Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
0
Helpful
5
Replies

3750 not passing traffic between L3 ports...weird

chrisserafin
Level 1
Level 1

‎05-22-2009 10:06 AM - edited ‎03-06-2019 05:53 AM

Even when I'm on the switch I cannot ping the FW from the far interface on the switch:

xxxx-02#ping 10.63.7.6 source 10.63.7.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.63.7.6, timeout is 2 seconds:

Packet sent with a source address of 10.63.7.2

.....

Success rate is 0 percent (0/5)

xxxx-02#ping 10.63.7.6 source 10.63.7.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.63.7.6, timeout is 2 seconds:

Packet sent with a source address of 10.63.7.5

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

xxxx-02#sh ip int brie

Interface IP-Address OK? Method Status Protocol

Vlan1 unassigned YES NVRAM administratively down down

Vlan10 10.63.0.1 YES NVRAM up up

Vlan101 unassigned YES NVRAM down down

Vlan102 10.63.2.1 YES NVRAM up down

Vlan103 10.63.3.1 YES NVRAM up down

Vlan104 10.63.4.1 YES NVRAM up down

Vlan105 10.63.5.1 YES NVRAM up up

Vlan106 10.63.6.1 YES NVRAM up up

Vlan107 unassigned YES NVRAM down down

FastEthernet0 unassigned YES NVRAM administratively down down

GigabitEthernet1/0/1 10.63.7.2 YES NVRAM up up

GigabitEthernet1/0/2 10.63.7.5 YES NVRAM up up

Here is the switch side:

interface GigabitEthernet1/0/1

description UPLINK BowlingGreen-3845 gi0/0

no switchport

ip address 10.63.7.2 255.255.255.252

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

priority-queue out

mls qos trust cos

auto qos voip trust

spanning-tree portfast

!

interface GigabitEthernet1/0/2

no switchport

ip address 10.63.7.5 255.255.255.252

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

priority-queue out

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

service-policy input AutoQoS-Police-CiscoPhone

!

ip routing

ip route 0.0.0.0 0.0.0.0 10.63.7.6

ip route 10.0.0.0 255.0.0.0 10.63.7.1

ip route 10.63.4.192 255.255.255.192 10.63.7.6

ip route 10.254.254.0 255.255.255.0 10.63.7.6

ideas?

Labels:
0 Helpful
5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

‎05-22-2009 10:26 AM

Apologies for asking the obvious but does the FW have a route back to 10.63.7.0/30 subnet ?

Jon

0 Helpful

cisco_lad2004
Level 5
Level 5
In response to Jon Marshall

‎05-22-2009 11:18 AM

Another obvious one to watch for, does the FW allow ICMP ?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to cisco_lad2004

‎05-22-2009 11:19 AM

Sam

I'm guessing it does as he can ping the FW from the .5 address :-)

Jon

0 Helpful

cisco_lad2004
Level 5
Level 5
In response to Jon Marshall

‎05-22-2009 11:25 AM

Good point Jon !

I would still still take a look at FW policies...I have wasted valuable time once assuming if it works for one host it would for whole subnet :-)

Same thing goes for routing from FW.

Sam

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to cisco_lad2004

‎05-22-2009 11:27 AM

Sam

I totally agree, i was just having a bit of fun :-), no offence intended.

I have also spent many fruitless hours troubleshooting routing, vlans etc.. only to find it was a stupid firewall rule !

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card