davidj_sdg
asked on
Null route on Cisco 3750G
I have a Cisco 3750G with an IP address of 10.0.0.254. This is configured as the default gateway for my workstations. The default route on the 3750G is a pix firewall with an inside address of 10.0.0.1. The problem I am running into is that we have a couple of multi-homed XP workstations. The two network interfaces are plugged into physically separate networks. One of the network interfaces is configured for the local network 10.0.0.0/24 with a default gateway of 10.0.0.254. The other interface is configured with a 10.1.0.x address with no gateway. For some reason broadcast traffic is passing to the interface that is connected to the 10.0.0.0/24 network. The 3750 attempts to route this traffic to the Pix. This floods the Pix's logs with dropped packets. I tried configuring a null route on the 3750 so it would drop traffic before it hits the Pix, but it still seems to be forwarding packets to the pix.
here is the routing portion of the 3750 config...
ip default-gateway 10.0.0.1
ip classless
ip route profile
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 10.1.0.0 255.255.255.0 null0
ip route 10.0.4.0 255.255.255.0 10.0.0.248
Any suggestions as to how to drop the traffic before it hits the pix firewall?
Regards,
David
here is the routing portion of the 3750 config...
ip default-gateway 10.0.0.1
ip classless
ip route profile
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 10.1.0.0 255.255.255.0 null0
ip route 10.0.4.0 255.255.255.0 10.0.0.248
Any suggestions as to how to drop the traffic before it hits the pix firewall?
Regards,
David
That's one of the hazards of dual-homing a system....
The broadcasts are coming out the 10.0.0.0 nic and not much you can do about it.
Disable that particular message from the PIX syslogs and you just won't see the messages about dropped packets. It's just going to drop them anyway.
The broadcasts are coming out the 10.0.0.0 nic and not much you can do about it.
Disable that particular message from the PIX syslogs and you just won't see the messages about dropped packets. It's just going to drop them anyway.
ASKER
jeffkell,
Here is the syslog message...
It looks like it is directing traffic to 10.1.0.230 on port 8000...
4 Jan 24 2007 08:59:28 106023 10.0.0.180 10.1.0.230 Deny tcp src inside:10.0.0.180/1763 dst outside:10.1.0.230/8000 by access-group "inside_access_in" [0x1f48f7d7, 0x0]
So should I be able to setup an ACL on the 3750 to block this before it hits the pix?
lrmoore,
yeah, unfortunately I am supporting a bunch of engineers in an R&D environment and they require multi-homed systems. If I disable that message in the pix syslogs, it will disable all dropped packets, correct? I would like to log dropped packets from other hosts, esp. on the outside interface. Any ideas?
DJ
Here is the syslog message...
It looks like it is directing traffic to 10.1.0.230 on port 8000...
4 Jan 24 2007 08:59:28 106023 10.0.0.180 10.1.0.230 Deny tcp src inside:10.0.0.180/1763 dst outside:10.1.0.230/8000 by access-group "inside_access_in" [0x1f48f7d7, 0x0]
So should I be able to setup an ACL on the 3750 to block this before it hits the pix?
lrmoore,
yeah, unfortunately I am supporting a bunch of engineers in an R&D environment and they require multi-homed systems. If I disable that message in the pix syslogs, it will disable all dropped packets, correct? I would like to log dropped packets from other hosts, esp. on the outside interface. Any ideas?
DJ
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah, 10.0.0.180 is the dual-homed host. I'll see if I can fix the glitch on that host...
DJ
DJ
If it is a 255.255.255.255 broadcast it shouldn't be forwarded unless you have a 'helper-address' configured.
If it is a 10.1.0.255 broadcast (network-specific) you should be able to block it with an ingress ACL.