02-18-2017 11:22 AM - edited 03-05-2019 08:03 AM
Hi pros,
Before all thank you for taking your time to help a fellow out.! Real Koodoos to you all.
Here it's... my having issue with a small payclock box that an outsourcing HR company send to our HR. The network design is quite simple:
Cisco 3750 stack( 4 SW) ----> Cisco ASA 5606x with DMZ
That DMZ vlan is the only SVI not create in the 3750 Stack switches. The stack sw just sees that as a layer 2 vlan. Now when I add that clock on that vlan, I can't ping even though I can anything else on that vlan.
Further troubleshooting shows that the switch does not even have the MAC address of the device under its port! I tried a static arp assignment but still no change! Reboot the stack and the ASA still no dice! I have the company to send another device, they've tested before sending it out! And no change! I am out of ideas!
Ideas, suggestions are welcome.
Thank,
02-18-2017 12:00 PM
Hello,
what brand/type is the payclock box ?
02-19-2017 02:02 PM
Hi Georg,
It's a ZK clock with facial and finger print.
Thanks,
02-19-2017 11:36 PM
Hello,
is your 3750 a PoE switch ? If so, power over Ethernet (auto) is enabled by default on switch ports. Try and turn it off with the interface command:
power inline never
The only other setting that could be relevant is the flowcontrol, which is set to 'receive off' by default. Try and enable it with the interface command:
flowcontrol receive on
02-20-2017 04:15 PM
Hi Georg,
Yes, all the switches in the stack is PoE... and yes, the power is enable by default. I have never thought of changing but don't see how it will prevent the switches from learning the MAC of the connected device.
Also I have configured a laptop with the same IP, connected on the same port... it works just fine. Nonetheless, I will give your suggestion a try.
Thanks for the help,
02-21-2017 03:43 AM
Hello
How are you suppose to administer these devices? What other means of connecting to this device do you have- Serial/USB etc..?
Do they even support icmp or do this or even tcp/ip require enabling before it can used over the network?
res
Paul
02-21-2017 09:35 AM
Hi Paul,
Thanks for the help....
Well i was not aware about the device untill the HR could not figured out! And i quickly found out they were more than just added to the network! NAT is required, ACL to open up Specific port is required!
Due to the fact, i don't suppose to manage it myself... The outsourcing HR supposed to manage it, so i decide to put it on a DMZ and open up to only their DC IP Pool.
And this is where the drama started. In the internal network everything is fine, i can ping it and outsource company can ping it, and their application can reach open up ports.
But when mode to the DMZ, can't ping it neither from internal network nor outside! ACL is in place... packet tracer shows traffic flows from one interface to another fine, no problem... Device can be ping from the DMZ interface of the ASA(same subnet). Put can't not ping from the switch or any other subnet. The switch/internal subnet can ping another device on the same DMZ.
02-19-2017 02:45 AM
Hello
So you do have connectivity between your inside vlans and dmz vlan but just not to this device attched the dmz vlan?
How does this box receive its addressing?
Can you connect to another device attached to the same port as this
Clock box?
Have you check the cabling-does it require a cross over cable although the switchs should be mdix aware
Speed/duplex setting?
res
paul
02-19-2017 01:27 PM
Hi Paul,
have checked the speed/duplex and they're a good.... even tried auto, still no dice.
Box set with static IP. Also I tried DHCP, it did get an IP but I still can't ping it!
Unplug that box, and assigned the IP to a laptop... And I have full connectivity!
Thanks,
02-19-2017 01:34 PM
Jean Paul,
what brand/type is the box ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide