Re: Server1 cannot reach Server2 - both connected to the same switch but different VLANs

Blackschwanzer · ‎05-09-2018

Hello.

I have a user getting "security error when trying to access the Server2" from Server1.

Server1 - IP addr. 10.114.91.40 - Vlan1904 - Gateway 10.114.91.252/24

Server2 - IP addr. 10.115.210.76 - Vlan1877 - Gateway 10.115.210.252/24

I logged into Switch and and successfully pinged 10.115.210.76 but could not ping 10.114.91.40:

SW1# ping 10.114.91.40
PING 10.114.91.40 (10.114.91.40): 56 data bytes
36 bytes from 10.114.91.252: Destination Host Unreachable
Request 0 timed out
36 bytes from 10.114.91.252: Destination Host Unreachable
Request 1 timed out
36 bytes from 10.114.91.252: Destination Host Unreachable
Request 2 timed out
36 bytes from 10.114.91.252: Destination Host Unreachable
Request 3 timed out
36 bytes from 10.114.91.252: Destination Host Unreachable
Request 4 timed out

Here are further details. Any ideas what is going on here? Thank you:

SW1# traceroute 10.114.91.40
traceroute to 10.114.91.40 (10.114.91.40), 30 hops max, 40 byte packets
1 10.114.91.252 (10.114.91.252) 1.008 ms !H 0.418 ms !H 0.474 ms !H
SW1# sh ip route 10.114.91.40
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]

10.114.91.0/24, ubest/mbest: 1/0, attached
*via 10.114.91.252, Vlan1904, [0/0], 2y3w, direct

SW1# sh int Vlan1904
Vlan1904 is up, line protocol is up
Hardware is EtherSVI, address is 00aa.980c.3f41
Description: ***Linux_User_Test_2***
Internet Address is 10.114.91.252/24
MTU 9216 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 2/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA
Last clearing of "show interface" counters never
60 seconds input rate 9968116 bits/sec, 2960 packets/sec
60 seconds output rate 7807575 bits/sec, 2650 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 12.25 Mbps, 3.24 Kpps; output rate 11.08 Mbps, 2.97 Kpps
L3 Switched:
input: 61594435293 pkts, 20817831682880 bytes - output: 62930952743 pkts, 19735891643201 bytes
L3 in Switched:
ucast: 61529227443 pkts, 20810125939277 bytes - mcast: 65207850 pkts, 7705743603 bytes
L3 out Switched:
ucast: 62930952743 pkts, 19735891643201 bytes - mcast: 0 pkts, 0 bytes

SW1# sh ip route 10.114.91.40
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]

10.114.91.0/24, ubest/mbest: 1/0, attached
*via 10.114.91.252, Vlan1904, [0/0], 2y3w, direct

__________________

SW1traceroute 10.115.210.76
traceroute to 10.115.210.76 (10.115.210.76), 30 hops max, 40 byte packets
1 10.115.210.76 (10.115.210.76) 0.712 ms 0.554 ms 0.591 ms
SW1# sh ip route 10.115.210.76
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]

10.115.210.76/32, ubest/mbest: 1/0, attached
*via 10.115.210.76, Vlan1877, [250/0], 1d00h, am
SW# sh int Vlan1877
Vlan1877 is up, line protocol is up
Hardware is EtherSVI, address is bbbb.980c.3f41
Description: ***LINUX_BACKUP_TEST***
Internet Address is 10.115.210.252/24
MTU 9216 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA
Last clearing of "show interface" counters never
60 seconds input rate 22116 bits/sec, 4 packets/sec
60 seconds output rate 2976 bits/sec, 3 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 21.92 Kbps, 4 pps; output rate 3.17 Kbps, 3 pps
L3 Switched:
input: 227370630555 pkts, 330619803530696 bytes - output: 209935318021 pkts, 21355307781488 bytes
L3 in Switched:
ucast: 227167894930 pkts, 330596189744029 bytes - mcast: 202735625 pkts, 23613786667 bytes
L3 out Switched:
ucast: 209935318021 pkts, 21355307781488 bytes - mcast: 0 pkts, 0 bytes

dannykerr1 · ‎05-09-2018

Hulk8647 · ‎05-09-2018

can you post the whole switch config "show run"

David Miller · ‎05-09-2018

Would you also be able to provide the output from "show ip route" along with either the current running-config or the configuration from the interfaces that the servers connect to?

Kind Regards,

David

Blackschwanzer · ‎05-09-2018

i cannot post the whole sh run cause its really huge and i am afraid to fail to remove some sensitive data.

Here is sh run interface:

SW1# sh run int Vlan1877

!Command: show running-config interface Vlan1877

version 5.2(7)

interface Vlan1877
no ip redirects
ip address 10.115.210.252/24
ip unreachables
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
hsrp version 2
hsrp 1877
authentication md5 key-chain HSRP
preempt delay minimum 180 reload 240
timers 1 3
ip 10.115.210.254
no shutdown
mtu 9216
description ***LINUX_BACKUP_TEST***

SW1# sh run int Vlan1904

!Command: show running-config interface Vlan1904
!Time: Wed May 9 16:52:42 2018

version 5.2(7)

interface Vlan1904
no ip redirects
ip address 10.114.91.252/24
ip unreachables
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
hsrp version 2
hsrp 1904
authentication md5 key-chain HSRP
preempt delay minimum 180 reload 240
timers 1 3
ip 10.114.91.254
ip dhcp relay address 10.252.63.132
ip dhcp relay address 10.252.63.4
ip dhcp relay address 10.83.234.2
ip dhcp relay address 10.83.234.34
no shutdown
mtu 9216
description ***Linux_User_Test_2***

Hulk8647 · ‎05-09-2018

This won't be sufficient enough to see whats wrong.

Can you at least ping the gateway?

ping 10.114.91.252