Cisco 3725 routing problem

Unanswered Question
Jun 17th, 2010
User Badges:

We have a Cisco 3700 router that has been working for years using the default route 'route ip 0.0.0.0 0.0.0.0 F0/0'. Strangely, our connection(in/out) suddenly dropped and the only solution that worked was to set  the default route to 'route ip 0.0.0.0 0.0.0.0 1.1.1.99'.


ISP's provided gateway 1.1.1.99

F0/0 - 1.1.1.100

F0/1 - 2.2.2.100


Any idea what happened?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Thu, 06/17/2010 - 05:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Emmanuel,


the provider has disabled proxy ARP on its interface for security reasons


note that the right configuration is the new one in order to minimize ARP table size.


With Proxy ARP an ARP request was made for all new destination addresses to the internet, with ISP router that collaborated giving back in answer its MAC adddress (the same answer for each request)



With new configuration the router makes an ARP request for the next-hop and uses it for all IP addresses


Some other colleague had routers crashed by the ARP table becoming too big you have been lucky to run the router for years


see

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml


Hope to help

Giuseppe

slasher UG Fri, 06/18/2010 - 00:22
User Badges:

Thank you for the very informative response Giuseppe.


Here is another :-)


Will it make a difference if I set the default route of our firewall directly to our ISP? See example below.


Current setup.

Inbound:      ISP(1.1.1.99) --> (F0/0 1.1.1.100)Router(F0/1 2.2.2.100) --> (Out 2.2.2.99)Firewall(In 3.3.3.99) --> LAN(3.3.3.0)

Outbound:   LAN --> Firewall --> Router --> ISP

Router's default route set to route 0.0.0.0 0.0.0.0 1.1.1.99

Firewall's default route set to route 0.0.0.0 0.0.0.0 2.2.2.100


New.

Inbound:      ISP(1.1.1.99) --> (F0/0 1.1.1.100)Router(F0/1 2.2.2.100) --> (Out  2.2.2.99)Firewall(In 3.3.3.99) --> LAN(3.3.3.0)

Outbound:   LAN --> Firewall --> ISP

Router's default route set to route 0.0.0.0 0.0.0.0 1.1.1.99

Firewall's default route set to route 0.0.0.0 0.0.0.0 1.1.1.99


Again thanks for the answer.


Manny

Dasuntha Dinesh Fri, 06/18/2010 - 02:07
User Badges:

I have some doubts about the New Setup.

Because, Like to know that if the Firewall can reach the ISP by-passing the Router.

I think it'll be the same, because the all the traffic is going out through the Router to ISP


Regards,

Dasuntha

Dasuntha Dinesh Sat, 06/19/2010 - 06:22
User Badges:

So, Firewall is reaching the ISP through the Router?

You can check it by running a traceroute.

slasher UG Sun, 06/20/2010 - 17:28
User Badges:

traceroute shows both goes through the router. so i guess it makes no difference.

Actions

This Discussion