cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
739
Views
0
Helpful
2
Replies

Cannot do a simple ping anymore?

Joris Syen
Level 1
Level 1

Hello,

A few days ago this was working properly, but I must have changed some things that adjusted some settings because I am unable to ping between 2 devices that are on the same switch, in the same network, in the same VLAN.

I am able to ping to the VLAN interface on the switch.

This is my configuration (Catalyst 3560 Layer 3 switch):

ALGSWI01#show vlan

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi0/3, Gi0/4, Gi0/7, Gi0/9

                                                Gi0/15, Gi0/16, Gi0/19, Gi0/21

                                                Gi0/23

11   MES_HMI                          active    Gi0/1, Gi0/2, Gi0/8, Gi0/10

                                                Gi0/12, Gi0/13, Gi0/14, Gi0/20

                                                Gi0/22, Gi0/24

12   CONTROL_TA                       active

13   CONTROL_TC                       active

14   VM_MGMNT                         active    Gi0/5, Gi0/6, Gi0/17, Gi0/18

ALGSWI01#show running interface vlan 11

Building configuration...

Current configuration : 66 bytes

!

interface Vlan11

ip address 192.168.100.1 255.255.255.224

end

device connected: 192.168.100.10 255.255.255.224 DG 192.168.100.1

ALGSWI01#show int g0/8 switchport

Name: Gi0/8

Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: negotiate

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 11 (MES_HMI)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

device connected: 192.168.100.11 255.255.255.224 DG 192.168.100.1

ALGSWI01#show int g0/12 switchport

Name: Gi0/12

Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: negotiate

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 11 (MES_HMI)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

test:

on device 192.168.100.10

ping 192.168.100.1 = OK

ping 192.168.100.11 = request timed out

on device 192.168.100.11

ping 192.168.100.1 = OK

ping 192.168.100.10 = request timed out

What am I doing wrong? I have no idea?

Need any additional information?

Thanks a lot!

Best Regards,

Joris

1 Accepted Solution

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Joris,

no private vlans are configured and no VACL is applied to the SVI vlan 11.

the first steps to troubleshoot are to check if the switch has ARP entries for both the hosts

on switch

show ip arp 192.168.100.10

show ip arp 192.168.100.11

an entry for 192.168.100.10 should exist because ping between this host and SVI works well.

For the second host if you get an answer compare the reported MAC address with the output of

show mac address-table interface gi0/12

( or show mac-address-table interface gi0/12 IOS release dependent)

They should be the same.

If you have an ARP entry for 192.168.100.11 and the listed MAC address is learned on the right interface gi0/12 the issue may be a firewall running on host 12.168.100.11

if the ARP entry is empty and/or there is no MAC address learned on the port gi0/12 there is an issue you could try to use a shut/no shut cycle of port gi0/12 to see if the behaviour changes

Hope to help

Giuseppe

View solution in original post

2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Joris,

no private vlans are configured and no VACL is applied to the SVI vlan 11.

the first steps to troubleshoot are to check if the switch has ARP entries for both the hosts

on switch

show ip arp 192.168.100.10

show ip arp 192.168.100.11

an entry for 192.168.100.10 should exist because ping between this host and SVI works well.

For the second host if you get an answer compare the reported MAC address with the output of

show mac address-table interface gi0/12

( or show mac-address-table interface gi0/12 IOS release dependent)

They should be the same.

If you have an ARP entry for 192.168.100.11 and the listed MAC address is learned on the right interface gi0/12 the issue may be a firewall running on host 12.168.100.11

if the ARP entry is empty and/or there is no MAC address learned on the port gi0/12 there is an issue you could try to use a shut/no shut cycle of port gi0/12 to see if the behaviour changes

Hope to help

Giuseppe

Hello Guiseppe,

Thank you for your very usefull help, it was the firewall that was enabled!

Problem solved!

Best Regards,

Joris

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: