cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9212
Views
0
Helpful
17
Replies

Two static routes to the same destination not working

ramyacruz
Level 1
Level 1

I am trying to configure a 3850 switch to be able to route to destinations 192.168.XXX.21 and 192.168.YYY.21 via two routers. I have sub-interface between the router and the switch for connectivity. RT1 is 10.20.XX.1 and RT2 is 10.20.YY.1. The problem I am currently having is that I am able to reach only one destination when source it from 10.20.XX.5 and the other when I source it from 10.20.YY.5, but not both. Both routers have connectivity to both destination subnets.

ip route 192.168.XXX.0 255.255.255.0 10.20.XX.1
ip route 192.168.XXX.0 255.255.255.0 10.20.YY.1
ip route 192.168.YYY.0 255.255.255.0 10.20.XX.1
ip route 192.168.YYY.0 255.255.255.0 10.20.YY.1

 

1 Accepted Solution

Accepted Solutions

Hi,

Please post the output of 'sh ip route'. Could you also post the output of 'traceroute 192.168.XXX.21 source 10.20.YY.1' and 'traceroute 192.168.XXX.21 source 10.20.XX.1' while replacing XXX and YY with the actual numbers.

HTH,
Meheretab
HTH,
Meheretab

View solution in original post

17 Replies 17

Hi,

Please post the output of 'sh ip route'. Could you also post the output of 'traceroute 192.168.XXX.21 source 10.20.YY.1' and 'traceroute 192.168.XXX.21 source 10.20.XX.1' while replacing XXX and YY with the actual numbers.

HTH,
Meheretab
HTH,
Meheretab

Is it working for you? Is the problem fixed? Please let us know.

HTH,
Meheretab
HTH,
Meheretab

Its still not working and here is the sh ip route and traceroute outputs.

 

S     192.168.228.0/24 [1/0] via 10.20.32.1

                                        [1/0] via 10.20.30.1

S     192.168.238.0/24 [1/0] via 10.20.32.1

                                        [1/0] via 10.20.30.1

 

SW#traceroute 192.168.228.21

Type escape sequence to abort.

Tracing the route to 192.168.228.21

VRF info: (vrf in name/id, vrf out name/id)

  1 10.20.30.1 2 msec *  1 msec

  2  *  *

SW#traceroute 192.168.238.21

Type escape sequence to abort.

Tracing the route to 192.168.238.21

VRF info: (vrf in name/id, vrf out name/id)

  1 10.20.30.1 1 msec *  2 msec

  2  *  *  *

  3

 

SW#ping 192.168.228.21 source vlan 277

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.228.21, timeout is 2 seconds:

Packet sent with a source address of 10.20.30.5

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 9/9/9 ms

SW#ping 192.168.228.21 source vlan 278

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.228.21, timeout is 2 seconds:

Packet sent with a source address of 10.20.32.5

.....

Success rate is 0 percent (0/5)

SW#ping 192.168.238.21 source vlan 277

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:

Packet sent with a source address of 10.20.30.5

.....

Success rate is 0 percent (0/5)

SW#ping 192.168.238.21 source vlan 278

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:

Packet sent with a source address of 10.20.32.5

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms

Thank you for providing more information! You have two routes which are supposed to work; however, the Ping output showed that it works from one of the networks. Do you have an ACL running? Could you share the output of 'sh run'?

HTH,
Meheretab
HTH,
Meheretab

I don't have any ACLs in place.

However, if I have only the below routes, I am able to reach the both destination subnets through the same next hop but when I introduce two more static routes  with a different next hop, the system gets confused and routes differently. 

 

S     192.168.228.0/24 [1/0] via 10.20.32.1

                                        

S     192.168.238.0/24 [1/0] via 10.20.32.1

 

I also tried with IP SLA tracking and added backup route to go via a different router, in that case it is doing what it is supposed to do. But, my question here is if it has two routes to the same destination via different next hops, it should route through both right?

 

Thank you for your input.                                      

 

 

I also tried with IP SLA tracking and added backup route to go via a different router, in that case it is doing what it is supposed to do. But, my question here is if it has two routes to the same destination via different next hops, it should route through both right?

 

 It should perform load balancing when you have two routes with the same longest prefix match and same AD. 

 

Please post the output of 'sh ip route 192.168.228.21', 'sh ip route 192.168.238.21', 'sh ip cef 192.168.228.21',  and 'sh ip cef 192.168.238.21'.

 

HTH,

Meheretab

HTH,
Meheretab

SW#sh ip route 192.168.228.21
Routing entry for 192.168.228.0/24
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
10.20.32.1
Route metric is 0, traffic share count is 1
* 10.20.30.1
Route metric is 0, traffic share count is 1

SW#sh ip route 192.168.238.21
Routing entry for 192.168.238.0/24
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
10.20.32.1
Route metric is 0, traffic share count is 1
* 10.20.30.1
Route metric is 0, traffic share count is 1
SW#sh ip cef 192.168.228.21
192.168.228.0/24
nexthop 10.20.30.1 Vlan277
nexthop 10.20.32.1 Vlan278
SW#sh ip cef 192.168.238.21
192.168.238.0/24
nexthop 10.20.30.1 Vlan277
nexthop 10.20.32.1 Vlan278

CEF is the one which causes the router to send the packets on the same interface (or subinterface in your case). If possible, you could run 'debug ip icmp' and run a couple of PINGs. Do NOT forget to 'undebug ip icmp' when you are done with troubleshooting.

