Duplicate IP on a default gateway interface = Bad

I just had an entire VLAN drop out due to a host being brought onto the network that had been erroneously configured with a static IP that happened to be in conflict with the HSRP default gateway IP of the core switch; fortunately, we were able to remove the offending host and reconfigure default gateways as a workaround until the core switch's ARP table updated.
Is there any way to configure a 6500 running IOS to inhibit or block a conflicting IP (especially one with a gateway IP) by using a static ARP entry or other authoritative command?
Thanks,
Marc

Hi,
You may use the following.
enable Unicast Reverse Path Forwarding on an interface. Unicast RPF guards against IP spoofing (a packet uses an incorrect source IP address to obscure its true source) by ensuring that all packets have a source IP address that matches the correct source interface according to the routing table.
Normally, the FWSM only looks at the destination address when determining where to forward the packet. Unicast RPF instructs the FWSM to also look at the source address; this is why it is called Reverse Path Forwarding. For any traffic that you want to allow through the FWSM, the FWSM routing table must include a route back to the source address. See RFC 2267 for more information.
For outside traffic, for example, the FWSM can use the default route to satisfy the Unicast RPF protection. If traffic enters from an outside interface, and the source address is not known to the routing table, the FWSM uses the default route to correctly identify the outside interface as the source interface.
If traffic enters the outside interface from an address that is known to the routing table, but is associated with the inside interface, then the FWSM drops the packet. Similarly, if traffic enters the inside interface from an unknown source address, the FWSM drops the packet because the matching route (the default route) indicates the outside interface.
Unicast RPF is implemented as follows:
?ICMP packets have no session, so each packet is checked.
?UDP and TCP have sessions, so the initial packet requires a reverse route lookup. Subsequent packets arriving during the session are checked using an existing state maintained as part of the session. Non-initial packets are checked to ensure they arrived on the same interface used by the initial packet.
To enable Unicast RPF, enter the following command:
hostname(config)# ip verify reverse-path interface interface_name
http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a0080577c66.html#wp1042625
It may be useful..
Rgrds
Rajeev.S

Similar Messages

Physical interface Default Gateway connecting VPN with AnyConnect

When I connect vpn with AnyConnect, I can't see default gateway on Physical Interface.
before connect vpn
==========================================
C:\WINDOWS\system32>ipconfig
Windows IP Configuration
Ethernet adapter Local Area
        Connection-specific DNS Suffix . :
        IP Address. . . . . . . . . . . . : 10.1.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.1.1.10
after connect vpn with anyconnect
==========================================
C:\WINDOWS\system32>
C:\WINDOWS\system32>ipconfig
Windows IP Configuration
Ethernet adapter Local Area
        Connection-specific DNS Suffix . :
        IP Address. . . . . . . . . . . . : 10.1.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :'Can't see default gateway'
Is this the specification of Anyconnect?

Nyanko,
This will happen when you are using tunnel all as the split tunneling policy, the computer will encrypt all the traffic so the default gateway will be removed from the physical connection and placed into the virtual adapter. If you take a look at the routing table you will see that what really happens is that the original default route's metric will be changed so that it is higher than the one injected by the virtual adapter, once you disconnect it should go back to normal.
Further information on split tunneling:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080975e83.shtml
HTH
Jonnathan

Default Gateway when connected to VPN

Thanks for reading!
This is probably a dump question so bear with me...
I have set up a VPN connection with a Cisco ASA 5505 fronting internet, with the customers environment behind it (on the same subnet), When connected ot the VPN I can reach the inside Router fronting me and one switch behind the Router (every switch is connected to the router), but nothing else.
My beet is that the Router is messing with my connection, but,, nevermind that!, the setup ain't complete anyway... my question is more related to the Gateway I'm missing when I'm, from the outside, is connected to the VPN on the ASA, could this mess it up? Shouldn't I have a Standard-Gateway in the ipconfig settings in windows?
This is who it looks like now:
        Anslutningsspecifika DNS-suffix . : VPNOFFICE
        IP-adress . . . . . . . . . . . . : 10.10.10.1
        Nätmask . . . . . . . . . . . . . : 255.255.255.0
        Standard-gateway . . . . . . . . :
The internal network is :
172.16.12.0 255.255.255.0
Below is my config for the ASA, thanks a lot!!!!!!!
!FlASH PÅ ROUTERN FRÅN BÖRJAN
!asa841-k8.bin
hostname DRAKENSBERG
domain-name default.domain.invalid
enable password XXXXXXX
names
interface Vlan1
nameif inside
security-level 100
ip address 172.16.12.4 255.255.255.0
interface Vlan10
nameif outside
security-level 0
ip address 97.XX.XX.20 255.255.255.248
interface Ethernet0/0
switchport access vlan 10
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list nonat extended permit ip 172.16.12.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list MSS_EXCEEDED_ACL extended permit tcp any any
access-list VPN-SPLIT-TUNNEL remark VPN SPLIT TUNNEL
access-list VPN-SPLIT-TUNNEL standard permit 172.16.12.0 255.255.255.0
tcp-map MSS-MAP
exceed-mss allow
pager lines 24
logging enable
logging timestamp
logging buffer-size 8192
logging console notifications
logging buffered notifications
logging asdm notifications
mtu inside 1500
mtu outside 1500
ip local pool VPN 10.10.10.1-10.10.10.40 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-625-53.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 172.16.12.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 97.XX.XX.17 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 172.16.12.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 172.16.12.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
group-policy VPNOFFICE internal
group-policy VPNOFFICE attributes
dns-server value 215.122.145.18
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN-SPLIT-TUNNEL
default-domain value VPNOFFICE
split-dns value 215.122.145.18
msie-proxy method no-proxy
username admin password XXXXXX privilege 15
username Daniel password XXXXX privilege 0
username Daniel attributes
vpn-group-policy VPNOFFICE
tunnel-group VPNOFFICE type remote-access
tunnel-group VPNOFFICE general-attributes
address-pool VPN
default-group-policy VPNOFFICE
tunnel-group VPNOFFICE ipsec-attributes
pre-shared-key XXXXXXXXXX
class-map MSS_EXCEEDED_MAP
match access-list MSS_EXCEEDED_ACL
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp error
inspect pptp
inspect ipsec-pass-thru
inspect icmp
class MSS_EXCEEDED_MAP
set connection advanced-options MSS-MAP
service-policy global_policy global
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
Cryptochecksum:aaa1f198bf3fbf223719e7920273dc2e
: end

I didn't realise I had that crypto settings on, thanks my bad!!!
But... the 172.16.12.0 network is directly connected, the Router (that to be honest is a firewall) / switches is all on the same subnet (172.16.12.X/24), so sorry I didn't explain thoroughly, was more wondering about the GW and didn't want to overcomplicate things..
The Firewall/Router dosen't do any routing, so it should work right (I you count out the firewalling in the firewall and so forth, there shouldn't be any problems accomplishing this with the ASA)? The Firewall is more a DHCP for the clients/Firwall for the clients.. this will change in the future.. it will be removed,
the vpn network is staticly routed back to my ASA in that firewall...
I don't like this solution.. but this is who it looks.. for now..
(VPN network is 10.10.10.X/24)
But... shouldn't I see a default gateway under ipconfig when I'm connected to the VPN from internet, on the vpn client that's vpned in, is this correct?
THANKS for all the help!

Set default gateway on headless server (via ssh)

I'm trying to configure one of the two ethernet interfaces on a headless Xserve. I managed to give it an address and subnet mask with ifconfig, but I can't figure out how to give it a default gateway or dns server.
I tried using this:
sudo route add default gw xxx.xxx.xxx.xxx en0
but I got the error 'route: bad address: gw'
is there something wrong with my syntax, or does this just not work on OS X?

Something's wrong with your syntax
Try:
<pre class=command>sudo route add default a.b.c.d</pre>
The keyword 'gw' is not needed, and you also don't need to specify an interface since the OS should be able to work it out from the IP address(es) assigned to your interface(s).

Setting permanent default gateway in OEL 6

Hello,
how can a default gateway be set permanently in OEL6?
At the moment I am setting iit manually every time the machine or the network service is restarted:
$ /sbin/route add -net default gw IPADDRESSThanks on advance.
Angel

Hi again,
looks like we managed to achieve the target following the steps in section 4.4 of the Deployment manual at http://linux.oracle.com/documentation/EL6/Red_Hat_Enterprise_Linux-6-Deployment_Guide-en-US.pdf. The link you provided was pointing to Development manual.
I created a file /etc/sysconfig/network-scripts/route-bond0.764 with the following content:
0.0.0.0/0 via 10.7.79.250 dev bond0.764Using the "network/netmask" format. That way it works all right:
$netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.7.79.250 0.0.0.0 UG 0 0 0 bond0.764Just for FYI, first of all I tried with the following content:
default 10.7.79.250 dev bond0.764But when bouncing the network service, I was getting this error:
Bringing up interface bond0.764: Error: either "to" is a duplicate, or "10.7.79.250" is a garbage.'Not sure which was the reason for this error anyway.
Looks like when using channel bonding, gateway specification in the usual files (/etc/sysconfig/network or /etc/sysconfig/network-scripts/ifcfg-bond* ) makes no effect for any reason.
Let me know if I can do something to find out why it makes no effect.
Thanks a lot for you help.
Angel
Let me know if I can help

The Default Gateway Is Not Available / Problem

Hello, I recently purchased this HP Pavileon laptop, and I've been encountering this problem very often (every 2-10 minutes). This problem is getting extremely frustrating as absolutely nobody has been able to provide a fix for this issue.
When the laptop is on battery mode (this does not happen when plugged in); I commonly get disconnected from my wi-fi connection and to fix it, I must run the troubleshooter. This temporarily fixes the issue by resetting the wi-fi adapter.
What I have tried and has not worked:
* Turn off to save power option in the driver settings (in Device Manager) untickets
* Updated drivers
* New power plan
* Tried different drivers
* Complete system restore
The wireless adapter is Realtek RTL 8188EE. Upon running the troubleshooter, this is all the information from the detailed information section:
Windows Network Diagnostics
Publisher details
Issues foundThe default gateway is not available
The default gateway is not availableThe default gateway is a device that connects a local network or computer to the Internet. A broadband modem or router is usually the default gateway.
Fixed
Reset the "WiFi" adapter
Completed
Investigate router or broadband modem issues
Not run
Issues found
Detection details
6The default gateway is not availableFixed
The default gateway is a device that connects a local network or computer to the Internet. A broadband modem or router is usually the default gateway.
Reset the "WiFi" adapterCompleted
This can sometimes resolve an intermittent problem.
Network Diagnostics LogFile Name: 2D0FE1F0-C2C2-43B5-A857-2D2B3C4B8A51.Repair.1.etl Investigate router or broadband modem issuesNot run
If you're connected to a hotspot or domain network, contact the network administrator. Otherwise: 1. Unplug or turn off the device. 2. Once all the lights on the device are off, wait at least 10 seconds. 3. Turn the device on or plug it back in to the power outlet. To restart a router or modem that has a built-in battery, press and quickly release the Reset button.
Detection details
Diagnostics Information (Network Adapter)
Details about network adapter diagnosis:
Network adapter WiFi driver information:
Description . . . . . . . . . . : Realtek RTL8188EE 802.11b/g/n Wi-Fi Adapter
Manufacturer . . . . . . . . . : Realtek Semiconductor Corp.
Provider . . . . . . . . . . . : Realtek Semiconductor Corp.
Version . . . . . . . . . . . : 2012.2.827.2013
Inf File Name . . . . . . . . . : C:\WINDOWS\INF\oem8.inf
Inf File Date . . . . . . . . . : 12 September 2013 10:17:00
Section Name . . . . . . . . . : HP8188ee.ndi
Hardware ID . . . . . . . . . . : pci\ven_10ec&dev_8179&subsys_197d103c
Instance Status Flags . . . . . : 0x180200a
Device Manager Status Code . . : 0
IfType . . . . . . . . . . . . : 71
Physical Media Type . . . . . . : 9
Diagnostics Information (Wireless Connectivity)
Details about wireless connectivity diagnosis:
Information for connection being diagnosed
Interface GUID: 7c04789b-0b43-472c-abd6-a84cb31e9053
Interface name: Realtek RTL8188EE 802.11b/g/n Wi-Fi Adapter
Interface type: Native WiFi
Connection incident diagnosed
Auto Configuration ID: 1
Connection ID: 1
Connection status summary
Connection started at: 2014-07-24 04:19:49-759
Profile match: Success
Pre-Association: Success
Association: Success
Security and Authentication: Success
List of visible access point(s): 0 item(s) total, 0 item(s) displayed
Connection History
Information for Auto Configuration ID 1
List of visible networks: 1 item(s) total, 1 item(s) displayed
BSS Type PHY Security Signal(RSSI) Compatible SSID
Infra <unknown> Yes 100 Yes Matt
List of preferred networks: 1 item(s)
Profile: Matt
SSID: Matt
SSID length: 4
Connection mode: Infra
Security: Yes
Set by group policy: No
Connect even if network is not broadcasting: No
Connectable: Yes
Information for Connection ID 1
Connection started at: 2014-07-24 04:19:49-759
Auto Configuration ID: 1
Profile: Matt
SSID: Matt
SSID length: 4
Connection mode: Infra
Security: Yes
Pre-Association and Association
Connectivity settings provided by hardware manufacturer (IHV): No
Security settings provided by hardware manufacturer (IHV): No
Profile matches network requirements: Success
Pre-association status: Success
Association status: Success
Last AP: 98-fc-11-88-61-b8
Security and Authentication
Configured security type: WPA2-PSK
Configured encryption type: CCMP(AES)
802.1X protocol: No
Key exchange initiated: Yes
Unicast key received: Yes
Multicast key received: Yes
Number of security packets received: 0
Number of security packets sent: 0
Security attempt status: Success
Connectivity
Packet statistics
Ndis Rx: 34302
Ndis Tx: 32619
Unicast decrypt success: 0
Multicast decrypt success: 0
Unicast decrypt failure: 0
Multicast decrypt failure: 0
Rx success: 0
Rx failure: 0
Tx success: 0
Tx failure: 0
Tx retry: 0
Tx multiple retry: 0
Tx max lifetime exceeded: 0
Tx ACK failure: 0
Roaming history: 0 item(s)
Diagnostics Information (Wireless Connectivity)
Details about wireless connectivity diagnosis:
For complete information about this session see the wireless connectivity information event.
Helper Class: Auto Configuration
Initialise status: Success
Information for connection being diagnosed
Interface GUID: 7c04789b-0b43-472c-abd6-a84cb31e9053
Interface name: Realtek RTL8188EE 802.11b/g/n Wi-Fi Adapter
Interface type: Native WiFi
Result of diagnosis: There may be problem
Diagnostics Information (Wireless Network Adapter)
Details about wireless network adapter diagnosis:
For complete information about this session see the wireless connectivity information event.
Helper Class: Native WiFi MSM
Initialise status: Success
Information for connection being diagnosed
Interface GUID: 7c04789b-0b43-472c-abd6-a84cb31e9053
Interface name: Realtek RTL8188EE 802.11b/g/n Wi-Fi Adapter
Interface type: Native WiFi
Profile: Matt
SSID: Matt
SSID length: 4
Connection mode: Infra
Security: Yes
Connect even if network is not broadcasting: No
Result of diagnosis: There may be problem
Network Diagnostics LogFile Name: 2D0FE1F0-C2C2-43B5-A857-2D2B3C4B8A51.Diagnose.0.etl
Other Networking Configuration and LogsFile Name: NetworkConfiguration.cab Collection information Computer Name: LAPTOP Windows Version:6.3Architecture:x64Time:24 July 2014 04:34:47
Windows Network Diagnostics Detects problems with network connectivity. Package Version:1.0Publisher:Microsoft Windows

Run the HP Support Asssitant's Tune up application. There should be a new BIOS available. sp66866
Have you installed the latest Windows 8.1 updates?
Do not install optional video graphics updates.
I was runnning into a similar problem with my HP product loan Envy Spectre 13 TouchSmart Ultrabook until I did the updates. I had upgraded my wireless router to a model with 802.11AC specification.
Invoke the Device Manager and ensure that the box next to Allow this computer to turn off this device to save power is unchecked.
****Please click on Accept As Solution if a suggestion solves your problem. It helps others facing the same problem to find a solution easily****
2015 Microsoft MVP - Windows Experience Consumer

VRF , Management access only and default gateway

Hello
I am preparing (3) new devices to become my new WAN. The topology looks like,
                 ASR1002x - Has management int and dg for remote access.
                                     Also has DG to WAN ISP via BGP
                 3750x stack - Has management int and dg for remote access. (ip vrf management 0.0.0.0 0.0.0.0 (Management vlan hsrp ip))
                                       Also has DG to ASR hsrp - which causes the Management access to drop.
                 ASA5545x - Has management int and dg for remote access.
                                      Also has DG to ASR hsrp - which causes the Management access to drop.
I MUST KEEP THESE NEW DEVICES OFF THE PRODUCTION NETWORK TO AVOID ANY POSSIBLE ROUTING ISSUES.
I have implemented unique EIGRP instances between the new devices.
These new devices have a management interface so I can access them remotely. I configured the default gateway pointing to the HSRP of the management Vlan and I have remote access.
Obviously I cannot have (2) default gateways out different interfaces, without assigning one with higher admin.
What should my management default gateway look like so I can have remote access to the device and still have the WAN/LAN routing work as needed??

found another thread with some suggestions, maybe it helps at the moment.
http://forums.lenovo.com/lnv/board/message?board.id=Special_Interest_Utilities&thread.id=6000

Host with same IP of default gateway. How to prevent?

Hi,
I had a problem this week in the network. A host was plugged in the network with the same IP address of the default gateway of that Vlan.
Is there someway to prevent it? I know with 802.11x I could know who is doing that, but it would not avoid the problem to occur.
Is there anyway to force the hosts to use DHCP or something?

Hey there. You want to look at DHCP snooping ;-) Make sure you have a DHCP server configured, and DHCP snooping enabled on your switch. If a device tries to use any static assigned IP addresses, the switch interface will block it (it must be DHCP assigned). For your router interface, make sure you trust the interface (as you will have a static IP address assigned).
Hope this helps, good luck
Dazzler

How get the RVS4000's DHCP server to assign another IP address other than its own as the default gateway to its DHCP clients?

Hi,
I have a RVS4000 router with DHCP enabled and in router mode.
The LAN is 192.168.2.x. The RVS4000 static IP address is 192.168.2.8
The router is not the RVS4000 and is at 192.168.2.1
The RVS4000 dhcp is assigning it's clients a default gateway of 192.168.2.8 instead of what I want 192.168.2.1.
How can I get the RVS4000's DHCP server to assign another IP address other than its own as the default gateway to its DHCP clients?
Thanks

Hi Gail, you cannot do this. The router, as the DHCP server will only assign a default gateway of what IP interface the DHCP server runs on. If you have the default IP, the gateway is 192.168.1.1. If you create a second vlan, by default it would be 192.168.2.1.
There are not configuration options for the built-in DHCP server. If you'd like to expand this functionality, you would need an external dhcp server.
-Tom
Please mark answered for helpful posts

Incorrect Default Gateway for Clients using a Concentrator

Hey all,
Hopfully an easy one - I'm trying to configure a VPN Concentrator for use with the old VPN Client for an IPSec CVPN.
The clients connect fine, but they are getting the incorrect default gateway during the address assignment.
My address pool is 192.168.0.128/25. The client correctly picks up the first address in the range, 192.168.0.129, but the default gateway for the VPN adapter is assigned as the next address in the range, 192.168.0.130.
I need the gateway address to be 192.168.0.254 (the SVI of the L3 switch connected to the Concentrator), but I can't for the life of me fine a configuration option anywhere in the pool assignment. I've set the tunnel default gateway to this 192.168.0.254, but this makes no difference.
Any ideas where I can find this config option?
Thanks!

Andrew
In the chart that you posted about the routing setup it refers to a DMZ network and DMZ gateway. Can you clarify what these are since I do not see them in the drawing that is in that post?
I agree with Herbert that it is cleaner to have the address pool on the concentrator use addresses that do not overlap with the concentrator subnet connecting to the layer 3 switch. And as long as the layer 3 switch has a route to that address pool, and the next hop in the route is the address of the concentrator interface then the separate pool addressing should work just fine.
I have re-read this thread and want to make sure that after some changes that you have made that the problem symptoms are still the same. You told us earlier that: "Now the client can ping the interfaces on its local LAN (concentrator interface 192.168.0.253, and the L3 switch, 192.168.0.253), but it cannot reach the rest of our internal LAN behind the layer 3 switch." Is this still an accurate statement of the problem?
As Herbert said earlier this could either be caused by the concentrator not have a correct route for the inside or it could be because the inside does not have a correct route to the client. In re-reading your description of the routing set up it looks like the concentrator has a default route configured but not the tunnel default route. May I suggest that you try configuring a tunnel default route (in addition to the normal default route) and see whether that makes any difference?
If that does not help the problem then I would suggest that you verify that the devices on the inside do have their default gateway set correctly and that the layer 3 switch does have a route for the VPN address pool with the concentrator interface address as the next hop.
HTH
Rick
[edit] I just focused on the question that you asked about the concentrator possibly needing a route for the address pool. The concentrator does not need any route statements for the address pool - it knows its own address pool, pretty much like having a connected interface subnet. The layer 3 switch is what needs a route for the address pool.

