• May 28, 2018, 03:49:04 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Default route problem  (Read 2644 times)

0 Members and 1 Guest are viewing this topic.

Offline matt.standing

  • Rookie
  • **
  • Posts: 16
Default route problem
« on: July 12, 2016, 02:44:36 AM »
I have the attached vlan configuration with the following static routes:

Wharfside:
ip route 0.0.0.0 0.0.0.0 192.168.1.1 1
ip route 192.168.20.0 255.255.255.0 192.168.172.254 1
ip route 192.168.22.0 255.255.255.0 192.168.172.254 1   


Wharfside Suites:
ip route 0.0.0.0 0.0.0.0 192.168.172.253 1
ip route 192.168.1.0 255.255.255.0 192.168.172.253 1
ip route 192.168.12.0 255.255.255.0 192.168.172.253 1


My problem is when I try and trace route out to an outside address from the Wharfside Suites site the trace stops at the 192.167.172.253 interface and doesn't know where to go despite having a 0.0.0.0 0.0.0.0 192.168.172.254 default route.

I can trace the same outside address from the Wharfside Site. Does anyone have any ideas?


Offline mixthoor

  • Full Member
  • ***
  • Posts: 53
Re: Default route problem
« Reply #1 on: July 12, 2016, 03:27:37 PM »
Give me some outputs:
1) show vlan ip mgmt
2) show ip
3) show vlan inter info UPLINK-INTERFACE
4) show vlan inter vids UPLINK-INTERFACE

from your switches. Why do you use only static routes? Why not the OSPF?


ACE-Fx I #00531

Offline matt.standing

  • Rookie
  • **
  • Posts: 16
Re: Default route problem
« Reply #2 on: July 13, 2016, 05:15:12 AM »
Hi Mixthoor,

This is the information from the Wharfside Suites end:

1: "show vlan ip mgmt" is not a valid command, but I guess you mean this:

==============================================================================
Vid  ifIndex Address         Mask            MacAddress        Offset Routing
==============================================================================
Primary Interfaces
------------------------------------------------------------------------------
20   10020   192.168.20.254  255.255.255.0   3C:3A:73:5C:90:41 2      Enabled
22   10022   192.168.22.254  255.255.255.0   3C:3A:73:5C:90:43 4      Enabled
172  10172   192.168.172.254 255.255.255.0   3C:3A:73:5C:90:44 5      Enabled
------------------------------------------------------------------------------

2:
Bootp/DHCP Mode: Disabled
            (response not received, to retry, change BootP request mode)

                      Configured        In Use        Last BootP/DHCP
                    --------------- --------------- --------------------
Stack IP Address:   0.0.0.0                         0.0.0.0
Switch IP Address:  0.0.0.0                         0.0.0.0
Stack Subnet Mask:  0.0.0.0                         0.0.0.0
Default Gateway:    0.0.0.0                         0.0.0.0

3:
           Filter     Filter
          Untagged Unregistered
Unit/Port  Frames     Frames    PVID PRI    Tagging    Name
--------- -------- ------------ ---- --- ------------- --------------
1/25      No       Yes          1    0   TagAll        Unit 1,Port 25

4:
Unit/Port VLAN VLAN Name         VLAN VLAN Name         VLAN VLAN Name
--------- ---- ----------------  ---- ----------------  ---- ----------------
1/25      11   VLAN_PUBLIC       172  VLAN_TRANSPORT
--------- ---- ----------------  ---- ----------------  ---- ----------------

This is the information form the Wharfside end:

1:
==============================================================================
Vid  ifIndex Address         Mask            MacAddress        Offset Routing
==============================================================================
Primary Interfaces
------------------------------------------------------------------------------
10   10010   192.168.1.6     255.255.255.0   3C:3A:73:5B:A4:41 2      Enabled
12   10012   192.168.12.254  255.255.255.0   3C:3A:73:5B:A4:43 4      Enabled
172  10172   192.168.172.253 255.255.255.0   3C:3A:73:5B:A4:44 5      Enabled
------------------------------------------------------------------------------

2:
Bootp/DHCP Mode: Disabled

                      Configured        In Use        Last BootP/DHCP
                    --------------- --------------- --------------------
Stack IP Address:   0.0.0.0                         0.0.0.0
Switch IP Address:  0.0.0.0                         0.0.0.0
Switch Subnet Mask: 0.0.0.0                         0.0.0.0
Default Gateway:    0.0.0.0                         0.0.0.0

3:
      Filter     Filter
     Untagged Unregistered
Port  Frames     Frames    PVID PRI    Tagging    Name
---- -------- ------------ ---- --- ------------- --------------
25   No       Yes          1    0   TagAll        Port 25

4:
Port VLAN VLAN Name         VLAN VLAN Name         VLAN VLAN Name
---- ---- ----------------  ---- ----------------  ---- ----------------
1    10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
2    10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
3    10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
4    10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
5    10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
6    10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
7    10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
8    10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
9    10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
10   10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
11   10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
12   10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
13   11   VLAN_PUBLIC
---- ---- ----------------  ---- ----------------  ---- ----------------
14   11   VLAN_PUBLIC
---- ---- ----------------  ---- ----------------  ---- ----------------
15   11   VLAN_PUBLIC
---- ---- ----------------  ---- ----------------  ---- ----------------
16   11   VLAN_PUBLIC
---- ---- ----------------  ---- ----------------  ---- ----------------
17   11   VLAN_PUBLIC
---- ---- ----------------  ---- ----------------  ---- ----------------
18   11   VLAN_PUBLIC
---- ---- ----------------  ---- ----------------  ---- ----------------
19   11   VLAN_PUBLIC
---- ---- ----------------  ---- ----------------  ---- ----------------
20   11   VLAN_PUBLIC
---- ---- ----------------  ---- ----------------  ---- ----------------
21
---- ---- ----------------  ---- ----------------  ---- ----------------
22   10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
23
---- ---- ----------------  ---- ----------------  ---- ----------------
24   10   VLAN_CORP         12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------
25   11   VLAN_PUBLIC       172  VLAN_TRANSPORT
---- ---- ----------------  ---- ----------------  ---- ----------------
26   10   VLAN_CORP         11   VLAN_PUBLIC       12   VLAN_VOICE
---- ---- ----------------  ---- ----------------  ---- ----------------

We stuck with static routes as we have an additional data vlan on the switches (not detailed in the question for simplicity) which is a public network. We found that with RIP/OSPF we were able to bridge across to that public network from the private LAN and vice-versa.
Static routes offered a solution as we are a very small WAN didn't seem a problem.

I would have like to have used RIP and OSPF though!

Thanks,
Matt

Offline mixthoor

  • Full Member
  • ***
  • Posts: 53
Re: Default route problem
« Reply #3 on: July 13, 2016, 07:27:00 AM »
Did I understand you correctly?
- You want to reach the public network direct from SW named Wharfside Suites in VLAN 172. (yes/no?)
- You want to reach the public network from Host, that is connected into Wharfside Suites in VLAN 20 or VLAN 22 (yes/no?)
- This SW has an IP address 192.168.172.254/24 and the Def GW 192.168.172.253.
- Uplink on the SW ist 1/26 with Tagged VLANs, Your VLAN no. 172 and it is allowed on the trunk.
So this SW should make a L3 routing. Give me the output of:
Code: [Select]
show ip routing

---
I need the other outputs, too.
From that HOST (in VLAN 20 or 22):
ping 192.168.22.254
ping 192.168.20.254
ping 192.168.172.254
ping 192.1668.172.253
ping 192.168.1.1

From the SW Wharfside Suites:
ping 192.168.172.253 count 2 source 192.168.172.254
ping 192.168.172.253 count 2 source 192.168.20.254
ping 192.168.172.253 count 2 source 192.168.22.254
ping 192.168.1.1 count 2 source 192.168.172.254
ping 192.168.1.1 count 2 source 192.168.20.254
ping 192.168.1.1 count 2 source 192.168.22.254

From the SW Nordfield House:
ping 192.168.22.254 count 2 source 192.168.1.1
ping 192.168.20.254 count 2 source 192.168.1.1
ping 192.168.172.254 count 2 source 192.168.1.1
ping 192.168.172.253 count 2 source 192.168.1.1

---

On the SW Wharfside Suites you don't need the routes:
Code: [Select]
ip route 192.168.1.0 255.255.255.0 192.168.172.253 1
ip route 192.168.12.0 255.255.255.0 192.168.172.253 1
Delete it.
ACE-Fx I #00531

Offline matt.standing

  • Rookie
  • **
  • Posts: 16
Re: Default route problem
« Reply #4 on: July 27, 2016, 05:02:28 AM »
Hi mixthoor,

Quote
- You want to reach the public network direct from SW named Wharfside Suites in VLAN 172. (yes/no?)
   No, VLAN 11 is trunked, not routed on the Wharfside Suites switch. It doesn't touch VLAN 172.


Quote
- You want to reach the public network from Host, that is connected into Wharfside Suites in VLAN 20 or VLAN 22 (yes/no?)
   No, VLAN 20 and 22 are blocked from VLAN 11.
Quote
- This SW has an IP address 192.168.172.254/24 and the Def GW 192.168.172.253.
   Yes, the 172 vlan on Wharfside Suites switch has a ip address of 192.168.172.254 and has a dfg of.172.253.


-
Quote
Uplink on the SW ist 1/26 with Tagged VLANs, Your VLAN no. 172 and it is allowed on the trunk.
   Yes.


