Support Engineer
asked on
4500 Not routing a subnet after Reboot -
The issue we're having is that the 4506 doesn't route traffic to one specific subnet properly. Traffic coming from subnet 172.30.30.0/24 on the 4506 side to 10.0.10.0/24 on the Nexus side should be routed through the port channel. We have a static ip route entry defining that. What is actually happening is the 4506 is routing traffic to 10.0.10.0/24 to the gateway of last resort. We can't figure out why.
Attached is the Config from the Nexus and 4506, and also a quick pdf of the topology.
Cisco-4506.txt
topo.jpg
Cisco-Nexus-5000.txt
Attached is the Config from the Nexus and 4506, and also a quick pdf of the topology.
Cisco-4506.txt
topo.jpg
Cisco-Nexus-5000.txt
ASKER
Currently there are not any issues with other destinations just this one. what would your recommendation be?
I don't see the issue you're describing.
Why do you say that the 4506 is forwarding them to 172.16.1.4? According to your output, traffic is going to 10.0.9.2 and then dying there.
Why do you say that the 4506 is forwarding them to 172.16.1.4? According to your output, traffic is going to 10.0.9.2 and then dying there.
ASKER
We're thinking that the problem is on the 4506 because traceroutes go from the 4506 to the gateway of last resort. They're not hitting the Nexus. But if you see something that suggests the issue is with the Nexus, we have that on a Cisco maintenance contact and we can contact Cisco.
here is a trace route from each of the two systems
Tracing route to 10.0.10.103 over a maximum of 30 hops
1 1 ms 2 ms 1 ms 172.30.30.1
2 1 ms 1 ms 1 ms 66-193-133-129.static.tw [66.193.133.129]
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * *
Tracing route to ads02.nu.com [172.30.35.23]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 172.30.30.1
2 <1 ms <1 ms <1 ms ads02.nwfcu.com [172.30.35.23]
Trace complete.
here is a trace route from each of the two systems
Tracing route to 10.0.10.103 over a maximum of 30 hops
1 1 ms 2 ms 1 ms 172.30.30.1
2 1 ms 1 ms 1 ms 66-193-133-129.static.tw [66.193.133.129]
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * *
Tracing route to ads02.nu.com [172.30.35.23]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 172.30.30.1
2 <1 ms <1 ms <1 ms ads02.nwfcu.com [172.30.35.23]
Trace complete.
My confusion comes from your 4506 config post where on the bottom you have:
This shows that it was forwarded to the N5K
So I'm guessing that this latest traceroute was done from a workstation.
To your latest post, it shows a first hop of 172.30.30.1 which is the Virtual IP of an HSRP group.
But I don't see any other switch that could be on that HSRP group. In fact, there are a bunch of SVI's with HSRP configurations. So I'm guessing that there's another routing device that is an HSRP peer and maybe that device is misrouting the traffic?
All of this would indicate that pings from the 4506 work connectly but from a workstation they do not. Which would lead me to think that this has something to do with HSRP.
Please post the output of a "show standby brief" from the 4506.
4506-01#traceroute 10.0.10.103
Type escape sequence to abort.
Tracing the route to 10.0.10.103
1 10.0.9.2 12 msec 8 msec 4 msec
2 * * *
3 * * *
4 * * *
5
4506-01#
4506-01#ping 10.0.10.103
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.10.103, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
4506-01#This shows that it was forwarded to the N5K
So I'm guessing that this latest traceroute was done from a workstation.
To your latest post, it shows a first hop of 172.30.30.1 which is the Virtual IP of an HSRP group.
interface Vlan30
ip address 172.30.30.3 255.255.255.0
ip helper-address 172.30.35.22
standby 0 ip 172.30.30.1But I don't see any other switch that could be on that HSRP group. In fact, there are a bunch of SVI's with HSRP configurations. So I'm guessing that there's another routing device that is an HSRP peer and maybe that device is misrouting the traffic?
All of this would indicate that pings from the 4506 work connectly but from a workstation they do not. Which would lead me to think that this has something to do with HSRP.
Please post the output of a "show standby brief" from the 4506.
ASKER
4506-01#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl3 0 100 Active local unknown 172.30.3.1
Vl5 0 100 Standby 172.30.5.2 local 172.30.5.1
Vl10 0 90 Standby 172.30.10.2 local 172.30.10.1
Vl15 0 100 Active local 172.30.15.2 172.30.15.1
Vl16 0 100 Standby 172.16.16.2 local 172.16.16.1
Vl20 0 90 Standby 172.30.20.2 local 172.30.20.1
Vl25 0 100 Active local 172.30.25.2 172.30.25.1
Vl29 0 100 Init unknown unknown 172.29.30.1
Vl30 0 100 Standby 172.30.30.2 local 172.30.30.1
Vl35 0 100 Active local 172.30.35.2 172.30.35.1
Vl40 0 90 Active local 172.30.40.2 172.30.40.1
Vl45 0 100 Active local 172.30.45.2 172.30.45.1
Vl50 0 90 Active local unknown 172.30.50.1
Vl70 0 100 Active local 172.30.70.2 172.30.70.1
Vl95 0 100 Active local unknown 172.30.95.1
Vl100 0 100 Active local 172.18.100.2 172.18.100.1
Vl102 0 100 Active local 172.16.1.2 172.16.1.1
Vl139 0 100 Active local unknown 192.139.1.200
Vl192 0 100 Active local 192.149.115.10 192.149.115.248
Vl200 0 100 Active local unknown 172.30.200.1
Vl900 0 100 Active local 172.30.0.2 172.30.0.1
Vl901 0 100 Active local 10.1.1.2 10.1.1.1
Vl902 0 100 Active local 172.30.2.2 172.30.2.1
4506-01#
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl3 0 100 Active local unknown 172.30.3.1
Vl5 0 100 Standby 172.30.5.2 local 172.30.5.1
Vl10 0 90 Standby 172.30.10.2 local 172.30.10.1
Vl15 0 100 Active local 172.30.15.2 172.30.15.1
Vl16 0 100 Standby 172.16.16.2 local 172.16.16.1
Vl20 0 90 Standby 172.30.20.2 local 172.30.20.1
Vl25 0 100 Active local 172.30.25.2 172.30.25.1
Vl29 0 100 Init unknown unknown 172.29.30.1
Vl30 0 100 Standby 172.30.30.2 local 172.30.30.1
Vl35 0 100 Active local 172.30.35.2 172.30.35.1
Vl40 0 90 Active local 172.30.40.2 172.30.40.1
Vl45 0 100 Active local 172.30.45.2 172.30.45.1
Vl50 0 90 Active local unknown 172.30.50.1
Vl70 0 100 Active local 172.30.70.2 172.30.70.1
Vl95 0 100 Active local unknown 172.30.95.1
Vl100 0 100 Active local 172.18.100.2 172.18.100.1
Vl102 0 100 Active local 172.16.1.2 172.16.1.1
Vl139 0 100 Active local unknown 192.139.1.200
Vl192 0 100 Active local 192.149.115.10 192.149.115.248
Vl200 0 100 Active local unknown 172.30.200.1
Vl900 0 100 Active local 172.30.0.2 172.30.0.1
Vl901 0 100 Active local 10.1.1.2 10.1.1.1
Vl902 0 100 Active local 172.30.2.2 172.30.2.1
4506-01#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
First thing that jumps out at me is a discrepancy in the channel (not saying this is the cause, but it's definitely not right). On the 4506, the allowed VLANs for port channel 50 include VLAN 11. On the N5K, it does not.
To the matter at hand, why do you say that the 4506 is forwarding them to 172.16.1.4? According to your output, traffic is going to 10.0.9.2 and then dying there.
Are you having any of these problems with any other destinations behind the N5K?