10-10-2018 07:16 AM - edited 10-10-2018 07:18 AM
Hi guys,
I have my two Cisco L3 switches connected via a L2 link on which I activated EIGRP 10 and the neighborship is up.
vlan 50 : 172.17.192.128/25 --------[L3_SW_2] Fa0/24====L2====Fa1/0/48 [L3_SW_1] -------- vlan 50 : 172.17.192.0/25
The interco subnet of the L2 link is : 192.168.1.200/30
From L3_SW_2, I am able to ping an IP of the vlan 50 behind L3_SW_L1 : 172.17.192.24.
But the reverse doesn't work (I tried to ping from L3_SW_2 an IP behind SW_1 : 172.17.192.130 which desn't work).
L3_SW_2#sh ip route eigr
.... output omitted ....
Gateway of last resort is 172.17.192.210 to network 0.0.0.0
172.17.0.0/16 is variably subnetted, 3 subnets, 2 masks
D 172.17.192.0/25
[90/28416] via 192.168.1.201, 02:00:21, FastEthernet0/24
L3_SW_2#
L3_SW_1#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.1.202 Fa1/0/48 14 01:57:25 7 100 0 29
L3_SW_2#
L3_SW_2#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.1.201 Fa0/24 14 01:58:10 1 200 0 34
L3_SW_2#
L3_SW_2#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.17.192.130 1 000c.297e.8f75 ARPA Vlan50
Internet 172.17.192.140 9 c81f.66d7.c878 ARPA Vlan50
Internet 172.17.192.200 - 9caf.cad2.c0c4 ARPA Vlan50
Internet 172.17.192.210 200 4c4e.3539.77c1 ARPA Vlan50
Internet 192.168.1.201 121 b8be.bf9e.3b44 ARPA FastEthernet0/24
Internet 192.168.1.202 - 9caf.cad2.c0c1 ARPA FastEthernet0/24
L3_SW_1#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.170.124.121 - b8be.bf9e.3b42 ARPA Vlan30
Internet 10.170.124.122 22 0025.90ca.1f62 ARPA Vlan30
Internet 172.17.192.8 160 0026.b981.a277 ARPA Vlan50
Internet 172.17.192.9 0 0026.b981.a26f ARPA Vlan50
L3_SW_1#sh run | s eigrp
router eigrp 10
network 172.17.192.0 0.0.0.127
network 192.168.1.200 0.0.0.3
passive-interface default
no passive-interface FastEthernet1/0/48
no passive-interface Vlan50
L3_SW_2#sh run | s eigrp
router eigrp 10
network 172.17.192.128 0.0.0.127
network 192.168.1.200 0.0.0.3
passive-interface default
no passive-interface FastEthernet0/24
no passive-interface Vlan50
I need your help on this. Please ask me if you need other command outputs.
Thank you,
Solved! Go to Solution.
10-10-2018 08:17 AM
10-10-2018 08:18 AM
The fact that the local switch can ping the address pretty much eliminates the possibility of local firewall. But I really like the suggestion about incorrect gateway on the host. Wish I had thought of that.
HTH
Rick
10-10-2018 08:19 AM
Can you verify the address, mask, and gateway of the device at 172.17.192.130?
HTH
Rick
10-10-2018 08:26 AM
10-10-2018 08:50 AM
I am very puzzled that ping sent through the MPLS to 172.17.192.130 works. This would seem to verify that the gateway on the host is ok. But I would still appreciate if you would verify configuration of that host for address, mask, and gateway.
And it suggests that there is something about these switches on that L2 link, or something about that L2 link that is problematic. Can you post more complete config information from both switches?
I am increasingly puzzled at the fact that it works one way and not the other. I believe that we have mostly eliminated routing issues and probably host gateway issues. I hope that seeing more complete configuration may help us see some issue.
HTH
Rick
10-10-2018 08:58 AM
Here you go Rick. Thanks in advance for your time.
SW_1
!!!!! VLAN 50: LAN behind SW1
interface Vlan50
ip address 172.17.192.112 255.255.255.128
!!!!! Fa 1/0/48 connected to L2 link
interface FastEthernet1/0/48
description L2-MAN-Link
no switchport
ip address 192.168.1.201 255.255.255.252
router eigrp 10
network 172.17.192.0 0.0.0.127
network 192.168.1.200 0.0.0.3
passive-interface default
no passive-interface FastEthernet1/0/48
no passive-interface Vlan50
!
!!!! default route to MPLS router
ip route 0.0.0.0 0.0.0.0 172.17.243.171
SW_2
!!!!! VLAN 50: LAN behind SW1
interface Vlan50
description LAN
ip address 172.17.192.200 255.255.255.128
!!!!! Fa 0/24 connected to L2 link
interface FastEthernet0/24
description L2-MAN-Link
no switchport
ip address 192.168.1.202 255.255.255.252
!
router eigrp 10
network 172.17.192.128 0.0.0.127
network 192.168.1.200 0.0.0.3
passive-interface default
no passive-interface FastEthernet0/24
no passive-interface Vlan50
!
!!!! default route to MPLS router
ip route 0.0.0.0 0.0.0.0 172.17.192.210
10-10-2018 09:06 AM
Thanks for the additional information. No obvious issues found. Can you post the output of show ip route (rather than just the eigrp generated routes)?
You mention that there are 3 hosts on the subnet which all show this issue. Are these the only devices in that subnet? Are there any other connected devices in that subnet and if so do they all show the issue or do some of them work ok?
HTH
Rick
10-10-2018 09:09 AM
10-10-2018 09:21 AM
I am still trying to understand what is causing the one way success
L3_SW_2#ping 172.17.192.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
L3_SW_1#ping 172.17.192.130
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.192.130, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Would you do a traceroute from SW2 to 172.17.192.8 and post the output?
HTH
Rick
10-10-2018 09:24 AM - edited 10-11-2018 02:26 AM
The Traceroute is correct:
L3_SW_L2#traceroute 172.17.192.8
Type escape sequence to abort.
Tracing the route to 172.17.192.8
1 192.168.1.201 0 msec 9 msec *
2 172.17.192.8 8 msec 8 msec 0 msec
10-10-2018 09:30 AM
10-10-2018 08:32 AM
The trace route results are perhaps a little helpful, though they really just confirm what we pretty much already knew. Remember that trace route works by sending probe packets and controlling the time to live. Send probe packets with TTL of 1, get response, increment TTL to 2 and send probe packets, and they time out. What this reveals is that we received response from the switch so it is working fine. We did not receive a response from the device a hop beyond the switch. So when trace route times out the problem is one hop beyond the last response that we received. We have a tendency to look at results of trace route and assume that the last response shows the problem but that is not really the case. So ping and trace route are both telling us that the device at 172.17.192.130 does not respond to packets from subnet 172.17.192.0/24.
HTH
Rick