Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1891
Views
0
Helpful
5
Replies

Switch unable to ping, but connected host able to.

Go to solution
codemsittc
Level 1
Level 1

‎01-20-2021 07:12 AM - edited ‎01-20-2021 09:41 PM

Hi guys,

 

I have a weird situation as per the subject title. so this is whats going on:

 
 

image.png

NOTE: FIREWALL ALLOWS ANY ANY DURING MY TEST

So the thing i've done a SPAN and monitor on vlan 100

I found out that whenever i do a ping test from 2960 switch to 192.168.1.14 (firewall internal interface), wireshark shows "who is 192.168.1.14, tell 192.168.1.11" and then immediately i get a ARP reply from the firewall telling the 2960 switch the correct MAC address.

HOWEVER!!!! the ping still fail the full 5 times, and i also got the same ARP messages 5 times.

 

Anyone able to advise on the above? It seems so straightforward, but it just doesn't seems to work. Even the ARP request and reply make sense to me.

 

Also, when i use my laptop to ping the default gateway, which is the firewall internal interface, it is successful. But from the 2960 switch CLI, it just fails. I've tried removing the ip default gateway command on the switch, but it doesn't resolve the issue too.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to codemsittc

‎01-20-2021 09:55 PM

Hello,

 

the 2960 switches cannot ping 192.168.1.14, which is the virtual IP. Can they ping the IP addresses of the physical firewall interfaces ? How did you set the HA cluster up ?

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Georg Pauwen
VIP
VIP

‎01-20-2021 08:34 AM

Hello,

 

what about the other way round, can you ping the switch from the firewall ?

0 Helpful

Go to solution
codemsittc
Level 1
Level 1
In response to Georg Pauwen

‎01-20-2021 09:19 PM

I am unable to ping the 2960 switch interface vlan 100 (192.168.1.11). (NOTE THAT I'VE ALLOWED ANY ANY)

However, i am able to ping the 3850 switch int vlan 10.

0 Helpful

Go to solution
codemsittc
Level 1
Level 1
In response to Georg Pauwen

‎01-20-2021 09:42 PM

I've edited and updated the post with a diagram so correctly illustrate the situation too.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to codemsittc

‎01-20-2021 09:55 PM

Hello,

 

the 2960 switches cannot ping 192.168.1.14, which is the virtual IP. Can they ping the IP addresses of the physical firewall interfaces ? How did you set the HA cluster up ?

0 Helpful

Go to solution
codemsittc
Level 1
Level 1
In response to Georg Pauwen

‎01-22-2021 02:44 AM

Hi Georg,

 

I managed to get the solution all worked out.
I've found out the problem is with the firewall. The cluster IP doesn't seem to work. But the physical IP does.

 

It seems that there may have been some issue with the physical port.

Thanks anyway.

 

 

0 Helpful
Customers Also Viewed These Support Documents