Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2483
Views
0
Helpful
7
Replies

Cisco 3750's Pass Traffic but cant ping External IPs

Go to solution
Kyle Smith
Level 1
Level 1

‎10-16-2013 07:22 AM - edited ‎03-04-2019 09:20 PM

Hello All,

I am having a really weird issue with our 3750X switches. When logged into them and I attempt to ping an external IP such as 4.2.2.2 or 8.8.8.8 I get no reply. The odd thing is, any lower level device can ping externally (access layer switch or desktop) and I can still get out to the internet. Has anyone ran into an issue like this before and know how to resolve this?

I can provide scrubbed/sections of configs upon request

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Kyle Smith

‎10-16-2013 01:17 PM

Thanks for the additional information. I had been assuming that the switches were operating as layer 2 switches - bad assumption on my part. So the switches are operating as layer 3 switches and have multiple layer 3 interfaces/SVIs and are doing routing. So the question becomes what address is the switch using as the source address on its packets. If vlan 4 has the subnet that includes the next hop address for the default route 10.1.0.1 then it is likely that the switch interface address in vlan 4 is the source address. So now I will offer the suggestion that the ASA may not be configured to do address translation for addresses in vlan 4. Can you provide some detail to us about how address translation is set up on the ASA?

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎10-16-2013 07:27 AM

The symptoms that you describe suggest that the switch is not configured with a correct default gateway, which it needs when the switch management interface is attempting to reach something. Layer 2 forwarding on the switch is not dependent on the switch default gateway and so traffic to external destinations from devices connected to the switch can be forwarded without problem. But packets generated on the switch itself do depend on the switch default gateway.

So can you tell us whether the switch has a gateway configured that does correspond to the management address configured on the switch?

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Kyle Smith
Level 1
Level 1
In response to Richard Burts

‎10-16-2013 08:09 AM

Hello Rick,

Thank you for your reply. The switch does not have a gateway that corresponds with the management address. Let me go into this a bit further.

The default gateway on the 3750X switches points to our ASA inside interfaces (ex. 10.1.0.1) which is on the same subnet. (For example, VLAN 4 - 10.1.0.0/28).

So from the switch we have:

ip route 0.0.0.0 0.0.0.0 10.1.0.1

ip default-gateway 10.1.0.1

From there, the internal network has many VLANs but no other devices use VLAN 4,  We do have a management VLAN that is a lower number than the VLAN between the ASA and 3750's. A classmate of mine mentioned it may be using the lowered numbered VLAN but I am not sure how correct that is. So lets say these devices use VLAN 2 - 10.1.5.0/24 to be connected and SSH'd into, would you suggest I create that network on the ASA inside interface?

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Kyle Smith

‎10-16-2013 01:17 PM

Thanks for the additional information. I had been assuming that the switches were operating as layer 2 switches - bad assumption on my part. So the switches are operating as layer 3 switches and have multiple layer 3 interfaces/SVIs and are doing routing. So the question becomes what address is the switch using as the source address on its packets. If vlan 4 has the subnet that includes the next hop address for the default route 10.1.0.1 then it is likely that the switch interface address in vlan 4 is the source address. So now I will offer the suggestion that the ASA may not be configured to do address translation for addresses in vlan 4. Can you provide some detail to us about how address translation is set up on the ASA?

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Kyle Smith
Level 1
Level 1
In response to Richard Burts

‎10-17-2013 05:19 AM

Rick,

My mistake on my original post, I wasnt clear. After looking at the ASA you were correct, I didnt have a translation setup for that point to point network.

Thank you for pointing me in the right direction and for your assistance on this issue.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Kyle Smith

‎10-17-2013 05:37 AM

You are quite welcome. I am glad that my suggestion did point you in the right direction. Thank you for using the rating system to mark this question as answered.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
gchevalley
Level 1
Level 1

‎10-16-2013 08:16 AM

How many IP Addresses do you have configured on your 3750X switch?  The switch may be using an IP Address as the source address that doesn't have a route out.  Try issuing the ping command specifying the source ip adddress to use.

0 Helpful

Go to solution
Kyle Smith
Level 1
Level 1
In response to gchevalley

‎10-16-2013 08:26 AM

Hello gchevalley,

I can try that, but we have multiple IP's on our 3750's. We are a small-mid sized company and utlize them as L3 core switches. We have HSRP running on them for redundancy across our two buildings and they house all the VLAN interfaces for our environment. Basically, every device has a default gateway pointing to the HSRP address across our two stacks of 3750s.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card