Re: HELP PLEASE , CAN NOT PING THE ROUTER

Engr.Night · ‎11-30-2011

Dear all , hope you are fine !!

please i have a big issue since three days , and i couldnot solve it .

the problem :

i installed a new cisco switches 3560 in my Network , and i made the configuration as shown below ( sw 1 ) ,its connected to the core switch 6500 ( CORE ) and the core switch is connected to the ROUTER , MD ( WHICH IS THE WAN ROUTER FOR OUT SIDE NETWORKS - INTRANET ).

I HAVE ALREADY A SWITCH ( OLDSW ) CAN PING THE ROUTER MD , AND REACHS THE OUT SIDE INTRANET , AND WORKS VERY GOOD .

BUT I DO NOT KNOW WHY THE THE PC CONNECTED TO THE NEW SWITCH CAN NOT PING THE ROUTER , OR REACH OUT SIDE .

PLZ NOTE :

FROM THE SWITCH SW1 I CAN PING EVERY THING LAN AND WAN , BUT FROM THE RUN OF PC I CAN NOT PING THE ROUTER MD , ONLY I CAN PING THE SWITCHES IN MY LOCAL NETWORK .

PLZ NOTE :

I HAVE TRIED TO SHUTDOWN THE FIREWALL OF MY PC AS WELL AS I SHUTTED DOWN THE ANTIVIRUS PROGRAM ,but still can not ping from pc attached to the new switch SW1 to the router MD .

PLZ NOTE :

I HAVE VLANS AND I ALREADY CONFIGURED THE PC TO THE CORRECT IP RANGE OF VLAN AND GATEWAY ( ITS PINGING THE OTHER SWITCHES NORMALLY , BUT CAN NOT PING OTHER VLANS )

THE CONNECTION ARE :

PC ----> SW1 -------> CORE ----- > MD -----> TO OUT SIDE ( INTRANET ) NOT WORKING OR PINGING

PC --- > OLDSW -------> CORE ----- > MD -----> TO OUT SIDE ( INTRANET ) WORKING GOOD , AND PINGING .

PLEASE HELP , I NEEDED IT SOOOO MUCH .

THANKS .

Asim Malik · ‎11-30-2011

Hi,

Were you able to fix it yet? You could apply an acl on the router interface that is facing the switch and see if you are getting any packets atall? this will narrow it down a little bit

Thanks,

Asim

Engr.Night · ‎11-30-2011

hi Asim ,

sorry i could not understand you .

but , the network already working well ,

but i added a new switch and its in the same vlan as the old access switch , but the pc attached to the new switch can not work even i configured the default gateway ( its the address of core switch -stand by address )

any way , i have two switches ( old and new ) both are idintical in the configuration , but the pc attached to the old switch can ping the router , while the pc attached to the new switch can not ping the router .

plz note : that both switches can ping the router .

cadet alain · ‎12-01-2011

Hi,

the access vlan on fastethernet ports on new switch is vlan 4 and on old switch it is vlan 7 , is it normal?

Can you post ipconfig of PC on new switch and results from a tracert to MD.

also on New switch post output of:

-sh vlan br

-sh span vlan 4

-sh int trunk

- sh int fx/x switchport

Regards.

Alain

Don't forget to rate helpful posts.

Engr.Night · ‎12-04-2011

any help please ?!!

mvsheik123 · ‎12-05-2011

Hi,

(from Nick's posting about your the subnets)

VLAN 4 - 10.243.64.128/26

GW - 10.243.64.190 (Interface on FWSM in your 6500)

VLAN 5 - 10.243.64.192/26

GW - 10.243.64.254 (Interface on FWSM in your 6500)

VLAN 7 - 10.243.67.192/26

GW - 10.243.64.254 (Interface on FWSM in your 6500)

is this correct?

Also, based on your response on t-shoot suggested by experts...

Can 2 PCs, both attached to SW1 ping each other?

yes , 10.243.64.188 can ping 10.243.64.187 ( SW1 - VLAN 4 )

If Yes, can 1 PC on SW1 ping another PC on OldSw?

YES , 10.243.64.100 255.255.255.192 can ping 10.243.67.195 255.255.255.192

ALSO i pinged another Oldsw2 in my network and success (sw1 VLAN 4 ping oldsw2 VLAN 3 )

YES , 10.243.64.100 255.255.255.192 can ping 10.243.64.188 255.255.255.192

-> It appears that somewhere routing is missing for the PC/vlan. Are you connecting the same PC on the oldSW and trying?

-->VTP should not impact anything here, but if you want modify to ' Tranparent' (you got only 4 switches).

-->Do you have any host specific ACLs on FWSM?

--> Do you have 'tracert' output from PC on SW1 to intra-net? Where the tracert ending?

hth

MS

Engr.Night · ‎12-05-2011

Hi mvsheik

thanks for your response .

-> It appears that somewhere routing is missing for the PC/vlan. Are you connecting the same PC on the oldSW and trying?

yes , and pinging router MD .

-->VTP should not impact anything here, but if you want modify to ' Tranparent' (you got only 4 switches).

I made it today as client mode .( it was server mode ) , but no change , any pc connected to SW1 can not ping router MD .

-->Do you have any host specific ACLs on FWSM?

NO .

--> Do you have 'tracert' output from PC on SW1 to intra-net? Where the tracert ending?

I did that already , but no response , ever , it gaves me stars * * * * , without any route to any place .

thanks .

Night .

NickNac79 · ‎12-05-2011

Hi Night,

Sorry I've been very busy today.

I don't think you've actually tested what I asked you to test, and you keep going on about not being able to ping MD - FORGET ABOUT THIS. You haven't yet proven that your layer2 network is working. You must crawl before you can walk.

Please do the following, and only the following and post the results... Please do NOT post anything that I don't ask for as it makes it difficult to find the relevant information.

On a PC attached to a port on Sw1 (VLAN4)
- ipconfig /all
- ping 10.243.64.190
- arp -a
On your FWSM
- show int vlan 4
- show run int vlan 4
- ping
- sh arp | i

Cheers,

Nick

Engr.Night · ‎12-05-2011

Hi Nick ,

sorry Nick , but did the all tests already and i stored it in a file

about the new tests , i will do it tomorrow morinig and post the results , do not worry i will post the tests required only .

thanks for your help Nick ,

you too mvsheik.

Night .

Engr.Night · ‎12-08-2011

Hi Nick ,

i sent you a private message , please read it .

Night .

louiedm2011 · ‎12-11-2011

you need to create another subinterface on the router which ip address is in the same network with the switch and apply ACL's if you dont want to apply inter vlan communication.or you can join the switch in same vlan with previous switch in same network.

Engr.Night · ‎12-11-2011

Hi Louiedm ,

thanks for replay ,

but the problem in the IPsec ,IDSM , please if you know any thing or documents , please share .

thanks ,

Night .