We use Orion for a monitoring server and I had a situation this morning. One of my routers stopped responding, at least from the monitoring servers perspective. I could ping the router's inside interface from my laptop, but I couldn't get to it from the monitoring server itself. I checked the routing table on the server and everything looked normal. I could ping devices behind the router (APs/switches) and I could ping the serial side interface from the monitoring server, and I could ping the inside interface from my laptop. I removed "no ip redirects" from the inside interface and I could then ping from the monitoring server.
Here's the way it would look:
Orion ----> <site Serial side><Inside IF> ---> other devices.
I could ping serial from orion, but not inside IF. Any ideas? I'm about to disable redirects on all serial side and inside interfaces, but I wanted to make sure this was just a fluke and not a cause of having redirects configured on that router.
You have an interesting issue here. Personally, I don't see how ICMP redirects would affect your reachability. I do not even see how and when would ICMP redirects be sent in your case (but then again, I do not know your network so well). Would you kindly have a look at the following URL and see whether the conditions for sending ICMP redirects apply to you?
Also, it should be noted that Cisco routers, as far as I know, ignore received ICMP redirects.
What I would probably go for would be a glitch in CEF. I have ecountered a problem with CEF a couple of times with IOS 12.4, I believe, on 1800/2800 series routers. In some cases, the CEF and the routing table became de-synchronized, with the CEF pointing to a different next hop for the default route than the routing table. I believe that it happened with some funny combination of NAT and outside interface being assigned an IP address via DHCP, or with defining a static default route using only an egress interface - I don't remember for sure. I was not able to replicate this on demand but I have ecountered that problem multiple times.
It is somehow possible that modifying the redirect behavior somehow affected the CEF structure as well.
Anyway, does the problem return when you put the redirect configuration to its original setting?
Thanks for the response. It didn't come back and I can't recreate it unfortunately. There's not a way that redirects should have ever modified anything in this case. I only have one entry/exit point from that site, and the subnet that's monitoring is different from the subnet that's being monitored. I didn't look at the CEF table, but I definitely will next time. That may be from the monitoring side though on my switch, but for now all paths are pointing to the correct location.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...