07-24-2003 10:46 AM
With the following config I am not able to pass traffic through the LD. I can ping the virtuals from the 172.28.100 subnet but not the reals. I can ping the reals if I ping from the ld?
virtual 172.28.100.36:21:0:tcp is
virtual 172.28.100.32:80:0:tcp is
virtual 172.28.100.34:25:0:tcp is
real 172.28.100.30:80:0:tcp is
real 172.28.100.35:21:0:tcp is
real 172.28.100.33:25:0:tcp is
real 172.28.100.31:80:0:tcp is
name 172.28.100.30 web1
name 172.28.100.35 web1ftp
name 172.28.100.33 web2sendmail
name 172.28.100.31 web2
name 172.28.100.36 domainftp
name 172.28.100.32 domain
name 172.28.100.34 domainsendmail
bind 172.28.100.36:21:0:tcp 172.28.100.35:21:0:tcp
bind 172.28.100.32:80:0:tcp 172.28.100.31:80:0:tcp
bind 172.28.100.32:80:0:tcp 172.28.100.30:80:0:tcp
bind 172.28.100.34:25:0:tcp 172.28.100.33:25:0:tcp
I almost think it's hardware but am not sure. Any thoughts or suggestions would be appreciated.
07-25-2003 03:19 AM
What's the physical topology ?
Can we have the rest of the config ?
did you configure ping-allow
Gilles.
07-25-2003 05:25 AM
Here is the complete config and topology.
pix dmz>>>>>3550 vlan13>>>>>ld416 e0>>>>>ld416 e1>>>>> 3550 vlan 14(non-routed)>>>>>>servers
no shutdown ethernet 0
no shutdown ethernet 1
interface ethernet 0 100full
interface ethernet 1 100full
mtu 0 1500
mtu 1 1500
multiring all
no secure 0
no secure 1
ping-allow 0
ping-allow 1
ip address xxx.xxx.xx.10 255.255.254.0
route 0.0.0.0 0.0.0.0 172.28.100.1 1
arp timeout 30
no rip passive
rip version 1
failover ip address 0.0.0.0
no failover
failover hellotime 30
password xxxxxxx
snmp-server enable traps
snmp-server community public
no snmp-server contact
no snmp-server location
virtual 172.28.100.34:25:0:tcp is
virtual 172.28.100.32:80:0:tcp is
virtual 172.28.100.36:21:0:tcp is
real 172.28.100.31:80:0:tcp is
real 172.28.100.33:25:0:tcp is
real 172.28.100.35:21:0:tcp is
real 172.28.100.30:80:0:tcp is
name 172.28.100.36 domainftp
name 172.28.100.35 web1ftp
name 172.28.100.33 web2sendmail
name 172.28.100.34 domainsendmail
name 172.28.100.31 web2
name 172.28.100.30 web1
name 172.28.100.32 domain
bind 172.28.100.34:25:0:tcp 172.28.100.33:25:0:tcp
bind 172.28.100.32:80:0:tcp 172.28.100.30:80:0:tcp
bind 172.28.100.32:80:0:tcp 172.28.100.31:80:0:tcp
bind 172.28.100.36:21:0:tcp 172.28.100.35:21:0:tcp
07-25-2003 06:15 AM
ok - this looks good.
If you do a 'sho arp', are the real servers correctly learned on e1 and the gateway on e0 ?
Next is the sniffer trace on vlan 13 and vlan 14 to see if the arp request and reply and the pings are going through or not.
Gilles.
07-25-2003 06:22 AM
Results of sh arp not good, real servers not being seen.
CCNWEBLD10# sh arp
Interface 0:
172.28.100.1 (000c.85c9.be80)
Interface 1:
07-26-2003 04:54 AM
but can you ping the real servers from the LD ?
I thought you said yes ?
If so, do the ping again and then the 'sho arp'.
Check the catalyst config, make sure vlan's are correct and that spanning-tree is forwarding on both LD interface.
Gilles
07-28-2003 07:08 AM
Yes, I can ping from the ld to the reals and when I did ping again from the ld the addresses showed up in the sh arp on e1.
Yes, the vlans in question are correct and both are forwarding.
Thanks,
Todd.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: