Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1273
Views
0
Helpful
1
Replies

ICMP Type 5 Redirects.

kwoodworth
Level 1
Level 1

ā€Ž05-18-2012 04:38 PM - edited ā€Ž03-04-2019 04:24 PM

Recently had something come up with ICMP type 5 redirects and wondering if someone

might have an explanation as to why its happening.

A small corner of our network has a 3560G connected to Juniper MX.

There are various vlans on the 3560, which vlan 1 is on a /26 (I know, vlan 1 bad practice).

We recently turned up a test box from Calix (GPON) and connected it to a port in vlan 1. Its a regular

switchport/access so the connection between the Calix and switch is L2.

Vlan 1 has an IP: (for this we will use fake IP's) 10.2.2.2/26. A port on the 3560 (also an access port on vlan1) connects to

the MX, which has an IP: 10.2.2.1/26.

A customer agreed to test the Calix stuff out and we put in an ONT and assigned them a static IP from the /26,

10.2.2.15/26 and gave them the IP of vlan 1 on the switch, 10.2.2.2 to use as their GW.

They connected their end to an ASA and were having some difficulties with connectivity, where in our testing

we did not have any problem.

After a call or two with their techs, they said that they could see in their logs that they were blocking a lot of ICMP Type 5,

redirect traffic. Told them them to use the IP address of the MX, 10.2.2.1 as their gateway and things were fine.

So we labbed this up, ran tcpdump and wireshark and indeed we can see the switch is sending back ICMP

type 5 to the host saying it should use 10.2.2.1 as the gateway. As our host is not blocking type 5 it continues

on fine as its supposed to according to the RFC etc.

As the ASA was blocking type 5 they had problems, but why is the switch sending back ICMP redirects in

this scenario? Thanks for any info on this.

Labels:
0 Helpful
1 Reply 1

Kishore Chennupati
Level 7
Level 7

ā€Ž05-18-2012 07:03 PM

"They connected their end to an ASA and were having some difficulties with connectivity, where in our testing

we did not have any problem."

where is the ASA connected?

Can you provide a small  network diagram for this? ICMP redirects in your case would happen when your host device is trying to reach something out there which has a best path via the router and not the switch SVI .i.e meaning. in your case the testing maching or the host has a default GW of the  SVI on the switch but truely it should have been the router . Its like the swtich is telling your host device that do not use me but the use the router to reach the destination.  Does this help?

let me know if you want more informaitno

Regards, Kishore

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card