cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
541
Views
0
Helpful
5
Replies

3750 not passing traffic between L3 ports...weird

chrisserafin
Level 1
Level 1

Even when I'm on the switch I cannot ping the FW from the far interface on the switch:

xxxx-02#ping 10.63.7.6 source 10.63.7.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.63.7.6, timeout is 2 seconds:

Packet sent with a source address of 10.63.7.2

.....

Success rate is 0 percent (0/5)

xxxx-02#ping 10.63.7.6 source 10.63.7.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.63.7.6, timeout is 2 seconds:

Packet sent with a source address of 10.63.7.5

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

xxxx-02#sh ip int brie

Interface IP-Address OK? Method Status Protocol

Vlan1 unassigned YES NVRAM administratively down down

Vlan10 10.63.0.1 YES NVRAM up up

Vlan101 unassigned YES NVRAM down down

Vlan102 10.63.2.1 YES NVRAM up down

Vlan103 10.63.3.1 YES NVRAM up down

Vlan104 10.63.4.1 YES NVRAM up down

Vlan105 10.63.5.1 YES NVRAM up up

Vlan106 10.63.6.1 YES NVRAM up up

Vlan107 unassigned YES NVRAM down down

FastEthernet0 unassigned YES NVRAM administratively down down

GigabitEthernet1/0/1 10.63.7.2 YES NVRAM up up

GigabitEthernet1/0/2 10.63.7.5 YES NVRAM up up

Here is the switch side:

interface GigabitEthernet1/0/1

description UPLINK BowlingGreen-3845 gi0/0

no switchport

ip address 10.63.7.2 255.255.255.252

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

priority-queue out

mls qos trust cos

auto qos voip trust

spanning-tree portfast

!

interface GigabitEthernet1/0/2

no switchport

ip address 10.63.7.5 255.255.255.252

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

priority-queue out

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

service-policy input AutoQoS-Police-CiscoPhone

!

ip routing

ip route 0.0.0.0 0.0.0.0 10.63.7.6

ip route 10.0.0.0 255.0.0.0 10.63.7.1

ip route 10.63.4.192 255.255.255.192 10.63.7.6

ip route 10.254.254.0 255.255.255.0 10.63.7.6

ideas?

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

Apologies for asking the obvious but does the FW have a route back to 10.63.7.0/30 subnet ?

Jon

Another obvious one to watch for, does the FW allow ICMP ?

Sam

I'm guessing it does as he can ping the FW from the .5 address :-)

Jon

Good point Jon !

I would still still take a look at FW policies...I have wasted valuable time once assuming if it works for one host it would for whole subnet :-)

Same thing goes for routing from FW.

Sam

Sam

I totally agree, i was just having a bit of fun :-), no offence intended.

I have also spent many fruitless hours troubleshooting routing, vlans etc.. only to find it was a stupid firewall rule !

Jon

Review Cisco Networking for a $25 gift card