Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3318
Views
5
Helpful
12
Replies

unable to ping DHCPserver from workstation

Go to solution
gurbinder.kabbay
Level 1
Level 1

‎03-30-2020 12:32 AM

Hi

I am in very weird and simple scenario: I am unable to ping my dhcp server from workstation.

here I have below setup:

Workstation (got IP from vlan 40) -----> Switch(access port in vlan 40 and Layer 3 SVI configured with helper address)------->DHCP Server (Scope of vlan 40 is created)

 

From switch I can ping dhcp server with source vlan 40.

machine is getting the IP from vlan 40 from dhcp server. but after getting IP machine can only ping gateway of vlan 40 (which is L3 SVI on switch for vlan 40), but it cannot ping except gateway and even not able to ping dchp server.

there is no firewall and access list configured to block the ping.

please guide me, what could be the issue.

 

Thanks

Garry

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to gurbinder.kabbay

‎03-30-2020 02:16 AM

Hi,

 

   Do you have "ip routing" enabled on the switch? What is the output of "show ip route" on the switch? The default gateway being the switch, it needs routing enabled.

 

Regards,

Cristian Matei.

View solution in original post

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to gurbinder.kabbay

‎03-30-2020 03:08 AM

Hi,

 

   Most probably routing was not turned on. The fact that a device, like a switch or host, can ping/reach some networks, it does not mean it can route packets between its interfaces. There is a difference between a switch generated packet and a switch routed packet.

 

Regards,

Cristian Matei.

View solution in original post

12 Replies 12

Go to solution
Georg Pauwen
VIP
VIP

‎03-30-2020 12:56 AM

Hello,

 

can you post the configuration of the L3 switch ?

0 Helpful

Go to solution
gurbinder.kabbay
Level 1
Level 1
In response to Georg Pauwen

‎03-30-2020 01:03 AM - edited ‎03-30-2020 01:05 AM

Hi

L3 interface :

 

!
interface Vlan40
ip address 10.211.251.217 255.255.255.248
ip helper-address 10.211.250.62
ip router isis
end

!

interface config

!
interface GigabitEthernet1/0/24
switchport access vlan 40
switchport mode access
device-tracking attach-policy IPDT_MAX_10
end

!

ping from access switch :

 

ping 10.211.250.62 source vlan 40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.211.250.62, timeout is 2 seconds:
Packet sent with a source address of 10.211.251.217
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms

 

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to gurbinder.kabbay

‎03-30-2020 01:12 AM

Hi,

 

   Have you assigned a default gateway from the DHCP server? If the switch has any other layer 3 interface, except SVI40, can you each any of those? Can you remove and re-apply your IPDT policy?

 

Regards,

Cristian Matei.

0 Helpful

Go to solution
gurbinder.kabbay
Level 1
Level 1
In response to Cristian Matei

‎03-30-2020 01:38 AM

Hi 

 

Below is dhcp config dhcp server switch:

ip dhcp excluded-address 10.211.251.217

!

ip dhcp pool Wired_MAB
network 10.211.251.216 255.255.255.248
default-router 10.211.251.217
lease infinite

!

On access switch, i am able to ping other SVIs (on same access switch). and i removed the IPDT policy as well from access port.

But still no luck. unable to ping dhcp and IPs beyond that access switch. 

Moreover, I am getting ARP of machine on the access switch.

 

Thanks

Garry

 

 

0 Helpful

Go to solution
govasrin
Cisco Employee
Cisco Employee
In response to gurbinder.kabbay

‎03-30-2020 01:29 AM

Hi  

 

Thought of adding more to Chris's reply, you can check the following things.

 

1. check default-gateway assigned for VLAN on DHCP-server.

2. check if the default gateway is reachable from the workstation. 

3. If default Gateway is reachable, check if there is an ACL or firewall configured on the DHCP server to block ICMP from the work-station. 

 

Regards

Govardhan

 

0 Helpful

Go to solution
gurbinder.kabbay
Level 1
Level 1
In response to govasrin

‎03-30-2020 01:58 AM - edited ‎03-30-2020 01:59 AM

HI Govasrin,

 

please find response as below:

1. check default-gateway assigned for VLAN on DHCP-server. -- its assigned as given in config (pasted above from dhcp server switch)

2. check if the default gateway is reachable from the workstation. -- I can Ping default gateway from workstation as its configured as L3 interface on the access switch

3. If default Gateway is reachable, check if there is an ACL or firewall configured on the DHCP server to block ICMP from the work-station. - there is no single ACL configured in my LAB to block anything, moreover, from access switch everything is reachable, but not from workstation which is connected with switch.

Thanks

Garry

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to gurbinder.kabbay

‎03-30-2020 02:16 AM

Hi,

 

   Do you have "ip routing" enabled on the switch? What is the output of "show ip route" on the switch? The default gateway being the switch, it needs routing enabled.

 

Regards,

Cristian Matei.

0 Helpful

Go to solution
gurbinder.kabbay
Level 1
Level 1
In response to Cristian Matei

‎03-30-2020 02:37 AM

Hi

ip routing is already enabled on the switch. from switch i can ping the dhcp server with source vlan 40 (from which workstation is getting IP).

Thanks

Garry

0 Helpful

Go to solution
govasrin
Cisco Employee
Cisco Employee
In response to gurbinder.kabbay

‎03-30-2020 03:06 AM

 

Hi 

 

Apply an ICMP permit ACL for work-station IP on SVI as well as the upstream interface(connected to DHCP) and check if you see counters are incrementing when sending ping requests 

 

also, you can use "debug ip icmp" for further check. 

 

 

Regards

Govardhan

 

 

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to gurbinder.kabbay

‎03-30-2020 03:08 AM

Hi,

 

   Most probably routing was not turned on. The fact that a device, like a switch or host, can ping/reach some networks, it does not mean it can route packets between its interfaces. There is a difference between a switch generated packet and a switch routed packet.

 

Regards,

Cristian Matei.

Go to solution
gurbinder.kabbay
Level 1
Level 1
In response to Cristian Matei

‎03-30-2020 03:04 AM

Hi

 

its working now, dont know how exactly it starts working. but i re-issue the ip routing command on switch.

after that it starts working.

 

Thanks

Garry

0 Helpful

Go to solution
Vnax
Level 1
Level 1

‎11-13-2021 02:38 PM

Hi, I'm unable to ping the dhcp server from any of the workstation. Please help me.

assignment.zip
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card