×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Traffic will not pass through the LD 416 version 4.2.2.5

Unanswered Question
Jul 24th, 2003
User Badges:

With the following config I am not able to pass traffic through the LD. I can ping the virtuals from the 172.28.100 subnet but not the reals. I can ping the reals if I ping from the ld?


virtual 172.28.100.36:21:0:tcp is

virtual 172.28.100.32:80:0:tcp is

virtual 172.28.100.34:25:0:tcp is

real 172.28.100.30:80:0:tcp is

real 172.28.100.35:21:0:tcp is

real 172.28.100.33:25:0:tcp is

real 172.28.100.31:80:0:tcp is

name 172.28.100.30 web1

name 172.28.100.35 web1ftp

name 172.28.100.33 web2sendmail

name 172.28.100.31 web2

name 172.28.100.36 domainftp

name 172.28.100.32 domain

name 172.28.100.34 domainsendmail

bind 172.28.100.36:21:0:tcp 172.28.100.35:21:0:tcp

bind 172.28.100.32:80:0:tcp 172.28.100.31:80:0:tcp

bind 172.28.100.32:80:0:tcp 172.28.100.30:80:0:tcp

bind 172.28.100.34:25:0:tcp 172.28.100.33:25:0:tcp


I almost think it's hardware but am not sure. Any thoughts or suggestions would be appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Fri, 07/25/2003 - 03:19
User Badges:
  • Cisco Employee,

What's the physical topology ?

Can we have the rest of the config ?

did you configure ping-allow ' ?


Gilles.

tmcmillion Fri, 07/25/2003 - 05:25
User Badges:

Here is the complete config and topology.


pix dmz>>>>>3550 vlan13>>>>>ld416 e0>>>>>ld416 e1>>>>> 3550 vlan 14(non-routed)>>>>>>servers


no shutdown ethernet 0

no shutdown ethernet 1

interface ethernet 0 100full

interface ethernet 1 100full

mtu 0 1500

mtu 1 1500

multiring all

no secure 0

no secure 1

ping-allow 0

ping-allow 1

ip address xxx.xxx.xx.10 255.255.254.0

route 0.0.0.0 0.0.0.0 172.28.100.1 1

arp timeout 30

no rip passive

rip version 1

failover ip address 0.0.0.0

no failover

failover hellotime 30

password xxxxxxx

snmp-server enable traps

snmp-server community public

no snmp-server contact

no snmp-server location

virtual 172.28.100.34:25:0:tcp is

virtual 172.28.100.32:80:0:tcp is

virtual 172.28.100.36:21:0:tcp is

real 172.28.100.31:80:0:tcp is

real 172.28.100.33:25:0:tcp is

real 172.28.100.35:21:0:tcp is

real 172.28.100.30:80:0:tcp is

name 172.28.100.36 domainftp

name 172.28.100.35 web1ftp

name 172.28.100.33 web2sendmail

name 172.28.100.34 domainsendmail

name 172.28.100.31 web2

name 172.28.100.30 web1

name 172.28.100.32 domain

bind 172.28.100.34:25:0:tcp 172.28.100.33:25:0:tcp

bind 172.28.100.32:80:0:tcp 172.28.100.30:80:0:tcp

bind 172.28.100.32:80:0:tcp 172.28.100.31:80:0:tcp

bind 172.28.100.36:21:0:tcp 172.28.100.35:21:0:tcp

Gilles Dufour Fri, 07/25/2003 - 06:15
User Badges:
  • Cisco Employee,

ok - this looks good.

If you do a 'sho arp', are the real servers correctly learned on e1 and the gateway on e0 ?


Next is the sniffer trace on vlan 13 and vlan 14 to see if the arp request and reply and the pings are going through or not.


Gilles.

tmcmillion Fri, 07/25/2003 - 06:22
User Badges:

Results of sh arp not good, real servers not being seen.


CCNWEBLD10# sh arp

Interface 0:

172.28.100.1 (000c.85c9.be80)

Interface 1:

Gilles Dufour Sat, 07/26/2003 - 04:54
User Badges:
  • Cisco Employee,

but can you ping the real servers from the LD ?

I thought you said yes ?

If so, do the ping again and then the 'sho arp'.

Check the catalyst config, make sure vlan's are correct and that spanning-tree is forwarding on both LD interface.


Gilles

tmcmillion Mon, 07/28/2003 - 07:08
User Badges:

Yes, I can ping from the ld to the reals and when I did ping again from the ld the addresses showed up in the sh arp on e1.

Yes, the vlans in question are correct and both are forwarding.


Thanks,

Todd.

Actions

This Discussion