From: robbie (robbie@packetized.org)
Date: Fri Jul 02 2004 - 13:55:52 GMT-3
Possible that he is running 12.0, and does not have 'no ip
directed-broadcast' enabled on the interface?
This command is the default in late 12.0 releases and forward, IIRC.
robbie.
john matijevic wrote:
> Hello Guilherme,
> This maybe a bit drastic, but I would look into what IOS version are you
> using? Does this happen with another version of IOS? I tried to
> reproduce here, I have version 12.2 but could not. Do you have support
> agreement with Cisco? Perhaps you can open up trouble ticket and they
> can possibly try to reproduce? Maybe you can also work on getting them
> or us remote access?
>
> Sincerely,
> John Matijevic, CCIE #13254, MCSE, CNE, CCEA
> Network Consultant
> Hablo Espanol
> 305-321-6232
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Guilherme Correia
> Sent: Friday, July 02, 2004 11:55 AM
> To: matijevi@bellsouth.net; tig@wiltecinc.com; ccielab@groupstudy.com
> Cc: KWygand@customonline.com
> Subject: RE: Ping the subnet address
>
> there is no nat...
>
> 3745#sh ip nat trans
> 3745#
>
> 7204-1#sh ip nat tra
> 7204-1#
>
> unfortunately, there is no remote access..
>
>
> From: "john matijevic" <matijevi@bellsouth.net>
> To: "'Guilherme Correia'"
> <razzolini80@hotmail.com>,<tig@wiltecinc.com>,<ccielab@groupstudy.com>
> CC: <KWygand@customonline.com>
> Subject: RE: Ping the subnet address
> Date: Fri, 2 Jul 2004 11:48:54 -0400
>
> Hello Guilherme,
> Is there anyway we can have remote access? Are you using NAT? If so, can
> you do a sh ip nat translation after the ping? Can you test without
> using NAT to see if NAT is the issue?
>
> Sincerely,
> John Matijevic, CCIE #13254, MCSE, CNE, CCEA
> Network Consultant
> Hablo Espanol
> 305-321-6232
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Guilherme Correia
> Sent: Friday, July 02, 2004 11:35 AM
> To: matijevi@bellsouth.net; tig@wiltecinc.com; ccielab@groupstudy.com
> Cc: KWygand@customonline.com
> Subject: RE: Ping the subnet address
>
> yes, it happens on all routers, exactly the same behaviour..I have
> rebooted
> them in the hope this was going to change but still the same after
> reboot.
>
>
> From: "john matijevic" <matijevi@bellsouth.net>
> Reply-To: "john matijevic" <matijevi@bellsouth.net>
> To: "'Tom Martin'" <tig@wiltecinc.com>, <ccielab@groupstudy.com>
> CC: "'Kenneth Wygand'" <KWygand@customonline.com>
> Subject: RE: Ping the subnet address
> Date: Fri, 2 Jul 2004 11:19:48 -0400
>
> Guilherme,
> Does this issue only appear on one router where you ping? In otherwords
> can you go to another router, and ping and you see the same issue on
> that same subnet?
>
> John Matijevic, CCIE #13254, MCSE, CNE, CCEA
> Network Consultant
> Hablo Espanol
> 305-321-6232
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Tom Martin
> Sent: Friday, July 02, 2004 11:13 AM
> To: ccielab@groupstudy.com
> Cc: Kenneth Wygand
> Subject: RE: Ping the subnet address
>
> Ken,
>
>
>
> I'd be very hesitant to try and block any traffic just because I thought
> it might be strange, especially if everything was working properly. I
> assumed that this was a lab scenario...
>
>
>
> -- Tom
>
>
>
> ________________________________
>
> From: Kenneth Wygand [mailto:KWygand@customonline.com]
> Sent: Friday, July 02, 2004 11:07 AM
> To: Tom Martin; ccielab@groupstudy.com
> Cc: Guilherme Correia
> Subject: RE: Ping the subnet address
>
>
>
> Tom,
>
>
>
> I'd be -very- hesitant to put an ACL blocking all broadcasts in a
> production environment. Guilherme may have all kinds of services running
> over this network, and blocking broadcasts may bust a lot of other
> things.
>
>
>
> Thanks!
>
> Ken
>
>
>
> ________________________________
>
> From: nobody@groupstudy.com on behalf of Tom Martin
> Sent: Fri 7/2/2004 10:55 AM
> To: ccielab@groupstudy.com
> Cc: Guilherme Correia
> Subject: RE: Ping the subnet address
>
> Hello,
>
> You didn't include any excerpts from your packet capture, but I
> recreated the scenario using "debug ip packet" instead of using a packet
> capture. When you ping the all-zeroes or all-ones broadcast address, the
> pinging router actually sends packets out to destination
> 255.255.255.255, not the IP that you specified!
>
> Sending router debug output:
>
> r2#ping 192.168.12.0
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.12.0, timeout is 2 seconds:
>
> Mar 15 02:48:12.975: IP: s=192.168.12.2 (local), d=255.255.255.255
> (FastEthernet0), len 100, sending broad/multicast
> Mar 15 02:48:12.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
> (FastEthernet0), len 100, rcvd 3
> Reply to request 0 from 192.168.12.1, 4 ms
> Mar 15 02:48:14.975: IP: s=192.168.12.2 (local), d=255.255.255.255
> (FastEthernet0), len 100, sending broad/multicast
> Mar 15 02:48:14.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
> (FastEthernet0), len 100, rcvd 3
> Reply to request 1 from 192.168.12.1, 4 ms
> Mar 15 02:48:16.975: IP: s=192.168.12.2 (local), d=255.255.255.255
> (FastEthernet0), len 100, sending broad/multicast
> Mar 15 02:48:16.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
> (FastEthernet0), len 100, rcvd 3
> Reply to request 2 from 192.168.12.1, 4 ms
> Mar 15 02:48:18.975: IP: s=192.168.12.2 (local), d=255.255.255.255
> (FastEthernet0), len 100, sending broad/multicast
> Mar 15 02:48:18.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
> (FastEthernet0), len 100, rcvd 3
> Reply to request 3 from 192.168.12.1, 4 ms
> Mar 15 02:48:20.975: IP: s=192.168.12.2 (local), d=255.255.255.255
> (FastEthernet0), len 100, sending broad/multicast
> Mar 15 02:48:20.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
> (FastEthernet0), len 100, rcvd 3
> Reply to request 4 from 192.168.12.1, 4 ms
> r2#
>
> Confirmation that 255.255.255.255 is the destination, output from the
> receiving router:
>
> r1#
> *Mar 1 00:30:00.339: IP: s=192.168.12.2 (Ethernet1/0),
> d=255.255.255.255, len 100, rcvd 2
> *Mar 1 00:30:00.339: IP: s=192.168.12.1 (local), d=192.168.12.2
> (Ethernet1/0),len 100, sending
> *Mar 1 00:30:02.339: IP: s=192.168.12.2 (Ethernet1/0),
> d=255.255.255.255, len 100, rcvd 2
> *Mar 1 00:30:02.339: IP: s=192.168.12.1 (local), d=192.168.12.2
> (Ethernet1/0),len 100, sending
> *Mar 1 00:30:04.339: IP: s=192.168.12.2 (Ethernet1/0),
> d=255.255.255.255, len 100, rcvd 2
> *Mar 1 00:30:04.339: IP: s=192.168.12.1 (local), d=192.168.12.2
> (Ethernet1/0),len 100, sending
> *Mar 1 00:30:06.339: IP: s=192.168.12.2 (Ethernet1/0),
> d=255.255.255.255, len 100, rcvd 2
> *Mar 1 00:30:06.339: IP: s=192.168.12.1 (local), d=192.168.12.2
> (Ethernet1/0),len 100, sending
> *Mar 1 00:30:08.339: IP: s=192.168.12.2 (Ethernet1/0),
> d=255.255.255.255, len 100, rcvd 2
> *Mar 1 00:30:08.339: IP: s=192.168.12.1 (local), d=192.168.12.2
> (Ethernet1/0),len 100, sending
> r1#
>
> To answer your question on how to stop it (assuming you still want to do
> so), just use an access-list. I used:
>
> access-list 100 deny ip any host 255.255.255.255
> access-list 100 permit ip any any
> interface Ethernet1/0
> ip access-group 100 in
>
> That resulted in failed pings from the sending side and the following
> output from the receiving side:
>
> *Mar 1 00:32:05.739: IP: s=192.168.12.2 (Ethernet1/0),
> d=255.255.255.255, len 100, access denied
> *Mar 1 00:32:07.739: IP: s=192.168.12.2 (Ethernet1/0),
> d=255.255.255.255, len 100, access denied
> *Mar 1 00:32:09.739: IP: s=192.168.12.2 (Ethernet1/0),
> d=255.255.255.255, len 100, access denied
> *Mar 1 00:32:11.739: IP: s=192.168.12.2 (Ethernet1/0),
> d=255.255.255.255, len 100, access denied
> *Mar 1 00:32:13.739: IP: s=192.168.12.2 (Ethernet1/0),
> d=255.255.255.255, len 100, access denied
>
> -- Tom
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Guilherme Correia
> Sent: Friday, July 02, 2004 9:36 AM
> To: ccielab@groupstudy.com
> Subject: Ping the subnet address
>
> Hi
>
> I am experiencing this weird issue that when I ping the subnet address,
> one
> of the routers respond.
> For example, when I ping 172.24.18.4 (subnet 172.24.18.4/30) one of the
> routers with an interface on the subnet responds:
>
> 7204-1#ping 172.24.18.4
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 206.24.18.4, timeout is 2 seconds:
>
> Reply to request 0 from 172.24.18.5, 1 ms
> Reply to request 1 from 172.24.18.5, 1 ms
> Reply to request 2 from 172.24.18.5, 1 ms
> Reply to request 3 from 172.24.18.5, 1 ms
> Reply to request 4 from 172.24.18.5, 1 ms
>
> How can I stop this?
>
> TIA
>
> _________________________________________________________________
> MSN Premium includes powerful parental controls and get 2 months FREE*
>
> http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU
> =http://hotmail.com/enca&HL=Market_MSNIS_Taglines
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _________________________________________________________________
> MSN Premium includes powerful parental controls and get 2 months FREE*
>
> http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU
> =http://hotmail.com/enca&HL=Market_MSNIS_Taglines
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _________________________________________________________________
> Free yourself from those irritating pop-up ads with MSn Premium. Get
> 2months
> FREE*
> http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU
> =http://hotmail.com/enca&HL=Market_MSNIS_Taglines
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:45 GMT-3