Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

two ip two gateway

one unix server have two adapter,so user config two ip and two default gateway,like 10.10.1.1/gw 10.10.1.254 and 10.10.2.1/gw 10.10.2.254.now,sometime some user access the unix,not ok.why.

if we delete 10.10.2.254 defaultgateway,other user can still ping 10.10.2.1.why.

8 REPLIES
Hall of Fame Super Silver

Re: two ip two gateway

Hello Qing,

>> if we delete 10.10.2.254 defaultgateway,other user can still ping 10.10.2.1.why.

if you delete default gateway 10.10.2.254 the gateway is still there and can reach it.

Proxy ARP can play a role on why the return traffic is successful verify on router interface if it is enabled with

sh ip interface type x/y

look for the Proxy ARP line and check if it says enabled.

About first question:

verify security configurations on the server itself.

Hope to help

Giuseppe

New Member

Re: two ip two gateway

thanks.

now,the unix define two ip and two default gateway.and the unix's root delete one gateway,like 10.10.2.254.

but the client can still ping 10.10.2.1.

the connection is unix server->switch(L2)->switch(L3).normal,if computer delete the default gateway,only the same subnet can ping it.other subnet can't ping it.

Hall of Fame Super Silver

Re: two ip two gateway

Hello Qing,

>> normal,if computer delete the default gateway,only the same subnet can ping it.other subnet can't ping it.

this depends on proxy-ARP settings on router device:

it means a device without a gateway tries to ARP for any ip address also out of local subnet and the router if proxy-ARP is enabled answers with its own MAC address if it knows how to reach the destination address.

in your case the unix box could do something similar allowing to reach ip 10.10.2.1 from the other subnet.

you should find out what path the packets do in both directions to understand why this happens.

Hope to help

Giuseppe

New Member

Re: two ip two gateway

thanks.

the unix box self ip is 10.10.1.1 and 10.10.2.1.the box connect l2-switch,one port is vlan 101,other port is vlan 102.L3-switch have define vlan 101 and 102.ip address is 10.10.1.254.and 10.10.2.254.check ip int vlan 101 and 102,Proxy ARP is disabled and Local Proxy ARP is disabled.

so if we delete unix's gateway 10.10.2.254.other user can still ping 10.10.2.1,the unix use the 10.10.1.254 default gateway to response the ping 10.10.2.1.it all right????

Re: two ip two gateway

you can do a tcpdump on your unix to see how it's responding to the pings.

New Member

Re: two ip two gateway

today,capture the icmp packet and telnet icmp.the result like this:

1:on the unix box,delete 10.10.2.254 default gateway,user can still ping 10.10.2.1,the 10.10.2.1 rechive the icmp echo,and reply is through the 10.10.1.1,so the request and relpy not the same path.the telnet action like ping.

if capture the flow of the 10.10.1.1 port,through sniffer,found the response packet mac add is 10.10.1.1 port adapter;but the ip add is 10.10.2.1.

so think the unix use ip forwarding to complete it.

Hall of Fame Super Silver

Re: two ip two gateway

Hello Qing,

so it is the unix box that answers back on interface with ip address 10.10.1.1 where it has its only default gateway.

source mac address has to be that of the outgoing NIC so what you see is correct.

Hope to help

Giuseppe

New Member

Re: two ip two gateway

thanks.

yes,it is correct.

but now how to resolve the problem,user not want 10.10.2.1 use the NIC(10.10.1.1) mac to communicate.on the switch,which way can prevent this happen?

thks.

247
Views
0
Helpful
8
Replies