12-17-2022 01:27 AM
hello guys im still new and right now working on redundancy project in eve-ng.
the problem is that my vlan client can only ping vlan host in switch and cant ping anywhere else but the vlan host can ping another ip even google. i tried trace route it but stop at vlan host gateway
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
ip dhcp pool 55
network 192.168.55.0 255.255.255.0
default-router 192.168.55.1
!
ip dhcp pool 44
network 192.168.44.0 255.255.255.0
default-router 192.168.44.1
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
track 1 ip sla 1 reachability
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
no switchport
ip address 100.100.100.10 255.255.255.0
duplex auto
!
interface Ethernet0/1
!
interface Ethernet0/2
no switchport
ip address 200.200.200.9 255.255.255.0
duplex auto
!
interface Ethernet0/3
no switchport
ip address 192.168.55.1 255.255.255.0
duplex auto
!
interface Ethernet1/0
switchport access vlan 44
switchport mode access
!
interface Ethernet1/1
switchport access vlan 44
switchport mode access
!
interface Ethernet1/2
switchport access vlan 44
switchport mode access
!
interface Ethernet1/3
switchport access vlan 44
switchport mode access
!
interface Vlan44
ip address 192.168.44.1 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 100.100.100.1 track 1
ip route 0.0.0.0 0.0.0.0 200.200.200.1 5
!
!
ip sla 1
icmp-echo 100.100.100.1 source-ip 100.100.100.10
ip sla schedule 1 life forever start-time now
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
12-17-2022 08:50 AM
There are things that we do not know about your environment and that impacts our ability to give good advice. What kind of switch is this supposed to be? It appears to be a switch with ip routing enabled, but does not appear to contain the ip routing command which is needed on most switches. Perhaps the output of show ip protocol might provide clarification on this?
You speak of a vlan client and a vlan host. What devices are these? Could you post the output of ipconfig (or similar command depending on platform) from these devices?
Also the output of show ip route and of show arp might provide helpful information.
12-18-2022 06:32 PM
sorry for the late reply
here's the show ip protocol
Routing Protocol is "application"
Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Maximum path: 32
Routing for Networks:
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 4)
the client device that im using is virtual pc and here the ip information
VPCS> show ip
NAME : VPCS[1]
IP/MASK : 192.168.44.2/24
GATEWAY : 192.168.44.1
DNS :
DHCP SERVER : 192.168.44.1
DHCP LEASE : 86360, 86400/43200/75600
MAC : 00:50:79:66:68:0f
LPORT : 20000
RHOST:PORT : 127.0.0.1:30000
MTU : 1500
the show ip route
Gateway of last resort is 100.100.100.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 100.100.100.1
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 100.100.100.0/24 is directly connected, Ethernet0/0
L 100.100.100.10/32 is directly connected, Ethernet0/0
192.168.44.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.44.0/24 is directly connected, Vlan44
L 192.168.44.1/32 is directly connected, Vlan44
192.168.55.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.55.0/24 is directly connected, Ethernet0/3
L 192.168.55.1/32 is directly connected, Ethernet0/3
200.200.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 200.200.200.0/24 is directly connected, Ethernet0/2
L 200.200.200.9/32 is directly connected, Ethernet0/2
i use ip sla protocol for default route to the internet between 100.100.100.1 and 200.200.200.1
and here the show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 100.100.100.1 4 0000.0c07.ac0a ARPA Ethernet0/0
Internet 100.100.100.10 - aabb.cc00.4000 ARPA Ethernet0/0
Internet 192.168.44.1 - aabb.cc80.4000 ARPA Vlan44
Internet 192.168.44.2 4 0050.7966.680f ARPA Vlan44
Internet 192.168.55.1 - aabb.cc00.4030 ARPA Ethernet0/3
Internet 200.200.200.1 5 0000.0c07.ac14 ARPA Ethernet0/2
Internet 200.200.200.9 - aabb.cc00.4020 ARPA Ethernet0/2
12-18-2022 11:17 PM
Thanks for the information. What kind of device is this? Perhaps the output of show version might be helpful?
The output of show ip protocol is ambiguous, the output of show ip route seems to indicate that ip routing is enabled, but if this is a switch I am surprised that we do not see ip routing command in the config. Perhaps try entering the command ip routing in the config and see if it makes any difference.
