Mailing List Archive

Routing problem
Hi guys,

A Foundry newb here, but having a major routing issue.

We put an RX-16 into place last night and all seemed good as we tested
inbound and outbound routes to the system from various points around the

However, this morning, several diverse locations are unable to access the
system. We have a *very* simple (maybe too simple) setup.

We have port 1/1 and 3/1 connected via HSRP to the ISP. We have ports 1/2
and 3/2 connected to a firewall. All ports are in a Layer 2 VLAN ID 4000.

We have two internal public subnets (one /24 and one /28) that are supposed
to *route* to the ISP, so we simply added the IP of the routed interface to
1/1 and then added a static route for all traffic ( to point
to the ISP. This seemed to work in the initial tests, but now hundreds of
users are blocked by our system, seemingly from certain ISPs.

Have we committed a routing faux pas by using the static route as our
default gateway? Any help is appreciated.


David Lawson
Re: Routing problem [ In reply to ]
You're exactly right! Works great.

-----Original Message-----
From: Igor Ybema []
Sent: Thursday, March 22, 2012 1:16 PM
To: David Lawson
Subject: Re: [f-nsp] Routing problem

> Have we committed a routing faux pas by using the static route as our
> default gateway?  Any help is appreciated.

If I understand correctly you have connected 1/1 AND 3/1 to your ISP (via
HSRP on their side). However, you have only configured 1/1 as a routing
interface. This means that all traffic from your ISP received on 3/1 is
being dropped as this interface does not know how to handle the traffic.

You should create a routing virtual interface in your vlan 4000
('router-interface ve 1') and configure your ISP routing IP-net in that
interface (int ve 1) and NOT on the interface 1/1. That interface and
interface 3/1 should only be switch ports in vlan 4000. (vlan 4000
-> untag e 1/1 e 3/1).
Or you could also use HSPR (VRRP in non-cisco terms) on your router and
configure it on interface 1/1 and 3/1. But I don't see why you would want
this because you have only one router which is already the SPOF.

regards, Igor

foundry-nsp mailing list