04-06-2005 07:14 AM - edited 03-03-2019 09:13 AM
I have the new cisco 1841 router with 1 ethernet and 1 serial WAN interface card connected to a leased line modem. I noticed something weird while doing some troubleshooting.
If I unplug the LL modem, I can still ping the serial interface while I am telneted to the router. I even tried disconnecting the cable from the serial int, it still pings! Finally, I gave the command to shutdown the serial int and guess what? I can still ping the serial int IP!
I tried this out on a 1720 router and it does not ping the serial int, which is normal.
Can anybody explain please? It's driving me nuts.
Thanks
Glen
04-06-2005 07:25 AM
hard to believe, but can you post your configs, sh interface output, and any logs of this peculiar behaviour ? Are there any IP addresses in the local LAN which accidentally happen to have the same IP.Best way to find out is to traceroute to that address.
04-06-2005 09:21 AM
Thanks for your reply!
There are no duplicate addresses on the network. Anyway, below listed is the config of the router:-
#sh runn
Building configuration...
Current configuration : 2185 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname GLEN
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
enable secret 5 WHATEVER!!!
!
username glen privilege 15 secret 5 WHATEVER!!!
clock timezone PCTime 4
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
description $FW_INSIDE$$ETH-LAN$$INTF-INFO-FE 0$
ip address 16.x.x.x.0.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface Serial0/0/0
description $FW_OUTSIDE$
ip address 192.16.x.x.x.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
no cdp enable
!
ip classless
ip route 192.10.x.x.x.255.0 Serial0/0/0
ip http server
ip http authentication local
ip nat inside source static 16.x.x.x.16.1.102
!
!
logging trap debugging
access-list 10 remark Telnet access
access-list 10 remark SDM_ACL Category=1
access-list 10 permit 16.x.x.x.0.0.255 log
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
access-class 10 in
privilege level 15
login local
transport input telnet
line vty 5 15
access-class 10 in
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
#
Now, here is the sh inter serial command:-
#sh interfaces serial 0/0/0
Serial0/0/0 is up, line protocol is up
Hardware is GT96K Serial
Description: $FW_OUTSIDE$
Internet address is 192.16.1.102/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2446 packets input, 68204 bytes, 0 no buffer
Received 2312 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
2453 packets output, 69006 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Would really appreciate your help on this.
Thanks again
Glen
04-06-2005 09:54 AM
Hi Glen,
just too lazy to check thoroughly :) but here is a hint : it could be that your nat command is the reason for this. The router cashed in the IPaddress of the serial for the NAT purposes and somewhat you can ping it although the interface is down because teh cash is answering.
This might be stupid explanation but I have nothing else to offer!
04-06-2005 11:48 AM
Glen
I wonder about your static NAT translation:
ip nat inside source static 16.103.103.160 192.16.1.102
which translates some inside address on your Fast Ethernet into the address found on the serial. This creates a permanent translation entry in the table. I wonder if the ping when the interfade is down is in fact being translated to the inside address. You could check this by temporarily removing the static translation, or perhaps by shutting down whatever device is at 16.103.103.160.
If that is not it I would be interested in enabling CDP on the serial interfaces and seeing the output of show cdp neighbor detail.
HTH
Rick
04-06-2005 09:42 PM
Hi,
From which source you are pinging? Any source connected to Fa0/0 interface or any other?
You can see with "debug ip nat translations" on the router what exactly is happening.
-Ashok.
04-07-2005 12:24 AM
RBurts, you confirm my suspicions. I start to strongly believe that the NAT is the reason (quite a pervers effect of natting!)
04-07-2005 06:19 AM
Hi guys,
Guess what? It is the NAT!
I disconnected the serial cable and did a traceroute on the s interface. Results below:-
#traceroute 192.16.1.102
Type escape sequence to abort.
Tracing the route to 192.16.1.102
1 16.103.103.160 0 msec 0 msec 0 msec
It is pinging the host on the internal net. Real weird. Problem is, we have a custom WAN application that communicates with a server on the other side of the WAN. Our app is not updating the status of the link from ACTIVE to INACTIVE & vice-versa properly in case the leased line link goes down. I guess NAT is the culprit.
Any ideas on how to get correct info on the serial link in case it goes down.
Thanks to all of you.
Glen
04-07-2005 06:30 AM
I don't quite understand your monitoring problem, but if you can process SNMP traps - and have them enabled and config'd on the router, you should receive at least (1) trap when the circuit is down, and another when it's up.
IMO the NAT stuff should not be acting this way. I'd take a close look at everything again.
G
04-10-2005 09:10 AM
Well, NAT is a bit weird, this is just one more of those
Have you ever noticed that you can ping from a private address on your LAN interface out to a public address, without the "ip nat inside" statement on the the LAN interface. As long as you have "ip nat outside" and "ip nat inside source list ..."?
E.g.
831-router#sh ip int ethernet 0
Ethernet0 is up, line protocol is up
Internet address is 10.10.54.4/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
-------output removed-------
Policy routing is disabled
Network address translation is disabled
WCCP Redirect outbound is disabled
-------output removed-------
831-router#sh ip nat sta
Total active translations: 4 (0 static, 4 dynamic; 4 extended)
Outside interfaces:
Ethernet1
Inside interfaces:
Hits: 298401 Misses: 1259
CEF Translated packets: 94651, CEF Punted packets: 424527
Expired translations: 1317
Dynamic mappings:
-- Inside Source
[Id: 1] route-map Ethernet1 interface Ethernet1 refcount 3
Queued Packets: 0
831-router#ping
Protocol [ip]:
Target IP address: 198.133.219.25
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.10.54.4
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 198.133.219.25, timeout is 2 seconds:
Packet sent with a source address of 10.10.54.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 284/285/288 ms
Notice there is no ip nat inside, and yet the router is using 10.10.54.4 as a source address to ping www.cisco.com, obviosly the packet is being NAT'ted, but why? It shouldn't have been.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: