04-14-2012 03:30 AM - edited 03-07-2019 06:07 AM
Dear Everyone,
Good day!
May I seek your assistance on my issue with my connectivity.
I have a 6506 L3 SW configured a VLAN for my internet but i am having an issue between my 6506 and the router.
Here's the scenario; From cisco 6506 there's a VLAN configured for internet assigned ip address for the VLAN interface all the the way to router.
C6506 ==> OLT ==> ONU ==> Cisco ROUTER ==> Laptop
From C6506 to Router assigned VLAN 774 w/ip address 41.78.162.32/27
VLAN interface ip is 41.78.162.62/27
Router interface 1 ip is 41.78.162.46/27
Router interface 2 ip facing laptop is 41.76.193.1/28
Laptop ip is 41.76.193.2/28
- PING from router to C6506 is good
- PING from Laptop to Cisco Router is good
- But PING from C6506 to router is failing
I have configured static/default route in C6506 next hop to Cisco Router interface 1 IP address vice-versa.
Please help, thank you very much.
04-14-2012 03:59 AM
technically speaking a PING test is a BI-DIRECTIONAL connectivity test meaning that if you succesfully ping from Router to the C6k you confirmed that you have correct routing bidirectionally
However the interface your are sourcing the ping from is important as, even though by defaul the interface IP closest to destination is picked, sometimes you can have strange surprise.
What are you exactly pinging from the cat6k, IP 1 or IP 2?
Can you make sure you specify your source interface of the ping as your SVI address 41.78.162.62 (if the c6k picks another interface as the ping source you need to make sure that that address is present in the routing table the router).
If this does not help can you print show ip route of the cat 6k (after you confirm what you are exactly pinging)?
Riccardo
04-14-2012 09:38 AM
Hi Riccardo,
Yeah! I am expecting that I can ping both sides but unfortunately not.
Yes, I am pinging Cisco Router interface 1 (41.78.162.46/27) from C6506. PING IS NOT GOOD. Even source ping from interface VLAN 774 is not good.
SW1-6506#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 195.219.214.10 to network 0.0.0.0
C 41.78.162.32/27 is directly connected, Vlan774
S 192.168.1.0/24 is directly connected, Vlan777
C 192.168.70.0/24 is directly connected, Vlan70
04-14-2012 09:46 AM
There is also the possibility that an access list on one of the interfaces is preventing ping in that direction. It could be on the 6505 or it could be on the router. Would you post the configuration of both interfaces?
HTH
Rick
04-14-2012 10:01 AM
Hi Rick,
Here's the access-list and interface config we have in C6506.
SW1-6506#sh run | beg access-list
ip as-path access-list 10 permit ^$
!
!
access-list 1 permit 41.78.162.0 0.0.7.255
access-list 10 permit any
access-list 101 permit ip any 0.0.0.0 255.255.255.0
SW1-6506#sh run int vlan 774
Building configuration...
Current configuration : 122 bytes
!
interface Vlan774
description CLIENT'S_INTERNET_VLAN
bandwidth 10000000
ip address 41.78.162.62 255.255.255.224
end
interface GigabitEthernet4/23 <<<=== Interface Connected to OLT
description GLO_GPON
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,8,16,20,23,32,45,51,52,60,96,112-114,184,185
switchport trunk allowed vlan add 197,230,600,649-651,700,709,714,724,774,779
switchport trunk allowed vlan add 833,858,870,871,895,896
switchport mode trunk
bandwidth 10000000
storm-control broadcast level 5.00
storm-control multicast level 5.00
- For the Router config, no access-list just the ip address (41.78.162.46/27) assigned to interface.
04-14-2012 09:58 AM
Where is 195.219.214.10 come from?
I don't see this subnet as your connected interface.
Can you provide sh run from the router and the switch?
HTH
04-14-2012 10:14 AM
HI Reza,
195.219.214.10 is ip address for BGP peering...
I have very long run config in C6506 and for the router I dont have the run config but I am sure there's is no access-list and only the ip address on the interface facing to C6506 is configured.
Thank you,
04-14-2012 10:32 AM
Hi Arnold,
So, between the the router and the switch you have one subnet and that is 41.78.162.32/27
the IP address on the switch side is 41.78.162.62/27
and the IP address on the router side is 41.78.162.46/27
and the OLT and ONU are just layer-2
From the router you can ping 41.78.162.62
From the switch you can't ping 41.78.162.46
I know that OLT is capable of doing vlans, but how about ONU?
Is vlan 774 configured on the ONU?
HTH
04-14-2012 10:56 AM
I don't think this is a vlan issue on the intermediate switches or else it should not woork on the other direction either.
we first need to understand where the connectivity breaks (which device) and on which direction.
what we know until know is that icmp type 8 packets from right to left are ok
and
icmp type 0 packets left to right are ok too.
but we don't know if icmp type 8 left to right are not able to reach the router, or instead they do but the icmp type 0 right to left are dropped instead.
So first thing we need to see whether the router receives the icmp request from the cat6k.
you should configure and ACL on the ingress interface of the router (interface 1) to see if you receive the icmp packets from the c6k.
If you don't see it please make sure whether the ACL is actually working; for that you need to also start a ping from the router
If the router receive the requests we need to check if the c6k receives the replies.
for that we need to sniff the cpu. we have an easy way on the cat6k which is the debug netdr capture.
I will share more detail on this after your next step.
Riccardo
04-14-2012 12:19 PM
Hi Reza,
Yes, VLAN is configured all the way to ONU. Ping from Router is good but ping from C6506 to Router is not good.
Hi Riccardo,
Is debug netdr can't affect the memory/cpu utilization of C6506? And how can I identify the icmp type 0 and 8?
Thank you,
04-15-2012 09:51 AM
just configure an ACL matching source and destination of the ping and also the same addresses in the reverse order and check in which directiom you have the hits
04-16-2012 06:48 AM
Hi Riccardo,
Can you please give me a sample config for that.
Thank you very much.
04-16-2012 06:58 AM
Hi Arnold,
on the router you just need an ACL like this
permit ip host 41.78.162.62 host 41.78.162.46
permit ip host 41.78.162.46 host 41.78.162.62
permit ip any any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide