From: john matijevic (matijevi@bellsouth.net)
Date: Fri Jul 02 2004 - 12:19:48 GMT-3
Guilherme,
Does this issue only appear on one router where you ping? In otherwords
can you go to another router, and ping and you see the same issue on
that same subnet?
John Matijevic, CCIE #13254, MCSE, CNE, CCEA
Network Consultant
Hablo Espanol
305-321-6232
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tom Martin
Sent: Friday, July 02, 2004 11:13 AM
To: ccielab@groupstudy.com
Cc: Kenneth Wygand
Subject: RE: Ping the subnet address
Ken,
I'd be very hesitant to try and block any traffic just because I thought
it might be strange, especially if everything was working properly. I
assumed that this was a lab scenario...
-- Tom
________________________________
From: Kenneth Wygand [mailto:KWygand@customonline.com]
Sent: Friday, July 02, 2004 11:07 AM
To: Tom Martin; ccielab@groupstudy.com
Cc: Guilherme Correia
Subject: RE: Ping the subnet address
Tom,
I'd be -very- hesitant to put an ACL blocking all broadcasts in a
production environment. Guilherme may have all kinds of services running
over this network, and blocking broadcasts may bust a lot of other
things.
Thanks!
Ken
________________________________
From: nobody@groupstudy.com on behalf of Tom Martin
Sent: Fri 7/2/2004 10:55 AM
To: ccielab@groupstudy.com
Cc: Guilherme Correia
Subject: RE: Ping the subnet address
Hello,
You didn't include any excerpts from your packet capture, but I
recreated the scenario using "debug ip packet" instead of using a packet
capture. When you ping the all-zeroes or all-ones broadcast address, the
pinging router actually sends packets out to destination
255.255.255.255, not the IP that you specified!
Sending router debug output:
r2#ping 192.168.12.0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.0, timeout is 2 seconds:
Mar 15 02:48:12.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:12.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 0 from 192.168.12.1, 4 ms
Mar 15 02:48:14.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:14.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 1 from 192.168.12.1, 4 ms
Mar 15 02:48:16.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:16.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 2 from 192.168.12.1, 4 ms
Mar 15 02:48:18.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:18.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 3 from 192.168.12.1, 4 ms
Mar 15 02:48:20.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:20.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 4 from 192.168.12.1, 4 ms
r2#
Confirmation that 255.255.255.255 is the destination, output from the
receiving router:
r1#
*Mar 1 00:30:00.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:00.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
*Mar 1 00:30:02.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:02.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
*Mar 1 00:30:04.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:04.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
*Mar 1 00:30:06.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:06.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
*Mar 1 00:30:08.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:08.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
r1#
To answer your question on how to stop it (assuming you still want to do
so), just use an access-list. I used:
access-list 100 deny ip any host 255.255.255.255
access-list 100 permit ip any any
interface Ethernet1/0
ip access-group 100 in
That resulted in failed pings from the sending side and the following
output from the receiving side:
*Mar 1 00:32:05.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
*Mar 1 00:32:07.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
*Mar 1 00:32:09.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
*Mar 1 00:32:11.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
*Mar 1 00:32:13.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
-- Tom
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Guilherme Correia
Sent: Friday, July 02, 2004 9:36 AM
To: ccielab@groupstudy.com
Subject: Ping the subnet address
Hi
I am experiencing this weird issue that when I ping the subnet address,
one
of the routers respond.
For example, when I ping 172.24.18.4 (subnet 172.24.18.4/30) one of the
routers with an interface on the subnet responds:
7204-1#ping 172.24.18.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 206.24.18.4, timeout is 2 seconds:
Reply to request 0 from 172.24.18.5, 1 ms
Reply to request 1 from 172.24.18.5, 1 ms
Reply to request 2 from 172.24.18.5, 1 ms
Reply to request 3 from 172.24.18.5, 1 ms
Reply to request 4 from 172.24.18.5, 1 ms
How can I stop this?
TIA
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:45 GMT-3