11-07-2017 02:18 PM - edited 03-08-2019 12:39 PM
I am trying to configure a 3850 switch to be able to route to destinations 192.168.XXX.21 and 192.168.YYY.21 via two routers. I have sub-interface between the router and the switch for connectivity. RT1 is 10.20.XX.1 and RT2 is 10.20.YY.1. The problem I am currently having is that I am able to reach only one destination when source it from 10.20.XX.5 and the other when I source it from 10.20.YY.5, but not both. Both routers have connectivity to both destination subnets.
ip route 192.168.XXX.0 255.255.255.0 10.20.XX.1
ip route 192.168.XXX.0 255.255.255.0 10.20.YY.1
ip route 192.168.YYY.0 255.255.255.0 10.20.XX.1
ip route 192.168.YYY.0 255.255.255.0 10.20.YY.1
Solved! Go to Solution.
11-07-2017 02:57 PM
11-07-2017 02:57 PM
11-07-2017 03:36 PM
11-08-2017 07:01 AM
Its still not working and here is the sh ip route and traceroute outputs.
S 192.168.228.0/24 [1/0] via 10.20.32.1
[1/0] via 10.20.30.1
S 192.168.238.0/24 [1/0] via 10.20.32.1
[1/0] via 10.20.30.1
SW#traceroute 192.168.228.21
Type escape sequence to abort.
Tracing the route to 192.168.228.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.20.30.1 2 msec * 1 msec
2 * *
SW#traceroute 192.168.238.21
Type escape sequence to abort.
Tracing the route to 192.168.238.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.20.30.1 1 msec * 2 msec
2 * * *
3
SW#ping 192.168.228.21 source vlan 277
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.228.21, timeout is 2 seconds:
Packet sent with a source address of 10.20.30.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/9/9 ms
SW#ping 192.168.228.21 source vlan 278
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.228.21, timeout is 2 seconds:
Packet sent with a source address of 10.20.32.5
.....
Success rate is 0 percent (0/5)
SW#ping 192.168.238.21 source vlan 277
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:
Packet sent with a source address of 10.20.30.5
.....
Success rate is 0 percent (0/5)
SW#ping 192.168.238.21 source vlan 278
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:
Packet sent with a source address of 10.20.32.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms
11-08-2017 08:23 AM
11-08-2017 08:36 AM
I don't have any ACLs in place.
However, if I have only the below routes, I am able to reach the both destination subnets through the same next hop but when I introduce two more static routes with a different next hop, the system gets confused and routes differently.
S 192.168.228.0/24 [1/0] via 10.20.32.1
S 192.168.238.0/24 [1/0] via 10.20.32.1
I also tried with IP SLA tracking and added backup route to go via a different router, in that case it is doing what it is supposed to do. But, my question here is if it has two routes to the same destination via different next hops, it should route through both right?
Thank you for your input.
11-08-2017 09:04 AM
I also tried with IP SLA tracking and added backup route to go via a different router, in that case it is doing what it is supposed to do. But, my question here is if it has two routes to the same destination via different next hops, it should route through both right?
It should perform load balancing when you have two routes with the same longest prefix match and same AD.
Please post the output of 'sh ip route 192.168.228.21', 'sh ip route 192.168.238.21', 'sh ip cef 192.168.228.21', and 'sh ip cef 192.168.238.21'.
HTH,
Meheretab
11-08-2017 09:08 AM
SW#sh ip route 192.168.228.21
Routing entry for 192.168.228.0/24
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
10.20.32.1
Route metric is 0, traffic share count is 1
* 10.20.30.1
Route metric is 0, traffic share count is 1
SW#sh ip route 192.168.238.21
Routing entry for 192.168.238.0/24
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
10.20.32.1
Route metric is 0, traffic share count is 1
* 10.20.30.1
Route metric is 0, traffic share count is 1
SW#sh ip cef 192.168.228.21
192.168.228.0/24
nexthop 10.20.30.1 Vlan277
nexthop 10.20.32.1 Vlan278
SW#sh ip cef 192.168.238.21
192.168.238.0/24
nexthop 10.20.30.1 Vlan277
nexthop 10.20.32.1 Vlan278
11-08-2017 09:22 AM
CEF is the one which causes the router to send the packets on the same interface (or subinterface in your case). If possible, you could run 'debug ip icmp' and run a couple of PINGs. Do NOT forget to 'undebug ip icmp' when you are done with troubleshooting.
Run as follows and post the output:
!
debug ip icmp
!
ping 192.168.228.21 ( a couple of times)
ping 192.168.238.21 ( a couple of times)
!
ping 192.168.238.21 source vlan 278
ping 192.168.228.21 source vlan 278
!
ping 192.168.238.21 source vlan 277
ping 192.168.228.21 source vlan 277
!
undebug ip icmp
HTH,
Meheretab
11-08-2017 10:07 AM
I don't think this is going to be of any help.
SW#ping 192.168.228.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.228.21, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/11 ms
SW#
Nov 8 18:03:10: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:10: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:10: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:10: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:10: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0ping 192.168.228.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.228.21, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/10/11 ms
SW#
Nov 8 18:03:11: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:11: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:11: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:11: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:03:11: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
SW#ping 192.168.238.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW#ping 192.168.238.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW#ping 192.168.238.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW#ping 192.168.228.21 sou
SW#ping 192.168.228.21 source vlan 277
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.228.21, timeout is 2 seconds:
Packet sent with a source address of 10.20.30.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/11 ms
SW#
Nov 8 18:04:20: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:04:20: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:04:20: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:04:20: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0
Nov 8 18:04:20: ICMP: echo reply rcvd, src 192.168.228.21, dst 10.20.30.5, topology BASE, dscp 0 topoid 0ping 192.168.228.21 source vlan 277
SW#ping 192.168.238.21 source vlan 277
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:
Packet sent with a source address of 10.20.30.5
.....
Success rate is 0 percent (0/5)
SW#ping 192.168.228.21 source vlan 278
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.228.21, timeout is 2 seconds:
Packet sent with a source address of 10.20.32.5
.....
Success rate is 0 percent (0/5)
SW#ping 192.168.238.21 source vlan 278
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.238.21, timeout is 2 seconds:
Packet sent with a source address of 10.20.32.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/13 ms
SW#
Nov 8 18:05:06: ICMP: echo reply rcvd, src 192.168.238.21, dst 10.20.32.5, topology BASE, dscp 0 topoid 0
Nov 8 18:05:06: ICMP: echo reply rcvd, src 192.168.238.21, dst 10.20.32.5, topology BASE, dscp 0 topoid 0
Nov 8 18:05:06: ICMP: echo reply rcvd, src 192.168.238.21, dst 10.20.32.5, topology BASE, dscp 0 topoid 0
Nov 8 18:05:06: ICMP: echo reply rcvd, src 192.168.238.21, dst 10.20.32.5, topology BASE, dscp 0 topoid 0
Nov 8 18:05:06: ICMP: echo reply rcvd, src 192.168.238.21, dst 10.20.32.5, topology BASE, dscp 0 topoid 0
11-08-2017 10:33 AM
11-08-2017 10:47 AM - edited 11-08-2017 10:49 AM
The routers are connected to port 1/0/22 and 2/0/22.
!
version 16.6
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service compress-config
no platform punt-keepalive disable-kernel-core
!
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default line
aaa authorization exec default if-authenticated
!
!
!
!
!
!
aaa session-id common
boot system switch all flash:cat3k_caa-universalk9.16.06.01.SPA.bin
switch 1 provision ws-c3850-24p
switch 2 provision ws-c3850-24p
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
hw-switch switch 2 logging onboard message
!
!
interface Port-channel1
switchport trunk allowed vlan 270-279,400-410
switchport mode trunk
!
interface Port-channel102
switchport trunk allowed vlan 400-410
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
speed 1000
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode access
switchport nonegotiate
spanning-tree portfast
!
interface GigabitEthernet1/0/21
switchport trunk allowed vlan 400-410
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
channel-group 102 mode active
!
interface GigabitEthernet1/0/22
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport trunk allowed vlan 270-279,400-410
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/24
switchport trunk allowed vlan 270-279,400-410
switchport mode trunk
channel-group 1 mode active
interface GigabitEthernet2/0/1
switchport mode access
switchport nonegotiate
spanning-tree portfast
!
interface GigabitEthernet2/0/21
switchport trunk allowed vlan 400-410
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
channel-group 102 mode active
!
interface GigabitEthernet2/0/22
switchport mode trunk
!
interface GigabitEthernet2/0/23
switchport trunk allowed vlan 270-279,400-410
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet2/0/24
switchport trunk allowed vlan 270-279,400-410
switchport mode trunk
channel-group 1 mode active
interface Vlan1
ip address 172.16.1.102 255.255.255.0
!
interface Vlan5
ip address 192.168.5.5 255.255.255.0
!
interface Vlan276
no ip address
!
interface Vlan277
ip address 10.20.30.5 255.255.255.0
!
interface Vlan278
ip address 10.20.32.5 255.255.255.0
!
ip default-gateway 172.16.1.254
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.1.254
ip route 192.168.228.0 255.255.255.0 10.20.30.1
ip route 192.168.228.0 255.255.255.0 10.20.32.1
ip route 192.168.238.0 255.255.255.0 10.20.32.1
ip route 192.168.238.0 255.255.255.0 10.20.30.1
!
11-08-2017 11:01 AM
11-08-2017 01:21 PM
I think the destination router has some sort of filtering and we don't control those routers so that was the issue. Thank you for your help.
11-08-2017 01:55 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide