cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5708
Views
15
Helpful
14
Replies

Vrrp Issue - cannot ping vrrp ip from Firewall(switch as a firewall)

ITexpert
Level 3
Level 3

Hello guys,

@Joseph W. Doherty @Richard Burts  @Georg Pauwen   @Pamarthy @Daniele Giordano @paul driver @Peter Paluch

 

please see attached topology with all configs.

The issue is that I cannot ping vlan 14 vrrp ip(10.110.14.5 ) address from Firewall switch.

 

Please help ?

 

Thanks

1 Accepted Solution

Accepted Solutions

Hello @Francesco Molino @Julio E. Moisa

 

You guys were right there is something wrong with Cisco IOSvL2 image in GNS3 , I test with real equipment and it works.

 

 

Thanks for your help guys.

View solution in original post

14 Replies 14

ITexpert
Level 3
Level 3

Any help will be appreciated ?   @patoberli  @Reza Sharifi  @Sandy Lee   @balaji.bandi @Leo Laohoo @Julio E. Moisa @Jon Marshall @Mark Malone  @cadet alain @Diana Karolina Rojas

 

I can ping the vrrp ip for vlan 1 but not vlan 14  , dont know why ?

The diff is only that SVI for vlan 1 is on Firewall switch but SVI for vlan 14 are on core switches.

The purpose of doing this is because default vlan is already working and redudancy is provided by STP over cores , but i dont create vlan 14 on firewall SW because there is no redudancy for that.  so i create SVI's for vlan 14 on core switches and then setup vrrp for vlan 14.  please have a look into configs

 

Please have a look on configurations and let me know if i am missing something ?

Hi

From what IP are you making ping? also are you able to ping the 14.1 and 14.2? the config looks fine (just add the preempt parameter) now it could be a routing or permission problem. Have you configured default gateway on the computer? if you have configured an IP address where the gateway is configured on the firewall, the firewall can reach the SVI 14? check the routing. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hello Julio,

 

Thanks Alot for replying,   I appreciate your response. @Julio E. Moisa

 

I am trying to ping from Firewall-SW to 10.110.14.5 and its not working.  I am able to ping the 10.110.14.1 and 10.110.14.2 from Firewall-SW .

 

On the other hand, I create vlan 1 interface on Firewall Sw and i am  able to ping 10.110.1.80 which is also vrrp ip existing on same switches .  

 

Its lab environment, i can do any recommend changes. please advice ?

Hi 

You are welcome, any time, What happens if you shutdown the backup SVI 14 (backup switch), can you ping the 14.5?,  It could be a MAC address problem or bug. 

 

I also suggest change the firewall by a router just for testing or add a router connecting both switches. I have had troubles with firewalls in simulator/emulators.

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hello @Julio E. Moisa

 

So i isolate the core02 Sw,   Even then i can not ping the vrrp vlan 14 ip from Firewall-SW .

 

vrrp for vlan 14 is ok because i can ping  vrrp ip from PC2 , but its only 50% ping rate like it pings after loosing each ping.

 

Thanks

Hello Julio, @Julio E. Moisa

 

I removed the Firewall (Switch) and add the C7200 Router but now i have to give IP  to port connected with core01 but i cant able to give IP within same subnet to other port connected to core02.   

 

I know I can not setup two same network interfaces within same subnet on Router because it have different broadcast domain per interface.

 

But how i will connect Router to two switches which has vrrp configured.

 

Thanks

But how i will connect Router to two switches which has vrrp configured: You could set up a layer 2 switch between the router and core switches. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

ITexpert
Level 3
Level 3

Please help @omz   @Francesco Molino 

Hi

You've built it on GNS3. Do you have the topology to test it?
Can you share the output of sh vrrp brief?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Hello @Francesco Molino,

 

Vrrp is working great because i can ping it from internally, I am trying to built same topology with real gear and will post results.

 

Thanks

I didn't say it won't work. Just asking for your gns3 project then we can check. Anyway, if you're doing it on real devices, let's wait your feedback.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Hello @Francesco Molino @Julio E. Moisa

 

You guys were right there is something wrong with Cisco IOSvL2 image in GNS3 , I test with real equipment and it works.

 

 

Thanks for your help guys.

You are welcome, have a good day

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

You're welcome. Don't hesitate if you have any issues.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: