cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
439
Views
0
Helpful
3
Replies

No Wired LAN Access

Thomas Yarger
Level 1
Level 1

All,

I recently encountered an odd issue. I've been applying a standard configuration across our infrastructure. The router in question is acting as router on a stick. This router configuration is standard across our organization.  When things were working fine, the sub-interface for the Workstations interface looked like this; 

!
interface GigabitEthernet0/1.10
description Workstations
encapsulation dot1Q 10
ip address 10.X.10.1 255.255.255.0
ip helper-address 10.X.30.200
!

When I added the commands below to the same interface, all the Workstations lost wired LAN access. 

no ip directed-broadcast
no ip proxy-arp
no ip redirects
no ip unreachable

Keep in mind, that this configuration works at our other locations. We utilize the same router (Cisco CISCO2911/K9) and they are all on the same code release (Version 15.3(3)M6). Also, the traffic flows are not different at this specific location either. 

To remedy my issue, I had to remove the newly added commands and wired LAN access resumed. 

Any thoughts? 

3 Replies 3

Elliott Willink
Level 1
Level 1

If you use the same config everywhere, but it doesn't work at one site I would start by removing the individual commands you have added until connectivity returns, then you will know what command has caused your connectivity problem.

What you say "lost wired lan access" what exactly do you mean? Are the switch ports no longer going up after you configured these commands on a router? Are your clients no longer getting DHCP? If DHCP is fine, can they still ping the gateway? If they can still ping the gateway is there a higher layer fault?

The only culprit here for connectivity (I would guess) would be the "no ip proxy-arp". The ICMP restrictions shouldn't cause your clients connectivity issues... Lack of proxy-arp could break your connectivity if you happened to be using proxy-arp.. in which case your LAN could could have a gross client misconfiguration. Check your DHCP configuration - Confirm your clients are getting a gateway address... I guess...

What I mean when I say no wired access, is they can't access the internet or any of our internal applications. They can get a DHCP address and they can't PING another device on a different sub-interface on the same router. They can PING their default gateway. TAC is recommending I leave ip directed-broadcast enabled and disable the rest. We'll see tonight.

Thanks for your reply. 

Verify your DHCP clients are really getting assigned correct IP address information, including mask and gateway.  Missing/incorrect gateway information may be functioning via proxy-arp. 

Review Cisco Networking for a $25 gift card