Re: Cannot ping 1841 router from 3560 switch - Page 4

olighec · ‎06-21-2007

I have a brand new 1841 running IOS 12.4.13 Advanced Security that I am planning to set up as a VPN endpoint to allow VPN connections to my LAN. I have connected it do my core switch (Cisco 3560G-48), but cannot ping the router from the switch.

I have gone through the configuration many, many times, and I can't seem to figure out what is wrong, so I am posting here.

The router is connected to the core switch via Fa0/0, which has an IP address of 10.99.1.1, mask is 255.255.255.252. The interface on the core switch is G0/44, which has an IP address of 10.99.1.2, mask is 255.255.255.252.

I can ping anywhere out on the Internet from the router, but I cannot ping the switch.

I don't believe the problem is routing as each device shows the subnet 10.99.1.0/30 connected directly via the correct interface.

I am wondering, is there something simple that I am completely missing here?

Here is the config from the 1841:

Current configuration : 3140 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname cnc.1841

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret 5 ***

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip cef

!

crypto pki trustpoint TP-self-signed-1213459445

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1213459445

revocation-check none

rsakeypair TP-self-signed-1213459445

!

crypto pki certificate chain TP-self-signed-1213459445

c9D4D7ECC

...

6F19CA

quit

username admin privilege 15 secret 5 ***

!

interface FastEthernet0/0

description Uplink to core

ip address 10.99.1.1 255.255.255.252

speed 100

full-duplex

!

interface FastEthernet0/1

description Internet

ip address 67.105.138.xxx 255.255.255.240

speed 10

full-duplex

!

ip classless

ip route 0.0.0.0 0.0.x.x.x.138.145

ip route 10.100.0.0 255.255.0.0 10.99.1.2

ip route 192.168.100.0 255.255.255.0 10.99.1.2

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

access-list 23 permit 10.100.0.0 0.0.255.255

access-list 23 permit 192.168.100.0 0.0.0.255

access-list 23 permit 10.99.1.0 0.0.0.4

!

control-plane

!

line con 0

password 7 ***

login

line aux 0

line vty 0 4

access-class 23 in

password 7 ***

login

transport input telnet ssh

line vty 5 15

access-class 23 in

password 7 ***

login

transport input telnet ssh

!

end

Here is the output from "sh ip route":

Gateway of last resort is 67.105.138.145 to network 0.0.0.0

67.0.0.0/28 is subnetted, 1 subnets

C 67.105.138.144 is directly connected, FastEthernet0/1

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.99.1.0/30 is directly connected, FastEthernet0/0

S 10.100.0.0/16 [1/0] via 10.99.1.2

S 192.168.100.0/24 [1/0] via 10.99.1.2

S* 0.0.0.0/0 [1/0] via 67.105.138.145

(continued in next post)

olighec · ‎06-25-2007

Just to close this issue: I did more testing over the weekend, and it does appear to be a group of bad ports on the switch. Those ports work fine when they are vlan members (confirmed by attaching a laptop and pinging), but will not pass traffic when configured as L3 ports (also confirmed by attaching a laptop). I have a SMARTnet contract on the switch so I will be pursuing that seperate issue with TAC.

The 1841 is sitting on another port happy as a clam.

Thanks for all of your help everyone,

Chris

Edison Ortiz · ‎06-25-2007

Great !

Thanks for the post back.