cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5492
Views
5
Helpful
36
Replies

EIGRP neighbor UP, routes showing but ping working only on one direction!

mazzz
Level 1
Level 1

Hi guys,

 

I have my two Cisco L3 switches connected via a L2 link on which I activated EIGRP 10 and the neighborship is up.

 

vlan 50 : 172.17.192.128/25 --------[L3_SW_2] Fa0/24====L2====Fa1/0/48 [L3_SW_1] -------- vlan 50 : 172.17.192.0/25

 

The interco subnet of the L2 link is : 192.168.1.200/30

 

From L3_SW_2, I am able to ping an IP of the vlan 50 behind L3_SW_L1 : 172.17.192.24.

But the reverse doesn't work (I tried to ping from L3_SW_2 an IP behind SW_1 : 172.17.192.130 which desn't work).

 

L3_SW_2#sh ip route eigr     
.... output omitted ....
Gateway of last resort is 172.17.192.210 to network 0.0.0.0

      172.17.0.0/16 is variably subnetted, 3 subnets, 2 masks
D        172.17.192.0/25
           [90/28416] via 192.168.1.201, 02:00:21, FastEthernet0/24
L3_SW_2#

 

L3_SW_1#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   192.168.1.202           Fa1/0/48                 14 01:57:25    7   100  0  29
L3_SW_2#

 

L3_SW_2#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   192.168.1.201           Fa0/24            14 01:58:10    1   200  0  34
L3_SW_2#

 

L3_SW_2#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.17.192.130          1   000c.297e.8f75  ARPA   Vlan50
Internet  172.17.192.140          9   c81f.66d7.c878  ARPA   Vlan50
Internet  172.17.192.200          -   9caf.cad2.c0c4  ARPA   Vlan50
Internet  172.17.192.210        200   4c4e.3539.77c1  ARPA   Vlan50
Internet  192.168.1.201         121   b8be.bf9e.3b44  ARPA   FastEthernet0/24
Internet  192.168.1.202           -   9caf.cad2.c0c1  ARPA   FastEthernet0/24

L3_SW_1#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.170.124.121          -   b8be.bf9e.3b42  ARPA   Vlan30
Internet  10.170.124.122         22   0025.90ca.1f62  ARPA   Vlan30
Internet  172.17.192.8          160   0026.b981.a277  ARPA   Vlan50
Internet  172.17.192.9            0   0026.b981.a26f  ARPA   Vlan50

 

L3_SW_1#sh run | s eigrp
router eigrp 10
 network 172.17.192.0 0.0.0.127
 network 192.168.1.200 0.0.0.3
 passive-interface default
 no passive-interface FastEthernet1/0/48
 no passive-interface Vlan50

L3_SW_2#sh run | s eigrp
router eigrp 10
 network 172.17.192.128 0.0.0.127
 network 192.168.1.200 0.0.0.3
 passive-interface default
 no passive-interface FastEthernet0/24
 no passive-interface Vlan50

 

 

I need your help on this. Please ask me if you need other command outputs.

Thank  you,

36 Replies 36

See Dan,

The problem is not with .8 (VLAN 172.17.192.0/25) on SW_1 but with the VLAN 172.17.192.128/25 which is behind SW_2.
I am able to ping .8 / .9 and other IPs from SW2 via the L2 link (VLAN 50 172.17.192.0/25 is behind SW1) but,
... I am not able to ping the 172.17.192.130 from SW1 via L2 link (VLAN 50172.17.192.128/25) is bheind SW2.

A traceroute to IP 172.17.192.130 from SW1 dies at the EIGRP neighboring address (192.168.1.202) on SW2:
It looks like it desn't know the route to 172.17.192.130 which is completely false (see the topology far below):


L3_SW_1#traceroute 172.17.192.130
Type escape sequence to abort.
Tracing the route to 172.17.192.130
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.1.202 0 msec 9 msec 8 msec
2 * * *
3 * * *
4 * * *


L3_SW_2#sh ip eigrp topology
EIGRP-IPv4 Topology Table for AS(10)/ID(192.168.1.202)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 172.17.192.128/25, 1 successors, FD is 2816
via Connected, Vlan50
P 192.168.1.200/30, 1 successors, FD is 28160
via Connected, FastEthernet0/24
P 172.17.192.0/25, 1 successors, FD is 28416
via 192.168.1.201 (28416/2816), FastEthernet0/24

The fact that the local switch can ping the address pretty much eliminates the possibility of local firewall. But I really like the suggestion about incorrect gateway on the host. Wish I had thought of that.

 

HTH

 

Rick

HTH

Rick

Can you verify the address, mask, and gateway of the device at 172.17.192.130?

