PFSDC (VLAN 20 172.26.20.32/24) is not accessible from wireless user VLAN 140 (172.26.140.0/24), Abl...

shailendra harinkhede · ‎01-15-2018

Issue: PFSDC (VLAN 20 172.26.20.32/24) is not accessible from wireless user VLAN 140 (172.26.140.0/24)

Able to ping other IP's of VLAN 20 from VLAN 140.

admin@capdcfw1(active)> ping source 172.26.140.1 host 172.26.20.11
PING 172.26.20.11 (172.26.20.11) from 172.26.140.1 : 56(84) bytes of data.
64 bytes from 172.26.20.11: icmp_seq=1 ttl=255 time=0.553 ms
^C
--- 172.26.20.11 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.553/0.553/0.553/0.000 ms
admin@capdcfw1(active)> ping source 172.26.140.1 host 172.26.20.32
PING 172.26.20.32 (172.26.20.32) from 172.26.140.1 : 56(84) bytes of data.
^C
--- 172.26.20.32 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2027ms

admin@capdcfw1(active)>

T-shoot so far: MAC and ARP learning correctly on FW and SW, other uses are able to access PFSDC.

As per FW TAC we have delete and created the FW interface but no luck.

Mac learning on WDC switch (layer 2 switch )

WDC-3850-Stack#show mac address-table | include f9b4

20 7010.6f47.f9b4 DYNAMIC Gi3/0/39

ARP learning on FW (Layer 3 device)

admin@capdcfw1(active)> show arp ethernet1/3.20 | match 172.26.20.32

ethernet1/3.20 172.26.20.32 70:10:6f:47:f9:b4 ethernet1/3 c 1787

Attached packet capture at FW showing FW VLAN 140 is sending ICMP ping request but getting no response back

Please advise where could be issue,

Mikolaj Moryto · ‎01-15-2018

Hi,

I would suggest checking the security settings on 172.26.20.32 itself. Does it have any firewall or something else that can block traffic?

Thank you,

Mikolaj

**** PLEASE RATE IF USEFUL ****

PFSDC (VLAN 20 172.26.20.32/24) is not accessible from wireless user VLAN 140 (172.26.140.0/24), Able to ping other IP's of VLAN 20 from VLAN 140.