The problem is when traffic bound for the internet from VLAN 20 traverses the 172 vlan it stops on the opposing switch and doesn't route out. This is fine for http, https and ftp as we use a proxy server but some applications ignore the proxy and try to go directly out.

From that HOST (in VLAN 20 or 22):
Code: [Select]
ping 192.168.22.254: Reply from 192.168.22.254: bytes=32 time<1ms TTL=64
ping 192.168.20.254: Reply from 192.168.20.254: bytes=32 time<1ms TTL=64
ping 192.168.172.254: Reply from 192.168.172.254: bytes=32 time<1ms TTL=64
ping 192.1668.172.253: Reply from 192.168.172.253: bytes=32 time<1ms TTL=64
ping 192.168.1.1: Request timed out.


The source command wasn't recognised so the ping sources were set by telneting to the resect VLAN IP address:


From the SW Wharfside Suites:
Code: [Select]
ping 192.168.172.253 count 2 source 192.168.172.254: Host is reachable
ping 192.168.172.253 count 2 source 192.168.20.254: Host is reachable
ping 192.168.172.253 count 2 source 192.168.22.254: Host is reachable
ping 192.168.1.1 count 2 source 192.168.172.254: Host is not reachable
ping 192.168.1.1 count 2 source 192.168.20.254: Host is not reachable
ping 192.168.1.1 count 2 source 192.168.22.254: Host is not reachable

From the SW Nordfield House:
Code: [Select]
ping 192.168.22.254 count 2 source 192.168.1.1: Host is reachable
ping 192.168.20.254 count 2 source 192.168.1.1: Host is reachable
ping 192.168.172.254 count 2 source 192.168.1.1: Host is reachable
ping 192.168.172.253 count 2 source 192.168.1.1: Host is not reachable

Quote
On Wharfside Suites switch, delete:
ip route 192.168.1.0 255.255.255.0 192.168.172.253 1
ip route 192.168.12.0 255.255.255.0 192.168.172.253 1

Surely if I remove these route I won't be able to get to these networks?

Offline orgitnized

  • Jr. Member
  • **
  • Posts: 34
Re: Default route problem
« Reply #5 on: August 07, 2016, 09:21:18 PM »
Quote
On Wharfside Suites switch, delete:
ip route 192.168.1.0 255.255.255.0 192.168.172.253 1
ip route 192.168.12.0 255.255.255.0 192.168.172.253 1

Surely if I remove these route I won't be able to get to these networks?
You don't need the routes, since you already have a gateway of last resort in there, specifying 192.168.172.253; anything that your switch doesn't handle locally will ask that gateway where to send the traffic to.  Having it in there for multiple networks is redundant since it's going to ask that gateway where to send everything anyway, if it doesn't have a local route.
Quote
ip route 0.0.0.0 0.0.0.0 192.168.172.253 1
That's all you need (just agreeing with mixthoor) - the other 2 aren't needed.

Offline matt.standing

  • Rookie
  • **
  • Posts: 16
Re: Default route problem
« Reply #6 on: August 11, 2016, 12:38:35 PM »
Hi

I have taken the routes off as suggested.

Wharfside:
ip route 0.0.0.0 0.0.0.0 192.168.1.1 1
ip route 192.168.20.0 255.255.255.0 192.168.172.254 1
ip route 192.168.22.0 255.255.255.0 192.168.172.254 1   


Wharfside Suites:
ip route 0.0.0.0 0.0.0.0 192.168.172.253 1

I have the same problem as before, when I try and trace route out to an outside address from the Wharfside Suites site the trace stops at the 192.167.172.253 interface and doesn't know where to go.

Offline orgitnized

  • Jr. Member
  • **
  • Posts: 34
Re: Default route problem
« Reply #7 on: August 11, 2016, 04:40:25 PM »
Understandable - this was just about cleaning your extra route statements.
Haven't seen 192.167.x.x networks used privately, personally.
Not saying that's your problem, though.
Can you source ping from that interface and hit the next hop?
ping 192.168.172.253 source 192.167.172.253
What interface uses 192.167.172.253?

Offline TankII

  • Hero Member
  • *****
  • Posts: 542
Re: Default route problem
« Reply #8 on: August 18, 2016, 03:34:42 PM »
Just a comment:
If you use OSPF, do not distribute local or static routes, and the OSPF areas in question are not 0.0.0.0, there should be no reason why you cannot have two different dynamic networks that don't know about each other, all without needing VRF.

If you can do VRF on the switches (5600 has it for instance), then certainly use that instead.  It will make life easier by separating the routng infarastrucure completely.

TankII

Offline matt.standing

  • Rookie
  • **
  • Posts: 16
Re: Default route problem
« Reply #9 on: September 14, 2016, 11:37:25 AM »
Thanks everyone, finally go to the bottom this. The main issue was NAT wasn't working correctly on our CP firewall.


All working now!

Cheers,
Matt