cisco gurus help, routers can't ping each other

[alpineranger]

I've got two routers connected back to back with copper gigabit ethernet interfaces. All the lights are on, the interface on each router show as up, and when I shut the interface on one router, the corresponding interface on the other router goes down.

My problem is that I cannot ping a router from the other one. Each router can ping it's own ip address when the interface is up, but cannot ping the other router. I've turned icmp debugs on and don't see any activity.

However, if I create a subinterface under each of those interfaces and set a dot1Q vlan tag, I can ping from the adjacent router using the ip address in the subinterface as the destination.

Anyone have a clue why this is so?

 

[freegeeks]

give us the show run output so we can see the config on both interfaces

i assume that both interfaces are in the same IP subnet?

 

[alpineranger]

Interfaces are both on the same ip subnet. Config is pretty basic. Connected interface on the other routers have ips: 10.1.1.3 and 200.1.1.1 respectively:


version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname router2
!
boot-start-marker
boot-end-marker
!
shell processing full
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
redundancy
notification-timer 30000
mode sso
!
!
!
!
!
ip tftp source-interface GigabitEthernet0
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/1
ip address 10.1.1.2 255.255.255.0
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1/1.1
encapsulation dot1Q 1 native
ip address 200.1.1.2 255.255.255.0
!
interface TenGigabitEthernet0/2/0
no ip address
shutdown
!
interface TenGigabitEthernet0/3/0
no ip address
shutdown
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 196.168.1.10 255.255.0.0
negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
service-routing
no service-routing capabilities-manager
logging esm config
cdp run
!
!
!
control-plane
!
!
!
!
!
line con 0
stopbits 1
line vty 0 4
login
!
exception data-corruption buffer truncate
end

 

[Ghiedo27]

Are you trying to ping the near or far side IP of the other router? Do you have a routing protocol set up?

 

[Jamsan]

The connected interfaces on the routers need to be on the same subnet. If one router's interface is in 10.1.1.3 /24, the other needs to be 10.1.1.x /24 as well.

The reason your subinterface on the router works is because the IP you gave it is on the same subnet as Router 2.

Also, it's a waste using a /24 when connecting 2 routers together. Use a /30 to conserve address space (whether this is real world or not).

Are you trying to ping the near or far side IP of the other router? Do you have a routing protocol set up?

It's not necessary to have a routing protocol setup for 2 routers that are directly connected. Routes are automatically added for directly connected interfaces.

 

[alkemyst]

QFT...the same connection works in one instance because the subinterance is on the same subnet, the main interface not.

You could get it to work with simple:
from the configure terminal...

router rip
network 10.0.0.0

on both sides.

 

[Ghiedo27]

It's not necessary to have a routing protocol setup for 2 routers that are directly connected. Routes are automatically added for directly connected interfaces.

Don't you need to have a route set up to connect the 200.2.2.0 network to 10.1.1.0? That's why I was asking if he was trying to ping the near or far 'side' of the router. I'm assuming that 10.1.1.2 is going out to the ISP and there's a 200.1.1.1 address on the "inside" interface for the router, but the router he's trying to ping from doesn't have route information to the network on the other side. I imagine a tracert would show the response from the intermediary since layer 1 and 2 are showing as up.

*disclaimer* I'm just trying to learn this stuff now. I just figure that I may as well take advantage of the number of people on the internet willing to tell you you're wrong for free. :biggrin:

 

[alkemyst]

Directly connected or not, they cannot talk on different subnets until a routing protocol is established.

 

[alpineranger]

Both connected interfaces are on the same subnet:

Interface: Router1: Router 2:
GigabitEthernet0/1/1 10.1.1.3/24 10.1.1.2/24
GigabitEthernet0/1/1.1 200.1.1.1/24 encap dotq1 1 200.1.1.2/24 encap dot1q 1

Why does the subinterfaceinterface work but the main interface does not? That is, from router 2 I can ping 200.1.1.1 but not 10.1.1.3. The interfaces are directly connected, and I'm only trying to ping between these two routers. The routers are not connected to anything besides each other. This means I shouldn't need any routing protocol or any static route set up, this is purely a L2 connected situation.

I believe I've gotten this to work before, but I normally use ios software simulators and not real routers.

I'm not trying to ping "across different subnets" That is, I'm using a simple ping <ip address of the other router> command, so the ping should be sent from the interface in the same subnet. I would put all the addresses in the same subnet but that is an invalid configuration.



router2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, &#37; - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, GigabitEthernet0/1/1
L 10.1.1.2/32 is directly connected, GigabitEthernet0/1/1
200.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 200.1.1.0/24 is directly connected, GigabitEthernet0/1/1.1
L 200.1.1.2/32 is directly connected, GigabitEthernet0/1/1.1
router2#ping 10.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
router2#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
router2#ping 200.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
router2#ping 200.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

 

[Jamsan]

Can you best up both configs? Your earlier post only had the first router's.

 

[alpineranger]

Here's the other router configuration. Like I said, they're basically identical.


version 15.1
service timestamps log datetime msec
service internal
no platform punt-keepalive disable-kernel-core
platform shell
!
hostname router1
!
!
boot-start-marker
boot-end-marker
!
shell processing full
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable password XXXXXXXX
!
no aaa new-model
no process cpu autoprofile hog
!
!
!
!
!
!
!
no ip domain lookup
ip host vrf Mgmt-intf dirt 20.0.0.2
ip multicast-routing distributed
!
!
no ipv6 source-route
ipv6 nd nsf convergence 10
ipv6 unicast-routing
!
!
!
!
!
!
mpls oam
echo revision 4
mpls traffic-eng tunnels
!
!
!
!
redundancy
notification-timer 30000
mode sso
bfd fast-timers-on-slow-interface
!
!
!
!
!
interface Loopback0
ip address 192.168.0.1 255.255.255.255
!
interface POS0/1/0
no ip address
shutdown
!
interface POS0/1/1
no ip address
shutdown
!
interface GigabitEthernet0/2/0
ip address 10.1.1.3 255.255.255.0
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2/0.1
encapsulation dot1Q 1 native
ip address 200.1.1.1 255.255.255.0
!
interface GigabitEthernet0/2/1
no ip address
shutdown
media-type sfp
negotiation auto
!
interface GigabitEthernet0/3/0
no ip address
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet0/3/1
no ip address
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 172.27.55.223 255.255.0.0
negotiation auto
!
y
!
no ip http server
no ip http secure-server
!
service-routing
no service-routing capabilities-manager
logging esm config
cdp run
!
!
!
control-plane
!
!
!
!
!
line con 0
stopbits 1
line vty 0 4
login
!
exception data-corruption buffer truncate
end

 

[Jamsan]

No reason that shouldn't work.. Can you do a few more shows:

show ip int brief

show interface of both gigabit interfaces on the routers (show int gi0/1/1, show int gi0/2/0)

 

[alpineranger]

router2#show ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/0/1.1 unassigned YES manual deleted down
GigabitEthernet0/1/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/1/1 10.1.1.2 YES NVRAM up up
GigabitEthernet0/1/1.1 200.1.1.2 YES manual up up
Te0/2/0 unassigned YES NVRAM administratively down down
Te0/3/0 unassigned YES NVRAM administratively down down
GigabitEthernet0 192.168.1.10 YES NVRAM up up

router2#show int GigabitEthernet 0/1/1
GigabitEthernet0/1/1 is up, line protocol is up
Hardware is SPA-2X1GE-V2, address is 0023.049d.5211 (bia 0023.049d.5211)
Internet address is 10.1.1.2/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is RJ45
output flow-control is off, input flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:04:06, output 00:07:11, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
30855 packets input, 7442955 bytes, 0 no buffer
Received 16 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 71 multicast, 0 pause input
30859 packets output, 1669276 bytes, 0 underruns


router1#show ip int brief
Interface IP-Address OK? Method Status Protocol
POS0/1/0 unassigned YES NVRAM administratively down down
POS0/1/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/2/0 10.1.1.3 YES manual up up
GigabitEthernet0/2/0.1 200.1.1.1 YES manual up up
GigabitEthernet0/2/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/3/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/3/1 unassigned YES NVRAM administratively down down
GigabitEthernet0 192.168.1.9 YES NVRAM up up
Loopback0 192.168.0.1 YES NVRAM up up

router1#show int GigabitEthernet 0/2/0
GigabitEthernet0/2/0 is up, line protocol is up
Hardware is SPA-2X1GE-V2, address is 001a.3044.7620 (bia 001a.3044.7620)
Internet address is 10.1.1.3/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is RJ45
output flow-control is off, input flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:39, output 00:06:33, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
31128 packets input, 1872172 bytes, 0 no buffer
Received 207 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 86 multicast, 0 pause input
31601 packets output, 7485803 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

 

[alkemyst]

I don't know if you can set up the interface directly when using subinterfaces.

I have always done it with the no ip address.

I'd imagine logically it's having issues with the subinterfaces configured with dot1q.

Maybe throw in a trunk command and see.

 

[spidey07]

Quickly scanning - once you do the subinterface and define the 802.1q tag to put on it (none in this case as you've made the native vlan 1 anything else on that interface will use dot1q. Since you haven't specified what vlan to tag it at the INT level it doesn't know what to do with it.

There's no reason to be using sub ints or dot1q unless you need it. Remove all sub-ints, all dot1q, make sure the interfaces are on the same subnet and if you still can't ping something is very wrong. Check if you're getting arp entry for far end. Also make sure there's no trunking on the switchports used.

 

[alkemyst]

it's going to need a trunk to have those talk.

 

[alpineranger]

This is a router, not a switch, there's no trunking and no switchport commands.

Spidey, you got it. It was the fact that I was configuring vlan 1 (native) on subinterface. I'd never seen that native parameter before (I have very limited ios experience on real hardware), and I didn't configure it explicitly, so I was a bit confused as to what it meant. I only chose vlan 1 for convenience. Changing it to another value fixed everything. I was really getting puzzled why I wasn't seeing any packets or any arp requests on the other end, this behavior was not very intuitive.

 

[alkemyst]

I thought it was a router to switch.

 

[alpineranger]

No, they are two identical routers connected back to back. Even so, there'd be no way to configure trunking on the router end. I'd be willing to test it out, but I don't have access to a switch.