Have a dotq trunk configured between my 4506 and Nexus 5K, I have a GLC-T gbic in the 5K (temporary 1Gig trunk)
I have 2 Nexus 2Ks attached to 5K (FEX) with a web server attached to one of the 2K switches.
Problem is I CAN ping all devices attached on the 2K switches from my network (catalyst 4506)
but I CANNOT access the web server (http) or any service just ping? I CAN however access the web
server from any of the 2K switches. I am thinking its an issue with the gig trunk between the 5K and the
4506 but have no other way interconnecting at the minute.
Anyone seen similar issues?
Can you ping the server from the device where you are trying to access the http service? If you can ping it from the same device but cannot reach http, most likely the server is either not running http service or a firewall or ACL is blocking the access. Try performing a traceroute from both sides to see until which hop you are getting through.
Do the server and the device from which you try to access it reside in the same vlan? If not, make sure you have inter-vlan routing set correctly and that no ACL is blocking http traffic on the router.
Check from which devices you can ping the server and try to narrow down the problem by narrowing down the path for the ping.
Did you check if the trunk link is up and error free on both sides? Make sure it's not errdisabled and check if you see any errors or warnings in the logs on either side.
Verify the configuration of all related interfaces and make sure the correct switchport mode, vlans and native vlan settings are used.
Thanks for the reply Andras
This is all layer 2 no FW, no routing, I can ping the server but no http access, when I am patched in the same switch or any other 2K switch I have http access. When I am patched into a different 2K i.e via 5K i can ping and http to server.
So that is why I am thinking it is the 1gig trunk to my 4506 core but I need this to work as i have no 10gig uplink on the core. I am intending to uplink with 8gig etherchannnel.
This sounds kinda strange as if there's no ACL or firewall in between and ping is working, and it's really L2 only with no routing, L7 protocol should not matter.
Are you using vPC? If yes, try to break one leg (side) of the vPC and check if it's working then.
Are you trying to reach the server http service on the same IP which is used for pinging? Make sure you try accessing the http via IP rather than hostname/domain name. If it works when using IP address, likely it's a DNS issue and your DNS might be unreachable.
Could you try to perform a packet capture at the same time on both the source and destination? Perform the capture in a working (ping) and a non-working (http) scenario and compare the results. Make sure the IP addresses you see are the same in the 2 scenarios. As we're mostly interested in http, check if you see the initial TCP SYN, SYN-ACK and ACK packets on both sides. If you see it on one side only, check in which direction do you lose packets.
Try checking the configuration again to make sure everything is correct. As another step, try converting the trunk link to an access link and use the appropriate vlan on both sides to see if it's working then.