03-30-2020 12:32 AM
Hi
I am in very weird and simple scenario: I am unable to ping my dhcp server from workstation.
here I have below setup:
Workstation (got IP from vlan 40) -----> Switch(access port in vlan 40 and Layer 3 SVI configured with helper address)------->DHCP Server (Scope of vlan 40 is created)
From switch I can ping dhcp server with source vlan 40.
machine is getting the IP from vlan 40 from dhcp server. but after getting IP machine can only ping gateway of vlan 40 (which is L3 SVI on switch for vlan 40), but it cannot ping except gateway and even not able to ping dchp server.
there is no firewall and access list configured to block the ping.
please guide me, what could be the issue.
Thanks
Garry
Solved! Go to Solution.
03-30-2020 02:16 AM
Hi,
Do you have "ip routing" enabled on the switch? What is the output of "show ip route" on the switch? The default gateway being the switch, it needs routing enabled.
Regards,
Cristian Matei.
03-30-2020 03:08 AM
Hi,
Most probably routing was not turned on. The fact that a device, like a switch or host, can ping/reach some networks, it does not mean it can route packets between its interfaces. There is a difference between a switch generated packet and a switch routed packet.
Regards,
Cristian Matei.
03-30-2020 12:56 AM
Hello,
can you post the configuration of the L3 switch ?
03-30-2020 01:03 AM - edited 03-30-2020 01:05 AM
Hi
L3 interface :
!
interface Vlan40
ip address 10.211.251.217 255.255.255.248
ip helper-address 10.211.250.62
ip router isis
end
!
interface config
!
interface GigabitEthernet1/0/24
switchport access vlan 40
switchport mode access
device-tracking attach-policy IPDT_MAX_10
end
!
ping from access switch :
ping 10.211.250.62 source vlan 40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.211.250.62, timeout is 2 seconds:
Packet sent with a source address of 10.211.251.217
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms
03-30-2020 01:12 AM
Hi,
Have you assigned a default gateway from the DHCP server? If the switch has any other layer 3 interface, except SVI40, can you each any of those? Can you remove and re-apply your IPDT policy?
Regards,
Cristian Matei.
03-30-2020 01:38 AM
Hi
Below is dhcp config dhcp server switch:
ip dhcp excluded-address 10.211.251.217
!
ip dhcp pool Wired_MAB
network 10.211.251.216 255.255.255.248
default-router 10.211.251.217
lease infinite
!
On access switch, i am able to ping other SVIs (on same access switch). and i removed the IPDT policy as well from access port.
But still no luck. unable to ping dhcp and IPs beyond that access switch.
Moreover, I am getting ARP of machine on the access switch.
Thanks
Garry
03-30-2020 01:29 AM
Hi
Thought of adding more to Chris's reply, you can check the following things.
1. check default-gateway assigned for VLAN on DHCP-server.
2. check if the default gateway is reachable from the workstation.
3. If default Gateway is reachable, check if there is an ACL or firewall configured on the DHCP server to block ICMP from the work-station.
Regards
Govardhan
03-30-2020 01:58 AM - edited 03-30-2020 01:59 AM
HI Govasrin,
please find response as below:
1. check default-gateway assigned for VLAN on DHCP-server. -- its assigned as given in config (pasted above from dhcp server switch)
2. check if the default gateway is reachable from the workstation. -- I can Ping default gateway from workstation as its configured as L3 interface on the access switch
3. If default Gateway is reachable, check if there is an ACL or firewall configured on the DHCP server to block ICMP from the work-station. - there is no single ACL configured in my LAB to block anything, moreover, from access switch everything is reachable, but not from workstation which is connected with switch.
Thanks
Garry
03-30-2020 02:16 AM
Hi,
Do you have "ip routing" enabled on the switch? What is the output of "show ip route" on the switch? The default gateway being the switch, it needs routing enabled.
Regards,
Cristian Matei.
03-30-2020 02:37 AM
Hi
ip routing is already enabled on the switch. from switch i can ping the dhcp server with source vlan 40 (from which workstation is getting IP).
Thanks
Garry
03-30-2020 03:06 AM
Hi
Apply an ICMP permit ACL for work-station IP on SVI as well as the upstream interface(connected to DHCP) and check if you see counters are incrementing when sending ping requests
also, you can use "debug ip icmp" for further check.
Regards
Govardhan
03-30-2020 03:08 AM
Hi,
Most probably routing was not turned on. The fact that a device, like a switch or host, can ping/reach some networks, it does not mean it can route packets between its interfaces. There is a difference between a switch generated packet and a switch routed packet.
Regards,
Cristian Matei.
03-30-2020 03:04 AM
Hi
its working now, dont know how exactly it starts working. but i re-issue the ip routing command on switch.
after that it starts working.
Thanks
Garry
11-13-2021 02:38 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide