Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4381
Views
7
Helpful
7
Replies

Able to ping Servers from Router but not able to trace to Servers IP from router

Go to solution
DEBADURLAV SARANGI
Level 1
Level 1

‎11-11-2016 03:40 AM - edited ‎03-05-2019 07:27 AM

Hi Team,

Need a small help from you.

We are able to ping server IP from Router but not able trace the Server IPs from router.

whenever we are tracing to Server IPs getting drops of that server default gateway.

Is that any configuration issue ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to DEBADURLAV SARANGI

‎11-14-2016 03:21 AM

Hello,

on a side note, check if 'no ip unreachables' is configured on the transit interfaces and if it is, enable ip unreachables.

View solution in original post

7 Replies 7

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎11-11-2016 04:02 AM

Hi

whats the last hop the trace is stopping at what type of device ?

Most likely not a miss config issue rather traceroute being blocked and ping being allowed  , sometimes it blocked by ISPs using MPLS or other services and sometimes its blocked in firewalls or access-list in routers/switches

0 Helpful

Go to solution
DEBADURLAV SARANGI
Level 1
Level 1
In response to Mark Malone

‎11-11-2016 03:51 PM

Hi mark,

Thanks for your reply.

Last Hop - Distribution Switch.

Trace is dropping from DB switch. Server is connected  in a access switch which is connected to same DB Switch.

For Your reference-  i.We are able to reach destination network DB switch.There is no such kind of access-list in DB switch which can block the ICMP traffic.

My quires are..

1.We are able to trace same server from CMD prompt but while tracing from router/Switches it is reaching to default gateway device (DB Switch)of that server then we are getting RTO. 

PFA of sample diagram

Regards

Deb 

Preview file
31 KB
0 Helpful

Go to solution
lohit prasad
Level 1
Level 1
In response to DEBADURLAV SARANGI

‎11-12-2016 09:05 AM

Can you verify if PBR is configured. might be policy configured for Traceroute.

0 Helpful

Go to solution
DEBADURLAV SARANGI
Level 1
Level 1
In response to lohit prasad

‎11-13-2016 11:15 PM

Hi Lohit,

PBR neither configured on Destination end nor Source end.

If i will do the trace route from CMD it is happening . but not from router/ switch.

Regards

Deb

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to DEBADURLAV SARANGI

‎11-14-2016 03:21 AM

Hello,

on a side note, check if 'no ip unreachables' is configured on the transit interfaces and if it is, enable ip unreachables.

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎11-14-2016 06:31 AM

Deb

It is interesting and probably useful to know that traceroute does work from CMD but not from router/switch. The most likely explanation of this is that traceroute uses a different mechanism with CMD than with router/switch. tracert from CMD uses ping packets and manipulates the TTL to accomplish the traceroute. But router/switch for traceroute will use UDP packets and manipulate the TTL. This certainly suggests that something is treating ping differently from UDP. Can you post the switch config and perhaps we can find the explanation.

It occurs to me that we should check on where you are executing CMD and having success with traceroute. If CMD is executing on a device connected to the switch then there is the possibility that something on the router is impacting traceroute. So perhaps we need to see the config from the router as well as from the switch.

It also occurs to me that there is the possibility that the server is running some security software that will respond to ping probes from tracert but does not respond to UDP probes from router/switch traceroute. Can you tell us if there is any security software running on the servers?

HTH

Rick

HTH

Rick

Go to solution
DEBADURLAV SARANGI
Level 1
Level 1
In response to Richard Burts

‎11-18-2016 02:17 AM

Hi Richard,

I am really appreciated with you and showing interested to troubleshooting  issues.After removed the "no ip unreachable" command for L3 interface  from Switch.it is working fine in my lab.

Thank you gpauwen and others. you resolved my issue.

Regards

Deb

0 Helpful
Customers Also Viewed These Support Documents