cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
367
Views
0
Helpful
3
Replies
maxnpj
Beginner

2 devices respond to one network but not another...

Strange problem...at least I think it is. Here is the setup:

Three facilities:

One in the U.S.(A)  and two in Brazil. (B & C)

The fingerprint devices are a new install.

Two (new) fingerprint reading devices in facility C

(New) Fingerprint backend server in facility B

I'm in facility A

MPLS between A, B, & C

P2P between B & C

Now, suffice to say that everything has been working normally for as long as I know between these three facilities.

The problem is that the two fingerprint devices in facility C will not respond to a PING from the backend server in facility B. The backend server will take the P2P link to get to the fingerprint devices.

--> They *will* respond to a PING from my machine, which is in facility A. (Which would take the MPLS link to get to facility C)

--> If I PING from the MPLS router in B it takes the MPLS route into C and the devices respond.

--> Across the P2P I can PING devices all around these two devices. One fingerprint device is @ .78...I can hit .77 & .79 (Which are not similar devices)

--> The P2P routers have no ACL's at all.

-->The fingerprint device IP configs (as well as the backend server) have been checked and verified.

I've enabled icmp, and ARP debugs on the two P2P routers and I from the P2P router in B I can see responses when I PING a known good device in C, but when I try to PING the fingerprint device I see nothing in the debug.

I know this is not a simple setup but I really believe I'm overlooking something simple. Any suggestions as to where I might look would be helpful.

Thanks

--Brian

3 REPLIES 3
letsgomets
Beginner

You may be running into a proxy arp situation.

There may be something on that network sending out proxy arp requests thus causing your finger print devices to respond to the wrong mac-address.

If you can get a sniffer capture from the finger print devices, (span port on the switch) and then ping from your computer and then from the server. See if the mac address for the gateway IP changes in the decode between the two ping captures. If so then you have a proxy arp issue. Identify the bad mac address and ensure that device is configured not to perform proxy arp.

Of course this is just a suggestion but I have run into so many problems like this and it is almost always a proxy arp issue.

letgomets;

Thanks for the suggestion. I hadn't thought of that. I will look into that.

I checked and on both routers, each interface has "no proxy-arp' config'd.