traceroute to IOS-Switch - no answer !

schimekh · ‎04-22-2004

Hi !

We tried to start a traceroute from our Mgmt-Station (HP Openview) to one of our Switches (CAT 3512).

I see those UDP requests on the switch:

y18w: UDP: rcvd src=172.23.112.36(36902), dst=172.16.4.116(33463), length=20

1y18w: UDP: rcvd src=172.23.112.36(36902), dst=172.16.4.116(33464), length=20

1y18w: UDP: rcvd src=172.23.112.36(36902), dst=172.16.4.116(33465), length=20

1y18w: UDP: rcvd src=172.23.112.36(36902), dst=172.16.4.116(33466), length=20

BUT I can`t see any reply ?????

PING and any other request (f.e.: telnet) is successful.

Do you know why ??

THX

Hans

milan.kulik · ‎04-23-2004

Hi,

is there any router or firewall between your Mgmt-Station and switch?

I'd try to capture the traceroute packet and see which UDP port is using - it might be denied on the router on the way back.

Different traceroute implementations are using different protocols and ports (ICMP, UDP).

Regards,

Milan

schimekh · ‎04-23-2004

Hi !

I did a "tcpdump" on the Firewall-Interface and saw those outgoing packets to the switch - BUT the switch does NOT send back any reply.

IP UNREACHABLES is enabled on the VLAN-Interface.

I do NOT know why the switch doesn`t react.

milan.kulik · ‎04-23-2004

Hi,

I used man traceroute on my HPOV machine and this is from the output:

"-p port

Set the base UDP port number used in probes.The

default is 33434. traceroute hopes that nothing

is listening on UDP ports (base+(nhops-

1)*nqueries) to (base+(nhops*nqueries)-1)at the

destination host, so that an ICMP (ICMP6)

PORT_UNREACHABLE

message will be returned to terminate the route

tracing. If something is listening on a port in

the default range, this option can be used to

select an unused port range. nhops is defined as

the number of hops between the source and the

destination."

So the switch should NOT reply with UDP packet but with ICMP PORT_UNREACHABLE.

Check if it's permited on your firewall.

Regards,

Milan