10-25-2013 05:25 AM - last edited on 03-25-2019 04:27 PM by ciscomoderator
I have a situation with my switches and Solarwinds. I have layer 2 switches that use a default gateway but are getting a route somehow. I will show a switch down in Solarwinds even though I know it isn't down. When I get on the switch and do a show IP Route I get this:
US048TXHOU-SSL03#sh ip route
Default gateway is 10.X.X.1
Host Gateway Last Use Total Uses Interface
10.X.X.100 10.X.X.5 0:00 328554 VlanXXX
.100 is the solarwinds server and .5 is the firewall even though the gateway is .1. To clear the issue I have to log into the the switch via the router and do a
#IP Routing and then a
#No IP Routing to clear the route.
The switch is a 3560X
"flash:c3560-ipbase-mz.122-25.SEE2/c3560-ipbase-mz.122-25.SEE2.bin"
As I pasted that I am thinking I should upgrade the IOS...
Has anyone seen this before?
Thanks
Donnie M
Solved! Go to Solution.
10-25-2013 07:20 AM
Hi,
Your firewall is sending ICMP redirect to the switch according to your sh ip route output.
configuring no ip icmp redirect in global config or filtering icmp redirects with an ACL should solve the problem.
Regards
Alain
Don't forget to rate helpful posts.
10-25-2013 05:56 AM
Can you post "sh run" from the switch?
10-25-2013 06:02 AM
Sh Run-
Current configuration : 11639 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
!
hostname US048TXHOU-SSL03
!
aaa session-id common
vtp mode transparent
ip subnet-zero
!
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10,20
!
vlan 28
name Data
!
vlan 29-30,50,80
!
vlan 333
name ITMNGMNT
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/4
description QC Time clock
switchport access vlan 80
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/5
description Cisco-WAP US048TXHOU-ASL04
switchport trunk encapsulation dot1q
switchport trunk native vlan 333
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/6
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/7
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/9
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/10
description Cisco-WAP US048TXHOU-ASL05
switchport trunk encapsulation dot1q
switchport trunk native vlan 333
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport access vlan 80
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/17
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/18
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/20
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/22
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/23
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/24
switchport access vlan 50
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface GigabitEthernet0/25
description Etherchannel to Core
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode desirable
!
interface GigabitEthernet0/26
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/27
description Etherchannel to Core
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode desirable
!
interface GigabitEthernet0/28
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
no ip address
no ip route-cache
!
interface Vlan20
no ip address
no ip route-cache
!
interface Vlan50
no ip address
no ip route-cache
!
interface Vlan333
ip address 10.X.X.7 255.255.255.128
no ip route-cache
!
ip default-gateway 10.X.X.1
ip classless
ip http server
!
snmp-server community XXXXXXXXXX RO
snmp-server community XXXXXXXXXXX RW
snmp-server enable traps cpu threshold
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server host 10.X.X.100 f3tn3tw0rk cpu envmon
!
control-plane
!
!
line con 0
logging synchronous
line vty 0 4
logging synchronous
line vty 5 15
!
end
10-25-2013 07:20 AM
Hi,
Your firewall is sending ICMP redirect to the switch according to your sh ip route output.
configuring no ip icmp redirect in global config or filtering icmp redirects with an ACL should solve the problem.
Regards
Alain
Don't forget to rate helpful posts.
11-12-2013 10:15 AM
Thank you.
12-01-2013 04:49 PM
Im still having the issue after adding "sysopt noproxyarp inside" to the firewall. I also added "no ip icmp redirect" in global to the switches.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide