|
Posted by christian maier on June 20, 2009, 5:54 am
Please log in for more thread options
Hi!
I have a very strange problem with 2 cisco routers connected over
layer 2 cisco switches (catalyst 6500).
Both routers are connected over a VLAN and they see each others
IP- and MAC-address in the arp cache (they can ping each other).
But when I traceroute from one to the other, I see a an additional hop
* * * before I see the ip-address of the other end (this happens on
both routers). Also when I mirror the switchports where the routers
are connected, I only see traceroute udp packets with TTL=2.
I do not see the TTL=1 packets, because of this strange internal hop.
This causes big problems with HSRP, because HSRP has TTL=1.
And this first hop is this internal hop, so HSRP packets
never come to the switch (and not to the other router).
Any ideas?
Thanks.
Christian
|
|
Posted by Christian Maier on July 5, 2009, 12:05 am
Please log in for more thread options
It was the IPS (Intrusion Prevention System)!
This blocked UDP with TTL=1.
> Hi!
> I have a very strange problem with 2 cisco routers connected over
> layer 2 cisco switches (catalyst 6500).
> Both routers are connected over a VLAN and they see each others
> IP- and MAC-address in the arp cache (they can ping each other).
> But when I traceroute from one to the other, I see a an additional hop
> * * * before I see the ip-address of the other end (this happens on both
> routers). Also when I mirror the switchports where the routers
> are connected, I only see traceroute udp packets with TTL=2.
> I do not see the TTL=1 packets, because of this strange internal hop.
> This causes big problems with HSRP, because HSRP has TTL=1.
> And this first hop is this internal hop, so HSRP packets
> never come to the switch (and not to the other router).
> Any ideas?
> Thanks.
> Christian
>
|
| Similar Threads | Posted |
| additional hop in layer2 connection | June 20, 2009, 5:54 am |
| QoS for layer2? | August 7, 2006, 10:58 am |
| VLAN over Layer2/3 Help... | August 8, 2005, 9:08 am |
| Adding an additional route to a PIX 525? | March 6, 2007, 8:32 am |
| 2821 - additional ports | March 5, 2007, 9:03 am |
| additional web-auth authorization | August 22, 2010, 9:22 am |
| Managing ASA55xx with additional software | August 8, 2006, 11:28 am |
| Extending Cisco 2612 with additional FastEthernet | August 14, 2005, 2:04 pm |
| Adding additional routes to a VPN client (PIX515E and Cisco client) | October 28, 2006, 8:17 pm |
| Failover and Load balancing with 1 Cable connection and one T1 connection on Cisco 2801 router | November 13, 2006, 2:23 pm |
| VPN connection issue; no data passing after connection | August 22, 2007, 11:37 am |
| E1 connection | November 25, 2005, 7:13 pm |
| FXO to FXO connection | December 18, 2006, 6:51 am |
| PIX 501 and Connection to Company VPN. | July 24, 2005, 9:07 am |
| Connection reset ! | September 1, 2005, 5:53 pm |
additional hop in layer2 connection
Yahoo!
Google
Windows Live
del.icio.us
digg
Netscape
> I have a very strange problem with 2 cisco routers connected over
> layer 2 cisco switches (catalyst 6500).
> Both routers are connected over a VLAN and they see each others
> IP- and MAC-address in the arp cache (they can ping each other).
> But when I traceroute from one to the other, I see a an additional hop
> * * * before I see the ip-address of the other end (this happens on both
> routers). Also when I mirror the switchports where the routers
> are connected, I only see traceroute udp packets with TTL=2.
> I do not see the TTL=1 packets, because of this strange internal hop.
> This causes big problems with HSRP, because HSRP has TTL=1.
> And this first hop is this internal hop, so HSRP packets
> never come to the switch (and not to the other router).
> Any ideas?
> Thanks.
> Christian
>