Network Address Assigned as Host IP — Traffic Dropped
Presenting Symptom
Hosts in VLAN 10 cannot communicate with hosts in VLAN 20, and pings from the router to the VLAN 10 gateway IP fail intermittently.
Network Context
A small branch office network with a single Cisco 4321 router (IOS XE 16.9) connected to a Cisco 2960 switch via a trunk link. The router uses subinterfaces for inter-VLAN routing: Gi0/0/0.10 (VLAN 10, 192.168.10.1/24) and Gi0/0/0.20 (VLAN 20, 192.168.20.1/24). The switch has VLANs 10 and 20 configured, with access ports for PCs. The problem is that the router's subinterface for VLAN 10 was accidentally configured with the network address 192.168.10.0/24 instead of a valid host IP.
Diagnostic Steps
Check interface status and IP configuration
show ip interface briefInterface IP-Address OK? Method Status Protocol GigabitEthernet0/0/0 unassigned YES unset up up GigabitEthernet0/0/0.10 192.168.10.0 YES manual up up GigabitEthernet0/0/0.20 192.168.20.1 YES manual up up
Notice that subinterface Gi0/0/0.10 has IP address 192.168.10.0, which is the network address, not a valid host IP. This is the root cause.
Verify routing table
show ip routeCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, GigabitEthernet0/0/0.10
L 192.168.10.0/32 is directly connected, GigabitEthernet0/0/0.10
C 192.168.20.0/24 is directly connected, GigabitEthernet0/0/0.20
L 192.168.20.1/32 is directly connected, GigabitEthernet0/0/0.20The routing table shows a connected route for 192.168.10.0/24, but the local route is 192.168.10.0/32, which is the network address itself. This means the router cannot use 192.168.10.0 as a source IP for traffic, and packets destined to 192.168.10.0 are treated as local (to the router itself) rather than forwarded.
Test connectivity from router
ping 192.168.10.1Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
Pinging the intended gateway IP (192.168.10.1) fails because the router's own IP is 192.168.10.0, not 192.168.10.1. This confirms the misconfiguration.
Check ARP table for VLAN 10
show arpProtocol Address Age (min) Hardware Addr Type Interface Internet 192.168.10.0 - aabb.cc00.0100 ARPA GigabitEthernet0/0/0.10 Internet 192.168.20.1 - aabb.cc00.0100 ARPA GigabitEthernet0/0/0.20
The ARP table shows the router's own MAC for 192.168.10.0. There is no entry for 192.168.10.1, so hosts cannot resolve the gateway IP. This explains why hosts cannot communicate across VLANs.
Root Cause
The subinterface Gi0/0/0.10 was configured with IP address 192.168.10.0 255.255.255.0, which is the network address of the 192.168.10.0/24 subnet. This is an invalid host IP because the network address (all zeros in the host portion) is reserved and cannot be assigned to an interface. As a result, the router cannot use this IP as a source or destination for traffic, and hosts in VLAN 10 cannot reach their gateway.
Resolution
Verification
Run the following commands to confirm the fix: 1. `show ip interface brief` — Verify Gi0/0/0.10 now shows 192.168.10.1. 2. `show ip route` — Confirm the local route is now 192.168.10.1/32. 3. `ping 192.168.10.1` — Should succeed from the router. 4. `show arp` — Should show an entry for 192.168.10.1 with the router's MAC. Expected output for `show ip interface brief`: ``` Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0/0.10 192.168.10.1 YES manual up up ```
Prevention
["Always use the subnet calculator or follow the IP addressing plan to ensure that assigned IPs are valid host addresses (not network or broadcast addresses).","Implement IP address management (IPAM) to track and assign addresses systematically.","Use configuration templates or scripts that validate IP addresses against subnet boundaries before applying."]
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario tests understanding of IPv4 addressing fundamentals, specifically that network and broadcast addresses cannot be assigned to hosts or router interfaces. The exam may present a troubleshooting scenario where a host cannot ping its gateway, and the candidate must identify the misconfigured IP address. Questions can be multiple-choice or drag-and-drop, requiring the candidate to select the correct IP address to assign or identify the invalid configuration.
Exam Tips
Memorize that in a /24 subnet, the first address (x.x.x.0) is the network address and the last (x.x.x.255) is the broadcast address; neither can be used as a host IP.
When troubleshooting connectivity issues, always check the interface IP configuration first with `show ip interface brief` or `show running-config interface`.
Remember that the router's local route (L) in the routing table should be the specific host IP, not the network address.
Commands Used in This Scenario
ping [ip]
The ping command sends ICMP echo requests to a destination IP address to test network connectivity and measure round-trip time.
show ip interface brief
Displays a summary of all IP interfaces on the device, including their IP address, status, and protocol state, used for quick verification of interface configuration and connectivity.
show ip route
Displays the current IP routing table on a Cisco router, used to verify routes, check next-hop addresses, and troubleshoot connectivity issues.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions