02-17-2011 07:14 AM - edited 03-06-2019 03:36 PM
Hi everyone, the issue that im tryin to explain its kinda weird to place it here. Here it goes: I have a 6509 with FWSM module, which uses ospf. Outside the FWSM, its running eigrp (i think this doesnt matter right now, but i put it just in case). I use the FWSM for intervlan routing. So..I have several vlan, but the one with problems its the 71. I have 3 server in that vlan 192.168.71.1; 192.168.71.3; 192.168.71.5 /24. I configure outgoing permissions on the interface 71 so that 192.168.81.116 can reach this 3 servers, and it was working good. A few days ago, the 81.116 cant reach 192.168.71.3, but had no problems with the other two server. I check tje rules on the FWSM and everything was fine, check the access switch and it was ok too. Use my laptop on the server's port in the access switch using 192.168.71.3, but no one can reach me. I can see 192.168.71.3 from the FWSM, but not from other vlan's. It gets worse...doing more troubleshooting and using another access switch with a port in vlan 71 and my laptop with the address 192.168.71.100, giving all the permission in the outgoing from vlan 71, and no one can reach it too!! The thing is that now using the same rules for all the vlan 71, only works for 192.168.71.1 and 71.5 from other vlan. I can see all the vlan, but only from the FWSM. I check all the access list and nothing its denying the access and everything looks fine, my other vlan are running fine. If someone sees what can be happening. The last thing that can i do is deleting and recreating the vlan. But there must be something else to do. Thanks in advance...
02-17-2011 08:54 AM
are you running latest FWSM code? I'm running 4.0(13), has been pretty stable
02-18-2011 02:21 AM
Yes it's difficult to get a grasp of whats happening from the description. Are you sure the vlan is assigned to the right group? Is the routing in place OK? Is the vlan being redistributed from OSPF to EIGRP? Can you ping between different memeber of the same vlan 71?
IF it works for 71.1 and 71.5 it could be a MAC issue...if you clear the mac-address table and arp cache does it work for you? Check these things and try. Check the logs too. Check the port the server is connected to...and try to document as much as you can here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide