cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
676
Views
25
Helpful
10
Replies

Inherited VLAN mess - one way ping

HopelessATvlans
Level 1
Level 1

Hi all,

So long time reader first time poster. I have inherited a bit of a mess and mish mash of a network. My main issue is that I can not ping a subnet (VLAN300) 192.168.0.0/23 from the server stack 172.25.1.0 (VLAN200) however I can ping fine the other way.

All switches are Cisco with a fortnet Router.

I did find a static route in the fortinet that is 192.168.0.0/23 > 172.25.1.85 this .85 address being the main core switch.

I have uploaded the sh run for the main switch. One thing I did note is that the VLAN IP helper is point to 172.25.1.15 which is a DC not the router, router being 172.25.1.253

Any help is much appreciated.

10 Replies 10

balaji.bandi
Hall of Fame
Hall of Fame

Devices in Subnet (172.25.1.0), what is the gateway configured ?

I do not see any ACL in the switch which stop to work. all device have gateway Fortinet, then you need check any ACL which blocking ?

if you setup switch SVI as gateway for the respectd VLAN   all should work as expected.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi! Thanks for your reply! The GW for both subnets are 172.25.1.253

I do think the Access Control is done on the fortinet especially with the rule that is set. 

I am ware of setting up the SVI as its a 24h business and I dont want to make live changes till weekend. I hope you under stand

 

The GW for both subnets are 172.25.1.253

i do not believe this going to work, the gateway should be different based on the subnet.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

HopelessATvlans
Level 1
Level 1

I would agree with you however all devices can access the internet fine and 192 subnet can ping and connect to the 172 subnet fine. the fact that works proves two way as the eho needs a reply, I just dont know why its one way.

I do  not believe Luck vs technology, there may be hidden config on fortinet so it working

Can you traceroute from 172 to 192 IP and 192 to 172 IP for us to look where it going ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

HopelessATvlans
Level 1
Level 1

Trace from 192 to 172 DC
over a maximum of 30 hops:

1 1 ms 8 ms 3 ms 192.168.1.254
2 1 ms 2 ms 2 ms swndc01.domain.local [172.25.1.15]

Trace complete.

Trace fails other way. 192.168.1.254 is the core stack I sh run above

what is the device IP you tracing ?

This because the gateway, 192 knows how to reach 172 network

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello,

what OS are the servers running ? One way ping issues are often related to firewall settings. If you are using Windows, check if the firewall is enabled, and if inbound ICMP is allowed (Connection Rule Settings)...

Hi George, They run a mix of Server 2016 & 19. All firewalls are off internally in windows and AV is defender.

HopelessATvlans
Level 1
Level 1

from 192.168.1.97 to 172.25.1.15

Review Cisco Networking for a $25 gift card