10-10-2018 07:16 AM - edited 10-10-2018 07:18 AM
Hi guys,
I have my two Cisco L3 switches connected via a L2 link on which I activated EIGRP 10 and the neighborship is up.
vlan 50 : 172.17.192.128/25 --------[L3_SW_2] Fa0/24====L2====Fa1/0/48 [L3_SW_1] -------- vlan 50 : 172.17.192.0/25
The interco subnet of the L2 link is : 192.168.1.200/30
From L3_SW_2, I am able to ping an IP of the vlan 50 behind L3_SW_L1 : 172.17.192.24.
But the reverse doesn't work (I tried to ping from L3_SW_2 an IP behind SW_1 : 172.17.192.130 which desn't work).
L3_SW_2#sh ip route eigr
.... output omitted ....
Gateway of last resort is 172.17.192.210 to network 0.0.0.0
172.17.0.0/16 is variably subnetted, 3 subnets, 2 masks
D 172.17.192.0/25
[90/28416] via 192.168.1.201, 02:00:21, FastEthernet0/24
L3_SW_2#
L3_SW_1#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.1.202 Fa1/0/48 14 01:57:25 7 100 0 29
L3_SW_2#
L3_SW_2#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.1.201 Fa0/24 14 01:58:10 1 200 0 34
L3_SW_2#
L3_SW_2#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.17.192.130 1 000c.297e.8f75 ARPA Vlan50
Internet 172.17.192.140 9 c81f.66d7.c878 ARPA Vlan50
Internet 172.17.192.200 - 9caf.cad2.c0c4 ARPA Vlan50
Internet 172.17.192.210 200 4c4e.3539.77c1 ARPA Vlan50
Internet 192.168.1.201 121 b8be.bf9e.3b44 ARPA FastEthernet0/24
Internet 192.168.1.202 - 9caf.cad2.c0c1 ARPA FastEthernet0/24
L3_SW_1#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.170.124.121 - b8be.bf9e.3b42 ARPA Vlan30
Internet 10.170.124.122 22 0025.90ca.1f62 ARPA Vlan30
Internet 172.17.192.8 160 0026.b981.a277 ARPA Vlan50
Internet 172.17.192.9 0 0026.b981.a26f ARPA Vlan50
L3_SW_1#sh run | s eigrp
router eigrp 10
network 172.17.192.0 0.0.0.127
network 192.168.1.200 0.0.0.3
passive-interface default
no passive-interface FastEthernet1/0/48
no passive-interface Vlan50
L3_SW_2#sh run | s eigrp
router eigrp 10
network 172.17.192.128 0.0.0.127
network 192.168.1.200 0.0.0.3
passive-interface default
no passive-interface FastEthernet0/24
no passive-interface Vlan50
I need your help on this. Please ask me if you need other command outputs.
Thank you,
Solved! Go to Solution.
10-10-2018 08:17 AM
10-10-2018 08:18 AM
The fact that the local switch can ping the address pretty much eliminates the possibility of local firewall. But I really like the suggestion about incorrect gateway on the host. Wish I had thought of that.
HTH
Rick
10-10-2018 08:19 AM
Can you verify the address, mask, and gateway of the device at 172.17.192.130?
HTH
Rick
10-10-2018 08:26 AM
10-10-2018 08:50 AM
I am very puzzled that ping sent through the MPLS to 172.17.192.130 works. This would seem to verify that the gateway on the host is ok. But I would still appreciate if you would verify configuration of that host for address, mask, and gateway.
And it suggests that there is something about these switches on that L2 link, or something about that L2 link that is problematic. Can you post more complete config information from both switches?
I am increasingly puzzled at the fact that it works one way and not the other. I believe that we have mostly eliminated routing issues and probably host gateway issues. I hope that seeing more complete configuration may help us see some issue.
HTH
Rick
10-10-2018 08:58 AM
Here you go Rick. Thanks in advance for your time.
SW_1
!!!!! VLAN 50: LAN behind SW1
interface Vlan50
ip address 172.17.192.112 255.255.255.128
!!!!! Fa 1/0/48 connected to L2 link
interface FastEthernet1/0/48
description L2-MAN-Link
no switchport
ip address 192.168.1.201 255.255.255.252
router eigrp 10
network 172.17.192.0 0.0.0.127
network 192.168.1.200 0.0.0.3
passive-interface default
no passive-interface FastEthernet1/0/48
no passive-interface Vlan50
!
!!!! default route to MPLS router
ip route 0.0.0.0 0.0.0.0 172.17.243.171
SW_2
!!!!! VLAN 50: LAN behind SW1
interface Vlan50
description LAN
ip address 172.17.192.200 255.255.255.128
!!!!! Fa 0/24 connected to L2 link
interface FastEthernet0/24
description L2-MAN-Link
no switchport
ip address 192.168.1.202 255.255.255.252
!
router eigrp 10
network 172.17.192.128 0.0.0.127
network 192.168.1.200 0.0.0.3
passive-interface default
no passive-interface FastEthernet0/24
no passive-interface Vlan50
!
!!!! default route to MPLS router
ip route 0.0.0.0 0.0.0.0 172.17.192.210
10-10-2018 09:06 AM
Thanks for the additional information. No obvious issues found. Can you post the output of show ip route (rather than just the eigrp generated routes)?
You mention that there are 3 hosts on the subnet which all show this issue. Are these the only devices in that subnet? Are there any other connected devices in that subnet and if so do they all show the issue or do some of them work ok?
HTH
Rick
10-10-2018 09:09 AM
10-10-2018 09:21 AM
I am still trying to understand what is causing the one way success
L3_SW_2#ping 172.17.192.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
L3_SW_1#ping 172.17.192.130
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.130, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Would you do a traceroute from SW2 to 172.17.192.8 and post the output?
HTH
Rick
10-10-2018 09:24 AM - edited 10-11-2018 02:26 AM
The Traceroute is correct:
L3_SW_L2#traceroute 172.17.192.8
Type escape sequence to abort.
Tracing the route to 172.17.192.8
1 192.168.1.201 0 msec 9 msec *
2 172.17.192.8 8 msec 8 msec 0 msec
10-10-2018 09:30 AM
10-10-2018 08:32 AM
The trace route results are perhaps a little helpful, though they really just confirm what we pretty much already knew. Remember that trace route works by sending probe packets and controlling the time to live. Send probe packets with TTL of 1, get response, increment TTL to 2 and send probe packets, and they time out. What this reveals is that we received response from the switch so it is working fine. We did not receive a response from the device a hop beyond the switch. So when trace route times out the problem is one hop beyond the last response that we received. We have a tendency to look at results of trace route and assume that the last response shows the problem but that is not really the case. So ping and trace route are both telling us that the device at 172.17.192.130 does not respond to packets from subnet 172.17.192.0/24.
HTH
Rick
10-10-2018 08:42 AM
10-10-2018 10:35 AM
I've created a quick lab and tested. It works. I hope this will help u.
PC2#sh run | i route
ip route 0.0.0.0 0.0.0.0 172.17.192.129
PC2#sh ip int brief | ex un
Interface IP-Address OK? Method Status Protocol
Vlan1 172.17.192.200 YES manual up up
L3_SW_2#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et0/0, Et0/2, Et0/3
50 VLAN0050 active Et0/1
L3_SW_2#sh ip int brief | ex un
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.1.202 YES manual up up
Vlan50 172.17.192.129 YES manual up up
L3_SW_2#sh run | s eigrp
router eigrp 10
network 172.17.192.128 0.0.0.127
network 192.168.1.200 0.0.0.3
Gateway of last resort is not set
172.17.0.0/16 is variably subnetted, 3 subnets, 2 masks
D 172.17.192.0/25 [90/3072] via 192.168.1.201, 00:03:43, Vlan1
L3_SW_2#
L3_SW_2#sh cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
PC2 Eth 0/1 138 R S I Linux Uni Eth 0/0
L3_SW_1 Eth 0/0 128 R S I Linux Uni Eth 0/0
L3_SW_1#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et0/0, Et0/2, Et0/3
50 VLAN0050 active Et0/1
L3_SW_1#sh ip int brief | ex un
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.1.201 YES manual up up
Vlan50 172.17.192.1 YES manual up up
L3_SW_1#sh run | s eigrp
router eigrp 10
network 172.17.192.0 0.0.0.127
network 192.168.1.200 0.0.0.3
Gateway of last resort is not set
172.17.0.0/16 is variably subnetted, 3 subnets, 2 masks
D 172.17.192.128/25 [90/3072] via 192.168.1.202, 00:05:28, Vlan1
L3_SW_1#
PC1#sh run | i route
ip route 0.0.0.0 0.0.0.0 172.17.192.1
PC1#
PC1#sh ip int brief | ex un
Interface IP-Address OK? Method Status Protocol
Vlan1 172.17.192.8 YES manual up up
PC1#ping 172.17.192.200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PC1#
PC2#ping 172.17.192.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms
PC2#
10-11-2018 08:15 AM
I have read back through the complete discussion and notice something unexpected in an early post showing the arp table
L3_SW_1#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.170.124.121 - b8be.bf9e.3b42 ARPA Vlan30
Internet 10.170.124.122 22 0025.90ca.1f62 ARPA Vlan30
Internet 172.17.192.8 160 0026.b981.a277 ARPA Vlan50
Internet 172.17.192.9 0 0026.b981.a26f ARPA Vlan50
I would expect to see an entry for the switch interface in vlan 50 and I would expect to see entries for the 192.168 link. Can you post a fresh output of show ip arp and see if this is consistent? Does the config of either switch do anything about arp - like change the arp timeout value?
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide