hosts can only ping other hosts after router has pinged them?

Discussion in 'Cisco' started by spec, Jun 4, 2006.

  1. spec

    spec Guest

    Hi all, has anyone else ever see this:

    client with ip 10.6.201.20/16 and gateway
    of 10.6.1.1 can only
    ping a host with an ip address of
    10.1.1.8/16 after the router has
    successfully pinged 10.1.1.8/16?

    The destination host has 2 ip addresses
    assigned to an ethernet interface:

    69.66.x.x/21
    10.1.1.8/16
    default gateway of 69.66.x.1/21

    The router has
    69.66.x.1 on gig 0/0
    10.1.1.1/16 on gig0/1 as primary and
    10.6.1.1/16 as secondary

    thanks!
     
    spec, Jun 4, 2006
    #1
    1. Advertisements

  2. I have a feeling this might be related to whether or not you have "ip
    route-cache same-interface" configured on gig0/1.
     
    Barry Margolin, Jun 4, 2006
    #2
    1. Advertisements

  3. spec

    spec Guest

    yes, ip route-cache same interface is enabled on gig 0/1
     
    spec, Jun 4, 2006
    #3
  4. spec

    ciscortp Guest

    I'm a little confused as to why you have this setup this way but it
    seems to me that you are running into an arp problem.

    How does the router Know how to reach Host 10.1.1.8 if you only have
    69.66.x.1 configured on the inteface facing Host 10.1.1.8. Is there a
    static route or something?

    When you attaempt to ping 10.1.1.8 from host 10.6.201.20, the router
    receives the packet and now realizes that network 10.1.0.0/16 is
    directly connected on g0/1 - which is also the same interface that the
    packet was just received.

    So the router is going to send out an Arp request on G0/1 to find the
    Mac address of the destination. The ARP reply will never come back
    because 10.1.1.8 is actually located outside of interface g0/0.

    I'm not even sure how the ping from the router is working. Please
    provide some more details.

    Thanks
     
    ciscortp, Jun 4, 2006
    #4
  5. spec

    ciscortp Guest

    I'm a little confused as to why you have this setup this way but it
    seems to me that you are running into an arp problem.

    How does the router Know how to reach Host 10.1.1.8 if you only have
    69.66.x.1 configured on the inteface facing Host 10.1.1.8. Is there a
    static route or something?

    When you attaempt to ping 10.1.1.8 from host 10.6.201.20, the router
    receives the packet and now realizes that network 10.1.0.0/16 is
    directly connected on g0/1 - which is also the same interface that the
    packet was just received.

    So the router is going to send out an Arp request on G0/1 to find the
    Mac address of the destination. The ARP reply will never come back
    because 10.1.1.8 is actually located outside of interface g0/0.

    I'm not even sure how the ping from the router is working. Please
    provide some more details.

    Thanks
     
    ciscortp, Jun 4, 2006
    #5
  6. So if it fails with this set, what happens if you unset it?
     
    Barry Margolin, Jun 4, 2006
    #6
  7. spec

    spec Guest

    the issue appears to be that the interface was bound to a BVI interface
    (not sure why a BVI was used here)

    placing the config on the physical interface solved the issue
     
    spec, Jun 5, 2006
    #7
  8. spec

    Peter Guest

    Greetings,
    It is not obvious to most people that on Cisco Routers the Ethernet
    interfaces can be configured to operate in at least Layer 2 or Layer 3
    modes (and possibly more). The "default" mode for an Etherswitch is as
    a Layer 2 port, while for a Router the "default" mode is as a Layer 3
    port, because we most often need to route over that interface. While
    this works fine, you will then find that you cannot apply a MAC ACL to
    that interface, because its NOT in "Layer 2" mode. To enable the use
    of MAC ACL's on that Ethernet interface, AND be able to Route over
    it,, you need to -
    1. Create a BRIDGE GROUP,
    2. Bond the Ethernet Interface to that Bridge Group (force it into
    Layer 2 mode),
    3. Create a BVI also in that same Bridge Group (IE Bridge Group 7
    can have BVI 7 as its routed interface),
    4. Apply all Layer 3 attributes (EG the IP address) to the BVI.
    5. Now apply the Layer 2 MAC ACL to the Ethernet.

    So a BVI is usually used to add Layer 3 capability to an Ethernet
    interface that also needs to use Layer 2 properties.

    Cheers...........pk.
     
    Peter, Jun 5, 2006
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.