VPN Clients getting different default gateways

Hello,
We have a new Cisco ASA 5520 and are trying to setup the VPN with split tunneling. We mostly have clients running XP and the problem is that some of the clients connect (using Cisco Anyconnect 2.5) and the split tunneling works as expected --these clients keep their default gateway-- and then some clients connect and get a default gateway of 192.168.119.1 (our VPN addresses subnet) and of course these users cannot connect to the internet while connected to the VPN.
Here is our config:
ASA Version 9.1(1)
hostname xxxxxx
names
name 178.239.80.0 Deny178.239.80.0 description 178.239.80.0
name 74.82.64.0 Deny74.82.64.0 description 74.82.64.0
name 173.247.32.0 Deny173.247.32.0 description 173.247.32.0
name 193.109.81.0 Deny193.109.81.0 description 193.109.81.0
name 204.187.87.0 Deny204.187.87.0 description 204.187.87.0
name 206.51.26.0 Deny206.51.26.0 description 206.51.26.0
name 206.53.144.0 Deny206.53.144.0 description 206.53.144.0
name 67.223.64.0 Deny67.223.64.0 description 67.223.64.0
name 93.186.16.0 Deny93.186.16.0 description 93.186.16.0
name 216.9.240.0 Deny216.9.240.0 description 216.9.240.0
name 68.171.224.0 Deny68.171.224.0 description 68.171.224.0
ip local pool PAIUSERS 192.168.119.10-192.168.119.100 mask 255.255.255.0
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 63.86.112.194 255.255.255.192
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.129.5 255.255.255.192
interface GigabitEthernet0/2
nameif dmz
security-level 10
ip address 192.168.20.10 255.255.255.0
interface GigabitEthernet0/3
nameif vpn_dmz
security-level 25
ip address 192.168.30.10 255.255.255.0
interface Management0/0
management-only
shutdown
nameif management
security-level 100
ip address 192.168.102.4 255.255.255.0
object network obj-192.168.119.0
subnet 192.168.119.0 255.255.255.0
access-list outside_access_in extended permit ip host 192.168.119.11 host 192.168.35.23
access-list outside_access_in extended permit object-group TCPUDP any4 object-group DM_INLINE_NETWORK_3 object-group UDP_TCP_Domain inactive
access-list outside_access_in extended permit udp any4 object obj-192.168.30.11 eq isakmp
access-list outside_access_in extended permit ip any4 object obj-192.168.30.11
access-list outside_access_in extended permit udp any4 object obj-192.168.30.11 object-group UDP10000
access-list outside_access_in extended permit udp any4 object-group DM_INLINE_NETWORK_7 eq domain inactive
access-list outside_access_in extended permit tcp any4 object-group DM_INLINE_NETWORK_8 eq domain inactive
access-list outside_access_in extended permit tcp host 216.81.43.190 host 192.168.35.30 eq ssh inactive
access-list outside_access_in extended permit tcp host 216.81.43.190 object obj-192.168.35.30 object-group DM_INLINE_TCP_6 inactive
access-list outside_access_in extended permit tcp any4 object-group DM_INLINE_NETWORK_9 eq www inactive
access-list outside_access_in extended permit tcp any4 object obj-192.168.30.11 eq www
access-list outside_access_in extended permit esp any4 object obj-192.168.30.11
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.41 eq www
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.41 eq https
access-list outside_access_in extended permit tcp any4 host 192.168.35.34 eq https
access-list outside_access_in extended permit object-group TCPUDP any4 object obj-192.168.35.30 object-group Ports_UDpTCP
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.30 object-group DM_INLINE_TCP_7
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.30 eq ftp
access-list outside_access_in extended permit object-group TCPUDP any4 host 63.86.112.248
access-list outside_access_in extended permit udp any4 host 162.95.80.115 eq isakmp
access-list outside_access_in extended permit tcp any4 host 162.95.80.115 object-group Ports_115
access-list outside_access_in extended permit udp any4 host 162.95.80.115 object-group Ports_2746_259
access-list outside_access_in extended permit object-group TCPUDP any4 host 63.86.112.245 object-group Service_Group_245 inactive
access-list outside_access_in extended permit object-group TCPUDP any4 object obj-192.168.35.40 object-group UDP_TCP_Domain
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.40 object-group DM_INLINE_TCP_2
access-list outside_access_in extended permit tcp any4 object obj-192.168.129.11 object-group DM_INLINE_TCP_1
access-list outside_access_in extended permit object-group TCPUDP any4 object obj-192.168.129.11 object-group UDP_TCP_Domain
access-list outside_access_in extended permit tcp any4 object obj-192.168.129.11 object-group Network_Service_2703_6277
access-list outside_access_in extended permit udp any4 object obj-192.168.129.11 object-group UDP_443
access-list outside_access_in extended permit ip any4 host 192.168.101.75 inactive
access-list outside_access_in extended permit tcp any4 host 64.78.239.50 eq www
access-list outside_access_in extended permit tcp any4 host 64.78.239.54 object-group TCP_4445
access-list outside_access_in extended permit icmp any4 any4
access-list outside_access_in extended permit udp any4 object obj-192.168.35.40 object-group UDP_443
access-list outside_access_in extended permit tcp any4 host 63.86.112.204 object-group DM_INLINE_TCP_5
access-list outside_access_in extended permit tcp any4 host 63.86.112.204
access-list outside_access_in extended permit udp any4 host 63.86.112.204
access-list outside_access_in extended permit object-group TCPUDP any4 host 192.168.102.12 object-group Network_Server_1194
access-list outside_access_in extended permit tcp any4 host 192.168.102.12 eq www
access-list outside_access_in extended permit tcp any4 host 192.168.102.12 eq https
access-list outside_access_in extended permit object-group TCPUDP any4 object obj-192.168.35.41 object-group Network_Server_1194
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.12 eq www
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.12 object-group DM_INLINE_TCP_3
access-list outside_access_in extended permit tcp any4 host 63.86.112.193 object-group Network_Service_TCP_1194
access-list outside_access_in extended deny tcp object Deny206.51.26.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny193.109.81.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny204.187.87.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny206.53.144.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny216.9.240.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny67.223.64.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny93.186.16.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny68.171.224.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny74.82.64.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny178.239.80.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny173.247.32.0 object obj-192.168.35.40 eq https
access-list vpn_dmz_access_in extended permit ip host 192.168.35.23 192.168.119.0 255.255.255.0
access-list vpn_dmz_access_in extended permit gre host 192.168.30.11 any4
access-list vpn_dmz_access_in extended permit tcp any4 host 23.0.214.60 eq https
access-list vpn_dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_28 any4
access-list vpn_dmz_access_in extended permit tcp any4 object obj-192.168.35.105 object-group DM_INLINE_TCP_4
access-list vpn_dmz_access_in extended permit esp any4 object obj-192.168.35.105
access-list vpn_dmz_access_in extended permit tcp any4 object obj-192.168.35.105
access-list vpn_dmz_access_in extended permit icmp any4 object obj-192.168.35.105
access-list vpn_dmz_access_in extended permit tcp any4 host 192.168.129.11
access-list vpn_dmz_access_in remark RDP
access-list vpn_dmz_access_in extended permit tcp any object-group DM_INLINE_NETWORK_1 eq 3389
access-list vpn_dmz_access_in extended permit icmp any4 object obj-192.168.35.23
access-list inside_nat0_outbound extended permit ip any4 192.168.119.0 255.255.255.0
access-list ftp-timeout extended permit tcp host 216.81.43.190 host 63.86.112.248
access-list ftp-timeout extended permit tcp host 63.86.112.248 host 216.81.43.190
access-list ftp-timeout extended permit tcp host 192.168.35.30 host 216.81.43.190
access-list ftp-timeout extended permit tcp host 216.81.43.190 host 192.168.35.30
access-list Split_Tunnel_List remark northwoods
access-list Split_Tunnel_List standard permit host 192.168.35.23
access-list Split_Tunnel_List remark paits2
access-list Split_Tunnel_List standard permit host 192.168.35.198
access-list Split_Tunnel_List standard deny 192.168.102.0 255.255.255.0
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
access-list IS_Split_Tunnel standard permit 192.168.102.0 255.255.255.0
access-list IS_Split_Tunnel standard permit 192.168.82.0 255.255.255.0
access-list IS_Split_Tunnel standard permit 192.168.35.0 255.255.255.0
nat (inside,outside) source static object-192.168.35.0 object-192.168.35.0 destination static obj-192.168.119.0 obj-192.168.119.0 no-proxy-arp route-lookup
nat (inside,outside) source static obj-192.168.82.0 obj-192.168.82.0 destination static obj-192.168.119.0 obj-192.168.119.0 no-proxy-arp route-lookup
nat (inside,outside) source static obj-192.168.102.0 obj-192.168.102.0 destination static obj-192.168.119.0 obj-192.168.119.0 no-proxy-arp route-lookup
webvpn
enable outside
enable inside
enable dmz
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
anyconnect profiles pairemoteuser disk0:/pairemoteuser.xml
anyconnect enable
tunnel-group-list enable
group-policy PAIGroup internal
group-policy PAIGroup attributes
vpn-tunnel-protocol ssl-clientless
webvpn
url-list value PAI
group-policy PAIUSERS internal
group-policy PAIUSERS attributes
wins-server value 192.168.35.57
dns-server value 192.168.35.57
vpn-tunnel-protocol ikev2 ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_List
default-domain none
webvpn
anyconnect firewall-rule client-interface private value vpn_dmz_access_in
anyconnect profiles value pairemoteuser type user
group-policy PAIIS internal
group-policy PAIIS attributes
wins-server value 192.168.35.57
dns-server value 192.168.35.57
vpn-tunnel-protocol ikev2 ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value IS_Split_Tunnel
default-domain none
webvpn
anyconnect firewall-rule client-interface private value vpn_dmz_access_in
anyconnect profiles value pairemoteuser type user
group-policy DfltGrpPolicy attributes
banner value Welcome to PAI
wins-server value 192.168.35.57
dns-server value 192.168.35.57
address-pools value PAIUSERS
webvpn
anyconnect firewall-rule client-interface public none
anyconnect firewall-rule client-interface private value vpn_dmz_access_in
anyconnect ask enable default anyconnect timeout 5
group-policy Anyconnect internal
: end

Check is the users fall into DfltGrpPolicy because it has no split tunneling active.
Michael
Please rate all helpful posts

Setting Default Gateway on O

I have a LAG with two VLANs in it.
Setup
VLAN 1 (Untaged default) is connected to the '192.168.11.x', which connects to the "10.1.10.x", which connects to the internet.
VLAN 3 (Tagged) is connected directly to "10.1.10.x" which connects to the internet.
Situation;
When both VLAN3 and VLAN1 are up, default gateway is 192.168.11.1
When VLAN1 is down, default gateway is 10.1.10.1
*Desired configuration;*
How do I make the VLAN3 interface the default, or the directly attached network of 10.1.10.x the default, when it is enabled?
I have tried this, but must be missing something;
+kevin-cossaboons-mac-pro:~ kevincossaboon$ sudo route -nv add -net 0.0.0.0 10.1.10.1+
Password:
+u: inet 0.0.0.0; u: inet 10.1.10.1; RTM_ADD: Add Route: len 128, pid: 0, seq 1, errno 0, flags:<UP,GATEWAY,STATIC>+
+locks: inits:+
+sockaddrs: <DST,GATEWAY,NETMASK>+
+default 10.1.10.1 default+
+route: writing to routing socket: File exists+
+add net 0.0.0.0: gateway 10.1.10.1: File exists+
+kevin-cossaboons-mac-pro:~ kevincossaboon$ netstat -r+
+Routing tables+
Internet:
+Destination Gateway Flags Refs Use Netif Expire+
+default 192.168.11.1 UGSc 30 171 bond0+
+10.1.10/24 link#13 UCS 3 0 vlan0+
+10.1.10.1 0.13.f7.af.e7.e6 UHLW 0 93 vlan0 995+
+10.1.10.13 0.18.39.3b.42.95 UHLW 0 26 vlan0 178+

In your network preferences click the cog wheel and choose set service order. Then drag vlan3 to the top of the list.

Default Gateway on CSS 11154

Hello,
I just set up my CSS 11154 and I assigned the IP address to the Mgmt interface. I can ping it if I'm on the same subnet, but if I'm across a routed interface, I can not. I didn't see anywhere to put in a "default-gateway" parameter like on at regular switch. So, I just put in the
ip route 0.0.0.0 0.0.0.0 10.1.0.1
statement, thinking that would do the trick. It doesn't work. Any suggestions. Here's my config:
CSS11150# show run
!Generated on 01/01/1981 00:00:34
!Active version: ap0500033
configure
!*************************** GLOBAL ***************************
bridge spanning-tree disabled
ip route 0.0.0.0 0.0.0.0 10.1.0.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
interface e2
phy 100Mbits-FD
interface e3
phy 100Mbits-FD
interface e4
phy 100Mbits-FD
interface e5
phy 100Mbits-FD
interface e6
phy 100Mbits-FD
interface e7
phy 100Mbits-FD
interface e8
phy 100Mbits-FD
interface e9
phy 100Mbits-FD
interface e10
phy 100Mbits-FD
interface e11
phy 100Mbits-FD
interface e12
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 20.33.33.33 255.255.255.0
CSS11150#

Hi Gilles,
It doesn't appear as though the "ip management route" is a valid command. Here's my version and what I have as options when issuing the "ip" command:
CSS11150(config)# version
Version: ap0500033 (5.00 Build 33)
Flash (Locked): 5.00 Build 33
Flash (Operational): 5.00 Build 33
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
CSS11150(config)# ip ?
ecmp Set the equal-cost multipath selection algorithm
firewall Configure firewall load-balancing route
no-implicit-service Do not start an implicit service for the next hop of
static routes
opportunistic Set the IP opportunistic layer-3 forwarding mode
record-route Enable processing of frames with a record-route option
redundancy Enable box-to-box redundancy
route Configure a static route
source-route Enable processing of source-routed frames
subnet-broadcast Enable forwarding of subnet broadcast addressed frames
uncond-bridging Do not allow routing lookup to override bridging decision
CSS11150(config)# ip
Any suggestions?
Also, your comment regarding "you can't have the same route pointing to a management interface and to a regula interface." What does that mean. I'm treating these things as basically the same as a regular 29xx/35xx switch, but there are definitely differences.
Thanks,
Dave

Default gateways and zones

This may be related to a thread that is currently out there. However in the interest of not hijacking it, I created my own. Please pardon my ignorance on the zoning stuff since I am in the process of learning.
We are currently running into a default gw issue on a 480R that is configured as follows:
bge0 interface: connected to the public routable network and used by the global zone. The defaultrouter file contains the gateway for this address.
bge1:1 and bge1:2 interfaces: connected to zones 1 and 2 respectively. These reside on the same private subnet behind our firewall appliance. The gateway for these is NOT on the defaultrouter of the global zone.
On the routing table of the global zone, we have 2 default gw's (one for the global/public zone and 1 for the local zones).
The problem:
When a user tries to connect via the public interface (they are connecting from a point not on the same subnet as the public interface of the box), they are sometimes able to connect (i.e. SSH) and sometimes not. My system is on the same subnet as the box and does not have any problems connecting via the public interface.
Is this the result of having multiple gw's on the global zone routing table?
Suggestions?

you can have multiple gateway entries in deafultrouter file but the default gateway for global zone can be only one but you can specify different gateways for different zones..
using this default gateway, you should be able to connect via different network...!

Cascading RV180 as DHCP server but pointing to another default gateway router

Hi,
My network topology is as follows:
Internet <-> Residential Gateway (RG) from ISP (OEM: Pace) [192.168.1.254/255.255.255.0] <-> RV180 [192.168.1.253/255.255.255.0] <-> SG500 switch [192.168.1.250/255.255.255.0] <-> rest of network.
I know this is a cascading LAN-to-LAN arrangement. The cable from the RG to the RV180 is from a LAN port on the RG to a LAN (not WAN) port on the RV180.
I eventually want to segment my network into a few VLANs from the RV180 down. I am aware most people would recommend DHCP on the "primary" router, but the RG is non-VLAN aware, so I figure I need to handle the DHCP off the RV180. At the same time, I have also opted not to do a LAN-to-WAN cascade because I want to retain the ability to configure the RG from the rest of the network and not have to cart a computer over to the RG to do it.
On the RG, I've disabled DHCP, and placed 192.168.1.253 in the DMZ.
On the RV180, I've enabled DHCP and put it in Router mode.
The issue is that I do not have any Internet connectivity. If I allow the computers in the network to receive IP addresses over DHCP, the default gateway that is communicated is 192.168.1.253, which is the RV180. If I configure static IPv4 information on my computers to point to 192.168.1.254, I am able to connect outside, as you would expect.
How can I get the RV180 to pass out DHCP IP addresses, but point to 192.168.1.254 as the default gateway? I thought the solution might be to create a default route (or something). I went to the static routes tab but it wouldn't let me enter 0.0.0.0 as a destination IP to route through 192.168.1.254.
Further down the line, is it possible for both the RG and the RV180 to connect directly to the SG500, along with the other nodes in my network? That way the RV180 only serves to maintain the VLANs and pass out IP addresses via DHCP, instead of having it be the choke through which everything goes through on the way out?
Sorry if there is a really obvious solution to this. It's really been floundering about in the dark so would appreciate any advice

Hi Jason, I have considered your post here for quite some time. I came to one conclusion based off your text. The entire purpose of the RV180 is a DHCP server for multiple subnet / vlan.
Here's the thing, you have a SG500 switch. Based off reading your text, this will do everything the RV180 can except the DHCP service. The limitation you are going to run in to is still going to be your gateway unit, the RG.
In the end, even with such a configuration using the RV!80 or the SG500 (layer 3), the RG will have to be configured with static routes since the RG has no concept of those other LAN segments.
Here is a post I wrote about a SG300 connecting to a RV0XX router (which doesn't understand the VLANs)
https://supportforums.cisco.com/message/3739083#3739083
Using the concept of this topic, you may be able to add aditional static routes on the RV180 sending each subnet to the common IP interface of the RG.
It would be very interesting to see if we could make that work.
-Tom
Please rate helpful posts

Duplicate IP on a default gateway interface = Bad

Similar Messages

Maybe you are looking for