Solved: Tracing a Route in Network

mahesh18 · ‎11-23-2012

Hi Everyone i am tracing a Route 192.168.40.15

From Main switch if i do sh ip route 192.168.40.15 i see

sh ip route 192.168.40.15

Routing entry for 192.168.40.0/24

Known via "connected", distance 0, metric 0 (connected, via interface)

Redistributing via eigrp 879

Routing Descriptor Blocks:

* directly connected, via Vlan105

Route metric is 0, traffic share count is 1

My question is should i trace next hop via eigrp or via vlan 105 as it shows it learned that route by both?

Need to know if it is learning same route from both eigrp and vlan 105?

Also Vlan 105 is up up on the main switch but it has no interface assigned to vlan 105.

Thanks

Mahesh

rais · ‎11-23-2012

The route is learned via "connected" meaning it is directly configured on the switch you are on and the associated VLAN is 105. This L3 switch is running EIGRP and sending this subnet to others in the network.

There could be an interface vlan105 - a soft interface/SVI.

HTH.

View solution in original post

cadet alain · ‎11-23-2012

Hi,

if it is connected it means this is the ip of the SVI for vlan 105 so there is nothing to trace really, just do sh ip int Vl105 and it will show up.

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

Reza Sharifi · ‎11-23-2012

Hi Mahesh,

192.168.40.15 is directly connected to the switch you are tracing from. That is why it say directly connected. Also, as you already know vlan 105 in local and also this vlan has been added to EIGRP, but directly connected route has lower admin, so it is the active route.

HTH

Reza

View solution in original post

John Blakley · ‎11-23-2012

Mahesh,

Since this host is in the same subnet, you'd want to look in your arp table, get the mac address that's associated to it, and then cross reference that to you mac address table to find the port that's associated to it. (It goes back to the other discussion that we had in the past.) Tracing from the switch with a connected svi will only show you the ip address of the host that you're tracing to and nothing in between.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

Rahul Kukreja · ‎11-24-2012

If you want to trace an ip (192.168.40.15) which is a member of connected VLAN 105 (192.168.40.0/24), then on some Cisco Switches like 6500, you could trace the end L2 port of this Host by using the following command from the default gateway -

traceroute mac vlan 105

source-mac could be obtained by using the sh int vlan 105
destination-mac by using the show ip arp 192.168.40.15

This command will give the output like following if there are multiple L2 switches :

Source 0001.0000.0204 found on VAYU[WS-C6509] (2.1.1.10)
1 VAYU / WS-C6509 / 2.1.1.10 :
                Gi6/1 [full, 1000M] => Po100 [auto, auto]
2 PANI / WS-C6509 / 2.1.1.12 :
                Po100 [auto, auto] => Po110 [auto, auto]
3 BUMI / WS-C6509 / 2.1.1.13 :
                Po110 [auto, auto] => Po120 [auto, auto]
4 AGNI / WS-C6509 / 2.1.1.11 :
                Po120 [auto, auto] => Gi8/12 [full, 1000M] Destination 0001.0000.0304
found on AGNI[WS-C6509] (2.1.1.11) Layer 2 trace completed.

Although you may also use the method which you have used.

For your second query -

ARP is useful only when the subnets are connected and in your case, the route for the destination is static.
So the traffic will be forwarded to the Next-Hop ip and thus the device will only use the ARP of the next-hop.

So if you want to trace an ip which is being learned by L3 - from some Routing Protocol, then you need to track it hop by hop or use traceroute - but as you said there is FW in between then it may have traceroute disabled.

- HTH

Rahul

View solution in original post

rais · ‎11-23-2012

The route is learned via "connected" meaning it is directly configured on the switch you are on and the associated VLAN is 105. This L3 switch is running EIGRP and sending this subnet to others in the network.

There could be an interface vlan105 - a soft interface/SVI.

HTH.

mahesh18 · ‎11-23-2012

Hi Rais,

Yes we have vlan 105 SVI.

So this means in order to trace path i have to look for vlan 105 which has no ports assigned to it.

So i can check all the trunk ports which pass traffic for vlan 105 right?

Thanks

mahesh

Reza Sharifi · ‎11-23-2012

Hi Mahesh,

That is correct. The route is learned via connected and EIGRP and since directly connected router has a lower admin distance (0), it is the active route in the routing table.

* directly connected, via Vlan105

Route metric is 0, traffic share count is 1

HTH

Reza

mahesh18 · ‎11-23-2012

Hi Reza,

In earlier post rais said if i understand correctly that it is redistributing this route in EIGRP so this mean that it is learning

it via only 1 source?

Thanks

MAhesh

Reza Sharifi · ‎11-23-2012

Hi Mahesh,

192.168.40.15 is directly connected to the switch you are tracing from. That is why it say directly connected. Also, as you already know vlan 105 in local and also this vlan has been added to EIGRP, but directly connected route has lower admin, so it is the active route.

HTH

Reza

cadet alain · ‎11-23-2012

Hi,

if it is connected it means this is the ip of the SVI for vlan 105 so there is nothing to trace really, just do sh ip int Vl105 and it will show up.

Regards.

Alain

Don't forget to rate helpful posts.

mahesh18 · ‎11-23-2012

Hi Alian,

I am tracing IP 192.168.40.15.

I did sh ip int vlan 105

sh ip int vlan105

Vlan105 is up, line protocol is up

Internet address is 192.168.40.254/24.

So its not the same IP i am looking for

Thanks

MAhesh

John Blakley · ‎11-23-2012

Mahesh,

Since this host is in the same subnet, you'd want to look in your arp table, get the mac address that's associated to it, and then cross reference that to you mac address table to find the port that's associated to it. (It goes back to the other discussion that we had in the past.) Tracing from the switch with a connected svi will only show you the ip address of the host that you're tracing to and nothing in between.

HTH,

John

HTH, John *** Please rate all useful posts ***

mahesh18 · ‎11-23-2012

Hi John,

This is what i did

i ping the IP then gets ips mac by sh ip arp.

then i did sh mac address vlan 105 it showed me the port on switch from where it learned the mac.

Then from sh cdp nei i went to next switch and then traced the IP.

So need to know if we have say layer 3 device which has default gateway configured say 192.168.x.x

We need to find in our network where this gateway IP is?

Then best way to find is ping the gateway then get its mac address by sh ip arp then if says there learned by some vlan.

Then we can do the same steps which i did above?

**********************

Second Thing if on layer 3 device we have default gateway and this gateway IP is not allowed to ping from the current

switch as it is behind some firewall.

Then best way to trace this gateway IP say 10.5.x.x

Sh ip route 10.5.6.7

it shows

learned by static

10.4.4.4

Now if we can ping this 10.4.4.4 then we can locate the IP as same way as above right?

Thanks

Mahesh

Then we c

Rahul Kukreja · ‎11-24-2012

If you want to trace an ip (192.168.40.15) which is a member of connected VLAN 105 (192.168.40.0/24), then on some Cisco Switches like 6500, you could trace the end L2 port of this Host by using the following command from the default gateway -

traceroute mac vlan 105

source-mac could be obtained by using the sh int vlan 105
destination-mac by using the show ip arp 192.168.40.15

This command will give the output like following if there are multiple L2 switches :

Source 0001.0000.0204 found on VAYU[WS-C6509] (2.1.1.10)
1 VAYU / WS-C6509 / 2.1.1.10 :
                Gi6/1 [full, 1000M] => Po100 [auto, auto]
2 PANI / WS-C6509 / 2.1.1.12 :
                Po100 [auto, auto] => Po110 [auto, auto]
3 BUMI / WS-C6509 / 2.1.1.13 :
                Po110 [auto, auto] => Po120 [auto, auto]
4 AGNI / WS-C6509 / 2.1.1.11 :
                Po120 [auto, auto] => Gi8/12 [full, 1000M] Destination 0001.0000.0304
found on AGNI[WS-C6509] (2.1.1.11) Layer 2 trace completed.

Although you may also use the method which you have used.

For your second query -

ARP is useful only when the subnets are connected and in your case, the route for the destination is static.
So the traffic will be forwarded to the Next-Hop ip and thus the device will only use the ARP of the next-hop.

So if you want to trace an ip which is being learned by L3 - from some Routing Protocol, then you need to track it hop by hop or use traceroute - but as you said there is FW in between then it may have traceroute disabled.

- HTH

Rahul

mahesh18 · ‎11-24-2012

Hi Rahul,

Thanks for explaining in so detail.

Regards

Mahesh