Serial Interface down, but Ping works...

Unanswered Question
Apr 6th, 2005

I have the new cisco 1841 router with 1 ethernet and 1 serial WAN interface card connected to a leased line modem. I noticed something weird while doing some troubleshooting.

If I unplug the LL modem, I can still ping the serial interface while I am telneted to the router. I even tried disconnecting the cable from the serial int, it still pings! Finally, I gave the command to shutdown the serial int and guess what? I can still ping the serial int IP!

I tried this out on a 1720 router and it does not ping the serial int, which is normal.

Can anybody explain please? It's driving me nuts.

Thanks

Glen

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
thisisshanky Wed, 04/06/2005 - 07:25

hard to believe, but can you post your configs, sh interface output, and any logs of this peculiar behaviour ? Are there any IP addresses in the local LAN which accidentally happen to have the same IP.Best way to find out is to traceroute to that address.

glengregory Wed, 04/06/2005 - 09:21

Thanks for your reply!

There are no duplicate addresses on the network. Anyway, below listed is the config of the router:-

#sh runn

Building configuration...

Current configuration : 2185 bytes

!

version 12.3

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname GLEN

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 debugging

enable secret 5 WHATEVER!!!

!

username glen privilege 15 secret 5 WHATEVER!!!

clock timezone PCTime 4

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

no ip source-route

ip cef

!

!

ip tcp synwait-time 10

!

!

no ip bootp server

no ftp-server write-enable

!

!

!

!

interface FastEthernet0/0

description $FW_INSIDE$$ETH-LAN$$INTF-INFO-FE 0$

ip address 16.x.x.x.0.0.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip route-cache flow

duplex auto

speed auto

no cdp enable

no mop enabled

!

interface FastEthernet0/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

shutdown

duplex auto

speed auto

no cdp enable

no mop enabled

!

interface Serial0/0/0

description $FW_OUTSIDE$

ip address 192.16.x.x.x.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip route-cache flow

no cdp enable

!

ip classless

ip route 192.10.x.x.x.255.0 Serial0/0/0

ip http server

ip http authentication local

ip nat inside source static 16.x.x.x.16.1.102

!

!

logging trap debugging

access-list 10 remark Telnet access

access-list 10 remark SDM_ACL Category=1

access-list 10 permit 16.x.x.x.0.0.255 log

no cdp run

!

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

access-class 10 in

privilege level 15

login local

transport input telnet

line vty 5 15

access-class 10 in

privilege level 15

login local

transport input telnet

!

scheduler allocate 4000 1000

end

#

Now, here is the sh inter serial command:-

#sh interfaces serial 0/0/0

Serial0/0/0 is up, line protocol is up

Hardware is GT96K Serial

Description: $FW_OUTSIDE$

Internet address is 192.16.1.102/30

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation HDLC, loopback not set

Keepalive set (10 sec)

Last input 00:00:00, output 00:00:01, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: weighted fair

Output queue: 0/1000/64/0 (size/max total/threshold/drops)

Conversations 0/1/256 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

Available Bandwidth 1158 kilobits/sec

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

2446 packets input, 68204 bytes, 0 no buffer

Received 2312 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

2453 packets output, 69006 bytes, 0 underruns

0 output errors, 0 collisions, 4 interface resets

0 output buffer failures, 0 output buffers swapped out

0 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up

Would really appreciate your help on this.

Thanks again

Glen

joyride_us Wed, 04/06/2005 - 09:54

Hi Glen,

just too lazy to check thoroughly :) but here is a hint : it could be that your nat command is the reason for this. The router cashed in the IPaddress of the serial for the NAT purposes and somewhat you can ping it although the interface is down because teh cash is answering.

This might be stupid explanation but I have nothing else to offer!

Richard Burts Wed, 04/06/2005 - 11:48

Glen

I wonder about your static NAT translation:

ip nat inside source static 16.103.103.160 192.16.1.102

which translates some inside address on your Fast Ethernet into the address found on the serial. This creates a permanent translation entry in the table. I wonder if the ping when the interfade is down is in fact being translated to the inside address. You could check this by temporarily removing the static translation, or perhaps by shutting down whatever device is at 16.103.103.160.

If that is not it I would be interested in enabling CDP on the serial interfaces and seeing the output of show cdp neighbor detail.

HTH

Rick

ashok_boin Wed, 04/06/2005 - 21:42

Hi,

From which source you are pinging? Any source connected to Fa0/0 interface or any other?

You can see with "debug ip nat translations" on the router what exactly is happening.

-Ashok.

joyride_us Thu, 04/07/2005 - 00:24

RBurts, you confirm my suspicions. I start to strongly believe that the NAT is the reason (quite a pervers effect of natting!)

glengregory Thu, 04/07/2005 - 06:19

Hi guys,

Guess what? It is the NAT!

I disconnected the serial cable and did a traceroute on the s interface. Results below:-

#traceroute 192.16.1.102

Type escape sequence to abort.

Tracing the route to 192.16.1.102

1 16.103.103.160 0 msec 0 msec 0 msec

It is pinging the host on the internal net. Real weird. Problem is, we have a custom WAN application that communicates with a server on the other side of the WAN. Our app is not updating the status of the link from ACTIVE to INACTIVE & vice-versa properly in case the leased line link goes down. I guess NAT is the culprit.

Any ideas on how to get correct info on the serial link in case it goes down.

Thanks to all of you.

Glen

ggatten Thu, 04/07/2005 - 06:30

I don't quite understand your monitoring problem, but if you can process SNMP traps - and have them enabled and config'd on the router, you should receive at least (1) trap when the circuit is down, and another when it's up.

IMO the NAT stuff should not be acting this way. I'd take a close look at everything again.

G

tekha Sun, 04/10/2005 - 09:10

Well, NAT is a bit weird, this is just one more of those

Have you ever noticed that you can ping from a private address on your LAN interface out to a public address, without the "ip nat inside" statement on the the LAN interface. As long as you have "ip nat outside" and "ip nat inside source list ..."?

E.g.

831-router#sh ip int ethernet 0

Ethernet0 is up, line protocol is up

Internet address is 10.10.54.4/24

Broadcast address is 255.255.255.255

Address determined by non-volatile memory

MTU is 1500 bytes

-------output removed-------

Policy routing is disabled

Network address translation is disabled

WCCP Redirect outbound is disabled

-------output removed-------

831-router#sh ip nat sta

Total active translations: 4 (0 static, 4 dynamic; 4 extended)

Outside interfaces:

Ethernet1

Inside interfaces:

Hits: 298401 Misses: 1259

CEF Translated packets: 94651, CEF Punted packets: 424527

Expired translations: 1317

Dynamic mappings:

-- Inside Source

[Id: 1] route-map Ethernet1 interface Ethernet1 refcount 3

Queued Packets: 0

831-router#ping

Protocol [ip]:

Target IP address: 198.133.219.25

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.10.54.4

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 198.133.219.25, timeout is 2 seconds:

Packet sent with a source address of 10.10.54.4

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 284/285/288 ms

Notice there is no ip nat inside, and yet the router is using 10.10.54.4 as a source address to ping www.cisco.com, obviosly the packet is being NAT'ted, but why? It shouldn't have been.

Actions

Login or Register to take actions

This Discussion

Posted April 6, 2005 at 7:14 AM
Stats:
Replies:9 Avg. Rating:
Views:273 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard