11-11-2008 11:08 AM - edited 03-06-2019 02:25 AM
We briefly lost our MPLS WAN link the other day and since then we have one remote 3750 switch that we can't poll via SNMP. I did a "show ip redirects" on the switch and it does show an incorrect route (to our firewall) back to the SNMP polling station. The question is twofold, how did this entry get there and how can I clear it. I did try the "no ip redirects" command but no luck. There is no IP routing on the 3750. Any ideas on how to get rid of this?
Solved! Go to Solution.
11-11-2008 03:24 PM
Yes, it seems to be stuck on 10.4.10.1 for some odd reason. Give it a reboot and it should clear it.
Keep in mind to always use a default-gateway in your switch configuration when you aren't running routing on them, and never rely on proxy-arp.
HTH,
__
Edison.
Please rate helpful posts
11-11-2008 12:31 PM
Does the SNMP server have reachability to the 3750 switch via ping?
You stated the device is not running any routing, do you have an ip default-gateway command in the absence of routing?
Can you please post the show ip route output?
__
Edison.
11-11-2008 01:06 PM
Hello Edison,
Here is the output you requested. There is no ip default gateway-set on this switch or any others on this LAN. I can SNMP poll and ping the other 3750's in this LAN without issue. The gateway this route is pointing to is our firewall (10.4.10.1) which is obviously incorrect. (10.1.10.150 is the polling station) If I do a show IP route on any other switch on this LAN I get a "default gateway is not set" and a "ICMP redirect cache is empty". This all started yesterday when our WAN took a hit for 2 mins. We are using 3845's on each end, EIGRP, BGP. Traceroute using extended pings from the polling side LAN interface gets 4 hops to the WAN interface on the target side so I assume because the route is in there (in the switch) the snmp replies are not getting back. Would a reload fix?
NJ-IDF-3FL-S#sh ip redirects
Default gateway is not set
Host Gateway Last Use Total Uses Interface
10.1.10.150 10.4.10.1 0:00 176809 Vlan10
NJ-IDF-3FL-S#sh ip route
Default gateway is not set
Host Gateway Last Use Total Uses Interface
10.1.10.150 10.4.10.1 0:00 176837 Vlan10
11-11-2008 01:11 PM
You must use the ip default-gateway command to insert a gateway on those switches, else they will be relying on proxy-arp from any device located in their respective local segment.
HTH,
__
Edison.
Please rate helpful posts
11-11-2008 01:35 PM
Thanks Edison,
Here is output post ip default-gateway, followed by 2 pings, one to our polling station (10.1.10.150)which fails and another to a DC on the other side of the WAN which succeeds. There is still this static route there that we need to get rid of I think?
NJ-IDF-3FL-S#sh ip route
Default gateway is 10.4.10.4
Host Gateway Last Use Total Uses Interface
10.1.10.150 10.4.10.1 0:00 180541 Vlan10
NJ-IDF-3FL-S#ping
Protocol [ip]:
Target IP address: 10.1.10.150
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.10.150, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
NJ-IDF-3FL-S#ping
Protocol [ip]:
Target IP address: 10.1.10.93
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.10.93, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/13/17 ms
NJ-IDF-3FL-S#
11-11-2008 01:52 PM
Please make sure you are entering the correct gateway on these devices.
The IP address for the gateway must be the router containing reachability (routing table) information to all devices in your network.
This router must also be advertising the IP addresses in behalf of subnets attached to it.
If the switch is able to ping to a remote location, the gateway you've entered is valid but you must determine this gateway has reachability information to the polling station.
You also need to verify if the polling station allows ICMP. Are you able to ping from the polling station to the switch now that you entered the correct gateway?
__
Edison.
11-11-2008 02:05 PM
Hello Edison,
Yes, the gateway is our 3845 (10.4.10.4) which uses EIGRP to route about 10 Vlan SIFs.
Here is output of an exteded ping from the default gateway router(3845) that the switch now points too pinging the SNMP polling station on the other side of the WAN (10.1.10.150). Once again, if you look at the result of the sh ip route from the switch in my previous post you will see the static route is still in there. There has to be a way to remove that no?
The SNMP polling station still can't ping the switch but can see everything else on this LAN.
NJ-3845# ping
Protocol [ip]:
Target IP address: 10.1.10.150
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.4.10.4
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.10.150, timeout is 2 seconds:
Packet sent with a source address of 10.4.10.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms
11-11-2008 02:16 PM
Please post the output from typing show ip interface brief | ex una from the switch.
You can also clear the cache with the command clear ip route * and clear ip cache
__
Edison.
11-11-2008 02:28 PM
Hello Edison,
Here is the output....
I used the clears but the route is still there. I will reload sometime this evening.
Password:
NJ-IDF-3FL-S>en
Password:
NJ-IDF-3FL-S#sh ip int brief | ex una
Interface IP-Address OK? Method Status Protocol
Vlan1 10.4.1.30 YES NVRAM up up
Vlan10 10.4.10.7 YES NVRAM up up
Vlan30 10.4.30.7 YES NVRAM up up
Vlan110 10.4.110.7 YES NVRAM up up
NJ-IDF-3FL-S#clear ip route *
NJ-IDF-3FL-S#clear ip cache
NJ-IDF-3FL-S#sh ip route
Default gateway is 10.4.10.4
Host Gateway Last Use Total Uses Interface
10.1.10.150 10.4.10.1 0:00 185495 Vlan10
NJ-IDF-3FL-S#
11-11-2008 03:24 PM
Yes, it seems to be stuck on 10.4.10.1 for some odd reason. Give it a reboot and it should clear it.
Keep in mind to always use a default-gateway in your switch configuration when you aren't running routing on them, and never rely on proxy-arp.
HTH,
__
Edison.
Please rate helpful posts
11-11-2008 07:14 PM
Edison,
Thanks so much for all your help and guidance here. A reload did fix the problem thankfully and this certainly was a strange one. I will take your advice on the default-gateway config on the other non-routing switches though I must learn why proxy-arp is not desirable. Thanks again.
Tom Kristiansen
11-11-2008 08:57 PM
hough I must learn why proxy-arp is not desirable.
Because you have no control on what device is going to be the proxy. In your case, another device was elected to be the gateway and you had no control over it since it was elected dynamically.
If you set the gateway manually, the setting will remain intact.
Glad your problem was resolved and thanks for the rating.
__
Edison.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: