Serial Interface down, but Ping works...

Unanswered Question
Apr 6th, 2005
User Badges:

I have the new cisco 1841 router with 1 ethernet and 1 serial WAN interface card connected to a leased line modem. I noticed something weird while doing some troubleshooting.

If I unplug the LL modem, I can still ping the serial interface while I am telneted to the router. I even tried disconnecting the cable from the serial int, it still pings! Finally, I gave the command to shutdown the serial int and guess what? I can still ping the serial int IP!

I tried this out on a 1720 router and it does not ping the serial int, which is normal.

Can anybody explain please? It's driving me nuts.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thisisshanky Wed, 04/06/2005 - 07:25
User Badges:
  • Purple, 4500 points or more

hard to believe, but can you post your configs, sh interface output, and any logs of this peculiar behaviour ? Are there any IP addresses in the local LAN which accidentally happen to have the same IP.Best way to find out is to traceroute to that address.

glengregory Wed, 04/06/2005 - 09:21
User Badges:

Thanks for your reply!

There are no duplicate addresses on the network. Anyway, below listed is the config of the router:-

#sh runn

Building configuration...

Current configuration : 2185 bytes


version 12.3

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers


hostname GLEN





security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 debugging

enable secret 5 WHATEVER!!!


username glen privilege 15 secret 5 WHATEVER!!!

clock timezone PCTime 4

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

no ip source-route

ip cef



ip tcp synwait-time 10



no ip bootp server

no ftp-server write-enable





interface FastEthernet0/0

description $FW_INSIDE$$ETH-LAN$$INTF-INFO-FE 0$

ip address 16.x.x.x.0.0.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip route-cache flow

duplex auto

speed auto

no cdp enable

no mop enabled


interface FastEthernet0/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow


duplex auto

speed auto

no cdp enable

no mop enabled


interface Serial0/0/0

description $FW_OUTSIDE$

ip address 192.16.x.x.x.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip route-cache flow

no cdp enable


ip classless

ip route 192.10.x.x.x.255.0 Serial0/0/0

ip http server

ip http authentication local

ip nat inside source static 16.x.x.x.16.1.102



logging trap debugging

access-list 10 remark Telnet access

access-list 10 remark SDM_ACL Category=1

access-list 10 permit 16.x.x.x.0.0.255 log

no cdp run




banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C


line con 0

login local

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

access-class 10 in

privilege level 15

login local

transport input telnet

line vty 5 15

access-class 10 in

privilege level 15

login local

transport input telnet


scheduler allocate 4000 1000



Now, here is the sh inter serial command:-

#sh interfaces serial 0/0/0

Serial0/0/0 is up, line protocol is up

Hardware is GT96K Serial

Description: $FW_OUTSIDE$

Internet address is

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation HDLC, loopback not set

Keepalive set (10 sec)

Last input 00:00:00, output 00:00:01, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: weighted fair

Output queue: 0/1000/64/0 (size/max total/threshold/drops)

Conversations 0/1/256 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

Available Bandwidth 1158 kilobits/sec

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

2446 packets input, 68204 bytes, 0 no buffer

Received 2312 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

2453 packets output, 69006 bytes, 0 underruns

0 output errors, 0 collisions, 4 interface resets

0 output buffer failures, 0 output buffers swapped out

0 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up

Would really appreciate your help on this.

Thanks again


joyride_us Wed, 04/06/2005 - 09:54
User Badges:

Hi Glen,

just too lazy to check thoroughly :) but here is a hint : it could be that your nat command is the reason for this. The router cashed in the IPaddress of the serial for the NAT purposes and somewhat you can ping it although the interface is down because teh cash is answering.

This might be stupid explanation but I have nothing else to offer!

Richard Burts Wed, 04/06/2005 - 11:48
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


I wonder about your static NAT translation:

ip nat inside source static

which translates some inside address on your Fast Ethernet into the address found on the serial. This creates a permanent translation entry in the table. I wonder if the ping when the interfade is down is in fact being translated to the inside address. You could check this by temporarily removing the static translation, or perhaps by shutting down whatever device is at

If that is not it I would be interested in enabling CDP on the serial interfaces and seeing the output of show cdp neighbor detail.



ashok_boin Wed, 04/06/2005 - 21:42
User Badges:
  • Bronze, 100 points or more


From which source you are pinging? Any source connected to Fa0/0 interface or any other?

You can see with "debug ip nat translations" on the router what exactly is happening.


joyride_us Thu, 04/07/2005 - 00:24
User Badges:

RBurts, you confirm my suspicions. I start to strongly believe that the NAT is the reason (quite a pervers effect of natting!)

glengregory Thu, 04/07/2005 - 06:19
User Badges:

Hi guys,

Guess what? It is the NAT!

I disconnected the serial cable and did a traceroute on the s interface. Results below:-


Type escape sequence to abort.

Tracing the route to

1 0 msec 0 msec 0 msec

It is pinging the host on the internal net. Real weird. Problem is, we have a custom WAN application that communicates with a server on the other side of the WAN. Our app is not updating the status of the link from ACTIVE to INACTIVE & vice-versa properly in case the leased line link goes down. I guess NAT is the culprit.

Any ideas on how to get correct info on the serial link in case it goes down.

Thanks to all of you.


ggatten Thu, 04/07/2005 - 06:30
User Badges:

I don't quite understand your monitoring problem, but if you can process SNMP traps - and have them enabled and config'd on the router, you should receive at least (1) trap when the circuit is down, and another when it's up.

IMO the NAT stuff should not be acting this way. I'd take a close look at everything again.


tekha Sun, 04/10/2005 - 09:10
User Badges:
  • Bronze, 100 points or more

Well, NAT is a bit weird, this is just one more of those

Have you ever noticed that you can ping from a private address on your LAN interface out to a public address, without the "ip nat inside" statement on the the LAN interface. As long as you have "ip nat outside" and "ip nat inside source list ..."?


831-router#sh ip int ethernet 0

Ethernet0 is up, line protocol is up

Internet address is

Broadcast address is

Address determined by non-volatile memory

MTU is 1500 bytes

-------output removed-------

Policy routing is disabled

Network address translation is disabled

WCCP Redirect outbound is disabled

-------output removed-------

831-router#sh ip nat sta

Total active translations: 4 (0 static, 4 dynamic; 4 extended)

Outside interfaces:


Inside interfaces:

Hits: 298401 Misses: 1259

CEF Translated packets: 94651, CEF Punted packets: 424527

Expired translations: 1317

Dynamic mappings:

-- Inside Source

[Id: 1] route-map Ethernet1 interface Ethernet1 refcount 3

Queued Packets: 0


Protocol [ip]:

Target IP address:

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface:

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:

Packet sent with a source address of


Success rate is 100 percent (5/5), round-trip min/avg/max = 284/285/288 ms

Notice there is no ip nat inside, and yet the router is using as a source address to ping, obviosly the packet is being NAT'ted, but why? It shouldn't have been.


This Discussion