A simple ping issue

franklaszlo · ‎12-13-2010

My LAN consits of a 2960 switch and a 1841 router. The switch is trunked to the router's Fa2 switchport using several VLANs.

There is an ip printer - lets name it P1 - connected to a switch port on the router, and that switchport is configured as an access port in VLAN10.

The issue, is that not any hosts are able to ping the P1 printer from the same vlan through the switch.

However, i can ping the printer both from the swith and the router. Also, the printer's mac address and ip address can be found in

the mac and arp table on both devices (i mean the router and the switch).

There is another printer - call it P2 - connected to the 2960 switch, and not the router. I can succesfully ping this printer.

Since the switch did not have any free port, I changed the cable connection of P1 and P2. Now P1 is connectd to the switch

and P2 is cnnected to the router. This configuration resulted so that I could ping both P1 and P2 ! Why ?

And, if that would not be enough, I have another printer - P3 - also connected to the router and I also cannot ping it !

Debugging arp on the router and the switch shows that arp requests get to the switch but not to the router, and I do not know why.

Of course, arp responses never come back. The switch does not apply ACLs or VLAN filtering

Any idea please ?

cadet alain · ‎12-13-2010

Can you post relevant config of switch and router please as well as a brief topology diagram with ip addresses of printers and router.

Regards.

Alain

Don't forget to rate helpful posts.

franklaszlo · ‎12-14-2010

Thanks for all answers !

Originally I wrote 1841 router, but that was a mistake, sorry. It is a 1812 and has eight built-in switchports.

Heres is the relevant part of the network :

And the relevant config of the switch :

version 12.2
!
hostname C2960G_1
!
system mtu routing 1500
ip subnet-zero
!
!
mls qos
!
!
errdisable recovery cause security-violation
errdisable recovery cause psecure-violation
errdisable recovery interval 3600
!
spanning-tree mode pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1,10,20,40,50 priority 0
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/12
description OKI Printer
switchport access vlan 10
switchport mode access
spanning-tree portfast
spanning-tree link-type point-to-point
!
!
interface GigabitEthernet0/24
description R1-M6Tolna
switchport trunk allowed vlan 1,10,20,40,50
switchport mode trunk
spanning-tree link-type point-to-point
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan10
ip address 192.168.10.251 255.255.255.0
no ip proxy-arp
no ip route-cache
!
ip default-gateway 192.168.10.254
ip http server
ip http secure-server
access-list 23 permit 192.168.10.250
access-list 23 permit 192.168.10.254
access-list 23 permit 192.168.10.253
access-list 23 permit 192.168.10.204
!

===================================================

And the router :

!
version 12.4
no service password-encryption
!
hostname R1-M6Tolna
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1 192.168.10.16
ip dhcp excluded-address 192.168.10.127 192.168.10.254
!
ip dhcp pool pool_vlan50
   network 192.168.50.0 255.255.255.0
   default-router 192.168.50.254
   dns-server 192.168.50.254
   lease 8
!
!
ip domain name m6tolnakft.hu
!
!
vtp interface exit
!
!
bridge irb
!
!
interface FastEthernet0
description === Internet ===
ip address 91.82.54.138 255.255.255.252
ip access-group acl_internet_in in
ip nat outside
ip inspect firewall out
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet2
description C2960G switch trunk
switchport trunk allowed vlan 1,10,20,40,50,1002-1005
switchport mode trunk
spanning-tree portfast
!
interface FastEthernet3
description Targyalo telefon
switchport access vlan 20
switchport voice vlan 20
switchport priority extend trust
spanning-tree portfast
!
interface FastEthernet4
description MME switch
switchport access vlan 123
spanning-tree portfast
!
interface FastEthernet5
shutdown
spanning-tree portfast
!
interface FastEthernet6
description TOSHIBA Printer
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet7
description OKI-C Printer
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet8
shutdown
spanning-tree portfast
!
interface FastEthernet9
description WiFi router
switchport access vlan 40
spanning-tree portfast
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$
no ip address
ip tcp adjust-mss 1452
!
interface Vlan10
description ---=== LAN NAT Gateway restricted access ===---
ip address 192.168.10.250 255.255.255.0
ip access-group acl_vlan10_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
arp timeout 300
!
interface Vlan40
description ---=== DMZ ===---
ip address 91.82.158.9 255.255.255.248
ip access-group acl_vlan40_in in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
arp timeout 300
!
interface Vlan123
description ---=== MME network ===---
ip address 10.63.123.101 255.255.255.0
ip access-group acl_vlan123_in in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
arp timeout 300
!
interface Vlan50
description ---=== Internet Only ===---
ip address 192.168.50.254 255.255.255.0
ip access-group acl_vlan50_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
arp timeout 300
!
ip forward-protocol nd
!
!
end
======================================

Once again, the issue is that I cannot reach the printers connected to the router's swich ports from any host

connected to the 2960 switch.

What really confuses me is the fact, that I can ping both printers connected to the router from both the router and the switch,

but not from any host connected to the switch.

lalarajaraman1985 · ‎12-14-2010

Hi,

Did u check giving a tracert from PC connected to the switch and see where the packet is getting dropped?

franklaszlo · ‎12-14-2010

Well, its not routed since the PC and the printer reside in the same VLAN. Therefore tracert

shows that the packet is beeing dropped on the local host.

lalarajaraman1985 · ‎12-14-2010

HI,

In that case, can u check if the reverse of this is working. i,e connect a pc to the router end(where printers are connected) and see if you can ping the PCs behind the switch.

franklaszlo · ‎12-14-2010

Unfortunately I cannot do that remotely. What I could do, is to log in to the router, and check it from the CLI.

I can ping any device connected to the 2960 switch from the router.

Just a bit more salt to this...

The following picture shows the ping result of the three printers (192.168.10.200, 202 and 203) from two servers (192.168.10.252 and 253) connected to the 2960 switch :

Strange enough, is'nt it ?

Mathias Garcia · ‎12-13-2010

Do you have a switch module in the 1841?

Otherwise 2 interfaces configured to access VLAN on a router. ie encapsulate do1q 10 does not automaticly "forward" traffic between each other.

This is because the vlan is local to just that port.

franklaszlo · ‎12-14-2010

Sorry, its a 1812 not a 1841 and has built in switch ports. Router is trunked via its Fa2 switch port.

Shelley Bhalla · ‎12-13-2010

#1. Are the ip;s on these printers in the save network as the vlan 10 network? for example 192.168.1.10/24 is vlan 10 network so are the printers on the same ip range.

#2. Is the trunk port on the router on a etherswitch module or a router port?

#3. The arp request not making it out to the router only means that the switch thinks that the network resides locally and does not send the request to the trunk port to the other side. Are you sure the Vlan;s are allowed? Can you expliitly define them.

Shelley.

GFWAFBCCO · ‎12-14-2010

How did you configure your vlans? Also, an output of show ip route could prove useful.

franklaszlo · ‎12-14-2010

I configured VLANs on the switch, because VTP is running and the VTP server is the switch.

On the router I can see VLANS appearing that I configure on the switch :

franklaszlo · ‎12-14-2010

#1 : yes, th address space of VLAN10 is 192.168.10.0/24, and all printers have their ip assigned from this range

#2 : on a switchport of the built in swith

#3 : even though that sounds logical, but then why can I ping the printer on the router from inside the switch (CLI) ?

To make the situation clear, I posted the switch and the router config as well as the network layout.

GFWAFBCCO · ‎12-14-2010

Maybe this is irrelevant to the problem, but I notice you have portfast enabled on R1-M6Toina Fe2 trunk to the switch.

franklaszlo · ‎12-14-2010

Yes, I also realized it as a mistake and already have removed it. Unfortunately it does not solve the problem.