Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3149
Views
0
Helpful
19
Replies

Can't Ping/Remote to my Access Layer Switches

Terence Lockette
Level 1
Level 1

‎04-16-2013 07:02 AM - edited ‎03-04-2019 07:36 PM

Hello all,

I have a weird issue.  We had an issue last night that wrecked havoc on our network that mainly affected our workstations.  Apparently, an MBAM definition file quarantined a certain DLL file that caused our PCs to crash.  I don't see how this would affect our switches or any infrastructure devices but now I can't ping or remotely access our access layer switches from my my laptop.  I'm connected through an SSL VPN connection.  I get a DHCP address from the secure gateway on subnet 192.168.65.0/26.  Routes are in place to the core of my network (10.1.0.0/16).  Both core and access layer switches are all part of the 10.1.0.0/16 network.  I can access the core switches while VPN'd in but not the access layer switches nor can I ping them.  Any ideas?

Terence

Labels:
0 Helpful
19 Replies 19

mfurnival
Level 4
Level 4
In response to Terence Lockette

‎04-19-2013 07:29 AM

My guess here would be that your access switches don't know how to get back to your subnet (the one you are one when you are using SSLVPN) and the core switch does. I am assuming that you can telnet to your core switch and then hop over to an access switch. If so do that and then try and traceroute to your remote laptop IP address and see where it get to. It might just be that you need to add a static route to your access switches or "ip default-gateway" depending on what they are.

0 Helpful

Terence Lockette
Level 1
Level 1
In response to mfurnival

‎04-19-2013 07:43 AM

Mfurnival,

Thanks for your response.  All my access layer switches use the same ip default-gateway which is the HSRP IP address of our three core switches.  You're right in that I can jump to the access layer switches from the core.  When I do and attempt a traceroute back to my laptop connected to the SSL VPN, it immediately times out as if it doesn't know where to send the packet.  These 4500s aren't responsible for any routing as our collapsed core layer does all the routing between VLANs so they just send data to its gateway.  Our 2960s can be reached just fine via the SSL VPN but not the 4500s.  Not sure why at this point.

0 Helpful

mfurnival
Level 4
Level 4
In response to Terence Lockette

‎04-19-2013 07:53 AM

Well that is significant that your access switches do not know where to send the return traffic. Are they able to resolve the MAC address of the HSRP gateway? Are they able to ping anything off their own subnet (i.e. destinations other than 10.1.0.0/16).

0 Helpful

Terence Lockette
Level 1
Level 1
In response to mfurnival

‎04-19-2013 07:57 AM

It does resolve the HSRP IP address which is the root port of this switch.  However, I cannot ping another IP on a subnet other than its own.  Interesting...

0 Helpful

mfurnival
Level 4
Level 4
In response to Terence Lockette

‎04-19-2013 08:03 AM

It might be helpful to see some configs of the core and access switches. If it was me I would break out wireshark and do a monitor session on the port between the switches.

0 Helpful
Customers Also Viewed These Support Documents