03-22-2021 02:40 AM - edited 03-22-2021 02:40 AM
Hi, i am new to cisco Nexus devices, I am trying to configure default-route:
I want to my server (192.168.10.5, vlan 500) can access to default gateway (192.168.1.1) at pfsense.
My switch is Cisco N3K-3064PQ
e1/1 connected to pfsense as routed port
e1/5 connected to my server as switch mode access
here is my configuration:
ip route 0.0.0.0/0 192.168.1.1 vlan 1,500 vrf context management ip route 0.0.0.0/0 192.168.1.1 no port-channel load-balance resilient no hardware profile ecmp resilient interface Vlan1 no shutdown no ip redirects interface Vlan500 no shutdown no ip redirects ip address 192.168.10.1/24 interface Ethernet1/1 no switchport no ip redirects ip address 192.168.1.2/24 interface Ethernet1/2 interface Ethernet1/3 interface Ethernet1/4 interface Ethernet1/5 switchport access vlan 500 spanning-tree port type edge
I can ping from my switch as well but at server side can't, what should i do ?
Solved! Go to Solution.
03-22-2021 02:51 PM
In addition to what the others have said make is there a route on the pfSense for the 192.168.10.0/24 subnet with a next hop IP of 192.168.1.2 ?
Jon
03-22-2021 03:57 AM - edited 03-22-2021 11:04 PM
I would first like to let you know that there is a section dedicated to Nexus switches in the Data Center Technology area, called "Data Center Switches": https://community.cisco.com/t5/data-center/ct-p/4436-data-center
Regarding your problem, here are a couple of questions:
1. From your PC, are you able to ping the gateway (the SVI 500 configured on the N3k)? If you are not able to ping the gateway, then verify the following
1.1 verify that the gateway is configured correctly on the server
1.2 vlan 500 is configured on the N3K and STP is in forwarding
2. From your Nexus switch, if you ping the pfsense using source as SVI500, does it work?
ping 192.168.1.1 source 192.168.10.1
If is not working, verify that the route back to source is configured on the pfsense. If it is configured, do a tcpdump and confirm that ICMP requests are received and reply are being generated.
Let me know of the results.
Stay safe,
Sergiu
03-22-2021 11:55 PM
Hi, from my PC, I can ping to gateway (that's SVI of vlan500) as well, but I can not ping from switch with source ip 192.168.10.1
03-22-2021 04:07 AM
Hello
By default some FWs deny ICMP also windows hosts also have software FWs enabled by default, So make sure you allow an exception for ICMP or temporally disable the software fw on the windows host/server if applicable.
03-22-2021 11:58 PM
Thanks, but I have allow ICMP for both linux host and firewall
03-22-2021 02:51 PM
In addition to what the others have said make is there a route on the pfSense for the 192.168.10.0/24 subnet with a next hop IP of 192.168.1.2 ?
Jon
03-23-2021 12:22 AM
Thanks, my bad, that cause I forgot route from my pfsense to that subnet
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide