05-09-2018 07:51 AM - edited 03-08-2019 02:57 PM
Hello.
I have a user getting "security error when trying to access the Server2" from Server1.
Server1 - IP addr. 10.114.91.40 - Vlan1904 - Gateway 10.114.91.252/24
Server2 - IP addr. 10.115.210.76 - Vlan1877 - Gateway 10.115.210.252/24
I logged into Switch and and successfully pinged 10.115.210.76 but could not ping 10.114.91.40:
SW1# ping 10.114.91.40
PING 10.114.91.40 (10.114.91.40): 56 data bytes
36 bytes from 10.114.91.252: Destination Host Unreachable
Request 0 timed out
36 bytes from 10.114.91.252: Destination Host Unreachable
Request 1 timed out
36 bytes from 10.114.91.252: Destination Host Unreachable
Request 2 timed out
36 bytes from 10.114.91.252: Destination Host Unreachable
Request 3 timed out
36 bytes from 10.114.91.252: Destination Host Unreachable
Request 4 timed out
Here are further details. Any ideas what is going on here? Thank you:
SW1# traceroute 10.114.91.40
traceroute to 10.114.91.40 (10.114.91.40), 30 hops max, 40 byte packets
1 10.114.91.252 (10.114.91.252) 1.008 ms !H 0.418 ms !H 0.474 ms !H
SW1# sh ip route 10.114.91.40
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
10.114.91.0/24, ubest/mbest: 1/0, attached
*via 10.114.91.252, Vlan1904, [0/0], 2y3w, direct
SW1# sh int Vlan1904
Vlan1904 is up, line protocol is up
Hardware is EtherSVI, address is 00aa.980c.3f41
Description: ***Linux_User_Test_2***
Internet Address is 10.114.91.252/24
MTU 9216 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 2/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA
Last clearing of "show interface" counters never
60 seconds input rate 9968116 bits/sec, 2960 packets/sec
60 seconds output rate 7807575 bits/sec, 2650 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 12.25 Mbps, 3.24 Kpps; output rate 11.08 Mbps, 2.97 Kpps
L3 Switched:
input: 61594435293 pkts, 20817831682880 bytes - output: 62930952743 pkts, 19735891643201 bytes
L3 in Switched:
ucast: 61529227443 pkts, 20810125939277 bytes - mcast: 65207850 pkts, 7705743603 bytes
L3 out Switched:
ucast: 62930952743 pkts, 19735891643201 bytes - mcast: 0 pkts, 0 bytes
SW1# sh ip route 10.114.91.40
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
10.114.91.0/24, ubest/mbest: 1/0, attached
*via 10.114.91.252, Vlan1904, [0/0], 2y3w, direct
__________________
SW1traceroute 10.115.210.76
traceroute to 10.115.210.76 (10.115.210.76), 30 hops max, 40 byte packets
1 10.115.210.76 (10.115.210.76) 0.712 ms 0.554 ms 0.591 ms
SW1# sh ip route 10.115.210.76
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
10.115.210.76/32, ubest/mbest: 1/0, attached
*via 10.115.210.76, Vlan1877, [250/0], 1d00h, am
SW# sh int Vlan1877
Vlan1877 is up, line protocol is up
Hardware is EtherSVI, address is bbbb.980c.3f41
Description: ***LINUX_BACKUP_TEST***
Internet Address is 10.115.210.252/24
MTU 9216 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA
Last clearing of "show interface" counters never
60 seconds input rate 22116 bits/sec, 4 packets/sec
60 seconds output rate 2976 bits/sec, 3 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 21.92 Kbps, 4 pps; output rate 3.17 Kbps, 3 pps
L3 Switched:
input: 227370630555 pkts, 330619803530696 bytes - output: 209935318021 pkts, 21355307781488 bytes
L3 in Switched:
ucast: 227167894930 pkts, 330596189744029 bytes - mcast: 202735625 pkts, 23613786667 bytes
L3 out Switched:
ucast: 209935318021 pkts, 21355307781488 bytes - mcast: 0 pkts, 0 bytes
05-09-2018 07:58 AM - edited 05-09-2018 07:59 AM
05-09-2018 08:09 AM
05-09-2018 08:19 AM
Would you also be able to provide the output from "show ip route" along with either the current running-config or the configuration from the interfaces that the servers connect to?
Kind Regards,
David
05-09-2018 08:56 AM
05-09-2018 09:07 AM
This won't be sufficient enough to see whats wrong.
Can you at least ping the gateway?
ping 10.114.91.252
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide