We help IT Professionals succeed at work.

Null route on Cisco 3750G

1,708 Views
Last Modified: 2012-06-27
I have a Cisco 3750G with an IP address of 10.0.0.254.  This is configured as the default gateway for my workstations.  The default route on the 3750G is a pix firewall with an inside address of 10.0.0.1.  The problem I am running into is that we have a couple of multi-homed XP workstations.  The two network interfaces are plugged into physically separate networks.  One of the network interfaces is configured for the local network 10.0.0.0/24 with a default gateway of 10.0.0.254.  The other interface is configured with a 10.1.0.x address with no gateway.  For some reason broadcast traffic is passing to the interface that is connected to the 10.0.0.0/24 network.  The 3750 attempts to route this traffic to the Pix.  This floods the Pix's logs with dropped packets.  I tried configuring a null route on the 3750 so it would drop traffic before it hits the Pix, but it still seems to be forwarding packets to the pix.

here is the routing portion of the 3750 config...

ip default-gateway 10.0.0.1
ip classless
ip route profile
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 10.1.0.0 255.255.255.0 null0
ip route 10.0.4.0 255.255.255.0 10.0.0.248

Any suggestions as to how to drop the traffic before it hits the pix firewall?

Regards,

David
Comment
Watch Question

Commented:
What sort of broadcast traffic are you seeing exactly?  (source and destination protocol and ports)

If it is a 255.255.255.255 broadcast it shouldn't be forwarded unless you have a 'helper-address' configured.

If it is a 10.1.0.255 broadcast (network-specific) you should be able to block it with an ingress ACL.
Les MooreSystems Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
That's one of the hazards of dual-homing a system....
The broadcasts are coming out the 10.0.0.0 nic and not much you can do about it.
Disable that particular message from the PIX syslogs and you just won't see the messages about dropped packets. It's just going to drop them anyway.

Author

Commented:
jeffkell,

Here is the syslog message...

It looks like it is directing traffic to 10.1.0.230 on port 8000...

4      Jan 24 2007      08:59:28      106023      10.0.0.180      10.1.0.230       Deny tcp src inside:10.0.0.180/1763 dst outside:10.1.0.230/8000 by access-group "inside_access_in" [0x1f48f7d7, 0x0]

So should I be able to setup an ACL on the 3750 to block this before it hits the pix?

lrmoore,
yeah, unfortunately I am supporting a bunch of engineers in an R&D environment and they require multi-homed systems.  If I disable that message in the pix syslogs, it will disable all dropped packets, correct?  I would like to log dropped packets from other hosts, esp. on the outside interface.  Any ideas?

DJ
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Les MooreSystems Architect
CERTIFIED EXPERT
Top Expert 2008
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Yeah, 10.0.0.180 is the dual-homed host.  I'll see if I can fix the glitch on that host...

DJ
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.