Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

traceroutes failing across 3550 switch

I have a 3550 switch which is in the egress path towards the Internet at my client site. I have only one VLAN configured with an IP address on the switch, and all traffic goes through this Gateway in and out of the network.

When I run a traceroute from inside the network, I get to the client Gateway (1st Hop), but then never get a 2nd IP entry of 172.16.1.7 in line 2 of my traceroutes.

Is there something on the switch that I may need to configure? IP traffic other than ICMP is fine. The switch will answer back to a ping....

Thx

16 REPLIES
New Member

Re: traceroutes failing across 3550 switch

What do you have after the switch, it could be your firewall not responding to the icmp traffic.

I can get to google.com but I can not tracert to google.com or anything else outside my network. My ASA drops the icmp traffic.

New Member

Re: traceroutes failing across 3550 switch

"When I run a traceroute from inside the network, I get to the client Gateway (1st Hop), but then never get a 2nd IP entry of 172.16.1.7 in line 2 of my traceroutes. "

I am not sure what you mean here.

Do you have a route to 172.16.1.7? Does the other end have a route back to you?

New Member

Re: traceroutes failing across 3550 switch

Here is a sample:

1 <1 ms <1 ms <1 ms bhicore.boarsheadinn.com [192.168.5.1]

2 * * * Request timed out.

3 * * * Request timed out.

4 * * * Request timed out.

5 * * * Request timed out.

6 * * * Request timed out.

7 * * * Request timed out.

8 * * * Request timed out.

9 * * * Request timed out.

10 * * * Request timed out.

The 172.16.1.7 address should be the 2nd line in the traceroute. He is the next IP hop on the way out. The appropriate routes are in place...see below:

C:\Documents and Settings\kevin.BOARSHEADINN.000>ping 172.16.1.7

Pinging 172.16.1.7 with 32 bytes of data:

Reply from 172.16.1.7: bytes=32 time=1ms TTL=255

Reply from 172.16.1.7: bytes=32 time<1ms TTL=255

Reply from 172.16.1.7: bytes=32 time<1ms TTL=255

Reply from 172.16.1.7: bytes=32 time<1ms TTL=255

Ping statistics for 172.16.1.7:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Documents and Settings\kevin.BOARSHEADINN.000>

Thanks

Bronze

Re: traceroutes failing across 3550 switch

If the 172.16.1.7 interface and 192.168.5.1 live on the same device, you should only get the nearest interface responding back to you...

New Member

Re: traceroutes failing across 3550 switch

They are not the same device. The 192.168.5.1 is the GW on our Core switch. The 172.16.1.7 is another switch and the next hop out on the way to the Internet...

Bronze

Re: traceroutes failing across 3550 switch

Traceroute to 172.16.1.7 and show us the output of that.

New Member

Re: traceroutes failing across 3550 switch

C:\Documents and Settings\kevin.BOARSHEADINN.000>tracert 172.16.1.7

Tracing route to 172.16.1.7 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms bhicore.boarsheadinn.com [192.168.5.1]

2 1 ms <1 ms <1 ms 172.16.1.7

Trace complete.

C:\Documents and Settings\kevin.BOARSHEADINN.000>

Bronze

Re: traceroutes failing across 3550 switch

Is 172.16.1.7 a L3 switch?

Bronze

Re: traceroutes failing across 3550 switch

If its not a Layer 3 switch, it will not show up on the traceroute, because its not part of the routing path.

Bronze

Re: traceroutes failing across 3550 switch

I think I just answered my question.

You have this topology:

L3Switch ---- layer 2 switch ---- Internet gateway

Only the L3switch and Internet gateway will respond to the traceroute (ICMP is L3), because the other switch is a layer two pathway. Only routers will respond to the traceroute.

I would assume you have ICMP blocked somewhere at your internet gateway.

New Member

Re: traceroutes failing across 3550 switch

ICMP is not blocked anywhere. I can ping all the way out the entire path. It is just traceroute that fails at the 2nd hop, not pings..

New Member

Re: traceroutes failing across 3550 switch

But it is part of the routing path. I sent you a trace route indicating that...

New Member

Re: traceroutes failing across 3550 switch

It is an L3 switch. We have a VLAN 3 configured on it. It has an ip address of 172.16.1.7. All the devices in that network (which is the way in and out towards the Internet) plug into a VLAN 3 port and use 172.16.1.7 as their gateway.

Bronze

Re: traceroutes failing across 3550 switch

It looks like you are blocking some ICMP. The traceroute you sent only shows one response.

1 <1 ms <1 ms <1 ms bhicore.boarsheadinn.com [192.168.5.1]

2 * * * Request timed out.

3 * * * Request timed out.

4 * * * Request timed out.

5 * * * Request timed out.

6 * * * Request timed out.

7 * * * Request timed out.

8 * * * Request timed out.

9 * * * Request timed out.

10 * * * Request timed out.

New Member

Re: traceroutes failing across 3550 switch

Yes that trace is from a workstation out to yahoo.com. When i run my traceroute from my workstation to the switch, we get

C:\Documents and Settings\kevin.BOARSHEADINN.000>tracert 172.16.1.7

Tracing route to 172.16.1.7 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms bhicore.boarsheadinn.com [192.168.5.1]

2 1 ms 1 ms <1 ms 172.16.1.7

Trace complete.

C:\Documents and Settings\kevin.BOARSHEADINN.000>tracert 206.248.224.1

seems it is only when a traceroute past the switch is performed does the switch and then each subsequent ip hop go silent...

Bronze

Re: traceroutes failing across 3550 switch

I think these are what you need to enable ICMP/Traceroute through the network:

access-list acl_out permit icmp any any time-exceeded

access-list acl_out permit icmp any any unreachable

access-list acl_out permit icmp any any echo

access-list acl_out permit icmp any any echo-reply

329
Views
0
Helpful
16
Replies