Can not able to ping remote address via desktop.

dipak3254176 · ‎06-09-2012

hello,

i am trying to ping 172.16.0.250 address from my desktop located in vlan 10.

i can able to ping 172.16.0.250 from my L3 switch but not able to ping from my desktop belong to vlan 10.

we have assing 172.16.0.254 ip to one interface fa 0/48.

dekstop can able to ping 172.16.0.254 this ip.

pasting running config

CTC_L3#show run

Building configuration...

Current configuration : 4357 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CTC_L3

!

boot-start-marker

boot-end-marker

!

no aaa new-model

system mtu routing 1500

ip subnet-zero

ip routing

!

crypto pki trustpoint TP-self-signed-2873386624

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2873386624

revocation-check none

rsakeypair TP-self-signed-2873386624

!

crypto pki certificate chain TP-self-signed-2873386624

quit

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport mode access

!

interface FastEthernet0/2

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 8

switchport mode access

!

interface FastEthernet0/4

!

interface FastEthernet0/5

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface FastEthernet0/25

!

interface FastEthernet0/26

!

interface FastEthernet0/27

!

interface FastEthernet0/28

!

interface FastEthernet0/29

!

interface FastEthernet0/30

!

interface FastEthernet0/31

!

interface FastEthernet0/32

!

interface FastEthernet0/33

!

interface FastEthernet0/34

!

interface FastEthernet0/35

!

interface FastEthernet0/36

!

interface FastEthernet0/37

!

interface FastEthernet0/38

!

interface FastEthernet0/39

!

interface FastEthernet0/40

!

interface FastEthernet0/41

!

interface FastEthernet0/42

!

interface FastEthernet0/43

!

interface FastEthernet0/44

!

interface FastEthernet0/45

!

interface FastEthernet0/46

!

interface FastEthernet0/47

!

interface FastEthernet0/48

no switchport

ip address 172.16.0.254 255.255.248.0

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface Vlan1

no ip address

ip directed-broadcast 1

!

interface Vlan8

ip address 172.16.8.1 255.255.254.0

!

interface Vlan9

ip address 192.168.9.1 255.255.255.0

!

interface Vlan10

ip address 172.16.10.1 255.255.254.0

!

ip default-gateway 172.16.0.250

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.0.250

ip route 172.16.0.11 255.255.255.255 172.16.0.250

ip route 172.16.0.250 255.255.255.255 FastEthernet0/48

ip route 192.168.11.0 255.255.255.0 172.16.0.250

ip http server

ip http secure-server

!

control-plane

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

end

CTC_L3#$

your help is highly appriciated.

JohnTylerPearce · ‎06-09-2012

Is this desktop directly connected to this switch and if so is it on port Fa0/5. That appears to be the only port that is on vlan 10 on this switch. Can you ping your default gateway which I'm assuming is 172.16.10.1?

dipak3254176 · ‎06-09-2012

thanks for your reply, yes desktop is directally connected to the switch. i can able to ping my default gateway. as well as other computer in vlan 10.

from switch console i can able to ping 172.16.0.11 but from desktop. i cannot ping this host.

L3->172.16.0.254 (fa0/48)->172.16.0.11 succesfully ping 172.16.0.11 is connected to plane switch

Desktop (vlan)->default gateway(succesffull)-> 172.16.0.11 (fail)

your responce is highly appriciated

JohnTylerPearce · ‎06-09-2012

So just to clarify, the desktop is on VLAN 10? I see the following configuration for VLAN 10.

interface Vlan10

ip address 172.16.10.1 255.255.254.0

Is this desktop statically configured or does it get its IP configuration from DHCP?

JohnTylerPearce · ‎06-09-2012

ip default-gateway 172.16.0.250

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.0.250

ip route 172.16.0.11 255.255.255.255 172.16.0.250

ip route 172.16.0.250 255.255.255.255 FastEthernet0/48

ip route 192.168.11.0 255.255.255.0 172.16.0.250

Your default route is to 172.16.0.250. If you look at your routing table the following networks go es to 172.16.0.250.

172.16.0.11/32

192.168.11.0/24

0.0.0.0/0

Notice that you have a /32 route for 172.16.0.250/32 going to Fa0/48

So your default route and default gateway are going to Fa0/48.

Since everything is going to 172.16.0.250 why not just leave the default route going to 172.16.0.250. But if it's just

going to Fa0/48 its going to die at that switch.

dipak3254176 · ‎06-09-2012

Thanks John for reply,

since we are going to implement layer 2 and layer 3 switched in our network. we have buy layer 3 switch. all our existing network are working in 172.16.0.0/255.255.248.0 subnet. since our branches are located diffrent location we have decided to implement network one by one.

here u can see i have created a vlan. as of now all client are going throug a firewall having IP address 172.16.0.250 for internet access.

i have given 172.16.0.254 ip to fa0/48. fa0/48 is directally connected to a plane switch and plane switch is connected to 172.16.0.250(firewall interface).

please correct me if i'm making some mistake.

i have remove below mention route

ip route 172.16.0.11 255.255.255.255 172.16.0.250

ip route 172.16.0.250 255.255.255.255 FastEthernet0/48

ip route 192.168.11.0 255.255.255.0 172.16.0.250

only available route is

ip route 0.0.0.0 0.0.0.0 172.16.0.250(all unknow traffic passed from this address)

since from switch i can able to ping my all network computer as well as branches (192.168.x.x). i guess this is fine but there is something went wrong which is not allowing vlan computer to use fa0/48 to send traffic outside (may be some broadcast preventing mechanism)

yes all computer IPs are manually configure.

do it need some kind of reverce route?

thanks once again.

JohnTylerPearce · ‎06-09-2012

Alright, I'm getting confused here. Can you give me a little ASCII diagram of this setup?

Also, "not allowing vlan computer) to send traffic outside? Is it able to communicate to anything outside

of its local network or is it just not using that specific IP to access the outside? What is the VLAN os this desktop that can send traffic outside (VLAN number and network).

dipak3254176 · ‎06-09-2012

Here we go,

pc1 belong to vlan 8 ip 172.16.8.2 (vlan 8 ip 172.16.8.1)

pc2 belong to vlan 10 ip 172.16.10.2 (vlan 10 ip 172.16.10.1)

ping from pc1 to pc2 --ok

ping from l3 to FW (172.16.0.250) and pc3 (172.16.0.11)-- ok

ping from pc1 to fw and pc3 not working.

ping from pc2 to fw and pc3 not working.

since i dont have diagram tool available with me. i am sending you a raw digaram hop this will help.

thanks

dipak3254176 · ‎06-09-2012

please lee me know incase any other info needed.

nkarthikeyan · ‎06-09-2012

Hi,

see vlan 8 and vlan 10 are in the same switch so intervlan routing is happening and its pinging. but the vlan at the other switch you are not able to ping because you have connected the switch1 (valn 8 & 10) to switch 2 using a routed interface. Also you have pointed defailt route as a firewall interface ip. So when you ping to 172.16.0.11 it will go to firewall and get dropped. You can remove that routed interface f0/48 and connect

dipak3254176 · ‎06-09-2012

Sorry for confussion,

port fa0/48 having ip address 172.16.0.254 belong to vlan 1

pc3 ip address is 172.16.0.11

fw ip address is 172.16.0.250

please let me know in case any other info needed.

JohnTylerPearce · ‎06-09-2012

On the Plane switch are their routes going back to the L3 switch? P1 and PC2 can communicate, which suggests that their is bi-directioanl inter-vlan communication. But the failure seems to be in bi-directioan communication from L2 to Plane switch.

dipak3254176 · ‎06-09-2012

Hello John,

if i'm not making mistake than plan switch boradcast the traffic. i have tryied to ping 172.16.0.254 which is fa0/48 ip from 172.16.0.11and it is working.

i guess we cannot defing route from plan switch to L3 switch.

JohnTylerPearce · ‎06-09-2012

On the VLAN1 interface, try putting the IP address that is associated with Fa0/48 on it. Do a 'no ip address on Fa0/48 and see what happens. Once that is done, ping 172.16.0.250 with a source of 172.16.0.254.

nkarthikeyan · ‎06-10-2012

The IP which you try to ping is not in the broadcast domain. It will be forwarded to the default route defined in the switch and then it will get dropped. You are able to ping the Ip address which is assigned in fa0/48 of l3 switch from that PC because that was present in the broadcast domain of the plain l2 switch. For this you need to the same vlan subnet created on the l3 switch and advertised to have the intervlan routing happen. Else the packet will get forwarded to the default route and the firewall/router drops the packet.