 

HTH

 

Rick

HTH

Rick

Rick,

I do believe there is not issue with the host itself but I can cross check.
Meanwhile, I tested with another link connected to a MPLS network and by putting a static route pointing to the CE Router (172.17.243.171) and I can perfectly ping the .130 from SW1 via the MPLS network.

L3_SW_1(config)#ip route 172.17.192.130 255.255.255.255 172.17.243.171
L3_SW_1(config)#do ping 172.17.192.130
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.130, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/298/521 ms
L3_SW_1(config)#

.....

I am very puzzled that ping sent through the MPLS to 172.17.192.130 works. This would seem to verify that the gateway on the host is ok. But I would still appreciate if you would verify configuration of that host for address, mask, and gateway.

 

And it suggests that there is something about these switches on that L2 link, or something about that L2 link that is problematic. Can you post more complete config information from both switches?

 

I am increasingly puzzled at the fact that it works one way and not the other. I believe that we have mostly eliminated routing issues and probably host gateway issues. I hope that seeing more complete configuration may help us see some issue.

 

HTH

 

Rick

HTH

Rick

Here you go Rick. Thanks in advance for your time.

 

 

SW_1

 

!!!!! VLAN 50: LAN behind SW1

interface Vlan50
 ip address 172.17.192.112 255.255.255.128

 

!!!!! Fa 1/0/48 connected to L2 link

interface FastEthernet1/0/48
 description L2-MAN-Link
 no switchport
 ip address 192.168.1.201 255.255.255.252

 

router eigrp 10
 network 172.17.192.0 0.0.0.127
 network 192.168.1.200 0.0.0.3
 passive-interface default
 no passive-interface FastEthernet1/0/48
 no passive-interface Vlan50
!

!!!! default route to MPLS router

ip route 0.0.0.0 0.0.0.0 172.17.243.171

 

SW_2

!!!!! VLAN 50: LAN behind SW1

interface Vlan50
 description LAN
 ip address 172.17.192.200 255.255.255.128

 

!!!!! Fa 0/24 connected to L2 link

interface FastEthernet0/24
 description L2-MAN-Link
 no switchport
 ip address 192.168.1.202 255.255.255.252

 

!
router eigrp 10
 network 172.17.192.128 0.0.0.127
 network 192.168.1.200 0.0.0.3
 passive-interface default
 no passive-interface FastEthernet0/24
 no passive-interface Vlan50
!

 

!!!! default route to MPLS router

ip route 0.0.0.0 0.0.0.0 172.17.192.210

 

 

Thanks for the additional information. No obvious issues found. Can you post the output of show ip route (rather than just the eigrp generated routes)?

 

You mention that there are 3 hosts on the subnet which all show this issue. Are these the only devices in that subnet? Are there any other connected devices in that subnet and if so do they all show the issue or do some of them work ok?

 

HTH

 

Rick

HTH

Rick

There are 2 other hosts on the same subnet showing same issue.

Here is the ip route for:

SW1 <<<<<<<<<<
L3_SW_1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 172.17.243.171 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 172.17.243.171
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.170.124.120/29 is directly connected, Vlan30
L 10.170.124.121/32 is directly connected, Vlan30
172.17.0.0/16 is variably subnetted, 5 subnets, 3 masks
C 172.17.192.0/25 is directly connected, Vlan50
L 172.17.192.112/32 is directly connected, Vlan50
D 172.17.192.128/25
[90/28416] via 192.168.1.202, 03:58:18, FastEthernet1/0/48
C 172.17.243.168/29 is directly connected, Vlan10
L 172.17.243.172/32 is directly connected, Vlan10
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.200/30 is directly connected, FastEthernet1/0/48
L 192.168.1.201/32 is directly connected, FastEthernet1/0/48
>>>>>>>>>>>>>>

SW2 <<<<<<<<<<
L3_SW_L2#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 172.17.192.210 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 172.17.192.210
172.17.0.0/16 is variably subnetted, 3 subnets, 2 masks
D 172.17.192.0/25
[90/28416] via 192.168.1.201, 03:58:06, FastEthernet0/24
C 172.17.192.128/25 is directly connected, Vlan50
L 172.17.192.200/32 is directly connected, Vlan50
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.200/30 is directly connected, FastEthernet0/24
L 192.168.1.202/32 is directly connected, FastEthernet0/24
>>>>>>>>>>>>>>

I am still trying to understand what is causing the one way success

L3_SW_2#ping 172.17.192.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

L3_SW_1#ping 172.17.192.130
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.130, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

 

Would you do a traceroute from SW2 to 172.17.192.8 and post the output?

 

HTH

 

Rick

HTH

Rick

The Traceroute is correct:

L3_SW_L2#traceroute 172.17.192.8

Type escape sequence to abort.
Tracing the route to 172.17.192.8

1 192.168.1.201 0 msec 9 msec *
2 172.17.192.8 8 msec 8 msec 0 msec

It is taking the correct path (192.168.1.201 neighbor on the L2 link):

L2_SW_L2#traceroute 172.17.192.8

Type escape sequence to abort.
Tracing the route to 172.17.192.8

1 192.168.1.201 0 msec 9 msec *
2 172.17.192.8 8 msec 8 msec 0 msec

The trace route results are perhaps a little helpful, though they really just confirm what we pretty much already knew. Remember that trace route works by sending probe packets and controlling the time to live. Send probe packets with TTL of 1, get response, increment TTL to 2 and send probe packets, and they time out. What this reveals is that we received response from the switch so it is working fine. We did not receive a response from the device a hop beyond the switch. So when trace route times out the problem is one hop beyond the last response that we received. We have a tendency to look at results of trace route and assume that the last response shows the problem but that is not really the case. So ping and trace route are both telling us that the device at 172.17.192.130 does not respond to packets from subnet 172.17.192.0/24.

 

HTH

 

Rick

HTH

Rick

It might be the case. Do you think something is missing int he network declaration or passive-interface issue that might block things?
Personnaly, I don't find any logic behind this. I am able to see the subnets (LAN, interconnection) on the respective L3 switches both in routing table and eigrp topology table.

BTW, I have other 2 IP's on the same subnet as .130 which I can't ping. So the problem is not with the destination host, rather the routing knowledge by the SW2.

CARDIFMAIN3750V2#ping 172.17.192.130
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.130, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

L3_SW_L1#ping 172.17.192.140
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.140, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
L3_SW_L1#ping 172.17.192.210
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.210, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

mljevakovic
Level 3
Level 3

Net.JPGI've created a quick lab and tested. It works. I hope this will help u.

 

PC2#sh run | i route
ip route 0.0.0.0 0.0.0.0 172.17.192.129
PC2#sh ip int brief | ex un
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  172.17.192.200  YES manual up                    up

 

L3_SW_2#sh vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/2, Et0/3
50   VLAN0050                         active    Et0/1

 

L3_SW_2#sh ip int brief | ex un
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  192.168.1.202   YES manual up                    up
Vlan50                 172.17.192.129  YES manual up                    up

 

L3_SW_2#sh run | s eigrp
router eigrp 10
 network 172.17.192.128 0.0.0.127
 network 192.168.1.200 0.0.0.3

 

Gateway of last resort is not set

      172.17.0.0/16 is variably subnetted, 3 subnets, 2 masks
D        172.17.192.0/25 [90/3072] via 192.168.1.201, 00:03:43, Vlan1
L3_SW_2#

 

L3_SW_2#sh cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
PC2              Eth 0/1           138             R S I  Linux Uni Eth 0/0
L3_SW_1          Eth 0/0           128             R S I  Linux Uni Eth 0/0

 

 

 

L3_SW_1#sh vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/2, Et0/3
50   VLAN0050                         active    Et0/1

 

L3_SW_1#sh ip int brief | ex un
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  192.168.1.201   YES manual up                    up
Vlan50                 172.17.192.1    YES manual up                    up

L3_SW_1#sh run | s eigrp
router eigrp 10
 network 172.17.192.0 0.0.0.127
 network 192.168.1.200 0.0.0.3

 

 

Gateway of last resort is not set

      172.17.0.0/16 is variably subnetted, 3 subnets, 2 masks
D        172.17.192.128/25 [90/3072] via 192.168.1.202, 00:05:28, Vlan1
L3_SW_1#

 

 

 

PC1#sh run | i route
ip route 0.0.0.0 0.0.0.0 172.17.192.1
PC1#

 

PC1#sh ip int brief | ex un
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  172.17.192.8    YES manual up                    up

 

PC1#ping 172.17.192.200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PC1#

 

PC2#ping 172.17.192.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms
PC2#

I have read back through the complete discussion and notice something unexpected in an early post showing the arp table

L3_SW_1#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.170.124.121          -   b8be.bf9e.3b42  ARPA   Vlan30
Internet  10.170.124.122         22   0025.90ca.1f62  ARPA   Vlan30
Internet  172.17.192.8          160   0026.b981.a277  ARPA   Vlan50
Internet  172.17.192.9            0   0026.b981.a26f  ARPA   Vlan50

 

I would expect to see an entry for the switch interface in vlan 50 and I would expect to see entries for the 192.168 link. Can you post a fresh output of show ip arp and see if this is consistent? Does the config of either switch do anything about arp - like change the arp timeout value?

 

HTH

 

Rick

HTH

Rick
Review Cisco Networking for a $25 gift card