A confirmed issue exists where Cisco IOU/IOL L3 routers cannot reach the internet through the GNS3 NAT or cloud node unless CEF is enabled.
I noticed this issue after setting up GNS3 and trying to connect a cisco IOU-XE L3 node to the GNS3 NAT node for internet access, but encountered unexpected trouble. There is also a GitHub issue opened in the GNS3 repo.
The report states:
- IOU L3 images (including 17.16) fail to ping external addresses (e.g., 8.8.8.8) when connected to the NAT node.
- The failure occurs only when CEF is disabled.
- Enabling CEF (
ip cef) immediately restores full connectivity.
What is CEF?
Cisco Express Forwarding (CEF) is the primary, modern, high‑performance Layer 3 forwarding architecture used by Cisco routers and switches.
Think of it as:
The router’s optimized forwarding engine.
It precomputes:
– The FIB (Forwarding information Base)
– The Adjacency Table (L2 rewrite info)
Then uses those two tables to forward packets at high speed with minimal CPU involvement.
Understand Express Forwarding – Cisco
Why Forwarding fails without CEF
When CEF is disabled, IOU falls back to an older, software‑based forwarding path. In real IOS, this fallback path is complete and functional.
In IOU/IOL, it’s… not.
Here’s what IOU still does correctly:
- It receives a DHCP address
- It installs a default route
- It ARPs for the NAT gateway
- It populates the ARP table
- It knows the next hop’s MAC address
So logically, it should be able to forward.
But here’s the bug:
❌ IOU fails to create a valid adjacency entry in the FIB when CEF is off
This means the router has:
- A route
- A next hop
- A MAC address
- A live interface
…but no forwarding entry that ties them together.
So when a packet arrives that needs to be forwarded:
- IOU looks up the route
- IOU finds the next hop
- IOU tries to forward
- IOU has no adjacency entry
- IOU silently drops the packet
Leave a Reply