Solved: Machine does not generate ICMP reply

Joshua Schaeffer · ‎08-15-2016

I'm having an odd problem, that probably has a simple solution, but just can't seem to figure it out. I've setup a VLAN on a Cisco SG300-20 managed switch (in layer 3 mode) with an ID of 90. I've assigned an IP network to the VLAN and machines on the network can route properly. I can ping other VLAN's, and devices behind them from machines in VLAN 90, but I cannot ping devices on VLAN 90 from other VLANs. However those other devices can ping the gateway of VLAN 90 which is 10.1.90.1

My network layout is below.

I can ping VLAN 90's gateway for a machine on VLAN 90 and reach other VLAN's, as well as the internet:

PS C:\Users\jschaeffer> ipconfig

Windows IP Configuration

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : harmonywave.com
IPv4 Address. . . . . . . . . . . : 10.1.90.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.90.1

Tunnel adapter isatap.harmonywave.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : harmonywave.com

PS C:\Users\jschaeffer> ping 10.1.90.1

Pinging 10.1.90.1 with 32 bytes of data:
Reply from 10.1.90.1: bytes=32 time=2ms TTL=64
Reply from 10.1.90.1: bytes=32 time=2ms TTL=64
Reply from 10.1.90.1: bytes=32 time=2ms TTL=64
Reply from 10.1.90.1: bytes=32 time=3ms TTL=64

Ping statistics for 10.1.90.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 3ms, Average = 2ms

PS C:\Users\jschaeffer> ping 10.1.32.2

Pinging 10.1.32.2 with 32 bytes of data:
Reply from 10.1.32.2: bytes=32 time=2ms TTL=63
Reply from 10.1.32.2: bytes=32 time=2ms TTL=63
Reply from 10.1.32.2: bytes=32 time=2ms TTL=63
Reply from 10.1.32.2: bytes=32 time=1ms TTL=63

Ping statistics for 10.1.32.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms

However when I try to ping 10.1.90.3 from 10.1.32.2 it fails:

jschaeffer@zipmaster07 ~ $ ip addr show | grep 'inet 10.*'
inet 10.1.32.2/24 brd 10.1.32.255 scope global eth0

jschaeffer@zipmaster07 ~ $ ping 10.1.90.3
PING 10.1.90.3 (10.1.90.3) 56(84) bytes of data.
^C
--- 10.1.90.3 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4030m

But that same machine can reach VLAN 90's gateway address:

jschaeffer@zipmaster07 ~ $ ping 10.1.90.1
PING 10.1.90.1 (10.1.90.1) 56(84) bytes of data.
64 bytes from 10.1.90.1: icmp_seq=1 ttl=64 time=1.32 ms
64 bytes from 10.1.90.1: icmp_seq=2 ttl=64 time=1.20 ms
64 bytes from 10.1.90.1: icmp_seq=3 ttl=64 time=1.30 ms
64 bytes from 10.1.90.1: icmp_seq=4 ttl=64 time=1.24 ms
^C
--- 10.1.90.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.204/1.271/1.329/0.055 ms

When I sniff the wire on 10.1.90.3 I can see the ICMP request, but it never generates a reply. I think this is an interface problem put I can't see anything on my switch that is different from other VLAN interfaces. The machines on VLAN 90 that I've been testing with use GE17 and GE18.

adjutant01#show running-config
config-file-header
adjutant01
v1.2.7.76 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
port jumbo-frame
vlan database
default-vlan vlan 100
exit
vlan database
vlan 10,20,30-33,50-51,70,90
exit
voice vlan id 100
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
no ip dhcp snooping verify
ip dhcp relay address 10.1.30.50
ip dhcp relay enable
ip dhcp information option
no boot host auto-config
hostname adjutant01
logging file informational
rmon event 1 log
username cisco password encrypted a86bb3c61e5abaaeccff6898cc4b76b1e9c77e95 privilege 15
ip ssh server
snmp-server location "Server room"
snmp-server contact "Joshua Schaeffer"
no ip http server
clock timezone " " -7
clock summer-time web recurring usa
clock source sntp
ip domain name harmonywave.com
ip name-server 10.1.30.2
!
interface vlan 1
no ip address dhcp
!
interface vlan 10
name Public
ip address 10.1.10.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 20
name Secure
ip address 10.1.20.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 30
name "Internal Managment"
ip address 10.1.30.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 31
name "Internal Server"
ip address 10.1.31.1 255.255.255.0
!
interface vlan 32
name "Internal Client"
ip address 10.1.32.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 33
name Storage
ip address 10.1.33.1 255.255.255.0
!
interface vlan 50
name "Cloud Management"
ip address 10.1.50.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 51
name "External Cloud"
ip address 10.1.51.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 70
name "IPMI Network"
!
interface vlan 90
name Wireless/Printer
ip address 10.1.90.1 255.255.255.0
!
interface vlan 100
ip address 10.1.100.1 255.255.255.0
!
interface 1
switchport forbidden default-vlan
!
interface gigabitethernet1
channel-group 1 mode auto
switchport mode access
!
interface gigabitethernet2
channel-group 2 mode auto
switchport mode access
!
interface gigabitethernet3
channel-group 3 mode auto
switchport mode access
!
interface gigabitethernet4
switchport mode access
switchport forbidden default-vlan
!
interface gigabitethernet5
switchport mode access
switchport access vlan 31
!
interface gigabitethernet6
switchport mode access
switchport access vlan 33
!
interface gigabitethernet7
switchport mode access
switchport access vlan 32
!
interface gigabitethernet8
switchport mode access
switchport access vlan 70
!
interface gigabitethernet9
channel-group 1 mode auto
switchport mode access
!
interface gigabitethernet10
channel-group 2 mode auto
switchport mode access
!
interface gigabitethernet11
channel-group 3 mode auto
switchport mode access
!
interface gigabitethernet12
switchport mode access
switchport forbidden default-vlan
!
interface gigabitethernet13
switchport mode access
switchport access vlan 31
!
interface gigabitethernet14
switchport mode access
switchport access vlan 33
!
interface gigabitethernet15
switchport mode access
switchport forbidden default-vlan
!
interface gigabitethernet16
switchport mode access
switchport access vlan 70
!
interface gigabitethernet17
switchport mode access
switchport access vlan 90
!
interface gigabitethernet18
rmon collection stats 1
switchport mode access
switchport access vlan 90
!
interface gigabitethernet19
switchport mode access
!
interface gigabitethernet20
switchport mode access
!
interface Port-channel1
description "LXD range 01"
switchport trunk allowed vlan add 10,20,30-31,50-51,90
switchport forbidden default-vlan
!
interface Port-channel2
description "LXD range 02"
switchport trunk allowed vlan add 10,20,30-31,50-51
switchport forbidden default-vlan
!
interface Port-channel3
description "NAS range 01"
switchport mode access
switchport access vlan 33
switchport forbidden default-vlan
!
interface Port-channel4
switchport mode access
switchport general pvid 4095
switchport forbidden default-vlan
!
interface Port-channel5
switchport mode access
switchport general pvid 4095
switchport forbidden default-vlan
!
interface Port-channel6
switchport mode access
switchport general pvid 4095
switchport forbidden default-vlan
!
interface Port-channel7
switchport mode access
switchport general pvid 4095
switchport forbidden default-vlan
!
interface Port-channel8
switchport mode access
switchport general pvid 4095
switchport forbidden default-vlan
!
ip route 0.0.0.0 0.0.0.0 10.1.100.2
ip route 10.1.60.0 255.255.255.0 10.1.20.21
snmp-server set rlAutomaticClockSetFromPCEnabled rlAutomaticClockSetFromPCEnabled true

I thought this might be a machine specific problem, but I've seen it on two machines. Any help is appreciated.

Thanks,

Joshua

Richard Bradfield · ‎08-16-2016

Is the printer wireless or hardwired? I was thinking might be something to do with the Wireless Access point

View solution in original post

johnd2310 · ‎08-15-2016

Hi,

Have you checked firewall on those machines?

Thanks

John

**Please rate posts you find helpful**

Joshua Schaeffer · ‎08-16-2016

Just double checked and yes, the firewall is disabled my testing machine. I'm also trying to ping a printer on VLAN 90 as well. I can ping it from the switch and machines on VLAN 90, but like my other tests I cannot ping it from machines outside of VLAN 90.

Richard Bradfield · ‎08-16-2016

Is the printer wireless or hardwired? I was thinking might be something to do with the Wireless Access point

Joshua Schaeffer · ‎08-16-2016

The printer is wired. That is not the correct answer, accidentally hit that.

Richard Bradfield · ‎08-16-2016

As a test is it possible to connect the printer directly to the sg300 switch, and disable all other vlan 90 connections on the switch. then see if it pings ok.