07-20-2010 10:39 AM - edited 03-06-2019 12:07 PM
Hi,
I wish somebody can help me with this.
There's a device that we don't manage that is attached to one of the switch's port (3560)
The device is not allowed to respond to ICMP.
Here's the deal...
Previously from the network, we can reach that device via telnet, http and other protocols...
Now this is the results:
router#trace 201.193.214.51
Type escape sequence to abort.
Tracing the route to 201.193.214.51
1 201.193.188.122 4 msec 0 msec 0 msec
2 201.193.214.51 !A * !A
router#ping 201.193.214.51
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 201.193.214.51, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
router#telnet 201.193.214.51 80
Trying 201.193.214.51, 80 ...
% Destination unreachable; gateway or host down
There are no ACLs in the path, no load-balancing...
The device is just connected to the switch, which connects to the router and from the router I'm getting the results above.
My question is why I'm getting !A * !A in the traceroute and U.U.U in the PING?
I know the host is up since I'm getting the device's IP in the ARP on the switch.
Thank you,
Federico.
Solved! Go to Solution.
07-20-2010 11:13 AM
Hi Federico
Did you try to connect that device on another port ?
If not , try to connect this device on another port with the same configuartion and check the port status by issuing the following command :
"show interface xxxxx"
MAM
07-20-2010 12:37 PM
Federico
What has changed since it worked previously ?
On the treaceroute response A means administratively prohibited, are you sure there is not some filtering on the actual device ?
Jon
07-20-2010 03:12 PM
Weird, I agree....have you tried bouncing the port on the switch?
07-20-2010 11:13 AM
Hi Federico
Did you try to connect that device on another port ?
If not , try to connect this device on another port with the same configuartion and check the port status by issuing the following command :
"show interface xxxxx"
MAM
07-20-2010 11:22 AM
Thank you Mohamed,
Unfortunately I have no physical access to the switch or the device at this moment...
But the status of the port is fine:
sw#sh int gig 0/13
GigabitEthernet0/13 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0024.c38b.2c8d (bia 0024.c38b.2c8d)
Description: VoIP Downetworks
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 10Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
21594081 packets input, 1893662499 bytes, 0 no buffer
Received 85900 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 83596 multicast, 0 pause input
0 input packets with dribble condition detected
28122229 packets output, 2318328659 bytes, 0 underruns
0 output errors, 17858 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
This is the port Gig0/13, which is the port directly connected to the 201.193.214.51 device.
From ''sh arp''
Internet 201.193.214.51 123 000a.f444.f187 ARPA Vlan2
Federico.
07-20-2010 11:41 AM
Federico
from the above output , i noted that duplex mode is Half duplex and the speed is 10Mb/s.
what about the NIC card of that device? is it 10M, 100M or 1G???
can you send me the configuration of the port gig 0/3 ?? try to use " sh run interface gig0/3 " on the switch.
MAM
07-20-2010 12:06 PM
I noticed that too...
Is negotiating at 10Mbps Half-Duplex even though is a Gig interface.
I just found out the device is a Cisco IAD 2400
Here's the output for that port:
interface GigabitEthernet0/13
description VoIP Downetworks
switchport access vlan 2
spanning-tree portfast
end
Federico.
07-20-2010 12:37 PM
Federico
What has changed since it worked previously ?
On the treaceroute response A means administratively prohibited, are you sure there is not some filtering on the actual device ?
Jon
07-20-2010 12:47 PM
There has been many changes and the problem arises because the people in charge of accessing the device are no longer able to do that.
But I cannot access the device from the directly connected switch 3560.
This switch has the following:
interface Vlan2
ip address 201.193.214.15 255.255.255.128
end
interface GigabitEthernet0/13
description VoIP Downetworks
switchport access vlan 2
spanning-tree portfast
end
do sh int gig 0/13
GigabitEthernet0/13 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0024.c38b.2c8d (bia 0024.c38b.2c8
Description: VoIP Downetworks
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 10Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:06, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
21637957 packets input, 1897132627 bytes, 0 no buffer
Received 85988 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 83684 multicast, 0 pause input
0 input packets with dribble condition detected
28185262 packets output, 2323231782 bytes, 0 underruns
0 output errors, 17879 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Now,
They say that the device only works at 10Mbps.
There are no ACLs on the switch itself.
There's nothing in between the switch and the IAD 2400 ( I even see the IP/MAC of the device on the ARP from the switch)
I'm lost :-(
Federico.
07-20-2010 12:55 PM
Federico
Try to reload the device and the test the connection.
MAM
07-20-2010 01:06 PM
Yes, that's what I want to reboot it but can't at the moment (no physical access).
Anyway, I wanted to restart it and I guess that's the only option at this point.
Federico.
07-20-2010 03:12 PM
Weird, I agree....have you tried bouncing the port on the switch?
07-20-2010 03:37 PM
Hey guys,
It turned out that there was a filter (ACL) on the IAD 2400 itself which we have no access at all and therefore could not tell.
The people in charge where sure there was no restriction on the device itself, but it turns out it was :-|
There was nothing wrong on our side.
We fixed the ACL (they have messed up with) and now everything works.
I appreciate everybodys help!
Federico.
07-20-2010 03:47 PM
Hate when that happens!!
Thanks for the update, glad you got it working
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: