2960 switch issue

Frank Wolf · ‎01-04-2013

Im not a cisco person but know some command. Our cisco network was setup before I came here and was given this issue to fix.

I have a problem that I dont know how to fix. Our lan is subnetted out to different VLANS. I have one switch that will not ping an address on another switch in a different VLAN but it will ping other address on that same switch in that VLAN. The address that cant be pinged from the switch in question can be pinged from any other switch. Is the switch in question blocking that address some how? If so how do I look inside the switch for that issue.

Here is a little diagram of my issue.

any node on subnet switch 172.16.110.xxx cant ping 172.16.121.207 on switch subnet 172.16.121.xxx. but our other subnets 101, 131, 141, 151, 161, 171 can ping 172.16.121.207 address.

Thanks for any help.

mahmoodmkl · ‎01-04-2013

Hi

these switches r pure layer two which will not support routing

u r able to ping the hosts connected to the same switch becoz the svi configured is in the subnet as the hosts

u will not be able to ping others hosts as they are in different vlan

Sent from Cisco Technical Support iPhone App

cadet alain · ‎01-04-2013

Hi,

this is not 100% true http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swipstatrout.html

Regards.

Alain

Don't forget to rate helpful posts.

mahmoodmkl · ‎01-04-2013

Hi,

Please refer to the link provided by Cadet.

Thanks

Joseph W. Doherty · ‎01-04-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Check to insure the switch that has the issue pinging to other subnet IPs has a default-gateway defined for its IP's gateway IP.

ALIAOF_ · ‎01-04-2013

Also is there a L3 device in the mixture that is doing the routing for these VLAN's? That would be the default gateway Joseph mentioned.

Frank Wolf · ‎01-04-2013

Thanks all for the information.

Here is a better description of the issue I am having. If it still doesnt make sence please let me know.

All of our network closet have cisco 2960 switches in them and then they are connected to cisco 4510 via fiber to do the routing (what i was told).

If I get on a node (172.16.110.30) that is on the 2960 switch with the issue and try to ping 172.16.121.207 it will time out but I can ping 172.16.121.206 which is a different node on the same vlan subnet from 172.16.110.30 that is on the same cisco 2960 switch with the VLAN subnet of 121.

What I dont understand is from only the cisco 2960 swith on VLAN 110 am I unable to ping 172.16.121.207 and a few other but am able to ping other nodes that are on the same VLAN 121.

If it was a subnet in our L3 device then I shouldnt be able to ping any node on the 121 VLAN but that is not what is happening.

I am able to ping 172.16.121.207 from any other VLAN I have except the 110 VLAN.

cadet alain · ‎01-04-2013

Hi,

Where are located these other devices? are there any ACL in place on this switch and either on the routing device or other switch where the devices are located ?

Regards.

Alain

Don't forget to rate helpful posts.

Frank Wolf · ‎01-04-2013

I am not aware of any ACL that would stop me from pinging only one or two nodes from that VLAN. If it was from all VLAN then I could see that. I dont know alot about cisco switches or routing so I am learning as I go. Is there a command that I can type in that will show me all the ACL that are listed on cisco 2960 or 4510.

Here is some trouble shooting I did.

I put a node on that switch but put it in a different VLAN than 110. I was able to ping 172.16.121.207 from that node. So I did a tracert from that node and it went through the correct gw without any issue. So then I went to a node on the same switch with a 110 address and did a tracert and it will not go pass the gw for that VLAN (110.253).

ALIAOF_ · ‎01-04-2013

Have you check the software firewall on 172.16.121.207? May be there is a windows or other software firewall on it that is blocking it considering that node is on the same VLAN and same switch.

Curious, can you ping anything on 110 VLAN from 172.16.121.207?

And can you ping 172.16.121.207 from 172.16.121.206?

cadet alain · ‎01-04-2013

Hi,

show access-list will at least show us if there are any ACL and if any ACE is hit while doing the ping by looking at the hit counts before and after the ping test.

have you also verified this was not a software firewall issue on the hosts.

Regards.

Alain

Don't forget to rate helpful posts.

Frank Wolf · ‎01-04-2013

Thanks for the info on the command. I did a sh access-list on the 4510 I didnt see anything there that would stop it. there ware no acl on the 2960 when i did the same command.

The host that I am pinging is a printer so there isnt any firewall issue there. I can ping the printer from any other node that is not on VLAN with an address of 172.16.110.xxx and a subnet of 172.16.110.252. I am wondering if the VLAN is setup correctly. What really gets me is I can ping 172.16.121.206 from the any node on VLAN 172.16.110.xxx but not 172.16.121.207 which is right beside the printer on the switch on VLAN 172.16.121.xxx.

I have no problems pinging any thing on the 172.16.110.xxx vlan from the 172.16.121.xxx vlan.

I have even tried changing the IP address of the printer to 172.16.121.210 and was unable to ping it from 172.16.110.xxx node but could ping 172.16.121.210 from any other node that was not on VLAN 172.16.110.xxx.

cadet alain · ‎01-04-2013

Hi,

What really gets me is I can ping 172.16.121.206 from the any node on VLAN 172.16.110.xxx but not 172.16.121.207 which is right beside the printer on the switch on VLAN 172.16.121.xxx

Is there an ARP Entry for the printer IP on the interface vlan which is the default gateway for the printer on the 4500 core switch ?

Regards.

Alain

Don't forget to rate helpful posts.

ALIAOF_ · ‎01-04-2013

What kind of printer, believe it or not there are some printers they do have ACL's. I encountered an HP one time and couldn't get it to work on the network and after connecting to it and browsing the gui I ran into the ACL options. As soon as I allowed the other network it worked.

Also just for testing can you setup that printer on VLAN 110 and see if you can ping it then?

Frank Wolf · ‎01-04-2013

The printer is a xerox phaser 3635. I will look at changing it to the VLAN 110 on Tuesday.

Alian, what command do I use the check the ARP enter? I may be able to look at that.