Mac Addresses for this criterion: 1
test#sh int f0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Capture Mode Disabled
Capture VLANs Allowed: ALL
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
I would update the IOS on the switch to see if that fixes it but it will not route anything
I have a cisco corp acct or whatever where I can download all the IOS's I want
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide