Art

I do not understand your comment about accumulating entries when you put the 2511 behind a router with /24 mask. Perhaps you can clarify? Also can you tell us when you put it behind a /24 mask did you leave the /22 mask on the 2511 or did you change it?

When ip routing is enabled (and it is enabled by default on Cisco routers) then you do not need ip default-gateway. This command is only used if ip routing is disabled and the router is acting as an IP host. It does not hurt to have it in the config, but in normal operation it is not used. The router needs the ip route statement to configure static routes or it needs to run a dynamic routing protocol.

HTH

Rick

Sent from Cisco Technical Support iPad App

Hello,

Thank you for taking an interest in assisting...

For starters.... now I see how to remove a config line (just prepend 'no' to the same line)

By accumulating, I was merely referring to how the route entries accumulate and must be removed with the prepended 'no' directive.

And Yes to changing the netmask to a Class C (255.255.255.0) before testing. That was just a curiosity test connecting it to an old style BEFRS41. Remember those? I am back to trying to get a ping sent out on the 10.40.20.0/22 network.

After looking at this again and again... it seems that I have a routing issue. Perhaps the area you speak of is where I need to set some directives. With a no directive, I can remove the two existing route entries:

    ip default-gateway 10.40.23.254

    ip route 0.0.0.0 0.0.0.0 10.40.23.254

How do I get this ip routing thing happening?

Many thanks!

And you probably want this report, I'd imagine:

#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

Gateway of last resort is 10.40.23.254 to network 0.0.0.0

     10.0.0.0/22 is subnetted, 1 subnets

C       10.40.20.0 is directly connected, Ethernet0

S*   0.0.0.0/0 [1/0] via 10.40.23.254

I see how to enable and disable the routing:

no ip routing

After removing the route directives that were added manually, I enbled routing with:

ip routing

I then see the following:

#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/22 is subnetted, 1 subnets

C       10.40.20.0 is directly connected, Ethernet0

Art

It appears that you are making progress in understanding how the IOS work for routing on Cisco routers. So congratulations on that.

In the most recent config you have only the locally connected subnet. So your router should be able to communicate with anything in the local subnet. But it would not communicate with anything in remote subnets.

In the post before that you have the locally connected subnet and a default route. This would allow your router to communicate with devices in remote networks.

I can not tell whether you still have a question for the forum. If you do still have a question then perhaps you can re-state what your question is. Then we may be able to find answers for it.

HTH

Rick

Thank you very much for the dialog. It helps a lot...

Though, I think that I continue to be clueless about my issue.

I think you may be suggesting that it should work now...

Should it work, now? Should I be able to ping my gateway at 10.40.23.254  ?

Should I be concerned with the message "Gateway of last resort is not set" ?

I am unable to make a ping work on 10.40.23.254.

Of course i can ping myself at  10.40.20.51

Any advice to make this device operate on the network and pingable from another host on the same subnet such as 10.40.20.74, would be appreciated.

many thanks!

Art

It seems that you did not understand my previous post, so let me try again in a slightly different way. The output in your previous post shows that the Ethernet0 interface is up and is configured with an IP address in a /22 network. You should be able to ping your gateway and the gateway should be able to ping your 2511.

However your 2511 will not be able to access anything outside of its local subnet. The message about gateway of last resort is not set indicates that your router has no route information for anything outside of the local subnet.. A Cisco router has two methods of learning about resources outside of its local subnet. The router can have static routes (frequently including a static default route) or it can run a dynamic routing protocol (such as RIP or EIGRP). It appears that your router is now not doing either of these. In earlier posts the configuration include this static default route:

ip route 0.0.0.0 0.0.0.0 10.40.23.254

If you put this back into the configuration (and assuming that ip routing is enabled) then you should be able to access resources outside of the local subnet.

HTH

Rick

Hi Rick,

Thank you for your patience and guidance. At this point I am wondering if I am in possession of some broken equipment? Could my AAUI transciever cause my problem? If I had two then I would swap and be more confident.

I inserted the static route.

Current config is the following:

  LA-AS#sh startup-config

  Using 824 out of 32762 bytes

  !

  version 12.1

  no service single-slot-reload-enable

  service timestamps debug uptime

  service timestamps log uptime

  no service password-encryption

  !

  hostname LA-AS

  !

  logging rate-limit console 10 except errors

  enable secret 5 $1$oH4m$afnnZjU0EF92dCJ.VVPq61

  !

  username admin password 0 admin1

  ip subnet-zero

  no ip finger

  no ip domain-lookup

  !

  !

  !

  !

  interface Ethernet0

   ip address 10.40.20.51 255.255.252.0

   no ip mroute-cache

  !

  interface Serial0

   no ip address

   no ip mroute-cache

   shutdown

   no fair-queue

  !

  ip classless

  ip route 0.0.0.0 0.0.0.0 10.40.23.254

  no ip http server

  !

  !

  line con 0

   logging synchronous

   login local

   transport input none

  line 1 16

   no exec

   exec-timeout 0 0

   no flush-at-activation

   transport input all

  line aux 0

   logging synchronous

   login local

  line vty 0 4

   logging synchronous

   login local

  !

  end

Also enabled ip routing:

LA-AS#sh ip route      

  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

         E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

         i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

         * - candidate default, U - per-user static route, o - ODR

         P - periodic downloaded static route

  Gateway of last resort is 10.40.23.254 to network 0.0.0.0

       10.0.0.0/22 is subnetted, 1 subnets

  C       10.40.20.0 is directly connected, Ethernet0

  S*   0.0.0.0/0 [1/0] via 10.40.23.254

LA-AS#sh interfaces

Ethernet0 is up, line protocol is up

  Hardware is Lance, address is 00b0.64fd.3ba5 (bia 00b0.64fd.3ba5)

  Internet address is 10.40.20.51/22

  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output 00:00:03, output hang never

  Last clearing of "show interface" counters never

  Queueing strategy: fifo

  Output queue 0/40, 0 drops; input queue 1/75, 0 drops

  5 minute input rate 0 bits/sec, 1 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     8864 packets input, 625440 bytes, 0 no buffer

     Received 8864 broadcasts, 0 runts, 0 giants, 0 throttles

     1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored

     0 input packets with dribble condition detected

     258 packets output, 27504 bytes, 0 underruns(0/0/0)

     0 output errors, 0 collisions, 5 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

Art

I have looked through the config and I do not see an obvious problem. And the fact that the show interface shows that the interface is up and up is encouraging. And the fact that there are input packets and output packets is also a good sign.

Based on this I do not think that your transceiver is faulty.

One other thing that might be helpful would be to post the output of show arp.

From what I see here it looks like it should be working. If there is something that is not working can you give us some clarification of what is the problem?

HTH

Rick

Hi Rick,

I can't thank you enough for your time. I appreciate how you share your experience to help.

Here is arp info and some pings too:

LA-AS#sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.40.20.51             -   00b0.64fd.3ba5  ARPA   Ethernet0

Internet  10.40.23.254            3   2c21.72a1.a181  ARPA   Ethernet0

Internet  10.40.20.250            0   0030.4865.4208  ARPA   Ethernet0

LA-AS#ping 10.40.20.51

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.40.20.51, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

LA-AS#ping 10.40.20.250

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.40.20.250, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

LA-AS#ping 10.40.23.254

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.40.23.254, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

LA-AS#

Hi Rick,

This is really fantastic to learn these details from you! There is way more to networking than a lot of engineers even bother to think about. Most (including me) just plug a cable and take it all for granted! (until situations like these) lol! 

Due to weirdness on this network (e.g. ssh sessions that hang for no reason after 10 minutes) I've been suspicious of some kind of networking problem for months but of course IT says everything is fine. Is it no surprise that ssh keepalive is their go to response. lol!

Hmm... Should I start a new discussion thread with subject "what's wrong with my company's network?"   Seriously though... I can start a new thread if appropriate.

LA-AS#show cdp neighbor detail

-------------------------

Device ID: 6c9cedf72aaa

Entry address(es):

  IP address: 10.40.23.7

Platform: Cisco SG200-26 (PID:SLM2024T)-VSD,  Capabilities: Switch IGMP

Interface: Ethernet0,  Port ID (outgoing port): gi11

Holdtime : 153 sec

Version :

1.2.7.76

advertisement version: 2

Native VLAN: 1

Duplex: half

LA-AS#sh ru

LA-AS#sh running-config

Building configuration...

Current configuration : 824 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname LA-AS

!

logging rate-limit console 10 except errors

enable secret 5 $1$oH4m$afnnZjU0EF92dCJ.VVPq61

!

username admin password 0 admin1

ip subnet-zero

no ip finger

no ip domain-lookup

!

!

!

!

interface Ethernet0

ip address 10.40.20.51 255.255.252.0

no ip mroute-cache

!

interface Serial0

no ip address

no ip mroute-cache

shutdown

no fair-queue

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.40.23.254

no ip http server

!

!

line con 0

logging synchronous

login local

transport input none

line 1 16

no exec

exec-timeout 0 0

no flush-at-activation

transport input all

line aux 0

logging synchronous

login local

line vty 0 4

logging synchronous

login local

!

end

===============================

Regarding ping from other hosts...

I do not have access to gateway, 10.40.23.254

Never a successful ping to the AS2511 (10.40.20.51) from:

10.40.20.250

10.40.20.74

$ ping 10.40.20.51

PING 10.40.20.51 (10.40.20.51) 56(84) bytes of data.

From 10.40.20.250 icmp_seq=2 Destination Host Unreachable

From 10.40.20.250 icmp_seq=3 Destination Host Unreachable

From 10.40.20.250 icmp_seq=4 Destination Host Unreachable

^C

--- 10.40.20.51 ping statistics ---

4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3000ms

$ ping 10.40.20.51

PING 10.40.20.51 (10.40.20.51) 56(84) bytes of data.

From 10.40.20.74: icmp_seq=1 Destination Host Unreachable

From 10.40.20.74: icmp_seq=2 Destination Host Unreachable

From 10.40.20.74: icmp_seq=3 Destination Host Unreachable

From 10.40.20.74: icmp_seq=4 Destination Host Unreachable

^C

--- 10.40.20.51 ping statistics ---

4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3000ms

But yet, nearly all other hosts on this network can ping amongst themselves...

for example from 10.40.20.74

$ ping 10.40.20.250

PING 10.40.20.250 (10.40.20.250) 56(84) bytes of data.

64 bytes from 10.40.20.250: icmp_req=1 ttl=64 time=0.311 ms

64 bytes from 10.40.20.250: icmp_req=2 ttl=64 time=0.243 ms

64 bytes from 10.40.20.250: icmp_req=3 ttl=64 time=0.246 ms

^C

--- 10.40.20.250 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2000ms

rtt min/avg/max/mdev = 0.243/0.266/0.311/0.036 ms

$ traceroute 10.40.20.250

traceroute to 10.40.20.250 (10.40.20.250), 30 hops max, 60 byte packets

1  qa250.TLD (10.40.20.250)  0.296 ms  0.250 ms  0.222 ms

Thanks again for your assistance...

It is very helpful!

-AZ

AZ

Since the discussion is now about much more than the Ethernet interface of your 2511 it might be justified to start a new discussion. But I am willing to continue with this one for a bit since it is already in process and is developing some context that we might need to repeat in a new discussion. So it is your choice.

There are a couple of things that I would like to follow up from the most recent post.

- the cdp neighbor shows that you are connected to a SG200 switch with address 10.40.23.7. So lets see if your 2511 can ping it.

- if the ping to 10.40.23.7 fails, then follow it immediately with a show arp. I would like to see if arp succeeded or not.

- what was the IP address and what is the subnet mask of the device from which you attempted to ping the 2511? If they are in the same subnet I would have expected the ping to be directly between the devices. But you got a response from 10.40.20.250 that your address was not reachable. That implies that your source was at least one hop away. So I would like to know what it is.

- And i am curious why 10.40.20.250 thinks your 2511 is not reachable. It was showing up in your arp table, so I would assume that you should have been in its arp table. I am beginning to wonder if the SG200 is doing something, or is perhaps configured in a way that isolates your 2511. Do you know anything about the SG200 or have any access to it?

HTH

Rick

LA-AS#ping 10.40.23.7

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.40.23.7, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

LA-AS#show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.40.20.51             -   00b0.64fd.3ba5  ARPA   Ethernet0

Internet  10.40.23.7              0   6c9c.edf7.2aaa  ARPA   Ethernet0

Internet  10.40.23.254            1   2c21.72a1.a181  ARPA   Ethernet0

Internet  10.40.20.250            2   0030.4865.4208  ARPA   Ethernet0

LA-AS#

Yes, same subnet. I attempted to ping the AS2511 from both: 10.40.20.74/22 and 10.40.20.250/22

Note that part of my infrastructure which I inherited intermingles with corp IT when my switches uplink into a Juniper EX3300.

I will attempt to describe the interconnects.

Your focus on the SG200 switch is an excellent idea. I continue to have issue with it which I worked around in the following way.

At first, I could not get a link light to illuminate on the SG200 port into which the AS2511 was connected regardless of how I twiddled the port config (e.g. 10M, Half-Duplex). Note, the link light on the AAUI connector would illuminate even though the 10M/half configured port on the SG200 would not illuminate.

So, to make that problem go away, I inserted an old consumer grade Netgear DS104 dual-speed hub between the AS2511 and the SG200 essentially using it to uplink to the SG-200. That made the link light on the SG200 illuminate and the protocol to come up according to the AS2511 sh interfaces.

With that "disclosure" out of the way (lol), here is the interconnects:

AS2511 <=> DS104 <=> SG200 <=> EX3300 <=fiber=> Unknown <=> 10.40.20.250

Whereas, the host 10.40.20.74/22 is connected as:

DS104 <=> 10.40.20.74

Of course, 10.40.20.74 and 10.40.20.250 can talk freely.

Please note... I did not design this network topology so I cannot claim the credit/fame for the reason that the host 10.40.20.250 is in different physical location than my datacenter with the AS2511 and everything else in this discussion. lol.