Solved

EASY CISCO: can't connect from/to remote subnet, even though ip default-gateway set correctly.

Posted on 2008-10-24
4
886 Views
Last Modified: 2012-06-27
I am completely stuck here.

We have a Catalyst 4506 with SupII+ running IOS 12.1(20r)EW1

I have set the ip default-gateway correctly, but cannot ping anything off the local subnet. What have i done wrong?

included below, running config and ping results.

the toplogy is :

this switch --- dist2 --- corerouter

The unit can connect to another lan if i enable a vlan interface, and assign an IP in the correct range, but it again won't pass anything through the gateway.


I have checked the gateway config, and it seems fine - we have other switches using it, and working ok.

I'm sure it's something silly i have missed.

Any pointers would be hugely appreciated.

W
#sh run
 

Building configuration...
 

Current configuration : 8655 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service compress-config

!

hostname XXXX_4506

!

boot-start-marker

boot-end-marker

!

enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/

!

no aaa new-model

clock summer-time UTC recurring last Sun Mar 1:00 last Sun Oct 2:00

ip subnet-zero

no ip domain-lookup

!

cluster run

!

!

!

power redundancy-mode redundant

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet1/1

 switchport trunk encapsulation dot1q

 switchport mode trunk

!

interface GigabitEthernet1/2

!

interface FastEthernet2/1

!

interface FastEthernet2/2

!

....

!

interface FastEthernet6/48

!

interface Vlan1

 no ip address

 no ip route-cache cef

 no ip route-cache

 shutdown

!

interface Vlan345

 description MANAGEMENT

 ip address 172.16.254.120 255.255.254.0

!

ip default-gateway 172.16.254.1

no ip http server

no ip http secure-server

!

!

!

!

control-plane

!

!

line con 0

 stopbits 1

line vty 0 4

 exec-timeout 720 0

 password XXXXXXX

 login

line vty 5 15

 no login

!

ntp server 10.10.0.1

end
 

XXXXX_4506#ping 172.16.254.1
 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.254.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

XXXXX_4506#ping 172.16.254.120
 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.254.120, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

XXXXX_4506#ping 172.16.20.1
 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

XXXXX_4506#ping 10.10.10.1
 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

XXXXX_4506#
 
 

XXXX_4506#sh ver

Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASEK9-M), Version 12.2(40)SG, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Wed 07-Nov-07 18:51 by prod_rel_team

Image text-base: 0x10000000, data-base: 0x117EBBE8
 

ROM: 12.1(20r)EW1

Dagobah Revision 95, Swamp Revision 3
 

XXXX_4506 uptime is 22 minutes

System returned to ROM by reload

System image file is "bootflash:"
 

cisco WS-C4506 (MPC8245) processor (revision 4) with 262144K bytes of memory.

Processor board ID 

MPC8245 CPU at 266Mhz, Supervisor II+

Last reset from Reload

2 Virtual Ethernet interfaces

240 FastEthernet interfaces

2 Gigabit Ethernet interfaces

511K bytes of non-volatile configuration memory.
 

Configuration register is 0x2101
 
 

XXXX_4506#sh int statu | inc Gi

Gi1/1                        connected    trunk        full   1000 1000BaseSX

Gi1/2                        notconnect   1            full   1000 1000BaseSX

Open in new window

0
Comment
Question by:Wibble_
4 Comments
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 22797710
First, is 172.16.254.1 a router that can reach these other networks?

Second, I've never used the default-gateway command on a layer-3 device before. Can you try a default route?

ip route 0.0.0.0 0.0.0.0 172.16.254.1

Should have the same result, but you never know.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22800006
Agree with Don
The default-gateway command is not a routing command and is only for access to the device itself for management.
So you need the ip route command to route packets from other interfaces
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22809005
First of all..   make sure you are configuring this as a L3 router, not a bridge.
Add this to your config:
ip routing

Once you have enabled IP routing,  "default-gateway"  is no longer meaningful.   Use a static route to establish your default gateway.

For example,  to use a metric of 254  (allowing your default to be overriden by a learned route, if you later enable a routing protocol):
ip route  0.0.0.0 0.0.0.0  172.16.254.1   254


Second, check  172.16.254.1
Can you ping this IP from your 4k?

If possible, login to 172.16.254.1, whatever that is   and try pinging 172.16.254.120   Make sure 172.16.254.120  will  accept traffic
you route to it.


0
 

Author Closing Comment

by:Wibble_
ID: 31509668
Thanks guys, donjonston and irmoore to the rescue again! Don beat you on this one though, Mr Moore.

I thought that the device would allow access to the first vlan in L2 mode via ip default-gateway.. I guess not!

Thanks again for your help.

W
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Internet Speed Test 5 70
Fiber Patch Panel 6 42
Resource cost of NAT vs routing 3 26
Network Switch Connections 8 30
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now