Unreachable device

Answered Question
Jul 20th, 2010

Hi,

I wish somebody can help me with this.

There's a device that we don't manage that is attached to one of the switch's port (3560)

The device is not allowed to respond to ICMP.

Here's the deal...

Previously from the network, we can reach that device via telnet, http and other protocols...

Now this is the results:

router#trace 201.193.214.51

Type escape sequence to abort.
Tracing the route to 201.193.214.51

  1 201.193.188.122 4 msec 0 msec 0 msec
  2 201.193.214.51 !A  *  !A


router#ping 201.193.214.51

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 201.193.214.51, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)


router#telnet 201.193.214.51 80
Trying 201.193.214.51, 80 ...
% Destination unreachable; gateway or host down

There are no ACLs in the path, no load-balancing...

The device is just connected to the switch, which connects to the router and from the router I'm getting the results above.

My question is why I'm getting !A  *  !A in the traceroute and U.U.U in the PING?

I know the host is up since I'm getting the device's IP in the ARP on the switch.

Thank you,

Federico.

I have this problem too.
0 votes
Correct Answer by jimmysands73_2 about 6 years 4 months ago

Weird, I agree....have you tried bouncing the port on the switch?

Correct Answer by Jon Marshall about 6 years 4 months ago

Federico

What has changed since it worked previously ?

On the treaceroute response A means administratively prohibited, are you sure there is not some filtering on the actual device ?

Jon

Correct Answer by mohamed_makled about 6 years 4 months ago

Hi Federico

Did you try to connect that device on another port ?

If not , try to connect this device on another port with the same configuartion and check the port status by issuing the following command :

"show interface xxxxx"

MAM

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Correct Answer
mohamed_makled Tue, 07/20/2010 - 11:13

Hi Federico

Did you try to connect that device on another port ?

If not , try to connect this device on another port with the same configuartion and check the port status by issuing the following command :

"show interface xxxxx"

MAM

Federico Coto F... Tue, 07/20/2010 - 11:22

Thank you Mohamed,

Unfortunately I have no physical access to the switch or the device at this moment...

But the status of the port is fine:

sw#sh int gig 0/13
GigabitEthernet0/13 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0024.c38b.2c8d (bia 0024.c38b.2c8d)
  Description: VoIP Downetworks
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 10Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     21594081 packets input, 1893662499 bytes, 0 no buffer
     Received 85900 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 83596 multicast, 0 pause input
     0 input packets with dribble condition detected
     28122229 packets output, 2318328659 bytes, 0 underruns
     0 output errors, 17858 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

This is the port Gig0/13, which is the port directly connected to the 201.193.214.51 device.

From ''sh arp''

Internet  201.193.214.51        123   000a.f444.f187  ARPA   Vlan2

Federico.

mohamed_makled Tue, 07/20/2010 - 11:41

Federico

from the above output , i noted that duplex mode is Half duplex and the speed is 10Mb/s.

what about the NIC card of that device? is it 10M, 100M or 1G???

can you send me the configuration of the port gig 0/3 ?? try to use " sh run interface gig0/3 " on the switch.

MAM

Federico Coto F... Tue, 07/20/2010 - 12:06

I noticed that too...

Is negotiating at 10Mbps Half-Duplex even though is a Gig interface.

I just found out the device is a Cisco IAD 2400

Here's the output for that port:

interface GigabitEthernet0/13
description VoIP Downetworks
switchport access vlan 2
spanning-tree portfast
end

Federico.

Correct Answer
Jon Marshall Tue, 07/20/2010 - 12:37

Federico

What has changed since it worked previously ?

On the treaceroute response A means administratively prohibited, are you sure there is not some filtering on the actual device ?

Jon

Federico Coto F... Tue, 07/20/2010 - 12:47

There has been many changes and the problem arises because the people in charge of accessing the device are no longer able to do that.

But I cannot access the device from the directly connected switch 3560.

This switch has the following:

interface Vlan2
ip address 201.193.214.15 255.255.255.128
end

interface GigabitEthernet0/13
description VoIP Downetworks
switchport access vlan 2
spanning-tree portfast
end

do sh int gig 0/13
GigabitEthernet0/13 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0024.c38b.2c8d (bia 0024.c38b.2c8
  Description: VoIP Downetworks
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 10Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:06, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     21637957 packets input, 1897132627 bytes, 0 no buffer
     Received 85988 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 83684 multicast, 0 pause input
     0 input packets with dribble condition detected
     28185262 packets output, 2323231782 bytes, 0 underruns
     0 output errors, 17879 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

Now,

They say that the device only works at 10Mbps.

There are no ACLs  on the switch itself.

There's nothing in between the switch and the IAD 2400 ( I even see the IP/MAC of the device on the ARP from the switch)

I'm lost :-(

Federico.

Federico Coto F... Tue, 07/20/2010 - 13:06

Yes, that's what I want to reboot it but can't at the moment (no physical access).

Anyway, I wanted to restart it and I guess that's the only option at this point.


Federico.

Correct Answer
jimmysands73_2 Tue, 07/20/2010 - 15:12

Weird, I agree....have you tried bouncing the port on the switch?

Federico Coto F... Tue, 07/20/2010 - 15:37

Hey guys,

It turned out that there was a filter (ACL) on the IAD 2400 itself which we have no access at all and therefore could not tell.

The people in charge where sure there was no restriction on the device itself, but it turns out it was :-|

There was nothing wrong on our side.

We fixed the ACL (they have messed up with) and now everything works.

I appreciate everybodys help!

Federico.

Actions

This Discussion