Traffic will not pass through the LD 416 version 4.2.2.5

tmcmillion · ‎07-24-2003

With the following config I am not able to pass traffic through the LD. I can ping the virtuals from the 172.28.100 subnet but not the reals. I can ping the reals if I ping from the ld?

virtual 172.28.100.36:21:0:tcp is

virtual 172.28.100.32:80:0:tcp is

virtual 172.28.100.34:25:0:tcp is

real 172.28.100.30:80:0:tcp is

real 172.28.100.35:21:0:tcp is

real 172.28.100.33:25:0:tcp is

real 172.28.100.31:80:0:tcp is

name 172.28.100.30 web1

name 172.28.100.35 web1ftp

name 172.28.100.33 web2sendmail

name 172.28.100.31 web2

name 172.28.100.36 domainftp

name 172.28.100.32 domain

name 172.28.100.34 domainsendmail

bind 172.28.100.36:21:0:tcp 172.28.100.35:21:0:tcp

bind 172.28.100.32:80:0:tcp 172.28.100.31:80:0:tcp

bind 172.28.100.32:80:0:tcp 172.28.100.30:80:0:tcp

bind 172.28.100.34:25:0:tcp 172.28.100.33:25:0:tcp

I almost think it's hardware but am not sure. Any thoughts or suggestions would be appreciated.

Gilles Dufour · ‎07-25-2003

What's the physical topology ?

Can we have the rest of the config ?

did you configure ping-allow ' ?

Gilles.

tmcmillion · ‎07-25-2003

Here is the complete config and topology.

pix dmz>>>>>3550 vlan13>>>>>ld416 e0>>>>>ld416 e1>>>>> 3550 vlan 14(non-routed)>>>>>>servers

no shutdown ethernet 0

no shutdown ethernet 1

interface ethernet 0 100full

interface ethernet 1 100full

mtu 0 1500

mtu 1 1500

multiring all

no secure 0

no secure 1

ping-allow 0

ping-allow 1

ip address xxx.xxx.xx.10 255.255.254.0

route 0.0.0.0 0.0.0.0 172.28.100.1 1

arp timeout 30

no rip passive

rip version 1

failover ip address 0.0.0.0

no failover

failover hellotime 30

password xxxxxxx

snmp-server enable traps

snmp-server community public

no snmp-server contact

no snmp-server location

virtual 172.28.100.34:25:0:tcp is

virtual 172.28.100.32:80:0:tcp is

virtual 172.28.100.36:21:0:tcp is

real 172.28.100.31:80:0:tcp is

real 172.28.100.33:25:0:tcp is

real 172.28.100.35:21:0:tcp is

real 172.28.100.30:80:0:tcp is

name 172.28.100.36 domainftp

name 172.28.100.35 web1ftp

name 172.28.100.33 web2sendmail

name 172.28.100.34 domainsendmail

name 172.28.100.31 web2

name 172.28.100.30 web1

name 172.28.100.32 domain

bind 172.28.100.34:25:0:tcp 172.28.100.33:25:0:tcp

bind 172.28.100.32:80:0:tcp 172.28.100.30:80:0:tcp

bind 172.28.100.32:80:0:tcp 172.28.100.31:80:0:tcp

bind 172.28.100.36:21:0:tcp 172.28.100.35:21:0:tcp

Gilles Dufour · ‎07-25-2003

ok - this looks good.

If you do a 'sho arp', are the real servers correctly learned on e1 and the gateway on e0 ?

Next is the sniffer trace on vlan 13 and vlan 14 to see if the arp request and reply and the pings are going through or not.

Gilles.

tmcmillion · ‎07-25-2003

Results of sh arp not good, real servers not being seen.

CCNWEBLD10# sh arp

Interface 0:

172.28.100.1 (000c.85c9.be80)

Interface 1:

Gilles Dufour · ‎07-26-2003

but can you ping the real servers from the LD ?

I thought you said yes ?

If so, do the ping again and then the 'sho arp'.

Check the catalyst config, make sure vlan's are correct and that spanning-tree is forwarding on both LD interface.

Gilles

tmcmillion · ‎07-28-2003

Yes, I can ping from the ld to the reals and when I did ping again from the ld the addresses showed up in the sh arp on e1.

Yes, the vlans in question are correct and both are forwarding.

Thanks,

Todd.