Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Routing table supernet is incorrect

Has anyone seen this before.  The supernet shows up as a /24 and the new vlan 2 doesn't have a subnet assigned to it.

4506#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 1 subnets
C       10.128.66.0 is directly connected, Vlan2

C    192.168.1.0/24 is directly connected, Vlan1
C    192.168.3.0/24 is directly connected, Vlan10

We are running this on an old supervisor.  It may be an IOS bug issue but i'm not sure.

Thanks in advance.

22 REPLIES

Re: Routing table supernet is incorrect

Hi,

I think this is because the 4500 has a directly connected subnet 10.128.66.0/24

That's why the routing table shows that from the 10.0.0.0, there's a subnet with mask /24

If you happen to have another subnet from the 10.0.0.0 directly connected, say 10.126.1.0/27 then the routing table will show:

     10.0.0.0/8 is subnetted, 1 subnets
C       10.128.66.0/24 is directly connected, Vlan2

C       10.126.1.0/27 is directly connected, VlanX

Federico.

Hall of Fame Super Silver

Re: Routing table supernet is incorrect

Darren

I have not seen something like that before. Perhaps we could provide better answers if we knew more of what you are trying to do. Would it be possible that you could post relevant parts of the config (interface config, any route statements)?

I am puzzled by your statement that Vlan2 does not have a subnet assigned to it. The routing table shows that there is a /24 subnet associated with Vlan2

C       10.128.66.0 is directly connected, Vlan2

HTH

Rick

New Member

Re: Routing table supernet is incorrect

I am just creating a new VLAN and i'm having access issues.  The routing table only contains a default route. Below is adding 2 /24 but still the same supernet.

VLAN 2:

interface Vlan2
description USER_VLAN
ip address 10.128.66.1 255.255.255.0

ROUTING TABLE:
Gateway of last resort is 192.168.1.1 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 2 subnets
C       10.128.66.0 is directly connected, Vlan2
C       10.128.65.0 is directly connected, Vlan6
C    192.168.1.0/24 is directly connected, Vlan1
C    192.168.3.0/24 is directly connected, Vlan10
S*   0.0.0.0/0 [1/0] via 192.168.1.1

STATIC DEFAULT:
ip route 0.0.0.0 0.0.0.0 192.168.1.1

Thanks.

Re: Routing table supernet is incorrect

I might be wrong but I don't see any problem with this:

     10.0.0.0/24 is subnetted, 2 subnets
C       10.128.66.0 is directly connected, Vlan2
C       10.128.65.0 is directly connected, Vlan6

This is because there are two VLANs with mask /24, that's why you get the above output.

Does not matter there's no routes in the routing table, the 4500 will add the directly connected routes as soon as the interfaces are functional.

What I'm saying is that if you add another VLAN with a different mask i.e. /27 the output of the supernet will be different. I migth be wrong but give it a try if you can.

Federico.

New Member

Re: Routing table supernet is incorrect

I guess your right.

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.10.10.0/27 is directly connected, Vlan6
C       10.128.66.0/24 is directly connected, Vlan2
C    192.168.1.0/24 is directly connected, Vlan1
C    192.168.3.0/24 is directly connected, Vlan10
S*   0.0.0.0/0 [1/0] via 192.168.1.1

Ultimately i'm getting an error on my pix firewall stating that is doesn't have a route so this looked interesting.

110001: No route to 10.128.66.50 from 172.19.1.208

Re: Routing table supernet is incorrect

Ok, now the PIX does not have a way to reach 10.128.66.50?

If you check the routing table on the PIX is there a route to that IP? ''sh route''

If not, you need to check if the PIX and the 4500 share an IP subnet and include the proper route.

Federico.

Hall of Fame Super Silver

Re: Routing table supernet is incorrect

Darren

This additional information is helpful. So the problem is on your firewall and not on your switch.

Can you post the output of show route from the firewall?

HTH

Rick

Hall of Fame Super Silver

Re: Routing table supernet is incorrect

Darren

The routing table as you post it is saying that network 10.0.0.0 is subnetted with a single mask which is a /24. This agrees with the interface config that you posted.

If you are having access issues I do not see anything in the routing table that would create access issues. Can you tell us a bit more about what you are trying to do and what is not working?

If your access issue is a problem with a machine in one VLAN attempting to communicate with a machine in another VLAN then here are some steps I would suggest to troubleshoot the problem:

- do both of the machines show up in the ARP table? If not this is a problem and figure out why they are not in the ARP table.

- do the machines have the correct default gateway configured (which should be the VLAN interface address of the switch)?

- starting from one machine verify that

__ can it ping its own default gateway address (the VLAN address on the switch)?

__ can it ping the address of the other VLAN interface of the switch?

- can you verify that ip routing is enabled on the switch?

HTH

Rick

New Member

Re: Routing table supernet is incorrect

Ok the routing table looks good.  I have 2 machines at different locations that are trying to communicate but i'm having access issues.  I can ping between both machines but i'm unable to web or https.  The only thing i see is the firewall is stating no route which lead me to believe that there was a routing table issue.  I'll have to dig into it a bit more since i know all access lists allow access and i have a nonat in place.  Thank you both for responding.

Re: Routing table supernet is incorrect

If you can PING I don't think there's a routing issue.

However check the routing and permissions (ACLs) and also the NAT config.

If you need any more help let us know.

Federico.

Hall of Fame Super Silver

Re: Routing table supernet is incorrect

Darren

If I am understanding correctly you say that the 2 machines can ping each other. For that to happen it would seem that the PIX would have routes for both subnets. So I am puzzled at the error message on the PIX about no route to subnet.

If 2 machines can ping each other and can not run other applications, such as web, then my first instinct is to look for access list issues. If you check and verify that access lists are permitting the traffic, then my second instinct would be to look at translations and see if something is translated differently for ping or for web.

It also puzzles me what the topology is. Where are these machines and what do they connect to? I had been assuming that both of them are connected to your switch. But if they are connected to the switch then how does the PIX get into the traffic? Perhaps you can provide a better explanation of the topology?

HTH

Rick

New Member

Re: Routing table supernet is incorrect

Show route from the firewall is below.

506# sh route
        outside 0.0.0.0 0.0.0.0 192.168.2.2 1 OTHER static (System i'm trying to connect to and i'm able to ping)
        inside 10.128.66.0 255.255.255.0 192.168.1.6 1 OTHER static (Source system on 4506 switch)
        inside 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static
        outside 192.168.2.0 255.255.255.0 192.168.2.1 1 CONNECT static
        inside 192.168.3.0 255.255.255.0 192.168.1.6 1 OTHER static

access-list 102 line 60 permit ip 10.128.64.0 255.255.252.0 172.16.0.0 255.240.0.0 (IPSEC Tunnel Traffic)

access-list nonat line 27 permit ip 10.128.64.0 255.255.252.0 172.16.0.0 255.240.0.0 (nonat)

access-list outgoing line 37 permit tcp 10.128.64.0 255.255.252.0 any eq www (inside out traffic from source system)

Cisco Employee

Re: Routing table supernet is incorrect

Hello,

I would like just to confirm what has been said by other friends here. The output you have quoted is a Cisco-specific (and very confusing) way of telling you that all subnetworks of the major network (not a supernet!) 10.0.0.0/8 are currently having the same netmask of /24, so it is not necessary to indicate this mask to each and every subnet. As soon as you subnet the network using different netmasks, this output will be replaced by the line 10.0.0.0/8 is variably subnetted and the individual netmasks will be indicated along the subnets in further output.

Perhaps somebody though years ago that this is a fine way how to make a brief output - instead of indicating the same mask on each subnet of a major network (which was common during the classful ages), the subnet mask used to subnet the major network is indicated in the "headline". Nowadays, unfortunately, it is much more confusing than helpful.

Best regards,

Peter

New Member

Re: Routing table supernet is incorrect

Thanks Peter that is confusing but it now makes sense.

Output from the firewall and thanks for working with me on this guys.   I'm getting the output from the other firewall too.

Show route from the firewall is below.

506# sh route
        outside 0.0.0.0 0.0.0.0 192.168.2.2 1 OTHER static (System i'm trying to connect to and i'm able to ping)
        inside 10.128.66.0 255.255.255.0 192.168.1.6 1 OTHER static (Source system on 4506 switch)
        inside 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static
        outside 192.168.2.0 255.255.255.0 192.168.2.1 1 CONNECT static
        inside 192.168.3.0 255.255.255.0 192.168.1.6 1 OTHER static

access-list 102 line 60 permit ip 10.128.64.0 255.255.252.0 172.16.0.0 255.240.0.0 (IPSEC Tunnel Traffic)

access-list nonat line 27 permit ip 10.128.64.0 255.255.252.0 172.16.0.0 255.240.0.0 (nonat)

access-list outgoing line 37 permit tcp 10.128.64.0 255.255.252.0 any eq www (inside out traffic from source system)

nat (inside) 0 access-list nonat

Re: Routing table supernet is incorrect

You can PING because the PIX has the route:

     inside 10.128.66.0 255.255.255.0 192.168.1.6 1 OTHER static

Where 192.168.1.6 is the 4500 correct?

Which is the source IP that you're coming from? And to which interface on the PIX is connected (inside/outside)?

Federico.

New Member

Re: Routing table supernet is incorrect

Yes i can ping...the source address is 10.128.66.50 inside interface of the pix.

Re: Routing table supernet is incorrect

Now I'm confused as well with the topology :-)

Could you please include a simple drawing or explanation to check the path of the packets that we're interested in?

Federico.

New Member

Re: Routing table supernet is incorrect

the 4506 is on the 10.128.66.50 side....and the no route has come from the left firewall

110001: No route to 10.128.66.50 from 172.19.1.208

Thanks.

Hall of Fame Super Blue

Re: Routing table supernet is incorrect

Can you humour me and add this to the config on the left firewall -

static (inside,outside) 10.128.66.50 10.128.66.50 netmask 255.255.255.255

and then try again.

Jon

New Member

Re: Routing table supernet is incorrect

I tried that but it didn't work.  The weird thing is i'm able to access the same site on port 443.  All of my rules are ip based meaning i'm not limiting by port i just keep getting this 'no route' error.

No route to 10.128.66.50 from 172.19.1.208

10.128.66.50 is local

172.19.1.208 is a remote server

Thanks.

Hall of Fame Super Silver

Re: Routing table supernet is incorrect

Darren

Several times you have referred to 10.128.66.50 is local. But the switch config that you posted shows it as a subnet connected to the switch. And the route information from the PIX showed it as a routed subnet and not as a local subnet. Perhaps you can clarify where that address and the machine that has the address are located in the network?

HTH

Rick

New Member

Re: Routing table supernet is incorrect

Rick,

Sorry for being vague, but when i say local i mean a system that sits off of the inside interface of the firewall and is the initiator of the traffic.  The pix connects to the local 4560 switch and the 10.128.66.50 is directly connected to vlan 2 on that switch.

I'm able to ping 10.128.66.50 from the firewall too..just an FYI.

Thanks.

884
Views
0
Helpful
22
Replies