Static Route

Unanswered Question
Jun 9th, 2009
User Badges:

Hi,


I am using a Cisco 857. Most PC's on the LAN are using IP range 192.168.1.0. I have created another network on 192.168.20.0, and another on 192.168.23.0.


I have added the commands


ip route 192.168.20.0 255.255.255.0 vlan1

ip route 192.168.23.0 255.255.255.0 vlan1


From PC's on the 192.168.1.x range, I can ping PC's on the 192.168.20.x range, but cannot ping anything on the 192.168.23.x range.


The network settings on the PC's are the same - both using the router as a gateway - is there anything else that I'm missing?


Thanks


Nick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 06/09/2009 - 03:54
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Nick,

I would use for the static routes the form


ip route 192.168.20.0 255.255.255.0

ip route 192.168.23.0 255.255.255.0

using the lan outgoing interface means the 857 has to rely on proxy-arp on other device.


if the gateway for net 192.168.23.0/24 has ip proxy-arp disabled your static route doesn't work (it cannot find the destination MAC address to whom to send the frame)


Hope to help

Giuseppe


nickc1976 Wed, 06/17/2009 - 02:30
User Badges:

Thanks Giuseppe,


I don't think I follow though. I only have one router, and all my networks are attached to vlan1, so the router's ARP table should contain all entries for all my networks.


As all my networks are connected to the same router, what should be entered as the ip-next-hop?


thanks


Nick

Nick,


The machines will ONLY arp for the address that matches the configured subnet and mask. IF the address does not match, without proxy-arp enabled on the layer 3 device controlling the routing for the other subnets, it will not work.


Even though you have a flat VLAN topology - you still need a layer 3 routing device to handle the routing between the 3 x /24 subnets.


HTH>

francisco_1 Wed, 06/17/2009 - 02:48
User Badges:
  • Gold, 750 points or more

Nick,


In a routed network directing a static route to an exit broadcast interface without specifying the next-hop address can cause an excessive amount of traffic on the broadcast network, and also might eat up the router's memory. For example, you are pointing both routes out via an exist interface. In a routed enviroment a router will assumes 192.168.20.0 and 192.168.30.0 is directly connected. Therefore, when attempting to route to any address on those subnets, the router sends an ARP request to find the MAC address to which to forward the packet. Each attempt to reach an address on both networks, whether the destination is valid or not, will result in an ARP request, an ARP response if a router on the broadcast network is responding on behalf of the 192.168.20.0 and 192.168.30.0 networks (proxy ARP), and a potentially large ARP cache on the router. By appending the next-hop address to the static route entry, ip route 192.168.20.0 255.255.255.0 192.168.1.194 for example, the router no longer assumes that the destination is directly connected. The only ARP traffic is for the next-hop address, which only occurs for the first packet destined to a host on network 192.168.20.0, rather than for every packet destined to a new host on network 192.168.20.0.


Specify the exit interface and the next-hop address to minimize table lookups associated with finding the exit interface for a specified next-hop address, and to minimize traffic on the broadcast network.



hope that helps.


nickc1976 Wed, 06/17/2009 - 03:21
User Badges:

Thanks for your replies.


I'm sure that proxy-arp is enabled on this router - is there a show command I can use to confirm this?


I'm still confused about what should be my next hop address. Can it be any PC in the 192.168.1.0 network?

Nick,


You can see if proxy arp is enabled - by the lack of config on the routers lan inteface, if you have no ip proxy-arp configured, then proxy arp is disabled.


If you have a network 192.168.1.0/24 and your machines have an ip address in that range. If that machine wants to take to 192.168.20.1 then the machine will pass on the traffic to the confiured default gateway - as the .20.x is NOT in the same ip subnet.


If your router has a static route pointing the 192.168.20.0 out an interface - then the router will have to arp for the address, if it does not recevie a reply then the router will drop the packet from the oringinating machine.


The router NEEDS to pass the traffic onto another device that CAN connect to 192.168.20.0. If you do not define a next hop gateway this will never work.


You need to define the static route pointing to another layer 3 device that can route to those ip subnets.


francisco_1 Wed, 06/17/2009 - 03:46
User Badges:
  • Gold, 750 points or more

I'm still confused about what should be my next hop address. Can it be any PC in the 192.168.1.0 network?



to decide that we would need to see a network diagram for your network to undestand traffic flow between your network devices. post a diagram if you have one.


The next hop should be a routed device (either a switch doing L3 routing or a router) that can handle routing for the subnets. Can be either directly connected or not...

iyde Thu, 06/18/2009 - 04:24
User Badges:
  • Silver, 250 points or more

Hi.


Are all three subnets directly connected to the 857 router or are the two new subnets sitting behind another router?

If it is the latter then the next-hop is the IP address of this other router's interface connecting it to 192.168.1.0 network.

If it is the former then something in the config of the 857 router must be blocking the 192.168.23.0 network.

HTH.

Richard Burts Thu, 06/18/2009 - 05:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Nick


If I am understanding correctly that both of the new networks are in the same VLAN with the original network, then I would suggest that static routes are not what you need. What you really need to do is to configure 192.168.20.0 and 192.168.23.0 as secondary addresses on the router interface. When configured as secondary addresses the router will consider them to be directly connected and will route for them without needing any static routes configured.


HTH


Rick

nickc1976 Mon, 06/22/2009 - 02:01
User Badges:

Hi all,


192.168.20.0 and 192.168.23.0 are directly connected to the router.


I think something else in the network must be denying access, because I can now access the 192.168.20.0 network with the static route command, but not the 192.168.23.0 network. I will try and find out what could be blocking this traffic and post back.


Thanks


Nick

iyde Mon, 06/22/2009 - 20:51
User Badges:
  • Silver, 250 points or more

Nick,


If both networks are directly connected to the router then it's not the static route that helps you. There must be something else that is blocking.

Would it be possible for you to post the config of the router to the forum? This would greatly enhance our possibilities for helping you.

HTH

kishan1984 Mon, 06/22/2009 - 20:59
User Badges:

is host from 192.168.20.* & 192.168.30.* series subnet are connected on same switch? what are teh vlan assigned to both ports & what default gateway configured on teh switch where 192.168.30.* series host are connected.

Actions

This Discussion