J. Johnson wrote: > > J. Johnson wrote: > > > > It looks like the switch is not forwarding the > > packets to the router for some reason, even though it does > forward packets > > for other 10.0.0.X addresses. > > > What I wrote above is not correct. (I was sniffing an unused > port on the > switch which I thought was properly set up to mirror the other > ports. > Somehow it was set up incorrectly. Apologies for the error.) > The icmp > echo request packets get to the linux router on the trunk via > vlan 5, and > back out to the switch on the trunk on vlan 7. They then go > from the > switch to the 3600 router, and back out to the switch. > > All this is as it should be - packets go from oreilly.net to > the default > router, the linux router, which then forwards them to its > default router, > the 3600, which routes them according to its table.
You gotta get it to stop doing that! ;-) Seriously, why doesn't the Linux router-on-a-stick know that the destination is local, on VLAN 7? Shouldn't it know not to send this packet to another router? It should just ARP for the destination and send the packet, perhaps tagged for VLAN 7. > The 3600's > table says > that 10.0.0.6 is directly connected to the same port that the > packet > arrived on, so it returns the packet to the switch. > > Now the packet stalls. My guess is that this packet didn't stall. The ping (echo request) made it to its destination, the switch. > The switch sends out an arp request I bet that's so it can send the ping reply. > onto vlan 7 for VLAN 7! ;-) Of course, it is in fact seeing that IP address coming in on VLAN 7, so maybe it assumes that's where the address is really located and ARPs to there. The source IP address has been remaining the same throughout all this, though the MAC addresses have been changing. It sees the source IP address for oreilly come in on VLAN 7. Could that be confusing it? I don't think it should, but it might. > the MAC of the box on oreilly.net that originally sent out the > packet. Of > course, there is no reply, since oreilly.net is on vlan 5. > > The only way I see to fix this is to enable proxy arp (is that > the cisco > terminology too?) on one of the routers. Cisco has proxy ARP, but it's on by default. You should see if "no ip proxy-arp" is in the config of the 3600. I'm having a hard time seeing how Proxy ARP would help anyway. It would get even more convoluted then! :-) But perhaps you have this figured out. > Is there a better way > to handle > this? Redesign? Seriously, couldn't your inter-VLAN router be the 3600 instead of the Linux box? That might not fix the problem though. I guess we haven't yet asked you the obvious question. Can you send us the config for your 2950? Can't guarantee anyone will have time to look at it though. But I have a nagging suspicion at this point that it's the culprit. Sorry I don't have a better answer! Priscilla > > James > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64038&t=63789 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