 

Run as follows and post the output:

!

debug ip icmp

!

ping 192.168.228.21 ( a couple of times)

ping 192.168.238.21 ( a couple of times)

!

ping 192.168.238.21 source vlan 278 

ping 192.168.228.21 source vlan 278

!

ping 192.168.238.21 source vlan 277

ping 192.168.228.21 source vlan 277

!

undebug ip icmp

 

 

HTH,

Meheretab

 

HTH,
Meheretab

I don't think this is going to be of any help.

 

SW#ping 192.168.228.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.228.21, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/11 ms
SW#
Nov 8 18:03:10: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:10: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:10: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:10: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:10: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0ping 192.168.228.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.228.21, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/10/11 ms
SW#
Nov 8 18:03:11: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:11: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:11: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:11: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:11: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
SW#ping 192.168.238.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW#ping 192.168.238.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW#ping 192.168.238.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW#ping 192.168.228.21 sou
SW#ping 192.168.228.21 source vlan 277
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.228.21, timeout is 2 seconds:
Packet sent with a source address of 10.20.30.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/11 ms
SW#
Nov 8 18:04:20: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:04:20: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:04:20: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:04:20: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:04:20: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0ping 192.168.228.21 source vlan 277
SW#ping 192.168.238.21 source vlan 277
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:
Packet sent with a source address of 10.20.30.5
.....
Success rate is 0 percent (0/5)
SW#ping 192.168.228.21 source vlan 278
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.228.21, timeout is 2 seconds:
Packet sent with a source address of 10.20.32.5
.....
Success rate is 0 percent (0/5)
SW#ping 192.168.238.21 source vlan 278
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:
Packet sent with a source address of 10.20.32.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/13 ms
SW#
Nov 8 18:05:06: ICMP: echo reply rcvd, src 192.168.238.21, dst 10.20.32.5, topology BASE, dscp 0 topoid 0
Nov 8 18:05:06: ICMP: echo reply rcvd, src 192.168.238.21, dst 10.20.32.5, topology BASE, dscp 0 topoid 0
Nov 8 18:05:06: ICMP: echo reply rcvd, src 192.168.238.21, dst 10.20.32.5, topology BASE, dscp 0 topoid 0
Nov 8 18:05:06: ICMP: echo reply rcvd, src 192.168.238.21, dst 10.20.32.5, topology BASE, dscp 0 topoid 0
Nov 8 18:05:06: ICMP: echo reply rcvd, src 192.168.238.21, dst 10.20.32.5, topology BASE, dscp 0 topoid 0

Actually, it is helpful. Thank you for sharing!
As you can see from the output of the 'ping 192.168.238.21 from 10.20.30.5', we were not receiving any icmp echo reply to the requests sent. It points to two things: either there is part of the configuration which forces load to be shared between two alternate routes (what I mean is, part of the networks will be reached with one gateway and the other part of the network is reached with the second gateway), or there is only one return route from the server network (which is pointing to 10.20.32.5 network when you have two routes).
So, please post the output of 'sh run'. You can change sensitive information before posting it.

HTH,
Meheretab
HTH,
Meheretab

The routers are connected to port 1/0/22 and 2/0/22.

 


!
version 16.6
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service compress-config
no platform punt-keepalive disable-kernel-core
!
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default line
aaa authorization exec default if-authenticated
!
!
!
!
!
!
aaa session-id common
boot system switch all flash:cat3k_caa-universalk9.16.06.01.SPA.bin
switch 1 provision ws-c3850-24p
switch 2 provision ws-c3850-24p
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
!
!

spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
hw-switch switch 2 logging onboard message
!

!
interface Port-channel1
switchport trunk allowed vlan 270-279,400-410
switchport mode trunk
!
interface Port-channel102
switchport trunk allowed vlan 400-410
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
speed 1000
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode access
switchport nonegotiate
spanning-tree portfast
!

interface GigabitEthernet1/0/21
switchport trunk allowed vlan 400-410
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
channel-group 102 mode active
!
interface GigabitEthernet1/0/22
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport trunk allowed vlan 270-279,400-410
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/24
switchport trunk allowed vlan 270-279,400-410
switchport mode trunk
channel-group 1 mode active

interface GigabitEthernet2/0/1
switchport mode access
switchport nonegotiate
spanning-tree portfast
!
interface GigabitEthernet2/0/21
switchport trunk allowed vlan 400-410
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
channel-group 102 mode active
!
interface GigabitEthernet2/0/22
switchport mode trunk
!
interface GigabitEthernet2/0/23
switchport trunk allowed vlan 270-279,400-410
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet2/0/24
switchport trunk allowed vlan 270-279,400-410
switchport mode trunk
channel-group 1 mode active

interface Vlan1
ip address 172.16.1.102 255.255.255.0
!
interface Vlan5
ip address 192.168.5.5 255.255.255.0
!
interface Vlan276
no ip address
!
interface Vlan277
ip address 10.20.30.5 255.255.255.0
!
interface Vlan278
ip address 10.20.32.5 255.255.255.0
!
ip default-gateway 172.16.1.254
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.1.254
ip route 192.168.228.0 255.255.255.0 10.20.30.1
ip route 192.168.228.0 255.255.255.0 10.20.32.1
ip route 192.168.238.0 255.255.255.0 10.20.32.1
ip route 192.168.238.0 255.255.255.0 10.20.30.1
!

I do not see any problem in the switch config. Please post the 'sh run' output of the routers as well.

HTH,
Meheretab
HTH,
Meheretab

I think the destination router has some sort of filtering and we don't control those routers so that was the issue. Thank you for your help.

Thank you for letting us know!
HTH,
Meheretab
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco