Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 829
  • Last Modified:

Cisco routing - All internet traffic goes out the ASA and DSL

Problem:

The Router and switch cannot traceroute to the ASA or the DSL attached to the ASA.


I have a single remote site with IP addresses 192.168.5.x and 10.5.0.x
That site has one router, one switch, one ASA, T1 and a DSL

Router IP - 192.168.5.1
Switch IP - 10.5.0.1
ASA Inside IP - 192.168.5.253
ASA Outside IP - 71.36.111.111

The ASA can traceroute 4.2.2.1 to the DSL internet 4.2.2.1 with no problems.
The ASA can traceroute to the local switch's IP, which it is connected to with no problems.
The ASA can traceroute to the local router's IP with no problems.

The Switch can traceroute to the internet though the router and out the T1, and not the DSL, as it should.
The Switch can traceroute to the local Switch with no problems.
The Switch cannot traceroute to the ASA internal IP, which is directly connected to the switch.
The Switch can traceroute to the ASA outside IP, going though the T1.
The Switch can ping the ASA.

The Router can traceroute to the internet though the T1 but not the DSL, as it should.
The Router can traceroute to the switch with no problems.
The Router cannot traceroute to the ASA internal IP, which is directly connected to the switch.
The Router can traceroute to the ASA outside IP, going though the T1.
The Router can ping the ASA.

------------------------------------------------------------

Switch configuration for routing:

!
router eigrp 100
 no auto-summary
 network 10.0.0.0
 network 192.168.5.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.5.253 track 1
ip route 10.2.0.0 255.255.0.0 192.168.5.253 250
ip route ASA Outside IP 255.255.255.255 192.168.5.253 250
ip route 192.168.2.0 255.255.255.0 192.168.5.253 250

------------------------------------------------------------

Router configuration for routing:

router eigrp 100
 no auto-summary
 network 10.0.0.0
 network 192.168.5.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.5.253 track 1
ip route 10.2.0.0 255.255.0.0 192.168.5.253 250
ip route ASA Outside IP 255.255.255.255 192.168.5.253 250
ip route 192.168.2.0 255.255.255.0 192.168.5.253 250
ip http server

------------------------------------------------------------

*** Thoughts ***

Prior to this configuration, there was no ASA and attached DSL. It seems the router and switch don't see the change. I thought I was fighting EIGRP, and cleared the cache but that didn't change anything.


Routing Experts, do you have a suggestion?           Switch.txt Router.txt
0
Glenn M
Asked:
Glenn M
  • 33
  • 14
  • 12
  • +2
1 Solution
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Please find the Attached config files.
0
 
rfc1180Commented:
config for the ASA?
0
 
rfc1180Commented:
Also, it looks like the router.txt is the switch.txt
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
Glenn MSystems Engineer / ManagerAuthor Commented:
0
 
rfc1180Commented:
going off the top of my head try(Note some commands might be for a PIX:

policy-map global_policy
class class-default
set connection decrement-ttl


icmp unreachable rate-limit 10 burst-size 5

management-access inside
icmp permit any echo inside

Possibly with some tunning with your configs:

access-list internal-out permit icmp any any echo-reply
access-list internal-out permit icmp any any time-exceeded
access-list internal-out permit icmp any any unreachable
access-group internal-out in interface outside
0
 
lanboyoCommented:
Bit confused, It looks like all of the vlan interfaces on the switches and routers have the same IP addresses. Which is a problem.



So the ASA is probably having spoofing complaints.


Assuming that the switch does not actually have the same IP as the router, the default route here will never be published to eigrp because there is no default routing originate statement. But don't put that in until you know what is going on with the IP addresses.

Please help us out by giving us  the router configuration.

Also I can't see what the static route is tracking, or where the t-1 you are talking about is.
0
 
piersonmCommented:
Question: In the ASA config, did you mean to assign the inside interface to VLAN 1 and not VLAN 192. Also not sure which port you have connected on the ASA to the switch.  The switch side config shows port F0/24
0
 
rfc1180Commented:
>: In the ASA config, did you mean to assign the inside interface to VLAN 1 and not VLAN 192

fast0/24 is not trunked, so the vlan on the ASA can be any vlan as the frames leaving the switchport is untagged anyway.

Billy
0
 
piersonmCommented:
then i guess you shouldn't need vlan's on the ASA at all.
0
 
rfc1180Commented:
>then i guess you shouldn't need vlan's on the ASA at all.
Agreed, but utilizing SVI's is a scalable solution.
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
@ lanboyo: Router Config can be found above.

@ piersonm and piersonm: So do we agree the vlans are configured in an acceptable level?

I have this configured at another remote site, and it works great. I even copied the configs from the remote site and applied them to this side, changed the IP's and etc, and I still have the same results.

Somehow, I have something configured incorrectly OR I think I am fighting EIGRP.

Thoughts?
0
 
piersonmCommented:
Yes we agree on the vlans
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
What would be our next action here?
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Here is the IP route information:


Gateway of last resort is 10.254.254.9 to network 0.0.0.0

     70.0.0.0/32 is subnetted, 1 subnets
D EX    70.167.110.66 [170/2172928] via 10.254.254.9, 1w5d, Serial0/3/0
D    192.168.8.0/24 [90/3205120] via 10.254.254.9, 1w2d, Serial0/3/0
     65.0.0.0/32 is subnetted, 1 subnets
D EX    65.206.167.178 [170/2172928] via 10.254.254.9, 1w5d, Serial0/3/0
D EX 192.168.40.0/24 [170/2170368] via 10.254.254.9, 1w5d, Serial0/3/0
     172.16.0.0/24 is subnetted, 1 subnets
D EX    172.16.30.0 [170/2172928] via 10.254.254.9, 1w5d, Serial0/3/0
     172.28.0.0/32 is subnetted, 5 subnets
D EX    172.28.19.50 [170/2172928] via 10.254.254.9, 1w5d, Serial0/3/0
D EX    172.28.19.12 [170/2172928] via 10.254.254.9, 1w5d, Serial0/3/0
D EX    172.28.19.22 [170/2172928] via 10.254.254.9, 1w5d, Serial0/3/0
D EX    172.28.19.21 [170/2172928] via 10.254.254.9, 1w5d, Serial0/3/0
D EX    172.28.19.20 [170/2172928] via 10.254.254.9, 1w5d, Serial0/3/0
D    192.168.4.0/24 [90/2693120] via 10.254.254.9, 1w5d, Serial0/3/0
C    192.168.5.0/24 is directly connected, FastEthernet0/0.192
     10.0.0.0/8 is variably subnetted, 31 subnets, 4 masks
D EX    10.8.2.0/24 [170/2172928] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.6.12.0/22 [90/2693376] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.2.8.0/22 [90/2170368] via 10.254.254.9, 1w5d, Serial0/3/0
C       10.254.254.8/30 is directly connected, Serial0/3/0
D       10.9.0.0/22 [90/2693120] via 10.254.254.9, 1d15h, Serial0/3/0
D       10.6.8.0/22 [90/2693376] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.2.12.0/22 [90/2170368] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.254.254.12/30 [90/2690560] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.9.4.0/22 [90/2693120] via 10.254.254.9, 1d15h, Serial0/3/0
D       10.6.4.0/22 [90/2693120] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.2.0.0/22 [90/2170112] via 10.254.254.9, 1w5d, Serial0/3/0
S       10.2.0.0/16 [250/0] via 192.168.5.253
D       10.7.4.0/22 [90/3205120] via 10.254.254.9, 1w2d, Serial0/3/0
D       10.3.0.0/16 [90/2693120] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.254.254.0/30 [90/2690560] via 10.254.254.9, 1w5d, Serial0/3/0
D EX    10.250.250.0/24 [170/2170368] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.9.8.0/22 [90/2693376] via 10.254.254.9, 1d15h, Serial0/3/0
C       10.5.4.0/22 is directly connected, FastEthernet0/0.2
D       10.6.0.0/22 [90/2693120] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.2.4.0/22 [90/2170368] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.7.0.0/22 [90/3205120] via 10.254.254.9, 1w2d, Serial0/3/0
D       10.254.254.4/30 [90/2690560] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.4.0.0/16 [90/2693120] via 10.254.254.9, 1w5d, Serial0/3/0
C       10.5.0.0/22 is directly connected, FastEthernet0/0.1
D       10.254.254.24/30 [90/2693120] via 10.254.254.9, 01:27:26, Serial0/3/0
D       10.9.16.0/22 [90/2693376] via 10.254.254.9, 1d15h, Serial0/3/0
D       10.2.16.0/22 [90/2170368] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.254.254.16/30 [90/3202560] via 10.254.254.9, 1w2d, Serial0/3/0
D       10.2.20.0/22 [90/2170368] via 10.254.254.9, 1w5d, Serial0/3/0
D       10.254.254.20/30 [90/2690560] via 10.254.254.9, 1d15h, Serial0/3/0
D       10.2.252.0/22 [90/2170368] via 10.254.254.9, 1w5d, Serial0/3/0
D    192.168.6.0/24 [90/2693120] via 10.254.254.9, 1w5d, Serial0/3/0
D    192.168.2.0/24 [90/2170368] via 10.254.254.9, 1w5d, Serial0/3/0
D    192.168.3.0/24 [90/2693120] via 10.254.254.9, 1d15h, Serial0/3/0
D*EX 0.0.0.0/0 [170/2172928] via 10.254.254.9, 1d00h, Serial0/3/0
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Additional info:

sw1.mdf.cool#sho ip eigrp neighbors
EIGRP-IPv4:(100) neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
3   192.168.5.253           Vl192             14 2d19h       1   200  0  213
2   10.5.4.2                Vl2               12 1w3d        1   200  0  69096
1   10.5.0.2                Vl1               12 1w3d        1   200  0  69094
0   192.168.5.254           Vl192             12 1w3d        1   200  0  69095
0
 
rfc1180Commented:
>The Router and switch cannot traceroute to the ASA or the DSL attached to the ASA.
this is your main concern no?

>The Switch cannot traceroute to the ASA internal IP, which is directly connected to the switch
>The Router cannot traceroute to the ASA internal IP, which is directly connected to the switch.

More than likely you do not have these commands:

management-access inside
icmp permit any echo inside

>The Router can traceroute to the ASA outside IP, going though the T1.
>The Switch can traceroute to the ASA outside IP, going though the T1.
This is becuase of 'D*EX 0.0.0.0/0 [170/2172928] via 10.254.254.9, 1d00h, Serial0/3/0 '

On the ASA:
router eigrp 100
 network 192.168.5.0 255.255.255.0
 network 71.36.111.111 255.255.255.255
 passive-interface default
 no passive-interface interface Vlan1

You might also need:

policy-map global_policy
class class-default
set connection decrement-ttl

This will allow the decrementation of the TTL through the ASA


Billy
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
@ rfc1180:

Where would these two commands need to be on; the ASA, Router or Switch?
management-access inside
icmp permit any echo inside

and

policy-map global_policy
class class-default
set connection decrement-ttl
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
@ rfc1180

I don't see where the following line is used:

"This is becuase of 'D*EX 0.0.0.0/0 [170/2172928] via 10.254.254.9, 1d00h, Serial0/3/0 '"

Where is this used at?

0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Nevermind that last post, I see it now, in the EIGRP report.
0
 
rfc1180Commented:
>Where would these two commands need to be on; the ASA, Router or Switch?
on the ASA
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
@ rfc1180

Those commands are present, no resolution yet,
0
 
rfc1180Commented:
Are you specifing a source interface of the interface that the ICMP is leaving on when you are trying to ICMP or traceroute from?
They are directly connected and if those commands are installed, it should work.
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Maybe I am chasing my tail with the Traceroute, but at this point I would be happy as to figure out how to get all devices that are connected to the switch to use the DSL for internet traffic instead of routing to the T1.
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Please see the attached network diagram to help out here:
network-Diagram.jpg
0
 
asavenerCommented:
On the 2801, add a static route that points to the local ASA.

ip route 0.0.0.0 0.0.0.0 192.168.5.253
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
@ Asavener

It alread has the following line:

!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.5.253 250
ip route 10.2.0.0 255.255.0.0 192.168.5.253 250
ip route 192.168.2.0 255.255.255.0 192.168.5.253 250
!


Please advise
0
 
asavenerCommented:
Can you provide "show ip route" output from the switch, as well as a traceroute to 4.2.2.2?
0
 
rfc1180Commented:
Merrell, the line is in there; however the metric is higher, you need to remove the line with the higher metric and add the route:

no ip route 0.0.0.0 0.0.0.0 192.168.5.253 250
ip route 0.0.0.0 0.0.0.0 192.168.5.253
0
 
asavenerCommented:
Good catch.
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Testing...
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
When I changed it to: ip route 0.0.0.0 0.0.0.0 192.168.5.253

All tracerouting was unable to get out past the the router (10.5.0.2) itself.
All clients when tracert to 4.2.2.1 stop at 192.168.5.1, and don't get past it.

All clients with they ping 4.2.2.1, stop at 192.168.5.1

Please advise.

0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
do you want a fresh set of configs from the Router, Switch and ASA?
0
 
rfc1180Commented:
hwo about showing the traceroutes, we can not assist unless we see what is going on.
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
from Clients or the Cisco Devices?
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
From 10.5.0.1:

traceroute 4.2.2.2

Type escape sequence to abort.
Tracing the route to 4.2.2.2

  1 192.168.5.254 0 msec
    10.5.0.2 0 msec
    10.5.4.2 0 msec
  2 10.254.254.9 8 msec 9 msec 8 msec
  3 10.2.0.1 9 msec 8 msec 8 msec
  4 69.71.188.177 9 msec 8 msec 9 msec
  5 172.18.1.177 8 msec 8 msec 9 msec
  6 172.18.1.201 8 msec 9 msec 8 msec
  7 172.18.1.193 17 msec 8 msec 8 msec
  8 69.71.188.1 17 msec 17 msec 8 msec
  9 68.170.38.197 42 msec 42 msec 33 msec
 10 66.62.168.213 42 msec 59 msec 42 msec
 11 66.62.2.197 42 msec 50 msec 42 msec
 12 66.62.3.106 34 msec 92 msec 50 msec
 13 66.62.7.195 34 msec 42 msec 34 msec
 14 4.53.2.25 50 msec 59 msec 42 msec
 15 4.69.147.77 58 msec 51 msec 42 msec
 16 4.69.132.106 75 msec 67 msec 51 msec
 17 4.69.151.153 58 msec
    4.69.151.141 101 msec
    4.69.151.153 84 msec
 18 4.69.145.131 59 msec
    4.69.145.67 50 msec
    4.69.145.131 75 msec
 19 4.2.2.2 51 msec 75 msec 59 msec
sw1.mdf.cool.slfhc#


From 10.5.0.2

vg1.mdf.cool.slfhc#traceroute 4.2.2.2

Type escape sequence to abort.
Tracing the route to 4.2.2.2

  1 10.254.254.9 4 msec 4 msec 4 msec
  2 10.2.0.1 4 msec 12 msec 8 msec
  3 69.71.188.177 4 msec 4 msec 4 msec
  4 172.18.1.177 4 msec 12 msec 4 msec
  5 172.18.1.201 4 msec 4 msec 8 msec
  6 172.18.1.193 12 msec 8 msec 12 msec
  7 69.71.188.1 8 msec 12 msec 8 msec
  8 68.170.38.197 36 msec 40 msec 32 msec
  9 66.62.168.213 48 msec 36 msec 36 msec
 10 66.62.2.197 36 msec 36 msec 36 msec
 11 66.62.3.106 36 msec 36 msec 40 msec
 12 66.62.7.195 36 msec 32 msec 36 msec
 13 4.53.2.25 40 msec 36 msec 36 msec
 14 4.69.147.77 44 msec 52 msec 52 msec
 15 4.69.132.106 52 msec 64 msec 68 msec
 16 4.69.151.165 56 msec 52 msec
    4.69.151.129 48 msec
 17 4.69.145.195 52 msec 52 msec
    4.69.145.3 68 msec
 18 4.2.2.2 48 msec 52 msec 48 msec
vg1.mdf.cool.slfhc#


From the ASA - 192.168.5.253

sa-mdf-Cool> traceroute 4.2.2.2  

Type escape sequence to abort.
Tracing the route to 4.2.2.2

 1  71.36.174.238 0 msec 0 msec 0 msec
 2  67.40.227.204 50 msec 40 msec 40 msec
 3  216.160.199.89 40 msec 40 msec 40 msec
 4  67.14.22.78 50 msec 60 msec 50 msec
 5  63.146.27.34 50 msec 60 msec 50 msec
 6  4.69.144.131 50 msec
    4.69.144.195 50 msec
    4.69.144.3 50 msec
 7  4.2.2.2 50 msec 60 msec 50 msec
asa-mdf-Cool>

0
 
rfc1180Commented:
so it is the problem; I see the traceroutes working
0
 
rfc1180Commented:
so what is the problem, I mean
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Router and Switch route out to the T1 for Internet connectivity. Therefore the windows PC's that are connected to the switch route out the T1 for Internet connectivity.

The ASA is connected to the DSL.

I want all desktops to route out the ASA/DSL for internet connectivity ( IP ROUTE 0.0.0.0 0.0.0.0 192.168.5.253 )


0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
@  ASAVENER: "Can you provide "show ip route" output from the switch, as well as a traceroute to 4.2.2.2? "

sho ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.5.253 to network 0.0.0.0

     70.0.0.0/32 is subnetted, 1 subnets
D EX    70.167.110.66 [170/2173184] via 192.168.5.254, 1w6d, Vlan192
                      [170/2173184] via 10.5.4.2, 1w6d, Vlan2
                      [170/2173184] via 10.5.0.2, 1w6d, Vlan1
     71.0.0.0/32 is subnetted, 1 subnets
S       71.36.174.238 [1/0] via 192.168.5.253
D    192.168.8.0/24 [90/3205376] via 192.168.5.254, 4d14h, Vlan192
                    [90/3205376] via 10.5.4.2, 4d14h, Vlan2
                    [90/3205376] via 10.5.0.2, 4d14h, Vlan1
     65.0.0.0/32 is subnetted, 1 subnets
D EX    65.206.167.178 [170/2173184] via 192.168.5.254, 1w6d, Vlan192
                       [170/2173184] via 10.5.4.2, 1w6d, Vlan2
                       [170/2173184] via 10.5.0.2, 1w6d, Vlan1
D EX 192.168.40.0/24 [170/2170624] via 192.168.5.254, 1w6d, Vlan192
                     [170/2170624] via 10.5.4.2, 1w6d, Vlan2
                     [170/2170624] via 10.5.0.2, 1w6d, Vlan1
     172.16.0.0/24 is subnetted, 1 subnets
D EX    172.16.30.0 [170/2173184] via 192.168.5.254, 1w6d, Vlan192
                    [170/2173184] via 10.5.4.2, 1w6d, Vlan2
                    [170/2173184] via 10.5.0.2, 1w6d, Vlan1
     172.28.0.0/32 is subnetted, 5 subnets
D EX    172.28.19.50 [170/2173184] via 192.168.5.254, 1w6d, Vlan192
                     [170/2173184] via 10.5.4.2, 1w6d, Vlan2
                     [170/2173184] via 10.5.0.2, 1w6d, Vlan1
D EX    172.28.19.12 [170/2173184] via 192.168.5.254, 1w6d, Vlan192
                     [170/2173184] via 10.5.4.2, 1w6d, Vlan2
                     [170/2173184] via 10.5.0.2, 1w6d, Vlan1
D EX    172.28.19.22 [170/2173184] via 192.168.5.254, 1w6d, Vlan192
                     [170/2173184] via 10.5.4.2, 1w6d, Vlan2
                     [170/2173184] via 10.5.0.2, 1w6d, Vlan1
D EX    172.28.19.21 [170/2173184] via 192.168.5.254, 1w6d, Vlan192
                     [170/2173184] via 10.5.4.2, 1w6d, Vlan2
                     [170/2173184] via 10.5.0.2, 1w6d, Vlan1
D EX    172.28.19.20 [170/2173184] via 192.168.5.254, 1w6d, Vlan192
                     [170/2173184] via 10.5.4.2, 1w6d, Vlan2
                     [170/2173184] via 10.5.0.2, 1w6d, Vlan1
D    192.168.4.0/24 [90/2693376] via 192.168.5.254, 1w6d, Vlan192
                    [90/2693376] via 10.5.4.2, 1w6d, Vlan2
                    [90/2693376] via 10.5.0.2, 1w6d, Vlan1
C    192.168.5.0/24 is directly connected, Vlan192
     10.0.0.0/8 is variably subnetted, 31 subnets, 4 masks
D EX    10.8.2.0/24 [170/2173184] via 192.168.5.254, 1w6d, Vlan192
                    [170/2173184] via 10.5.4.2, 1w6d, Vlan2
                    [170/2173184] via 10.5.0.2, 1w6d, Vlan1
D       10.6.12.0/22 [90/2693632] via 192.168.5.254, 1w6d, Vlan192
                     [90/2693632] via 10.5.4.2, 1w6d, Vlan2
                     [90/2693632] via 10.5.0.2, 1w6d, Vlan1
D       10.2.8.0/22 [90/2170624] via 192.168.5.254, 1w6d, Vlan192
                    [90/2170624] via 10.5.4.2, 1w6d, Vlan2
                    [90/2170624] via 10.5.0.2, 1w6d, Vlan1
D       10.254.254.8/30 [90/2170112] via 192.168.5.254, 1w6d, Vlan192
                        [90/2170112] via 10.5.4.2, 1w6d, Vlan2
                        [90/2170112] via 10.5.0.2, 1w6d, Vlan1
D       10.9.0.0/22 [90/2693376] via 192.168.5.254, 1w6d, Vlan192
                    [90/2693376] via 10.5.4.2, 1w6d, Vlan2
                    [90/2693376] via 10.5.0.2, 1w6d, Vlan1
D       10.6.8.0/22 [90/2693632] via 192.168.5.254, 1w6d, Vlan192
                    [90/2693632] via 10.5.4.2, 1w6d, Vlan2
                    [90/2693632] via 10.5.0.2, 1w6d, Vlan1
D       10.2.12.0/22 [90/2170624] via 192.168.5.254, 1w6d, Vlan192
                     [90/2170624] via 10.5.4.2, 1w6d, Vlan2
                     [90/2170624] via 10.5.0.2, 1w6d, Vlan1
D       10.254.254.12/30 [90/2690816] via 192.168.5.254, 1w6d, Vlan192
                         [90/2690816] via 10.5.4.2, 1w6d, Vlan2
                         [90/2690816] via 10.5.0.2, 1w6d, Vlan1
D       10.9.4.0/22 [90/2693376] via 192.168.5.254, 1w6d, Vlan192
                    [90/2693376] via 10.5.4.2, 1w6d, Vlan2
                    [90/2693376] via 10.5.0.2, 1w6d, Vlan1
D       10.6.4.0/22 [90/2693376] via 192.168.5.254, 1w6d, Vlan192
                    [90/2693376] via 10.5.4.2, 1w6d, Vlan2
                    [90/2693376] via 10.5.0.2, 1w6d, Vlan1
D       10.2.0.0/22 [90/2170368] via 192.168.5.254, 1w6d, Vlan192
                    [90/2170368] via 10.5.4.2, 1w6d, Vlan2
                    [90/2170368] via 10.5.0.2, 1w6d, Vlan1
S       10.2.0.0/16 [250/0] via 192.168.5.253
D       10.7.4.0/22 [90/3205376] via 192.168.5.254, 4d14h, Vlan192
                    [90/3205376] via 10.5.4.2, 4d14h, Vlan2
                    [90/3205376] via 10.5.0.2, 4d14h, Vlan1
D       10.3.0.0/16 [90/2693376] via 192.168.5.254, 1w6d, Vlan192
                    [90/2693376] via 10.5.4.2, 1w6d, Vlan2
                    [90/2693376] via 10.5.0.2, 1w6d, Vlan1
D       10.254.254.0/30 [90/2690816] via 192.168.5.254, 1w6d, Vlan192
                        [90/2690816] via 10.5.4.2, 1w6d, Vlan2
                        [90/2690816] via 10.5.0.2, 1w6d, Vlan1
D EX    10.250.250.0/24 [170/2170624] via 192.168.5.254, 1w6d, Vlan192
                        [170/2170624] via 10.5.4.2, 1w6d, Vlan2
                        [170/2170624] via 10.5.0.2, 1w6d, Vlan1
D       10.9.8.0/22 [90/2693632] via 192.168.5.254, 1w6d, Vlan192
                    [90/2693632] via 10.5.4.2, 1w6d, Vlan2
                    [90/2693632] via 10.5.0.2, 1w6d, Vlan1
C       10.5.4.0/22 is directly connected, Vlan2
D       10.6.0.0/22 [90/2693376] via 192.168.5.254, 1w6d, Vlan192
                    [90/2693376] via 10.5.4.2, 1w6d, Vlan2
                    [90/2693376] via 10.5.0.2, 1w6d, Vlan1
D       10.2.4.0/22 [90/2170624] via 192.168.5.254, 1w6d, Vlan192
                    [90/2170624] via 10.5.4.2, 1w6d, Vlan2
                    [90/2170624] via 10.5.0.2, 1w6d, Vlan1
D       10.7.0.0/22 [90/3205376] via 192.168.5.254, 4d14h, Vlan192
                    [90/3205376] via 10.5.4.2, 4d14h, Vlan2
                    [90/3205376] via 10.5.0.2, 4d14h, Vlan1
D       10.254.254.4/30 [90/2690816] via 192.168.5.254, 1w6d, Vlan192
                        [90/2690816] via 10.5.4.2, 1w6d, Vlan2
                        [90/2690816] via 10.5.0.2, 1w6d, Vlan1
D       10.4.0.0/16 [90/2693376] via 192.168.5.254, 1w6d, Vlan192
                    [90/2693376] via 10.5.4.2, 1w6d, Vlan2
                    [90/2693376] via 10.5.0.2, 1w6d, Vlan1
C       10.5.0.0/22 is directly connected, Vlan1
D       10.254.254.24/30 [90/2693376] via 192.168.5.254, 02:32:04, Vlan192
                         [90/2693376] via 10.5.4.2, 02:32:04, Vlan2
                         [90/2693376] via 10.5.0.2, 02:32:04, Vlan1
D       10.9.16.0/22 [90/2693632] via 192.168.5.254, 1w6d, Vlan192
                     [90/2693632] via 10.5.4.2, 1w6d, Vlan2
                     [90/2693632] via 10.5.0.2, 1w6d, Vlan1
D       10.2.16.0/22 [90/2170624] via 192.168.5.254, 1w6d, Vlan192
                     [90/2170624] via 10.5.4.2, 1w6d, Vlan2
                     [90/2170624] via 10.5.0.2, 1w6d, Vlan1
D       10.254.254.16/30 [90/3202816] via 192.168.5.254, 4d14h, Vlan192
                         [90/3202816] via 10.5.4.2, 4d14h, Vlan2
                         [90/3202816] via 10.5.0.2, 4d14h, Vlan1
D       10.2.20.0/22 [90/2170624] via 192.168.5.254, 1w6d, Vlan192
                     [90/2170624] via 10.5.4.2, 1w6d, Vlan2
                     [90/2170624] via 10.5.0.2, 1w6d, Vlan1
D       10.254.254.20/30 [90/2690816] via 192.168.5.254, 1w6d, Vlan192
                         [90/2690816] via 10.5.4.2, 1w6d, Vlan2
                         [90/2690816] via 10.5.0.2, 1w6d, Vlan1
D       10.2.252.0/22 [90/2170624] via 192.168.5.254, 1w6d, Vlan192
                      [90/2170624] via 10.5.4.2, 1w6d, Vlan2
                      [90/2170624] via 10.5.0.2, 1w6d, Vlan1
D    192.168.6.0/24 [90/2693376] via 192.168.5.254, 1w6d, Vlan192
                    [90/2693376] via 10.5.4.2, 1w6d, Vlan2
                    [90/2693376] via 10.5.0.2, 1w6d, Vlan1
D    192.168.2.0/24 [90/2170624] via 192.168.5.254, 1w6d, Vlan192
                    [90/2170624] via 10.5.4.2, 1w6d, Vlan2
                    [90/2170624] via 10.5.0.2, 1w6d, Vlan1
D    192.168.3.0/24 [90/2693376] via 192.168.5.254, 1w6d, Vlan192
                    [90/2693376] via 10.5.4.2, 1w6d, Vlan2
                    [90/2693376] via 10.5.0.2, 1w6d, Vlan1
S*   0.0.0.0/0 [1/0] via 192.168.5.253
0
 
asavenerCommented:
"192.168.5.254"

What is this address?

On each of your 10.5.0.x interfaces, please execute the command, "no ip proxy arp"
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
on the Router, the config is:

interface FastEthernet0/0.192
 encapsulation dot1Q 192
 ip address 192.168.5.254 255.255.255.0

0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Please confirm the command and where you want this performed at:



vg1.mdf.cool.slfhc#no ip proxy arp
                      ^
% Invalid input detected at '^' marker.




sw1.mdf.cool.slfhc#no ip proxy arp
                         ^
% Invalid input detected at '^' marker
0
 
asavenerCommented:
It's an interface-level command.

config t
interface name_of_192.168.5.254_interface
no ip proxy arp
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
@ asavener

Task completed, no change but what should I be performing in order to test this change?
0
 
asavenerCommented:
Can you show a traceroute from 10.5.0.1 and its routing table?
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
10.5.0.1 - being the switch:

Tracing the route to 4.2.2.1

  1 192.168.5.254 0 msec
    10.5.0.2 0 msec
    10.5.4.2 0 msec
  2 10.254.254.9 9 msec 8 msec 8 msec
  3 10.2.0.1 17 msec 0 msec 8 msec
  4 69.71.188.177 9 msec 8 msec 9 msec
  5 172.18.1.177 8 msec 8 msec 9 msec
  6 172.18.1.201 8 msec 9 msec 16 msec
  7 172.18.1.193 9 msec 8 msec 9 msec
  8 69.71.188.1 16 msec 9 msec 8 msec
  9 68.170.38.197 42 msec 34 msec 42 msec
 10 66.62.168.213 41 msec 34 msec 42 msec
 11 66.62.2.197 34 msec 41 msec 59 msec
 12 66.62.2.173 34 msec 50 msec 34 msec
 13 4.53.2.25 42 msec 33 msec 42 msec
 14 4.69.147.77 42 msec 42 msec 59 msec
 15 4.69.132.106 50 msec 51 msec 50 msec
 16 4.69.151.129 1955 msec
    4.69.151.153 59 msec 50 msec
 17 4.69.145.67 50 msec
    4.69.145.195 67 msec
    4.69.145.131 51 msec
 18 4.2.2.1 67 msec 50 msec 59 msec
sw1.mdf.cool.slfhc#

-----------------------------


sw1.mdf.cool.slfhc#sho ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.5.254 to network 0.0.0.0

     70.0.0.0/32 is subnetted, 1 subnets
D EX    70.167.110.66 [170/2173184] via 192.168.5.254, 13:54:12, Vlan192
                      [170/2173184] via 10.5.4.2, 13:54:12, Vlan2
                      [170/2173184] via 10.5.0.2, 13:54:12, Vlan1
     71.0.0.0/32 is subnetted, 1 subnets
S       71.36.174.238 [1/0] via 192.168.5.253
D    192.168.8.0/24 [90/3205376] via 192.168.5.254, 1w0d, Vlan192
                    [90/3205376] via 10.5.4.2, 1w0d, Vlan2
                    [90/3205376] via 10.5.0.2, 1w0d, Vlan1
     65.0.0.0/32 is subnetted, 1 subnets
D EX    65.206.167.178 [170/2173184] via 192.168.5.254, 13:54:12, Vlan192
                       [170/2173184] via 10.5.4.2, 13:54:12, Vlan2
                       [170/2173184] via 10.5.0.2, 13:54:12, Vlan1
D EX 192.168.40.0/24 [170/2170624] via 192.168.5.254, 2w1d, Vlan192
                     [170/2170624] via 10.5.4.2, 2w1d, Vlan2
                     [170/2170624] via 10.5.0.2, 2w1d, Vlan1
     172.16.0.0/24 is subnetted, 1 subnets
D EX    172.16.30.0 [170/2173184] via 192.168.5.254, 13:54:12, Vlan192
                    [170/2173184] via 10.5.4.2, 13:54:12, Vlan2
                    [170/2173184] via 10.5.0.2, 13:54:12, Vlan1
     172.28.0.0/32 is subnetted, 5 subnets
D EX    172.28.19.50 [170/2173184] via 192.168.5.254, 13:54:12, Vlan192
                     [170/2173184] via 10.5.4.2, 13:54:12, Vlan2
                     [170/2173184] via 10.5.0.2, 13:54:12, Vlan1
D EX    172.28.19.12 [170/2173184] via 192.168.5.254, 13:54:12, Vlan192
                     [170/2173184] via 10.5.4.2, 13:54:12, Vlan2
                     [170/2173184] via 10.5.0.2, 13:54:12, Vlan1
D EX    172.28.19.22 [170/2173184] via 192.168.5.254, 13:54:12, Vlan192
                     [170/2173184] via 10.5.4.2, 13:54:12, Vlan2
                     [170/2173184] via 10.5.0.2, 13:54:12, Vlan1
D EX    172.28.19.21 [170/2173184] via 192.168.5.254, 13:54:12, Vlan192
                     [170/2173184] via 10.5.4.2, 13:54:12, Vlan2
                     [170/2173184] via 10.5.0.2, 13:54:12, Vlan1
D EX    172.28.19.20 [170/2173184] via 192.168.5.254, 13:54:12, Vlan192
                     [170/2173184] via 10.5.4.2, 13:54:12, Vlan2
                     [170/2173184] via 10.5.0.2, 13:54:12, Vlan1
D    192.168.4.0/24 [90/2693376] via 192.168.5.254, 2w1d, Vlan192
                    [90/2693376] via 10.5.4.2, 2w1d, Vlan2
                    [90/2693376] via 10.5.0.2, 2w1d, Vlan1
C    192.168.5.0/24 is directly connected, Vlan192
     10.0.0.0/8 is variably subnetted, 31 subnets, 4 masks
D EX    10.8.2.0/24 [170/2173184] via 192.168.5.254, 13:54:12, Vlan192
                    [170/2173184] via 10.5.4.2, 13:54:12, Vlan2
                    [170/2173184] via 10.5.0.2, 13:54:12, Vlan1
D       10.6.12.0/22 [90/2693632] via 192.168.5.254, 2w1d, Vlan192
                     [90/2693632] via 10.5.4.2, 2w1d, Vlan2
                     [90/2693632] via 10.5.0.2, 2w1d, Vlan1
D       10.2.8.0/22 [90/2170624] via 192.168.5.254, 2w1d, Vlan192
                    [90/2170624] via 10.5.4.2, 2w1d, Vlan2
                    [90/2170624] via 10.5.0.2, 2w1d, Vlan1
D       10.254.254.8/30 [90/2170112] via 192.168.5.254, 2w1d, Vlan192
                        [90/2170112] via 10.5.4.2, 2w1d, Vlan2
                        [90/2170112] via 10.5.0.2, 2w1d, Vlan1
D       10.9.0.0/22 [90/2693376] via 192.168.5.254, 1d21h, Vlan192
                    [90/2693376] via 10.5.4.2, 1d21h, Vlan2
                    [90/2693376] via 10.5.0.2, 1d21h, Vlan1
D       10.6.8.0/22 [90/2693632] via 192.168.5.254, 2w1d, Vlan192
                    [90/2693632] via 10.5.4.2, 2w1d, Vlan2
                    [90/2693632] via 10.5.0.2, 2w1d, Vlan1
D       10.2.12.0/22 [90/2170624] via 192.168.5.254, 2w1d, Vlan192
                     [90/2170624] via 10.5.4.2, 2w1d, Vlan2
                     [90/2170624] via 10.5.0.2, 2w1d, Vlan1
D       10.254.254.12/30 [90/2690816] via 192.168.5.254, 2w1d, Vlan192
                         [90/2690816] via 10.5.4.2, 2w1d, Vlan2
                         [90/2690816] via 10.5.0.2, 2w1d, Vlan1
D       10.9.4.0/22 [90/2693376] via 192.168.5.254, 1d21h, Vlan192
                    [90/2693376] via 10.5.4.2, 1d21h, Vlan2
                    [90/2693376] via 10.5.0.2, 1d21h, Vlan1
D       10.6.4.0/22 [90/2693376] via 192.168.5.254, 2w1d, Vlan192
                    [90/2693376] via 10.5.4.2, 2w1d, Vlan2
                    [90/2693376] via 10.5.0.2, 2w1d, Vlan1
D       10.2.0.0/22 [90/2170368] via 192.168.5.254, 2w1d, Vlan192
                    [90/2170368] via 10.5.4.2, 2w1d, Vlan2
                    [90/2170368] via 10.5.0.2, 2w1d, Vlan1
S       10.2.0.0/16 [250/0] via 192.168.5.253
D       10.7.4.0/22 [90/3205376] via 192.168.5.254, 1w0d, Vlan192
                    [90/3205376] via 10.5.4.2, 1w0d, Vlan2
                    [90/3205376] via 10.5.0.2, 1w0d, Vlan1
D       10.3.0.0/16 [90/2693376] via 192.168.5.254, 2w1d, Vlan192
                    [90/2693376] via 10.5.4.2, 2w1d, Vlan2
                    [90/2693376] via 10.5.0.2, 2w1d, Vlan1
D       10.254.254.0/30 [90/2690816] via 192.168.5.254, 2w1d, Vlan192
                        [90/2690816] via 10.5.4.2, 2w1d, Vlan2
                        [90/2690816] via 10.5.0.2, 2w1d, Vlan1
D EX    10.250.250.0/24 [170/2170624] via 192.168.5.254, 2w1d, Vlan192
                        [170/2170624] via 10.5.4.2, 2w1d, Vlan2
                        [170/2170624] via 10.5.0.2, 2w1d, Vlan1
D       10.9.8.0/22 [90/2693632] via 192.168.5.254, 1d21h, Vlan192
                    [90/2693632] via 10.5.4.2, 1d21h, Vlan2
                    [90/2693632] via 10.5.0.2, 1d21h, Vlan1
C       10.5.4.0/22 is directly connected, Vlan2
D       10.6.0.0/22 [90/2693376] via 192.168.5.254, 2w1d, Vlan192
                    [90/2693376] via 10.5.4.2, 2w1d, Vlan2
                    [90/2693376] via 10.5.0.2, 2w1d, Vlan1
D       10.2.4.0/22 [90/2170624] via 192.168.5.254, 2w1d, Vlan192
                    [90/2170624] via 10.5.4.2, 2w1d, Vlan2
                    [90/2170624] via 10.5.0.2, 2w1d, Vlan1
D       10.7.0.0/22 [90/3205376] via 192.168.5.254, 1w0d, Vlan192
                    [90/3205376] via 10.5.4.2, 1w0d, Vlan2
                    [90/3205376] via 10.5.0.2, 1w0d, Vlan1
D       10.254.254.4/30 [90/2690816] via 192.168.5.254, 2w1d, Vlan192
                        [90/2690816] via 10.5.4.2, 2w1d, Vlan2
                        [90/2690816] via 10.5.0.2, 2w1d, Vlan1
D       10.4.0.0/16 [90/2693376] via 192.168.5.254, 2w1d, Vlan192
                    [90/2693376] via 10.5.4.2, 2w1d, Vlan2
                    [90/2693376] via 10.5.0.2, 2w1d, Vlan1
C       10.5.0.0/22 is directly connected, Vlan1
D       10.254.254.24/30 [90/2693376] via 192.168.5.254, 3d01h, Vlan192
                         [90/2693376] via 10.5.4.2, 3d01h, Vlan2
                         [90/2693376] via 10.5.0.2, 3d01h, Vlan1
D       10.9.16.0/22 [90/2693632] via 192.168.5.254, 1d21h, Vlan192
                     [90/2693632] via 10.5.4.2, 1d21h, Vlan2
                     [90/2693632] via 10.5.0.2, 1d21h, Vlan1
D       10.2.16.0/22 [90/2170624] via 192.168.5.254, 2w1d, Vlan192
                     [90/2170624] via 10.5.4.2, 2w1d, Vlan2
                     [90/2170624] via 10.5.0.2, 2w1d, Vlan1
D       10.254.254.16/30 [90/3202816] via 192.168.5.254, 1w0d, Vlan192
                         [90/3202816] via 10.5.4.2, 1w0d, Vlan2
                         [90/3202816] via 10.5.0.2, 1w0d, Vlan1
D       10.2.20.0/22 [90/2170624] via 192.168.5.254, 2w1d, Vlan192
                     [90/2170624] via 10.5.4.2, 2w1d, Vlan2
                     [90/2170624] via 10.5.0.2, 2w1d, Vlan1
D       10.254.254.20/30 [90/2690816] via 192.168.5.254, 1d21h, Vlan192
                         [90/2690816] via 10.5.4.2, 1d21h, Vlan2
                         [90/2690816] via 10.5.0.2, 1d21h, Vlan1
D       10.2.252.0/22 [90/2170624] via 192.168.5.254, 2w1d, Vlan192
                      [90/2170624] via 10.5.4.2, 2w1d, Vlan2
                      [90/2170624] via 10.5.0.2, 2w1d, Vlan1
D    192.168.6.0/24 [90/2693376] via 192.168.5.254, 2w1d, Vlan192
                    [90/2693376] via 10.5.4.2, 2w1d, Vlan2
                    [90/2693376] via 10.5.0.2, 2w1d, Vlan1
D    192.168.2.0/24 [90/2170624] via 192.168.5.254, 2w1d, Vlan192
                    [90/2170624] via 10.5.4.2, 2w1d, Vlan2
                    [90/2170624] via 10.5.0.2, 2w1d, Vlan1
D    192.168.3.0/24 [90/2693376] via 192.168.5.254, 1d21h, Vlan192
                    [90/2693376] via 10.5.4.2, 1d21h, Vlan2
                    [90/2693376] via 10.5.0.2, 1d21h, Vlan1
D*EX 0.0.0.0/0 [170/2173184] via 192.168.5.254, 13:54:14, Vlan192
               [170/2173184] via 10.5.4.2, 13:54:14, Vlan2
               [170/2173184] via 10.5.0.2, 13:54:14, Vlan1
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
10.5.0.2 - being the router:

Tracing the route to 4.2.2.1

  1 10.254.254.9 4 msec 8 msec 4 msec
  2 10.2.0.1 8 msec 8 msec 4 msec
  3 69.71.188.177 4 msec 4 msec 4 msec
  4 172.18.1.177 4 msec 8 msec 8 msec
  5 172.18.1.201 8 msec 8 msec 4 msec
  6 172.18.1.193 8 msec 8 msec 12 msec
  7 69.71.188.1 8 msec 8 msec 8 msec
  8 68.170.38.197 36 msec 36 msec 36 msec
  9 66.62.168.213 36 msec 36 msec 40 msec
 10 66.62.2.197 36 msec 36 msec 40 msec
 11 66.62.2.173 32 msec 72 msec 32 msec
 12 4.53.2.25 44 msec 36 msec 36 msec
 13 4.69.147.77 48 msec 44 msec 52 msec
 14 4.69.132.106 48 msec 64 msec 52 msec
 15 4.69.151.165 52 msec 52 msec
    4.69.151.153 52 msec
 16 4.69.145.195 52 msec 48 msec
    4.69.145.67 52 msec
 17 4.2.2.1 48 msec 48 msec 52 msec
vg1.mdf.cool.slfhc#


------------------------------


vg1.mdf.cool.slfhc# sho ip route    
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.254.254.9 to network 0.0.0.0

     70.0.0.0/32 is subnetted, 1 subnets
D EX    70.167.110.66 [170/2172928] via 10.254.254.9, 13:56:38, Serial0/3/0
D    192.168.8.0/24 [90/3205120] via 10.254.254.9, 1w0d, Serial0/3/0
     65.0.0.0/32 is subnetted, 1 subnets
D EX    65.206.167.178 [170/2172928] via 10.254.254.9, 13:56:38, Serial0/3/0
D EX 192.168.40.0/24 [170/2170368] via 10.254.254.9, 2w0d, Serial0/3/0
     172.16.0.0/24 is subnetted, 1 subnets
D EX    172.16.30.0 [170/2172928] via 10.254.254.9, 13:56:38, Serial0/3/0
     172.28.0.0/32 is subnetted, 5 subnets
D EX    172.28.19.50 [170/2172928] via 10.254.254.9, 13:56:38, Serial0/3/0
D EX    172.28.19.12 [170/2172928] via 10.254.254.9, 13:56:38, Serial0/3/0
D EX    172.28.19.22 [170/2172928] via 10.254.254.9, 13:56:38, Serial0/3/0
D EX    172.28.19.21 [170/2172928] via 10.254.254.9, 13:56:38, Serial0/3/0
D EX    172.28.19.20 [170/2172928] via 10.254.254.9, 13:56:38, Serial0/3/0
D    192.168.4.0/24 [90/2693120] via 10.254.254.9, 2w0d, Serial0/3/0
C    192.168.5.0/24 is directly connected, FastEthernet0/0.192
     10.0.0.0/8 is variably subnetted, 31 subnets, 4 masks
D EX    10.8.2.0/24 [170/2172928] via 10.254.254.9, 13:56:38, Serial0/3/0
D       10.6.12.0/22 [90/2693376] via 10.254.254.9, 2w1d, Serial0/3/0
D       10.2.8.0/22 [90/2170368] via 10.254.254.9, 2w0d, Serial0/3/0
C       10.254.254.8/30 is directly connected, Serial0/3/0
D       10.9.0.0/22 [90/2693120] via 10.254.254.9, 1d21h, Serial0/3/0
D       10.6.8.0/22 [90/2693376] via 10.254.254.9, 2w1d, Serial0/3/0
D       10.2.12.0/22 [90/2170368] via 10.254.254.9, 2w0d, Serial0/3/0
D       10.254.254.12/30 [90/2690560] via 10.254.254.9, 2w1d, Serial0/3/0
D       10.9.4.0/22 [90/2693120] via 10.254.254.9, 1d21h, Serial0/3/0
D       10.6.4.0/22 [90/2693120] via 10.254.254.9, 2w1d, Serial0/3/0
D       10.2.0.0/22 [90/2170112] via 10.254.254.9, 2w0d, Serial0/3/0
S       10.2.0.0/16 [250/0] via 192.168.5.253
D       10.7.4.0/22 [90/3205120] via 10.254.254.9, 1w0d, Serial0/3/0
D       10.3.0.0/16 [90/2693120] via 10.254.254.9, 2w0d, Serial0/3/0
D       10.254.254.0/30 [90/2690560] via 10.254.254.9, 2w1d, Serial0/3/0
D EX    10.250.250.0/24 [170/2170368] via 10.254.254.9, 2w0d, Serial0/3/0
D       10.9.8.0/22 [90/2693376] via 10.254.254.9, 1d21h, Serial0/3/0
C       10.5.4.0/22 is directly connected, FastEthernet0/0.2
D       10.6.0.0/22 [90/2693120] via 10.254.254.9, 2w1d, Serial0/3/0
D       10.2.4.0/22 [90/2170368] via 10.254.254.9, 2w0d, Serial0/3/0
D       10.7.0.0/22 [90/3205120] via 10.254.254.9, 1w0d, Serial0/3/0
D       10.254.254.4/30 [90/2690560] via 10.254.254.9, 2w0d, Serial0/3/0
D       10.4.0.0/16 [90/2693120] via 10.254.254.9, 2w0d, Serial0/3/0
C       10.5.0.0/22 is directly connected, FastEthernet0/0.1
D       10.254.254.24/30 [90/2693120] via 10.254.254.9, 3d01h, Serial0/3/0
D       10.9.16.0/22 [90/2693376] via 10.254.254.9, 1d21h, Serial0/3/0
D       10.2.16.0/22 [90/2170368] via 10.254.254.9, 2w0d, Serial0/3/0
D       10.254.254.16/30 [90/3202560] via 10.254.254.9, 1w0d, Serial0/3/0
D       10.2.20.0/22 [90/2170368] via 10.254.254.9, 2w0d, Serial0/3/0
D       10.254.254.20/30 [90/2690560] via 10.254.254.9, 1d21h, Serial0/3/0
D       10.2.252.0/22 [90/2170368] via 10.254.254.9, 2w0d, Serial0/3/0
D    192.168.6.0/24 [90/2693120] via 10.254.254.9, 2w1d, Serial0/3/0
D    192.168.2.0/24 [90/2170368] via 10.254.254.9, 2w0d, Serial0/3/0
D    192.168.3.0/24 [90/2693120] via 10.254.254.9, 1d21h, Serial0/3/0
D*EX 0.0.0.0/0 [170/2172928] via 10.254.254.9, 13:56:38, Serial0/3/0
0
 
asavenerCommented:

Gateway of last resort is 10.254.254.9 to network 0.0.0.0
...
D*EX 0.0.0.0/0 [170/2172928] via 10.254.254.9, 13:56:38, Serial0/3/0
This appears to be the problem.  It appears that a default route is being redistributed into your EIGRP routing topology.
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Cool.

Where and how do resolve this?
0
 
asavenerCommented:
You resolve it wherever the route redistribution is taking place.  Likely at the border at your main location.
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
@ Asavener.

Unfortunetly, that went over my head. I am not Cisco savy, but willing to make any specific changes offered in order how to resolve this.

0
 
asavenerCommented:
You can also add a static route.

ip route 0.0.0.0 0.0.0.0 195.168.5.253
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
On which device would you want that IP route line?
If you are suggesting the device 10.254.254.9, which is a 2821 router located at our coporate office and not at the location where the DSL resides, I need to understand why, please. :)
0
 
asavenerCommented:
No, on the device at the remote site (10.5.0.2).

The static route should have a better metric than the EIGRP route, which will make it take precedence.

(A better metric in this case means a LOWER number.)
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
on the device, 10.5.0.2 it already has the following IP route:

ip route 0.0.0.0 0.0.0.0 192.168.5.253 250

Should the 250 metric be removed or changed?
0
 
asavenerCommented:
Yes.

Issue "ip route 0.0.0.0 0.0.0.0 192.168.5.253 20"
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Roger that, stand by...
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Changes made, but not when a PC on that side of the switch doesn't have internet connectivity.
Ping 4.2.2.1 from a PC gets Reply from 192.168.5.1: Destination host unreachable.
Traceroute from a PC gets:

Tracing route to vnsc-pri.sys.gtei.net [4.2.2.1]
over a maximum of 30 hops:

  1     6 ms    <1 ms    <1 ms  192.168.5.1
  2     *        *     192.168.5.1  reports: Destination host unreachable.

Trace complete.

0
 
asavenerCommented:
OK, what device is 192.168.5.1?
0
 
asavenerCommented:
Can you provide the current configuration of the router, and the output of "show ip route"?
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
The issue has been resolved. Adding the following lines resolved the issue.

track 1 rtr 1
no ip subnet-zero
ip routing

0
 
asavenerCommented:
Not sure how that would help.... but OK.
0
 
Glenn MSystems Engineer / ManagerAuthor Commented:
Contribution came to partial solution, but helped to self discover the solution.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 33
  • 14
  • 12
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now