May I seek your assistance on my issue with my connectivity.
I have a 6506 L3 SW configured a VLAN for my internet but i am having an issue between my 6506 and the router.
Here's the scenario; From cisco 6506 there's a VLAN configured for internet assigned ip address for the VLAN interface all the the way to router.
C6506 ==> OLT ==> ONU ==> Cisco ROUTER ==> Laptop
From C6506 to Router assigned VLAN 774 w/ip address 220.127.116.11/27
VLAN interface ip is 18.104.22.168/27
Router interface 1 ip is 22.214.171.124/27
Router interface 2 ip facing laptop is 126.96.36.199/28
Laptop ip is 188.8.131.52/28
- PING from router to C6506 is good
- PING from Laptop to Cisco Router is good
- But PING from C6506 to router is failing
I have configured static/default route in C6506 next hop to Cisco Router interface 1 IP address vice-versa.
Please help, thank you very much.
technically speaking a PING test is a BI-DIRECTIONAL connectivity test meaning that if you succesfully ping from Router to the C6k you confirmed that you have correct routing bidirectionally
However the interface your are sourcing the ping from is important as, even though by defaul the interface IP closest to destination is picked, sometimes you can have strange surprise.
What are you exactly pinging from the cat6k, IP 1 or IP 2?
Can you make sure you specify your source interface of the ping as your SVI address 184.108.40.206 (if the c6k picks another interface as the ping source you need to make sure that that address is present in the routing table the router).
If this does not help can you print show ip route of the cat 6k (after you confirm what you are exactly pinging)?
Yeah! I am expecting that I can ping both sides but unfortunately not.
Yes, I am pinging Cisco Router interface 1 (220.127.116.11/27) from C6506. PING IS NOT GOOD. Even source ping from interface VLAN 774 is not good.
SW1-6506#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 18.104.22.168 to network 0.0.0.0
C 22.214.171.124/27 is directly connected, Vlan774
S 192.168.1.0/24 is directly connected, Vlan777
C 192.168.70.0/24 is directly connected, Vlan70
There is also the possibility that an access list on one of the interfaces is preventing ping in that direction. It could be on the 6505 or it could be on the router. Would you post the configuration of both interfaces?
Here's the access-list and interface config we have in C6506.
SW1-6506#sh run | beg access-list
ip as-path access-list 10 permit ^$
access-list 1 permit 126.96.36.199 0.0.7.255
access-list 10 permit any
access-list 101 permit ip any 0.0.0.0 255.255.255.0
SW1-6506#sh run int vlan 774
Current configuration : 122 bytes
ip address 188.8.131.52 255.255.255.224
interface GigabitEthernet4/23 <<<=== Interface Connected to OLT
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,8,16,20,23,32,45,51,52,60,96,112-114,184,185
switchport trunk allowed vlan add 197,230,600,649-651,700,709,714,724,774,779
switchport trunk allowed vlan add 833,858,870,871,895,896
switchport mode trunk
storm-control broadcast level 5.00
storm-control multicast level 5.00
- For the Router config, no access-list just the ip address (184.108.40.206/27) assigned to interface.
Where is 220.127.116.11 come from?
I don't see this subnet as your connected interface.
Can you provide sh run from the router and the switch?
18.104.22.168 is ip address for BGP peering...
I have very long run config in C6506 and for the router I dont have the run config but I am sure there's is no access-list and only the ip address on the interface facing to C6506 is configured.
So, between the the router and the switch you have one subnet and that is 22.214.171.124/27
the IP address on the switch side is 126.96.36.199/27
and the IP address on the router side is 188.8.131.52/27
and the OLT and ONU are just layer-2
From the router you can ping 184.108.40.206
From the switch you can't ping 220.127.116.11
I know that OLT is capable of doing vlans, but how about ONU?
Is vlan 774 configured on the ONU?
I don't think this is a vlan issue on the intermediate switches or else it should not woork on the other direction either.
we first need to understand where the connectivity breaks (which device) and on which direction.
what we know until know is that icmp type 8 packets from right to left are ok
icmp type 0 packets left to right are ok too.
but we don't know if icmp type 8 left to right are not able to reach the router, or instead they do but the icmp type 0 right to left are dropped instead.
So first thing we need to see whether the router receives the icmp request from the cat6k.
you should configure and ACL on the ingress interface of the router (interface 1) to see if you receive the icmp packets from the c6k.
If you don't see it please make sure whether the ACL is actually working; for that you need to also start a ping from the router
If the router receive the requests we need to check if the c6k receives the replies.
for that we need to sniff the cpu. we have an easy way on the cat6k which is the debug netdr capture.
I will share more detail on this after your next step.
Yes, VLAN is configured all the way to ONU. Ping from Router is good but ping from C6506 to Router is not good.
Is debug netdr can't affect the memory/cpu utilization of C6506? And how can I identify the icmp type 0 and 8?
just configure an ACL matching source and destination of the ping and also the same addresses in the reverse order and check in which directiom you have the hits
on the router you just need an ACL like this
permit ip host 18.104.22.168 host 22.214.171.124
permit ip host 126.96.36.199 host 188.8.131.52
permit ip any any