Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1209
Views
0
Helpful
4
Replies

Server taking wrong route to another server

Matt Roberts
Level 1
Level 1

‎06-24-2013 07:01 AM - edited ‎03-07-2019 02:02 PM

I have a server on the DMZ network and another on the internal network, both connect to the 4506.

The server in the DMZ has had its gateway set to the firewall and I recently changed that to VLAN 14. But when doing a trace route from the server in the DMZ it still wants to route through the ASA and not the 4506.

I've attached a diagram. I opened a case with Cisco and they think its a server problem. I'm not sure what that it is a server problem. If a clear the mac-address table and arp cache on the 4506 the server in the DMZ then routes through the 4506 but quickly changes back to routing through the firewall.

Any suggestions?

Labels:
Preview file
102 KB
0 Helpful
4 Replies 4

Dale Miller
Cisco Employee
Cisco Employee

‎06-24-2013 07:37 AM

What type of server is this. Some can learn routes to their gateway. See if you can get a route print or equivalent output.

Regards,

Dale

0 Helpful

Matt Roberts
Level 1
Level 1
In response to Dale Miller

‎06-25-2013 05:22 AM

Its a VMware windows 2008 server.

The route print has the new and old gateway listed under persistent routes.

0 Helpful

Matt Roberts
Level 1
Level 1
In response to Matt Roberts

‎06-25-2013 05:25 AM

but when I look in the registry it only has one route and that is the correct route. BUT it still wants to route through the firewall and not the 4506

0 Helpful

Dale Miller
Cisco Employee
Cisco Employee
In response to Matt Roberts

‎06-25-2013 06:05 AM

Matt,

Can you take a quick sniffer trace of the packet. I am interested to see the destination mac address coming from the Server on ingress to the 4506. The switch may also be redirecting the packet if it has to hairpin the traffic in the same VLAN to reach the destination. You can enable the internal sniffer to see if the packet is punted and redirect generated.

Example - 

Switch#debug platform packet all receive buffer
platform packet debugging is on
Switch#show platform cpu packet buffered
Total Received Packets Buffered: 36

-------------------------------------
Index 0:
7 days 23:6:32:37214 - RxVlan: 99, RxPort: Gi4/48
Priority: Crucial, Tag: Dot1Q Tag, Event: Control Packet, Flags: 0x40, Size: 68
Eth: Src 00-0F-F7-AC-EE-4F Dst 01-00-0C-CC-CC-CD Type/Len 0x0032
Remaining data:

If redirects are the problem just disable under VLAN 14 interface.

Thanks,

Dale

0 Helpful
Customers Also Viewed These Support Documents