Solved: Ping on the router interface not working

liviu.sisu · ‎08-24-2011

Hi Guys,

I hope I can get support on the following issue. I have the following config on a router 1811 :

interface FastEthernet1

ip address 192.168.161.1 255.255.255.0 secondary

ip address 192.168.163.1 255.255.255.0 secondary

ip address 192.168.164.1 255.255.255.0 secondary

ip address 192.168.160.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet1.1

encapsulation dot1Q 101

ip address 10.101.1.254 255.255.255.0

no snmp trap link-status

!

interface FastEthernet1.2

encapsulation dot1Q 102

ip address 10.102.1.254 255.255.255.0

no snmp trap link-status

!

interface FastEthernet1.3

encapsulation dot1Q 103

ip address 192.168.162.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no snmp trap link-status

!

interface FastEthernet1.11

encapsulation dot1Q 11

ip address 10.1.1.99 255.255.255.0

no snmp trap link-status

!

interface FastEthernet1.100

encapsulation dot1Q 100

ip address 192.168.165.1 255.255.255.0

no snmp trap link-status

I am trying to ping fastethernet 1's one of the IP addreses, from the router itself :

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.160.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

Debugging icmp packet does not show the packet exiting the interface even.

However, the following works :

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.162.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Any ideas ?

Regards,

Liviu Sisu

cadet alain · ‎08-24-2011

Hi,

The only stuff I see which could cause problems is the static nat you have here:

ip nat inside source static 10.11.12.30 192.168.160.1

Here is what I think is happening but we'll ahve to verify with debugs:

when you ping 192.168.160.1 it is natted to 10.11.12.30 and this destination and in the rib it corresponds to the default route pointing to 192.168.3.3 which is out f0/0 so the router is arping for 192.168.3.3 on f0/1 and it never receives a reply so arp is incomplete and so it fails.

Could you enable those debugs:

-logging buffered 7

-logging buffered 100000

- access-list 180 permit icmp any any

-debug ip nat detail 180

-debug ip icmp

-debug ip packet detail 180

-debug arp

Then ping 192.168.160.1 repeat 1 then show log and post output

Regards.

Alain.

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎08-24-2011

Hi,

could you post your sanitized running-config.

Regards.

Alain.

Don't forget to rate helpful posts.

liviu.sisu · ‎08-24-2011

Building configuration...

Current configuration : 3678 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$l55/$6a8MFoqIXv3wmuhybSgK5/

!

aaa new-model

!

aaa session-id common

!

resource policy

!

ip cef

!

ip domain name alvarion.com

ip ssh time-out 60

class-map match-all SiDSCP6

match access-group 131

!

policy-map SiDSCP6

class SiDSCP6

set dscp 6

!

interface FastEthernet0

ip address 192.168.3.156 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0.1

!

interface FastEthernet1

ip address 192.168.161.1 255.255.255.0 secondary

ip address 192.168.163.1 255.255.255.0 secondary

ip address 192.168.164.1 255.255.255.0 secondary

ip address 192.168.160.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet1.1

encapsulation dot1Q 101

ip address 10.101.1.254 255.255.255.0

no snmp trap link-status

class-map match-all SiDSCP6

match access-group 131

!

policy-map SiDSCP6

class SiDSCP6

set dscp 6

!

interface FastEthernet0

ip address 192.168.3.156 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0.1

!

interface FastEthernet1

ip address 192.168.161.1 255.255.255.0 secondary

ip address 192.168.163.1 255.255.255.0 secondary

ip address 192.168.164.1 255.255.255.0 secondary

ip address 192.168.160.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet1.1

encapsulation dot1Q 101

ip address 10.101.1.254 255.255.255.0

no snmp trap link-status

interface FastEthernet1.2

encapsulation dot1Q 102

ip address 10.102.1.254 255.255.255.0

no snmp trap link-status

!

interface FastEthernet1.3

encapsulation dot1Q 103

ip address 192.168.162.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no snmp trap link-status

!

interface FastEthernet1.11

encapsulation dot1Q 11

ip address 10.1.1.99 255.255.255.0

no snmp trap link-status

!

interface FastEthernet1.100

encapsulation dot1Q 100

ip address 192.168.165.1 255.255.255.0

no snmp trap link-status

!

interface FastEthernet2

!

interface FastEthernet3

switchport access vlan 300

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

interface FastEthernet9

!

interface Vlan1

no ip address

!

interface Vlan102

description Data_1

ip address 10.102.0.254 255.255.255.0

!

interface Vlan101

no ip address

!

interface Vlan11

no ip address

!

interface Async1

no ip address

encapsulation slip

!

router ospf 1

log-adjacency-changes

network 192.168.3.0 0.0.0.255 area 0

network 192.168.160.0 0.0.0.255 area 0

network 192.168.161.0 0.0.0.255 area 0

network 192.168.162.0 0.0.0.255 area 0

network 192.168.163.0 0.0.0.255 area 0

network 192.168.164.0 0.0.0.255 area 0

network 192.168.165.0 0.0.0.255 area 0

!

ip route 0.0.0.0 0.0.0.0 192.168.3.3

ip route 10.1.42.0 255.255.255.0 10.1.42.4

ip route 10.1.42.0 255.255.255.0 FastEthernet1

ip route 10.1.200.0 255.255.255.0 192.168.160.31

ip route 10.1.201.0 255.255.255.0 192.168.160.29

!

ip http server

no ip http secure-server

ip nat inside source static 10.11.12.30 192.168.160.1

!

logging server-arp

access-list 105 permit ip any any

access-list 131 permit ip any 10.101.1.0 0.0.0.255

!

control-plane

!

banner motd ^C

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end

cadet alain · ‎08-24-2011

Hi,

The only stuff I see which could cause problems is the static nat you have here:

ip nat inside source static 10.11.12.30 192.168.160.1

Here is what I think is happening but we'll ahve to verify with debugs:

when you ping 192.168.160.1 it is natted to 10.11.12.30 and this destination and in the rib it corresponds to the default route pointing to 192.168.3.3 which is out f0/0 so the router is arping for 192.168.3.3 on f0/1 and it never receives a reply so arp is incomplete and so it fails.

Could you enable those debugs:

-logging buffered 7

-logging buffered 100000

- access-list 180 permit icmp any any

-debug ip nat detail 180

-debug ip icmp

-debug ip packet detail 180

-debug arp

Then ping 192.168.160.1 repeat 1 then show log and post output

Regards.

Alain.

Don't forget to rate helpful posts.

liviu.sisu · ‎08-24-2011

Hi Alain,

Thanks for the prompt reply.

Since I am able to manipulate the config without any risk (this router is working in a testing lab now), I could easily remove ip nat inside source static 10.11.12.30 192.168.160.1.

Immediately after changing this I started getting replies.

This is understandable.

What I cannot understand is why the other ip addresses, defined on the interface FastEthernet1, could not also reply to ping.

Thanks anyway.,

Liviu Sisu