cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3800
Views
20
Helpful
22
Replies

cant ping device which is directly connected

davejumby
Level 1
Level 1

Hi 

 

I have a 3850 switch and to it is connected my pc with the ip 172.24.0.253. My gateway which is an svi on the switch is 172.24.0.254. The switch has a layer 3 port whose IP is 172.30.0.2. I can ping my PC from the switch but when I introduce the source parameter to the ping command and have the layer 3 port (172.30.0.2) as the source I am not able to ping. This exact setup is working in all my other switches. Any idea on what I'm missing here. its really frustrating me.

 

 

Below is my routing table

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

172.24.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.24.0.0/24 is directly connected, Vlan100
L 172.24.0.254/32 is directly connected, Vlan100
C 172.24.253.254/32 is directly connected, Loopback0
172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.30.0.0/30 is directly connected, GigabitEthernet1/1/2
L 172.30.0.2/32 is directly connected, GigabitEthernet1/1/2

22 Replies 22

Hello,

 

post the full running confgiuration of your switch.

Switch#sh run
Building configuration...

Current configuration : 7668 bytes
!

!
version 16.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Switch
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
switch 1 provision ws-c3850-24t
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
vtp mode transparent
!

!
crypto pki trustpoint TP-self-signed-3599884711
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3599884711
revocation-check none
rsakeypair TP-self-signed-3599884711
!
!
crypto pki certificate chain TP-self-signed-3599884711
!
license boot level ipbasek9
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
redundancy
mode sso
!
!
vlan 10

!
vlan 100


!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-sys-data
police rate 100 pps
class system-cpp-police-sw-forward
police rate 1000 pps
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps
class system-cpp-police-punt-webauth
class system-cpp-police-l2-control
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
class system-cpp-police-topology-control
class system-cpp-police-dot1x-auth
class system-cpp-police-protocol-snooping
class system-cpp-police-forus
class system-cpp-default
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.24.253.254 255.255.255.255
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
no switchport
ip address 172.30.0.2 255.255.255.252
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
ip address 172.24.0.254 255.255.255.0
!

ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
line vty 5 15
login
!
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end

hey check above for full config

Hello,

 

the config looks by the book. What SDM template are you using (sh sdm prefer) ?

here it is , I'm really frustrated coz it seems to be such a simple thing

 

Switch#sh sdm prefer
Showing SDM Template Info

This is the Advanced (high scale) template.
Number of VLANs: 4094
Unicast MAC addresses: 32768
Overflow Unicast MAC addresses: 512
IGMP and Multicast groups: 4096
Overflow IGMP and Multicast groups: 512
Directly connected routes: 16384
Indirect routes: 7168
Security Access Control Entries: 3072
QoS Access Control Entries: 2560
Policy Based Routing ACEs: 1024
Netflow ACEs: 768
Wireless Input Microflow policer ACEs: 256
Wireless Output Microflow policer ACEs: 256
Flow SPAN ACEs: 256
Tunnels: 256
Control Plane Entries: 512
Input Netflow flows: 8192
Output Netflow flows: 16384
SGT/DGT and MPLS VPN entries: 3840
SGT/DGT and MPLS VPN Overflow entries: 512
These numbers are typical for L2 and IPv4 features.
Some features such as IPv6, use up double the entry size;
so only half as many entries can be created.

Hello,

 

odd indeed. Can your PC ping 172.30.0.2 ? Can you ping both 172.24.0.254 and 172.30.0.2 from the switch ?

Can your PC ping 172.30.0.2 ?  yes I can

Can you ping both 172.24.0.254 and 172.30.0.2 yes I can ping both of them

I'm doing a new deployment for a new building. My previous configs work with this same design. These new switches are frustrating me , if it helps I'm running this image cat3k_caa-universalk9.16.03.07.SPA.bin.

 

Hello,

 

I have a feeling this could be related to CPP (Conrol Plane Policing). Try and configure the below:

 

Switch(config)#policy-map system-cpp-policy
Switch(config-pmap)#class system-cpp-police-control-low-priority
Switch(config-pmap-c)# police rate 100 pps

Hi Georg, 

 

its still not working

 

 

Hello,

 

if you turn on:

 

debug ip icmp

 

what is the output ?

Hi Georg
these are some of the output when I ping from my PC. the ping to the quad 8 was not intentional but curious why its telling me time exceeded. 


*Oct 25 09:39:13.660: ICMP: echo reply sent, src 172.30.0.2, dst 172.24.0.253, top ology BASE, dscp 0 topoid 0
*Oct 25 09:39:14.661: ICMP: echo reply sent, src 172.30.0.2, dst 172.24.0.253, top ology BASE, dscp 0 topoid 0
*Oct 25 09:39:15.666: ICMP: echo reply sent, src 172.30.0.2, dst 172.24.0.253, top ology BASE, dscp 0 topoid 0
*Oct 25 09:39:16.670: ICMP: echo reply sent, src 172.30.0.2, dst 172.24.0.253, top ology BASE, dscp 0 topoid 0
*Oct 25 09:40:34.724: ICMP: time exceeded (time to live) sent to 172.24.0.253 (dest was 8.8.8.8), topo logy BASE, dscp 0 topoid 0
*Oct 25 09:40:34.728: ICMP: time exceeded (time to live) sent to 172.24.0.253 (dest was 8.8.8.8), topo logy BASE, dscp 0 topoid 0
*Oct 25 09:40:34.730: ICMP: time exceeded (time to live) sent to 172.24.0.253 (dest was 8.8.8.8), topo

Hello,

 

the idea was to capture the debug output when you ping the PC from the switch, sourcing from 172.30.0.2, can you post that output ?

 

Also, what if you source the ping from the Loopback interface ?

Also, try and remove the Vlan 100 interface, then add it again:

 

--> no interface Vlan100

 

--> interface Vlan100
ip address 172.24.0.254 255.255.255.0

Hi Georg

 

pinging from both the 172.30.0.2 and the loopback doesn't generate any debug messages . The ping fails and nothing is displayed from the switch. Also removing the vlan and re-adding it hasn't worked.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: