Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
5
Helpful
2
Replies

cannot http to server but I can ping it (What else should I analyze?) HSRP

parakiteiz
Level 1
Level 1

‎07-10-2014 11:29 AM - edited ‎03-07-2019 08:01 PM

 
 

I have a web server running nagios. When I web to it appears to be getting blocked or not routed from the wireshark output below.

I can ping it and the icmp traffic does appear in Wireshark and I get a proper reply.

What can I look at to help me find what is not routing or is blocking it??

52878 >http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=8 SACK_perm=1)

52878 >http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=8 SACK_perm=1)

52878 >http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=8 SACK_perm=1)

 

Second look it appears the destination is All-HSRP-router_fd (00:00:0c:07:ac:fd). Which is a HSRP interface on my 3750 switch with the ip of *.*.253.1. It appears to not be routing on to the 1.0 subnet (vlan 255). When I do a sh ip route I see subnet 1.0 directly connected via vlan 255. So there should be no problems here?

 

Third Look:  I just did a tracert to 1.89.  Wireshark just loaded up on a bunch of Time- to exceeded to live exceeded (Time to live exceeded in transit). I also notice when I ping the address 1.89 I get a TTL of 63 when it is only 2 or 3 devices away. Looks like routing or switching issue.

Fourth Look: I just narrowed down the Time exceeded to live to the .253.1 interface, which is an HSRP interface.

What can I do to tie it down to a device to this problem?

 

Labels:
0 Helpful
2 Replies 2

Vasilii Mikhailovskii
Level 7
Level 7

‎07-26-2014 04:46 AM

Hello.

I think you might have some ACL (on switch/router) or firewall (on the server) that doesn't allow HTTP traffic.

Could you please provide your network diagram with all the routers/switches and servers (you are trying to use/reach)?

Please provide trace results (to the server).

parakiteiz
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎09-03-2014 07:31 AM

Thanks all for you assistance. This appeared to be a self inflicted Routing Issue. On my switch04 I had give int vlan 255 a IP address of *.*.1.26 which made everything on that VLAN route VLAN 255 no the static route that existed. This appeared to be causing a routering loop.

I finally figured out my staring at my sh ip route output for like an hour. I then shut the int vlan 255 interface and saw it changed my sh ip route interface and fixed the problem.

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card