The output of show ip on the client seems normal, an appropriate address and mask, correct gateway. The output of show arp confirms that the switch interfaces are active, and that the switch sees the connected devices. These outputs suggest that the client should have connectivity, but apparently it does not. So let me confirm my understanding of the problem. Am I correct in understanding that the client is successful in ping to 192.168.44.1 but not successful in ping to 192.168.55.1?
12-19-2022 01:18 AM
here the show version
Switch#sh version
Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVIPSERVICESK9-M), Version 15.2(CML_NIGHTLY_20151103)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, synced to FLO_DSGS7_POSTCOLLAPSE_TEAM_TRACK_DSGS_PI5
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 04-Nov-15 02:31 by mmen
ROM: Bootstrap program is Linux
Switch uptime is 23 minutes
System returned to ROM by reload at 0
System image file is "unix:/opt/unetlab/addons/iol/bin/i86bi_linux_l2-advipservicesk9-ms.no"
Last reload reason: Unknown reason
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Linux Unix (Intel-x86) processor with 944586K bytes of memory.
Processor board ID 67108928
8 Ethernet interfaces
1 Virtual Ethernet interface
1024K bytes of NVRAM.
Configuration register is 0x0
oh im sorry, actualy it can ping another ip within the switch but cant ping out from switch
oh btw ip 100.100.100.10 with 200.200.200.9 is an hsrp ip
12-19-2022 08:14 AM
I am not clear what the vlan client can ping and what it can not ping. So would you tell whether the vlan client can ping these addresses:
192.168.44.1
192.168.55.1
100.100.100.10
100.100.100.1
200.200.200.9
200.200.200.1
8.8.8.8
12-19-2022 06:45 PM
192.168.44.1 sucess
192.168.55.1 sucess
100.100.100.10 sucess
100.100.100.1 RTO
200.200.200.9 sucess
200.200.200.1 RTO
8.8.8.8 RTO
only can ping ip in switch
12-19-2022 07:44 PM
Thank you for the additional information. I believe that this gets us much closer to understanding the problem, and then to be able to suggest a solution. Since this is in CML am I correct to assume that you have access to the devices at 100.100.100.1 and 200.200.200.1? If so would you test whether those devices are able to ping to 192.168.44.1? And to ping to the client at 192.168.44.2?
My guess is that those devices (representing ISP I assume) are not able to ping the 192.168.44.0 network and in fact do not have any knowledge of that network. This is a common problem when Outside/Public address devices (ISP etc) connect to Inside/private devices. There are 2 solutions to facilitate communication from the ISP devices to the client device. 1) you could configure static routes on the ISP devices for the 192.168.44.0 (and probably the 192.168.55.0) networks. This would solve the problem of getting the client to the ISP. But it does not solve the problem of how 192.168.44.0 gets to Google. 2) you could configure Network Address Translation to translate the inside networks to Public IP addresses which can traverse the Internet. I am not clear whether your emulated switch supports NAT. If so that would be a good place to do the translation. Very few hardware switches support NAT. So likely the solution would be to configure NAT on the ISP devices. I do not know what your ISP devices are emulating but I assume that they should support NAT.
12-20-2022 12:35 AM
Hello,
I have been reading through this post.
--> but the vlan host can ping another ip even google
What source IP address are you using when you successfully ping Google ?
I am not sure which L2 switch image EVE-NG is using, it looks like it is using the same one as GNS3. If that is the case, 'ip routing' is enabled by default, that is why the actual 'ip routing' is not visible in the running configuration. The L2 image does not support NAT. So in theory, you should not be able to reach Google from the switch. I agree with @Richard Burts that it would be helpful to see the entire topology.
12-20-2022 01:31 AM
@Georg Pauwen Very interesting observation about the probable status of ip routing. +5 for the clarification that it is probably enabled by default. The behavior certainly is consistent with this.
As far as "So in theory, you should not be able to reach Google from the switch." I suggest that the default behavior is that ping from the switch will use as source address the address of the outbound interface. Since the switch has 2 interfaces with Public IP addresses the ping from the switch would have used a Public IP as the source address and be able to reach Google but the client would not.
12-20-2022 02:45 AM
try add ip defualt-gateway to SW
also make check that the SW run as L3SW with ip routing
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide