able to ping server from user gateway but user is not able to ping server

Unanswered Question
Jun 11th, 2008

hi all,

i have a problem here.

user is on vlan140 with ip address.

user is unable to ping server from his pc.

i am able toping server from user gateway.but when i do extended ping using source ip as user vlan then ping does not work

any help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 06/11/2008 - 15:11

Mahesh

Could you give us a few more details. Are you talking about a L3 switch.

Please provide a few more details.

Jon

mahesh18 Wed, 06/11/2008 - 15:22

Hi jon

other users on different vlan can ping it.

this us user gateway

sh ver

Cisco Internetwork Operating System Software

IOS (tm) s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(18)SXF6, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by cisco Systems, Inc.

Compiled Mon 18-Sep-06 23:59 by tinhuang

Image text-base: 0x40101040, data-base: 0x42D90000

ROM: System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)

BOOTLDR: s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(18)SXF6, RELEASE SOFTWARE (fc1)

Jon Marshall Wed, 06/11/2008 - 15:25

Mahesh

Could you check what Jorge has suggested.

In addition this is a 6500 switch. Are both devices attached to this switch.

From the user PC can you ping it's default gateway ie. the vlan 40 L3 interface on the 6500.

Can you confirm that the vlan 40 L3 is up/up ie.

sh ip int brief

Jon

mahesh18 Wed, 06/11/2008 - 15:27

hi all,

vlan 140 is up up

Vlan140 is up, line protocol is up

Hardware is EtherSVI, address is 0009.7bdb.7000 (bia 0009.7bdb.7000)

Description: Enterprise App servers Vlan 1

Internet address is 192.168.140.3/24

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 11/255

Encapsulation ARPA, loopback not set

Keepalive not supported

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:00, output 00:00:00, output hang never

Last clearing of "show interface" counters 33w0d

Input queue: 4/75/267/1 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 44561000 bits/sec, 5230 packets/sec

5 minute output rate 2577000 bits/sec, 1601 packets/sec

L2 Switched: ucast: 14670755639 pkt, 5923725805904 bytes - mcast: 60679425 pkt, 4541744037 bytes

L3 in Switched: ucast: 64138066876 pkt, 53901304943452 bytes - mcast: 445 pkt, 56558 bytes mcast

L3 out Switched: ucast: 30433489078 pkt, 7794757558948 bytes mcast: 0 pkt, 0 bytes

64241720527 packets input, 53908641785717 bytes, 0 no buffer

Received 88392599 broadcasts (471 IP multicasts)

0 runts, 0 giants, 4 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

30456889718 packets output, 7796272959172 bytes, 0 underruns

0 output errors, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

mahesh18 Wed, 06/11/2008 - 15:25

Hi all,

this is info from user gateway

ping

Protocol [ip]:

Target IP address: 172.31.41.82

Repeat count [5]: 100

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: vlan140--user vlan

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 100, 100-byte ICMP Echos to 172.31.41.82, timeout is 2 seconds:

Packet sent with a source address of 192.168.140.3

..................

Success rate is 0 percent (0/18)

oktulesfr2#x

able toping it without extended command

ping 172.31.41.82

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.31.41.82, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms

Jon Marshall Wed, 06/11/2008 - 15:30

Mahesh

If vlan 140 is a user vlan why does it have a description of "Enterprise App servers Vlan 1"

Anyway, where is 172.31.41.82 - is the device connnected to the 6500 switch or is it connected to another device ?

Jon

mahesh18 Wed, 06/11/2008 - 15:37

hi jon

server is connected to another device at different location

mahesh18 Wed, 06/11/2008 - 15:39

Hi jon,

traceroute from user gateway to server

traceroute 172.31.41.82

Type escape sequence to abort.

Tracing the route to houtsm4300a.williams.com (172.31.41.82)

1 (192.168.253.13) 4 msec

(192.168.253.5) 0 msec

(192.168.253.13) 0 msec

2 (172.16.128.9) 0 msec

(172.16.128.13) 0 msec

(172.16.128.9) 0 msec

3 (172.16.100.2) 12 msec 16 msec 12 msec

4 (172.16.51.9) 12 msec 12 msec 12 msec

5 (172.31.41.82) 16 msec 12 msec 16 msec

Jon Marshall Wed, 06/11/2008 - 15:41

Mahesh

You need to make sure that all those routers that your traceroute is going through know how to route back to vlan 140 subnet. It looks like some router along the way or the final destination does not know how to route back to the 192.168.40.x subnet.

Jon

mahesh18 Wed, 06/11/2008 - 15:45

hi jon,

how can i check that

this is traceroute from user PC to server IP

tracert 172.31.41.82

Tracing route to [172.31.41.82]

over a maximum of 30 hops:

1 [192.168.140.3]

2 [192.168.253.5]

3 [172.16.128.9]

4 * * * Request timed out.

5 * * * Request timed out.

6 * * * Request timed out.

7 * * * Request timed out.

Jon Marshall Wed, 06/11/2008 - 15:48

Mahesh

You need to go to the next router in the traceroute and see why it doesn't have a route back to 192.168.140.3. That is what is happening, not all the routers in the path to 172.31.42.82 know about the 192.168.140.x network.

So you have to go router by router until they all know about the 192.168.140.x subnet.

Jon

mahesh18 Wed, 06/11/2008 - 16:02

hi jon,

how can i check that should i log onto next hopd router and do extended ping???

Jon Marshall Wed, 06/11/2008 - 16:05

Mahesh

You need to log onto each router in the path and try to ping 192.168.140.3. If it doesn't work you need to work out why it is not in the routing table.

Jon

mahesh18 Wed, 06/11/2008 - 16:18

hi jon i did that what u said above

log on to each router.

from last router 172.31.51.9 i was unable to ping vlan140

ping 192.168.140.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.140.3, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

this router is server gateway.

what should i do on this router

mahesh18 Wed, 06/11/2008 - 16:38

Hi john,

also from server--gateway router 172.31.51.9

i am able to ping user gateway and IP address

and also vlan 140 now but from user gateway still same thing

ping 192.168.140.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.140.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms

txhoucorr1#exit

[Connection to 172.16.100.2 closed by foreign host]

oktulesfr2#ping

Protocol [ip]:

Target IP address: 172.31.41.82

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: vlan140

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.31.41.82, timeout is 2 seconds:

Packet sent with a source address of 192.168.140.3

.....

Success rate is 0 percent (0/5)

Jon Marshall Wed, 06/11/2008 - 15:43

Try using an extended ping with vlan 140 as the source IP address and ping each of the hops in your traceroute above. When the ping fails that is where the routing needs to be sorted out.

Jon

mahesh18 Wed, 06/11/2008 - 15:50

hi jon thi sresult

oktulesfr2#ping

Protocol [ip]:

Target IP address: 192.168.253.13

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: vlan140

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.253.13, timeout is 2 seconds:

Packet sent with a source address of 192.168.140.3

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

oktulesfr2#ping

Protocol [ip]:

Target IP address: 172.16.128.9

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: vlan140

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.128.9, timeout is 2 seconds:

Packet sent with a source address of 192.168.140.3

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

oktulesfr2#ping

Protocol [ip]:

Target IP address: 172.16.100.2

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: vlan140

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.100.2, timeout is 2 seconds:

Packet sent with a source address of 192.168.140.3

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms

oktulesfr2#

oktulesfr2#ping

Protocol [ip]:

Target IP address: 172.16.51.9

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: vlan140

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.51.9, timeout is 2 seconds:

Packet sent with a source address of 192.168.140.3

.....

Success rate is 0 percent (0/5)

ping does not work to server gateway ip

JORGE RODRIGUEZ Wed, 06/11/2008 - 15:13

Is this problem on a single user on that vlan 40, can other users on that same vlan able to reach the server? if only one user make sure tcpip settings are properly configured with right gateway and mask, it is possibly the user do not have proper IP settings configured, could you check that.

Rgds

-Jorge

mahesh18 Wed, 06/11/2008 - 15:28

Hi all,

also from user gateway i am able toping user IP address

ping 192.168.140.6

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.140.6, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

mahesh18 Wed, 06/11/2008 - 15:32

Hi Jorge,

so far we know all users on vlan 140 can not access otehr users on different vlan can access the server

JORGE RODRIGUEZ Wed, 06/11/2008 - 16:01

I walked away for 5 minutes and see this developement, I'll let Jon take over, but prety much your trace route from vlan140 dies

@ 172.16.128.9, there you would need to check that there is a route back as Jon indicated to network 192.l168.140.0/24 VLAN140, connect to that 172.16.128.9 router and do show ip route 192.168.140.0 to see if it is in routing table.

One thing to take note, is this something that just broke or was it working before?

1 [192.168.140.3]

2 [192.168.253.5]

3 [172.16.128.9] ( check here )

4 * * * Request timed out.

5 * * * Request timed out.

6 * * * Request timed out.

7 * * * Request timed out.

Rgds

-Jorge

mahesh18 Wed, 06/11/2008 - 16:05

Hi jorge

i logonto router 172.16.128.9 and did

show ip route 192.168.140.0

Routing entry for 192.168.140.0/24

Known via "eigrp 64555", distance 170, metric 3328, type external

Redistributing via eigrp 64555

Last update from 172.16.128.14 on Port-channel14, 1w3d ago

Routing Descriptor Blocks:

* 172.16.128.10, from 172.16.128.10, 1w3d ago, via Port-channel13

Route metric is 3328, traffic share count is 1

Total delay is 30 microseconds, minimum bandwidth is 1000000 Kbit

Reliability 255/255, minimum MTU 1500 bytes

Loading 7/255, Hops 2

172.16.128.14, from 172.16.128.14, 1w3d ago, via Port-channel14

Route metric is 3328, traffic share count is 1

Total delay is 30 microseconds, minimum bandwidth is 1000000 Kbit

Reliability 255/255, minimum MTU 1500 bytes

Loading 13/255, Hops 2

JORGE RODRIGUEZ Wed, 06/11/2008 - 16:14

issue on that same router show ip route for the server IP address as well or ping the server IP address from it.

mahesh18 Wed, 06/11/2008 - 16:44

Sorry for last post

i am stil inable to ping from server gateway to user vlan140 or user gateway ip

txhoudisr1#ping 192.168.140.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.140.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

txhoudisr1#ping 192.168.140.6

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.140.6, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

txhoudisr1#ping 192.168.140.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.140.3, timeout is 2 seconds:

..

JORGE RODRIGUEZ Wed, 06/11/2008 - 17:34

From the server gateway where 172.31.51.9 resides could be where the problem is, that router doesn't know how to get to 192.168.140 network.

Do you have any other vlans beside VLAN 140 that you can try pinging from the server gateway, if you can ping from the server gateway any other VLANS residing in core/switch where VLAN140 is, find out how by what method the server gateway is learning those routes if by static routes or dynamic etc...

Actions

This Discussion