05-05-2009 07:05 AM - edited 03-06-2019 05:32 AM
I have a 3550 switch which is in the egress path towards the Internet at my client site. I have only one VLAN configured with an IP address on the switch, and all traffic goes through this Gateway in and out of the network.
When I run a traceroute from inside the network, I get to the client Gateway (1st Hop), but then never get a 2nd IP entry of 172.16.1.7 in line 2 of my traceroutes.
Is there something on the switch that I may need to configure? IP traffic other than ICMP is fine. The switch will answer back to a ping....
Thx
05-05-2009 07:07 AM
What do you have after the switch, it could be your firewall not responding to the icmp traffic.
I can get to google.com but I can not tracert to google.com or anything else outside my network. My ASA drops the icmp traffic.
05-05-2009 06:04 PM
"When I run a traceroute from inside the network, I get to the client Gateway (1st Hop), but then never get a 2nd IP entry of 172.16.1.7 in line 2 of my traceroutes. "
I am not sure what you mean here.
Do you have a route to 172.16.1.7? Does the other end have a route back to you?
05-07-2009 08:48 AM
Here is a sample:
1 <1 ms <1 ms <1 ms bhicore.boarsheadinn.com [192.168.5.1]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
The 172.16.1.7 address should be the 2nd line in the traceroute. He is the next IP hop on the way out. The appropriate routes are in place...see below:
C:\Documents and Settings\kevin.BOARSHEADINN.000>ping 172.16.1.7
Pinging 172.16.1.7 with 32 bytes of data:
Reply from 172.16.1.7: bytes=32 time=1ms TTL=255
Reply from 172.16.1.7: bytes=32 time<1ms TTL=255
Reply from 172.16.1.7: bytes=32 time<1ms TTL=255
Reply from 172.16.1.7: bytes=32 time<1ms TTL=255
Ping statistics for 172.16.1.7:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
C:\Documents and Settings\kevin.BOARSHEADINN.000>
Thanks
05-07-2009 09:20 AM
If the 172.16.1.7 interface and 192.168.5.1 live on the same device, you should only get the nearest interface responding back to you...
05-07-2009 09:21 AM
They are not the same device. The 192.168.5.1 is the GW on our Core switch. The 172.16.1.7 is another switch and the next hop out on the way to the Internet...
05-07-2009 09:46 AM
Traceroute to 172.16.1.7 and show us the output of that.
05-07-2009 10:01 AM
C:\Documents and Settings\kevin.BOARSHEADINN.000>tracert 172.16.1.7
Tracing route to 172.16.1.7 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms bhicore.boarsheadinn.com [192.168.5.1]
2 1 ms <1 ms <1 ms 172.16.1.7
Trace complete.
C:\Documents and Settings\kevin.BOARSHEADINN.000>
05-07-2009 10:12 AM
Is 172.16.1.7 a L3 switch?
05-07-2009 10:13 AM
If its not a Layer 3 switch, it will not show up on the traceroute, because its not part of the routing path.
05-07-2009 10:16 AM
I think I just answered my question.
You have this topology:
L3Switch ---- layer 2 switch ---- Internet gateway
Only the L3switch and Internet gateway will respond to the traceroute (ICMP is L3), because the other switch is a layer two pathway. Only routers will respond to the traceroute.
I would assume you have ICMP blocked somewhere at your internet gateway.
05-07-2009 11:21 AM
ICMP is not blocked anywhere. I can ping all the way out the entire path. It is just traceroute that fails at the 2nd hop, not pings..
05-07-2009 11:20 AM
But it is part of the routing path. I sent you a trace route indicating that...
05-07-2009 11:19 AM
It is an L3 switch. We have a VLAN 3 configured on it. It has an ip address of 172.16.1.7. All the devices in that network (which is the way in and out towards the Internet) plug into a VLAN 3 port and use 172.16.1.7 as their gateway.
05-07-2009 11:48 AM
It looks like you are blocking some ICMP. The traceroute you sent only shows one response.
1 <1 ms <1 ms <1 ms bhicore.boarsheadinn.com [192.168.5.1]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide