Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCST & CCNA (Entry-level & Associate)
Routing Loop? Request Assistance!
Jpgonzal
Hey gang,
I have a question that I encountered while doing some labs tonight. Not sure if its because its late or there is something I'm overlooking but here it is....
I have a router (R2) connected to a switch (sw6) that has a server attached (192.168.10.50). This server is in Vlan 10. R2 has a subinterface on e0/0.10 and has a trunk connection to sw6. I am able to ping 192.168.10.50 successfully. However, when I do a traceroute to 192.168.10.50, I get this output...
Tracing the route to 192.168.10.50
1 ? ? ?
2 ? ? ?
3 * ? ?
4 ? * ?
5 ? ? *
6 ? ? ?
7 * ? ?
8 ?
.
.
.
30 ? ? ?
And then back to privledged mode. At first it seems to me theres a routing loop but what confuses me is that there are no routers between R2 and SW6. Yet, despite the "loop", I am still able to ping 10.50. Could it be a switching loop? Any ideas? I will respond back with any necessary output if anyone asks.
show ip route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, Ethernet0/0.10
172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.30.0.0/21 [90/2297856] via 192.168.2.2, 00:25:30, Serial0/1
D 172.30.8.0/24 [90/2297856] via 192.168.2.2, 00:25:30, Serial0/1
C 192.168.20.0/24 is directly connected, Ethernet0/0.20
C 192.168.1.0/24 is directly connected, Ethernet0/0
C 192.168.2.0/24 is directly connected, Serial0/1
D 192.168.3.0/24 [90/2195456] via 192.168.2.2, 00:25:30, Serial0/1
Thanks for your input!
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
bermovick
The only thing I can think of is if you've told the .10 subinterface that it's for packets tagged with vlan 10 (and to tag outgoing packets with vlan 10) with the 'encapsulation dot1Q 10' subinterface command?
Jpgonzal
Yes, I have tagged the .10 subinf for dot1q for router on a stick. Here is the running config...edited for brevity.
Current configuration : 1313 bytes
!
version 12.3
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
no ip domain lookup
!
interface Ethernet0/0
description PORT TO SW5 - PORT F0/4
ip address 192.168.1.2 255.255.255.0
full-duplex
!
interface Ethernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface Ethernet0/0.30
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/1
description PORT TO R3
ip address 192.168.2.1 255.255.255.0
clock rate 1000000
!
router eigrp 10
network 192.168.0.0 0.0.255.255
no auto-summary
!
no ip http server
ip classless
!
end
Todd Burrell
Try turning on debugging to see more details. I believe DEBUG IP PACKET will help. The ? in the traceroute output means unknown packet type so I do suspect that the encapsulation could be the issue. This link may also help:
Understanding the Ping and Traceroute Commands - Cisco Systems
This explains PING and TRACEROUTE in some detail with explanations of the reply characters and how to debug issues.
Monkerz
What version of IOS are you running on the router?
I read a post on Cisco's forum a few months ago where a guy had created his own explanation for the ? while using ICMP. I can't find the post, but it would appear on older IOS' that Cisco did not think of all ICMP reply type/code combinations and the ? represents that bucket of lesser known errors. He/She came to this conclusion because of the lack of information when it comes to the ?.
Like Todd said, this is probably related to the encapsulation across that link. I would be curious if making VLAN 10 native across that link out clear up that error.
Jpgonzal
Hey gang,
I think I found the problem. Firstly, a little more information on the server. It has four NICS plus 1 management interface and is running xenserver (barebones) with no vms atm. Currently, it is connected to the switch through one of its NICs that is not designated as its managment interface.
Monkerz, R2 is running ios version 12.3 (26), c2600-is5-mz.123-26.bin
I took Todd's advice and did a debug ip icmp with this output
debug ip icmp
.
.
*Mar 6 19:20:30.139: ICMP: dst (192.168.10.1) prohibited unreachable rcv from 192.168.10.50
*Mar 6 19:20:30.143: ICMP: dst (192.168.10.1) prohibited unreachable rcv from 192.168.10.50
*Mar 6 19:20:30.143: ICMP: dst (192.168.10.1) prohibited unreachable rcv from 192.168.10.50 *
30 ? ? ?
*Mar 6 19:20:33.147: ICMP: dst (192.168.10.1) prohibited unreachable rcv from 192.168.10.50
*Mar 6 19:20:33.151: ICMP: dst (192.168.10.1) prohibited unreachable rcv from 192.168.10.50
*Mar 6 19:20:33.151: ICMP: dst (192.168.10.1) prohibited unreachable rcv from 192.168.10.50
So, this is just a guess but I think xenserver might be tagging the packets incorrectly (tagging the native vlan instead of 10?) until I configure the correct vlans from xencenter. Anyone familiar with xenserver/center able to expound on this??
Also, I switched out the server for my laptop and used 10.50 as its ip address. Ping and traceroute came back normal, yay!
Thanks everyone for their input!! , seems like it was a little bit of everything. Hopefully someone responds a little more clarification on the whole xenserver vlan thing.
DPG
R2 is a Cisco 2610 which I believe doesn't support InterVLAN routing. You can configure it on some IOS's but it is flaky.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
