there are two interfaces with ip addresses.

i can telnet to either of these ip addresses remotely to manage the device.

but when i do a simple ping FROM the device, it defaults to one of those interfaces. how did it decide to use one interface instead of the other as a source?

Based ot its routing table, the switch choses the outgoing interface when Pinging to any device.

And as Aru said already, it's using the outgoing interface IP address as the source IP address of the Ping packet.

BR,

Milan

"show ip route" on this switch is empty. there is no routing table. neither interface has a default gateway set. it is a layer 2 switch.

so again, how is the switch choosing which interface to use as its source by default?

STK1#show ip route
Default gateway is not set

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

STK1#show run int vlan202
Building configuration...

Current configuration : 121 bytes
!
interface Vlan202
  ip address 10.160.6.254 255.255.255.0
no ip redirects
no ip unreachables
end

STK1#show run int vlan203
Building configuration...

Current configuration : 125 bytes
!
interface Vlan203
  ip address 10.160.13.254 255.255.252.0
no ip redirects
no ip unreachables
end

STK1#ping 10.242.2.86

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.242.2.86, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

STK1#ping 10.242.2.86 source 10.160.13.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.242.2.86, timeout is 2 seconds:
Packet sent with a source address of 10.160.13.254
.....
Success rate is 0 percent (0/5)

Strange,

with such a configuration the switch should be able to reach directly connected subnets only.

So ping 10.242.2.86 source 10.160.6.254 works OK?

Isn't there any L3 device in your LAN with proxy ARP enabled?

What does trace  10.242.2.86 show in the output?

BR,

Milan

Milan,

ping 10.242.2.86 source 10.160.6.254 works just as plain old ping 10.242.2.86 works.

there is an ASA firewall at 10.160.6.1 that i do not manage, and it does not respond to icmp so a trace from the switch to 10.242.2.86 is just a bunch of asterisks.

10.160.6.1 would be the default gateway if i had set it, but i didn't. what's proxy arp?

Hi,

I would like to add some points.

• Proxy ARP can help machines on a subnet reach remote subnets without the need to configure routing or a default gateway.
  
• Proxy ARP must be used on the network where IP hosts are not configured with a default gateway or do not have any routing intelligence.
  

Refer:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml

I hope Milan would like to understand that is there any Layer 3 device in LAN segment which is enable with Proxy ARP which will reply to source behalf of the destination network.

1. does your neighboring device has the route for both network 10.160.6.254 & 10.160.13.254?

2. Can you reach any other IP Address on your neighboring device from both vlan?

3. may be your neighboring device or remote network doesnt have route to reach vlan 203 10.160.13.254, hence it ccould drop the ping when using vlan 203 as source

4. Verify the vlan 203 mapped to any interface and it is up.

5. Please share the show run from the switch.

Regards,

Aru

*** Please rate if the post is useful ***

Hi,

just to add what Aru said:

If proxy ARP is working in your case, you should be able to see an APR entry for 10.242.2.86 in the switch ARP cache by issuing

show arp

command.

And the MAC address assigned to 10.242.2.86 should be the MAC address of the device providing the proxy ARP service.

HTH,

Milan

i'm going to guess it's the proxy arp thing. it would make sense. there is a load balancer out in this DMZ LAN as well, so the firewall does not have an interface in the 13 subnet. host machines in the 13 subnet use the load balancer as a default gateway.

internal network (10.242.2.86)

    ->Firewall

DMZ network (10.160.6.1) (vlan 202)

     ->F5 Load balancer 

load balanced host network (10.160.12.18/22) (vlan 203)

we've seen a few weird routing issues from hosts in the the 12-13 network because of that F5. now that you mention it, those may be because the firewall has no route to the 12-13 network.

from 10.242.2.86 (off of the Inside interface of the firewall)  i can ping BOTH 10.160.6.254 and 10.160.13.254 (off of the DMZ1 interface of the firewall).

from 10.160.6.254, i can ping 10.242.2.86. but from 10.160.13.254, i cannot ping 10.242.2.86.

10.242.2.86 is in the show arp results. i cannot verify that the mac address is the firewall's since i don't own that firewall, but i would assume that it is.

so before i even attempt to ping 10.242.2.86 from the switch, is the switch aware that there is a proxy arp off of the .6 interface, but NOT off of the .13 interface? we've established why the 6 interface works and the 13 doesn't, but i'm still confused how the switch automatically knew to use the 6 by default.

Hi,

if you are in the same subnet as the FW, you can try to Ping it.

Even if no reply to Ping, it should reply to the ARP request and you should see its MAC in your ARP cache.

I guess the switch sends an ARP request from ALL its L3 ports when finds no routing entry for a destination out of its directly connected subnets?

As a last chance try?

BR,

Milan

yes, pinging the firewall did add the same mac address to the arp cache. and that makes sense that it sends an arp request and just uses whichever interface gets the first reply. thanks everybody for your help and insight.