Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
19040
Views
0
Helpful
2
Replies

Prohibited Unreachable ICMP Failing

Go to solution
MMstre
Level 3
Level 3

ā€Ž02-02-2010 02:06 PM - edited ā€Ž03-06-2019 09:33 AM

Information and symptoms:

IOS code 12.2.33SHX3

Pings intermittently failing

No ACLs anywhere in the path.

Errors from debugs:

Feb  1 23:34:02.562 cst: ICMP: dst (165.68.17.3) prohibited unreachable rcv from 165.68.17.104

Feb  2 12:16:30.371 cst: FIBipv4-packet-proc: route packet from (local) src 165.68.33.3 dst 165.68.17.104
Feb  2 12:16:30.371 cst: FIBipv4-packet-proc: packet routing succeeded
Feb  2 12:16:30.371 cst: IP: tableid=0, s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), routed via FIB
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, sending
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, output feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, Post-Ingress-NetFlow(49), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, post-encap feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, MTU Processing(4), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, post-encap feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, IP Protocol Output Counter(5), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, post-encap feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, IP Sendself Check(8), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, post-encap feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, HW Shortcut Installation(15), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.375 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, sending full packet
Feb  2 12:16:30.375 cst:     ICMP type=8, code=0
Feb  2 12:16:30.375 cst: IP: s=165.68.17.104 (Vlan17), d=165.68.33.3, len 128, input feature
Feb  2 12:16:30.375 cst:     ICMP type=3, code=10, Ingress-NetFlow(14), rtype 0, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.375 cst: FIBipv4-packet-proc: route packet from Vlan17 src 165.68.17.104 dst 165.68.33.3
Feb  2 12:16:30.375 cst: FIBfwd-proc: Default:165.68.33.3/32 receive entry
Feb  2 12:16:30.375 cst: FIBipv4-packet-proc: packet routing failed
Feb  2 12:16:30.375 cst: IP: s=165.68.17.104 (Vlan17), d=165.68.33.3, len 128, rcvd 2
Feb  2 12:16:30.375 cst:     ICMP type=3, code=10
Feb  2 12:16:30.375 cst: IP: s=165.68.17.104 (Vlan17), d=165.68.33.3, len 128, stop process pak for forus packet
Feb  2 12:16:30.375 cst:     ICMP type=3, code=10

Pings from VLAN 17 on access switch to VLAN 113 on another access switch do not receive reply.  Anywhere else is fine.

Pings to VLAN 17 from directly connected distribution switch located physical in between the access switches, sourced from VLAN 17 work fine.

It seems that the IMCP messages are being lost in the distribution somewhere.

I am completely lost!!!  HELP!!!!

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

ā€Ž02-02-2010 11:18 PM 


Information and symptoms:
IOS code 12.2.33SHX3
Pings intermittently failing
No ACLs anywhere in the path.
Errors from debugs:
Feb  1 23:34:02.562 cst: ICMP: dst (165.68.17.3) prohibited unreachable rcv from 165.68.17.104
Feb  2 12:16:30.371 cst: FIBipv4-packet-proc: route packet from (local) src 165.68.33.3 dst 165.68.17.104
Feb  2 12:16:30.371 cst: FIBipv4-packet-proc: packet routing succeeded
Feb  2 12:16:30.371 cst: IP: tableid=0, s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), routed via FIB
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, sending
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, output feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, Post-Ingress-NetFlow(49), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, post-encap feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, MTU Processing(4), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, post-encap feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, IP Protocol Output Counter(5), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, post-encap feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, IP Sendself Check(8), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, post-encap feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, HW Shortcut Installation(15), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.375 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, sending full packet
Feb  2 12:16:30.375 cst:     ICMP type=8, code=0
Feb  2 12:16:30.375 cst: IP: s=165.68.17.104 (Vlan17), d=165.68.33.3, len 128, input feature
Feb  2 12:16:30.375 cst:     ICMP type=3, code=10, Ingress-NetFlow(14), rtype 0, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.375 cst: FIBipv4-packet-proc: route packet from Vlan17 src 165.68.17.104 dst 165.68.33.3
Feb  2 12:16:30.375 cst: FIBfwd-proc: Default:165.68.33.3/32 receive entry
Feb  2 12:16:30.375 cst: FIBipv4-packet-proc: packet routing failed
Feb  2 12:16:30.375 cst: IP: s=165.68.17.104 (Vlan17), d=165.68.33.3, len 128, rcvd 2
Feb  2 12:16:30.375 cst:     ICMP type=3, code=10
Feb  2 12:16:30.375 cst: IP: s=165.68.17.104 (Vlan17), d=165.68.33.3, len 128, stop process pak for forus packet
Feb  2 12:16:30.375 cst:     ICMP type=3, code=10
Pings from VLAN 17 on access switch to VLAN 113 on another access switch do not receive reply.  Anywhere else is fine.
Pings
to VLAN 17 from directly connected distribution switch located physical
in between the access switches, sourced from VLAN 17 work fine.
It seems that the IMCP messages are being lost in the distribution somewhere.
I am completely lost!!!  HELP!!!!

Hi,

ICMP Type= 3 says  Destination Unreachable and code = 10 means Communication with Destination Host is               Administratively Prohibited

and the error genrally means  that the destination system is configured to reject datagrams from the sending system. This error is generally used when firewall restrictions or other security measures are filtering datagrams based on some sort of criteria. This message effectively says, ā€œThe destination may be up and running, but it will not get the datagrams that youā€™re sending. Stop sending them.ā€

Hope that help

If helpful do rate

Ganesh.H

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

ā€Ž02-02-2010 11:18 PM 


Information and symptoms:
IOS code 12.2.33SHX3
Pings intermittently failing
No ACLs anywhere in the path.
Errors from debugs:
Feb  1 23:34:02.562 cst: ICMP: dst (165.68.17.3) prohibited unreachable rcv from 165.68.17.104
Feb  2 12:16:30.371 cst: FIBipv4-packet-proc: route packet from (local) src 165.68.33.3 dst 165.68.17.104
Feb  2 12:16:30.371 cst: FIBipv4-packet-proc: packet routing succeeded
Feb  2 12:16:30.371 cst: IP: tableid=0, s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), routed via FIB
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, sending
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, output feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, Post-Ingress-NetFlow(49), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, post-encap feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, MTU Processing(4), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, post-encap feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, IP Protocol Output Counter(5), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, post-encap feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, IP Sendself Check(8), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.371 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, post-encap feature
Feb  2 12:16:30.371 cst:     ICMP type=8, code=0, HW Shortcut Installation(15), rtype 1, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.375 cst: IP: s=165.68.33.3 (local), d=165.68.17.104 (Vlan17), len 100, sending full packet
Feb  2 12:16:30.375 cst:     ICMP type=8, code=0
Feb  2 12:16:30.375 cst: IP: s=165.68.17.104 (Vlan17), d=165.68.33.3, len 128, input feature
Feb  2 12:16:30.375 cst:     ICMP type=3, code=10, Ingress-NetFlow(14), rtype 0, forus FALSE, sendself FALSE, mtu 0
Feb  2 12:16:30.375 cst: FIBipv4-packet-proc: route packet from Vlan17 src 165.68.17.104 dst 165.68.33.3
Feb  2 12:16:30.375 cst: FIBfwd-proc: Default:165.68.33.3/32 receive entry
Feb  2 12:16:30.375 cst: FIBipv4-packet-proc: packet routing failed
Feb  2 12:16:30.375 cst: IP: s=165.68.17.104 (Vlan17), d=165.68.33.3, len 128, rcvd 2
Feb  2 12:16:30.375 cst:     ICMP type=3, code=10
Feb  2 12:16:30.375 cst: IP: s=165.68.17.104 (Vlan17), d=165.68.33.3, len 128, stop process pak for forus packet
Feb  2 12:16:30.375 cst:     ICMP type=3, code=10
Pings from VLAN 17 on access switch to VLAN 113 on another access switch do not receive reply.  Anywhere else is fine.
Pings
to VLAN 17 from directly connected distribution switch located physical
in between the access switches, sourced from VLAN 17 work fine.
It seems that the IMCP messages are being lost in the distribution somewhere.
I am completely lost!!!  HELP!!!!

Hi,

ICMP Type= 3 says  Destination Unreachable and code = 10 means Communication with Destination Host is               Administratively Prohibited

and the error genrally means  that the destination system is configured to reject datagrams from the sending system. This error is generally used when firewall restrictions or other security measures are filtering datagrams based on some sort of criteria. This message effectively says, ā€œThe destination may be up and running, but it will not get the datagrams that youā€™re sending. Stop sending them.ā€

Hope that help

If helpful do rate

Ganesh.H

0 Helpful

Go to solution
MMstre
Level 3
Level 3
In response to Ganesh Hariharan

ā€Ž02-03-2010 07:02 PM

Hi Ganesh,

Thanks for the reply.  You are correct, i was thinking that there may be something going on here that was different than the norm.  This ping was sent to a Linux box, and where I am used to seeing responses, followed by sporadic drops, this machine was sending unreachables, which is different that what I am used to seeing.  I am not used to seeing a machine responding that itself is unreachable, which i found to be odd.

We are actually experiencing a problem with this Linuz device not being able to route to a specific vlan, and are unable to find any information as to why, packets seem to be disappearing and we were hoping that this debug would help point us in the right direction... back to the drawing board.

Thanks again,

Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card