3750 not passing traffic between L3 ports...weird

Unanswered Question
May 22nd, 2009

Even when I'm on the switch I cannot ping the FW from the far interface on the switch:

xxxx-02#ping 10.63.7.6 source 10.63.7.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.63.7.6, timeout is 2 seconds:

Packet sent with a source address of 10.63.7.2

.....

Success rate is 0 percent (0/5)

xxxx-02#ping 10.63.7.6 source 10.63.7.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.63.7.6, timeout is 2 seconds:

Packet sent with a source address of 10.63.7.5

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

xxxx-02#sh ip int brie

Interface IP-Address OK? Method Status Protocol

Vlan1 unassigned YES NVRAM administratively down down

Vlan10 10.63.0.1 YES NVRAM up up

Vlan101 unassigned YES NVRAM down down

Vlan102 10.63.2.1 YES NVRAM up down

Vlan103 10.63.3.1 YES NVRAM up down

Vlan104 10.63.4.1 YES NVRAM up down

Vlan105 10.63.5.1 YES NVRAM up up

Vlan106 10.63.6.1 YES NVRAM up up

Vlan107 unassigned YES NVRAM down down

FastEthernet0 unassigned YES NVRAM administratively down down

GigabitEthernet1/0/1 10.63.7.2 YES NVRAM up up

GigabitEthernet1/0/2 10.63.7.5 YES NVRAM up up

Here is the switch side:

interface GigabitEthernet1/0/1

description UPLINK BowlingGreen-3845 gi0/0

no switchport

ip address 10.63.7.2 255.255.255.252

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

priority-queue out

mls qos trust cos

auto qos voip trust

spanning-tree portfast

!

interface GigabitEthernet1/0/2

no switchport

ip address 10.63.7.5 255.255.255.252

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

priority-queue out

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

service-policy input AutoQoS-Police-CiscoPhone

!

ip routing

ip route 0.0.0.0 0.0.0.0 10.63.7.6

ip route 10.0.0.0 255.0.0.0 10.63.7.1

ip route 10.63.4.192 255.255.255.192 10.63.7.6

ip route 10.254.254.0 255.255.255.0 10.63.7.6

ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 05/22/2009 - 10:26

Apologies for asking the obvious but does the FW have a route back to 10.63.7.0/30 subnet ?

Jon

Jon Marshall Fri, 05/22/2009 - 11:19

Sam

I'm guessing it does as he can ping the FW from the .5 address :-)

Jon

cisco_lad2004 Fri, 05/22/2009 - 11:25

Good point Jon !

I would still still take a look at FW policies...I have wasted valuable time once assuming if it works for one host it would for whole subnet :-)

Same thing goes for routing from FW.

Sam

Jon Marshall Fri, 05/22/2009 - 11:27

Sam

I totally agree, i was just having a bit of fun :-), no offence intended.

I have also spent many fruitless hours troubleshooting routing, vlans etc.. only to find it was a stupid firewall rule !

Jon

Actions

This Discussion