Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
1
Replies

ping requests dropped/filtered inside 4507 switch?

wwlowe4180
Level 1
Level 1

‎02-22-2005 05:22 PM - edited ‎03-02-2019 09:49 PM

Hi All,

new to these forums/cisco/switches...

trying to understand what is happening

A PC#1(os/400) connected to a switch(4507R) that is connected to router(3725) which talks over WAN to another router, switch, then finally a PC#2, or PC#3.

ping from PC#1 to PC#2/PC#3 have 70-80% packet loss...

changing PC#1's default gateway IP address from the switch's IP address to the IP address of the router - fixes the problem...no more packet loss...

before we changed the default gateway - we tried sniffing...

found cisco docs on SPAN, used linux box + ethereal to capture traffic. when spanning just at PC#1's switch port connection, we see all the ICMP requests, but not all ICMP replies...

Next span was on multiple ports:

- 2 interfaces on switch that connect to router

- as well as the PC#1 interface to switch

Really interesting:

- see ICMP req from PC#1 to switch. (seq=0)(TTL=255)

- see ICMP Redirect from switch to PC#1 saying use gateway IP of Router instead...

- see ICMP req from switch to router (seq=0)(TTL=254)

- see ICMP reply from router to PC#1(TTL=55)

- see another ICMP reply from router to PC#1(TTL=55)

(successful ping)

- see next ICMP req from PC#1 to switch (seq=1)(TTL=255)

- don't see ICMP req from switch to router...

- see next ICMP req from PC#1 to switch (seq=2)(TTL=255)

- don't see ICMP req from switch to router...

(repeat for total of 4 packets)

- so those ICMP requests were being filtered/dropped?? or going somewhere else??

- see next ICMP req from PC#1 to switch (seq=5)(TTL=255)

- see ICMP req from switch to router (seq=5)(TTL=254)

- see ICMP reply from router to PC#1

- see same ICMP reply from router to PC#1

- whole thing repeats (dropped packets, a success)

question is why does changing the default gateway of the PC seem to fix the dropped pings?

The PC default gw used to be 172.23.0.1 - which i think is the vlan's SVI that the port is attached to. It's changed to 172.23.0.2 - which is the cisco 3725's FE1/0...and things work fine.

New SPAN shows:

- ICMP req from PC#1 to router (seq=0)

- same ICMP req from PC#1 to router (seq=0)

- ICMP reply from router to PC#1

- same ICMP reply from router to PC#1

any ideas on why its working? and why the other ICMP requsts didn't make it to the router ports?

from reading cisco press books, switches do bridge 'filtering' (drop packets) if detects source/dest are on same interface...?

does the ICMP Redirect mean the switch says "I told u to use 172.23.0.2 - so I'm ignoring your next XX packets..."? see several of the same ICMP Redirects, but not one for every successful ICMP

reply...

any help very much appreciated...

Labels:
0 Helpful
1 Reply 1

wwlowe4180
Level 1
Level 1

‎02-22-2005 05:28 PM

wanted to add that New SPAN/ethereal trace shows:

- ICMP req from PC#1 to router(seq=0)TTL=255

- same ICMP req from PC#1 to router(seq=0)TTL=255

- ICMP reply from router to PC#1 (TTL=55)

- same ICMP reply from router to PC#1 (TTL=55)

so ethereal showing a capture of 4 packets...TTL doesn't decrease in IP header...??

Thanks

0 Helpful
Customers Also Viewed These Support Documents