cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
761
Views
0
Helpful
11
Replies

Can't poll 3750 switch across WAN

teeboli68
Level 1
Level 1

We briefly lost our MPLS WAN link the other day and since then we have one remote 3750 switch that we can't poll via SNMP. I did a "show ip redirects" on the switch and it does show an incorrect route (to our firewall) back to the SNMP polling station. The question is twofold, how did this entry get there and how can I clear it. I did try the "no ip redirects" command but no luck. There is no IP routing on the 3750. Any ideas on how to get rid of this?

1 Accepted Solution

Accepted Solutions

Yes, it seems to be stuck on 10.4.10.1 for some odd reason. Give it a reboot and it should clear it.

Keep in mind to always use a default-gateway in your switch configuration when you aren't running routing on them, and never rely on proxy-arp.

HTH,

__

Edison.

Please rate helpful posts

View solution in original post

11 Replies 11

Edison Ortiz
Hall of Fame
Hall of Fame

Does the SNMP server have reachability to the 3750 switch via ping?

You stated the device is not running any routing, do you have an ip default-gateway command in the absence of routing?

Can you please post the show ip route output?

__

Edison.

Hello Edison,

Here is the output you requested. There is no ip default gateway-set on this switch or any others on this LAN. I can SNMP poll and ping the other 3750's in this LAN without issue. The gateway this route is pointing to is our firewall (10.4.10.1) which is obviously incorrect. (10.1.10.150 is the polling station) If I do a show IP route on any other switch on this LAN I get a "default gateway is not set" and a "ICMP redirect cache is empty". This all started yesterday when our WAN took a hit for 2 mins. We are using 3845's on each end, EIGRP, BGP. Traceroute using extended pings from the polling side LAN interface gets 4 hops to the WAN interface on the target side so I assume because the route is in there (in the switch) the snmp replies are not getting back. Would a reload fix?

NJ-IDF-3FL-S#sh ip redirects

Default gateway is not set

Host Gateway Last Use Total Uses Interface

10.1.10.150 10.4.10.1 0:00 176809 Vlan10

NJ-IDF-3FL-S#sh ip route

Default gateway is not set

Host Gateway Last Use Total Uses Interface

10.1.10.150 10.4.10.1 0:00 176837 Vlan10

You must use the ip default-gateway command to insert a gateway on those switches, else they will be relying on proxy-arp from any device located in their respective local segment.

HTH,

__

Edison.

Please rate helpful posts

Thanks Edison,

Here is output post ip default-gateway, followed by 2 pings, one to our polling station (10.1.10.150)which fails and another to a DC on the other side of the WAN which succeeds. There is still this static route there that we need to get rid of I think?

NJ-IDF-3FL-S#sh ip route

Default gateway is 10.4.10.4

Host Gateway Last Use Total Uses Interface

10.1.10.150 10.4.10.1 0:00 180541 Vlan10

NJ-IDF-3FL-S#ping

Protocol [ip]:

Target IP address: 10.1.10.150

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.10.150, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

NJ-IDF-3FL-S#ping

Protocol [ip]:

Target IP address: 10.1.10.93

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.10.93, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/13/17 ms

NJ-IDF-3FL-S#

Please make sure you are entering the correct gateway on these devices.

The IP address for the gateway must be the router containing reachability (routing table) information to all devices in your network.

This router must also be advertising the IP addresses in behalf of subnets attached to it.

If the switch is able to ping to a remote location, the gateway you've entered is valid but you must determine this gateway has reachability information to the polling station.

You also need to verify if the polling station allows ICMP. Are you able to ping from the polling station to the switch now that you entered the correct gateway?

__

Edison.

Hello Edison,

Yes, the gateway is our 3845 (10.4.10.4) which uses EIGRP to route about 10 Vlan SIFs.

Here is output of an exteded ping from the default gateway router(3845) that the switch now points too pinging the SNMP polling station on the other side of the WAN (10.1.10.150). Once again, if you look at the result of the sh ip route from the switch in my previous post you will see the static route is still in there. There has to be a way to remove that no?

The SNMP polling station still can't ping the switch but can see everything else on this LAN.

NJ-3845# ping

Protocol [ip]:

Target IP address: 10.1.10.150

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.4.10.4

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.10.150, timeout is 2 seconds:

Packet sent with a source address of 10.4.10.4

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms

Please post the output from typing show ip interface brief | ex una from the switch.

You can also clear the cache with the command clear ip route * and clear ip cache

__

Edison.

Hello Edison,

Here is the output....

I used the clears but the route is still there. I will reload sometime this evening.

Password:

NJ-IDF-3FL-S>en

Password:

NJ-IDF-3FL-S#sh ip int brief | ex una

Interface IP-Address OK? Method Status Protocol

Vlan1 10.4.1.30 YES NVRAM up up

Vlan10 10.4.10.7 YES NVRAM up up

Vlan30 10.4.30.7 YES NVRAM up up

Vlan110 10.4.110.7 YES NVRAM up up

NJ-IDF-3FL-S#clear ip route *

NJ-IDF-3FL-S#clear ip cache

NJ-IDF-3FL-S#sh ip route

Default gateway is 10.4.10.4

Host Gateway Last Use Total Uses Interface

10.1.10.150 10.4.10.1 0:00 185495 Vlan10

NJ-IDF-3FL-S#

Yes, it seems to be stuck on 10.4.10.1 for some odd reason. Give it a reboot and it should clear it.

Keep in mind to always use a default-gateway in your switch configuration when you aren't running routing on them, and never rely on proxy-arp.

HTH,

__

Edison.

Please rate helpful posts

Edison,

Thanks so much for all your help and guidance here. A reload did fix the problem thankfully and this certainly was a strange one. I will take your advice on the default-gateway config on the other non-routing switches though I must learn why proxy-arp is not desirable. Thanks again.

Tom Kristiansen

hough I must learn why proxy-arp is not desirable.

Because you have no control on what device is going to be the proxy. In your case, another device was elected to be the gateway and you had no control over it since it was elected dynamically.

If you set the gateway manually, the setting will remain intact.

Glad your problem was resolved and thanks for the rating.

__

Edison.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: