Strange Routing Issue where clients are required to ping first

Unanswered Question


I have just installed a 2800 router at a client who was running out of IP addresses. We used the router to segment the top and bottom floors of the building. The problem that I am seeing is that some clients will "loose" their ability to send traffic through the router. The only way that I can resolve the problem is to 1. ping the local gateway. 2. ping the ip of the "other" interface. 3. Ping the windows DNS server. 4 Ping an external address ie. Any ideas would be much appreciated .

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Thu, 11/29/2007 - 10:14

Sounds like

- a mac-address-table corruption in the switch where these workstations are connected

- an ARP issue at the router


- misconfigured ARP and MAC timers between the switch and the router.

Can you describe how the connection is made ? Please list devices.

Sure. The client node is connected to an unmanaged dell powerconnect switch which plugs directly into GE0/1 ( The 2821 has ip routing and OSPF enabled on it, so from what I understand with ip routing enabled, it should pass the packets directly to the GE0/0 interface ( and then to the win2k3 server on that segment. To get out to the inet cloud, we go through a fortigate device that is doing NAT for the internal networks. Please let me know if I missed anything that could be helpfull. FYI, we have already replaced the switch with a new one to eliminate the switch being the issue.

Many Thanks

Edison Ortiz Thu, 11/29/2007 - 10:34

You mentioned the client was running out of IP addresses.

Could it be that you have duplicate IP addressing problems on that subnet ?

Could it be that you have incorrect subnet masks between your routing device and clients on that subnet ?

Having an unmanaged switch complicates the troubleshooting a bit.

When you have the problem again, telnet into the router and do a show arp to verify if the workstation having the problem is listed in the ARP table.

If listed, the IP address will have a corresponding MAC address, make sure it matches with the trouble device.

Currently, the router is doing DHCP for the segment on the top floor. The clients have no problem getting an IP address, and when they do, I can see the client mac address in the arp table on the router. The mac address registered does match the client workstation. One other thing that I should mention is that I am getting (2) IDS signature hits. The first one happens when the upstairs clients sends a DNS query. The second is one that states "impossible IP address"

Richard Burts Thu, 11/29/2007 - 10:37


There are a couple of things that I am not sure that I understand correctly. Your original post describes a customer who was running our of IP addresses. So you divided the network (top floor and bottom floor). Does this problem exist in both groups of clients or is just the top floor or just the bottom floor?

I wonder when you were dividing the network if some of the end stations might have gotten different IP addresses but not different gateway addresses? Or perhaps configured with an incorrect subnet mask?




Currently, we are only having the problem on the top floor. The top floor has a network space of where the bottom floor has a network space of I can confirm that the clients are receiving the proper ip gateway address on the top floor. Something that I should point out is that the gw address for the bottom floor is This is our firewall/nat device. However, the device does show an OSPF route to the upstairs network that seems to be working OK.

Richard Burts Thu, 11/29/2007 - 11:32


It is helpful to know that the problem seems to be limited to the top floor. You have described their connectivity as through a Dell switch to the router. Would I be correct in assuming that the connectivity for clients on the bottom floor is different? If so can you describe the connectivity for the bottom floor.

I am also interested in your mention of the IDS hits, especially the one about The second is one that states "impossible IP address". Does it give the address?

In your original post you gave a list of destinations that you ping. Would I be correct in assuming that you can ping any one of these and it is sufficient to bet the client connectivity going? And would I be correct in assuming that when you do this ping that at least the first ping packet fails or times out?




This Discussion