Solved: Re: Cisco Nexus L3 Routing

JeremieBelpois · ‎03-22-2021

Hi, i am new to cisco Nexus devices, I am trying to configure default-route:
I want to my server (192.168.10.5, vlan 500) can access to default gateway (192.168.1.1) at pfsense.

My switch is Cisco N3K-3064PQ

e1/1 connected to pfsense as routed port

e1/5 connected to my server as switch mode access

here is my configuration:

ip route 0.0.0.0/0 192.168.1.1
vlan 1,500

vrf context management
ip route 0.0.0.0/0 192.168.1.1
no port-channel load-balance resilient

no hardware profile ecmp resilient


interface Vlan1
no shutdown
no ip redirects

interface Vlan500
no shutdown
no ip redirects
ip address 192.168.10.1/24

interface Ethernet1/1
no switchport
no ip redirects
ip address 192.168.1.2/24

interface Ethernet1/2

interface Ethernet1/3

interface Ethernet1/4

interface Ethernet1/5
switchport access vlan 500
spanning-tree port type edge

I can ping from my switch as well but at server side can't, what should i do ?

Jon Marshall · ‎03-22-2021

In addition to what the others have said make is there a route on the pfSense for the 192.168.10.0/24 subnet with a next hop IP of 192.168.1.2 ?

Jon

View solution in original post

Sergiu.Daniluk · ‎03-22-2021

Hi @JeremieBelpois

I would first like to let you know that there is a section dedicated to Nexus switches in the Data Center Technology area, called "Data Center Switches": https://community.cisco.com/t5/data-center/ct-p/4436-data-center

Regarding your problem, here are a couple of questions:

1. From your PC, are you able to ping the gateway (the SVI 500 configured on the N3k)? If you are not able to ping the gateway, then verify the following

1.1 verify that the gateway is configured correctly on the server

1.2 vlan 500 is configured on the N3K and STP is in forwarding

2. From your Nexus switch, if you ping the pfsense using source as SVI500, does it work?

ping 192.168.1.1 source 192.168.10.1

If is not working, verify that the route back to source is configured on the pfsense. If it is configured, do a tcpdump and confirm that ICMP requests are received and reply are being generated.

Let me know of the results.

Stay safe,

Sergiu

JeremieBelpois · ‎03-22-2021

Hi, from my PC, I can ping to gateway (that's SVI of vlan500) as well, but I can not ping from switch with source ip 192.168.10.1

paul driver · ‎03-22-2021

Hello
By default some FWs deny ICMP also windows hosts also have software FWs enabled by default, So make sure you allow an exception for ICMP or temporally disable the software fw on the windows host/server if applicable.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

JeremieBelpois · ‎03-22-2021

Thanks, but I have allow ICMP for both linux host and firewall

Jon Marshall · ‎03-22-2021

In addition to what the others have said make is there a route on the pfSense for the 192.168.10.0/24 subnet with a next hop IP of 192.168.1.2 ?

Jon

JeremieBelpois · ‎03-23-2021

Thanks, my bad, that cause I forgot route from my pfsense to that subnet