Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

DWA
New Member

4006 with L3 -> How can you explain this phenomem?

Hello,

A customer has got a Cisco 4006 with a MSFC and sup II in order to route

inter-vlan(usual).

He has got a vlan 1 with approximatly 2500 users (the interface of the vlan

1 is 10.12.10.6)

A computer connects to the 4006 (@IP 10.X.X.X) on the vlan 1 with the good subnet mask.

A server connects to the 4006 (@IP 10.1.8.121) on the vlan 1 with the good subnet mask.

Ping Computer -> Server : OK

Ping Server -> Computer : OK

Now we are deconnecting the server from the 4006.

If we ping the computer to server, the answer of the ping is :

H:\>ping ps002121 -t

Pinging ps002121 [10.1.8.121] avec 32 octets de données :

Réponse de 10.12.10.6 : Impossible de joindre le réseau de destination.

Réponse de 10.12.10.6 : Impossible de joindre le réseau de destination.

Réponse de 10.12.10.6 : Impossible de joindre le réseau de destination.

Réponse de 10.12.10.6 : Impossible de joindre le réseau de destination.

Réponse de 10.12.10.6 : Impossible de joindre le réseau de destination.

Réponse de 10.12.10.6 : Impossible de joindre le réseau de destination.

Request time out

Réponse de 10.12.10.6 : Impossible de joindre le réseau de destination.

Request time out

Réponse de 10.12.10.6 : Impossible de joindre le réseau de destination.

Réponse de 10.12.10.6 : Impossible de joindre le réseau de destination.

Réponse de 10.12.10.6 : Impossible de joindre le réseau de destination.

Request time out

Réponse de 10.12.10.6 : Impossible de joindre le réseau de destination.

Réponse de 10.12.10.6 : Impossible de joindre le réseau de destination.

Why have i got "Réponse de 10.12.10.6 : Impossible de joindre le réseau de

destination"

altought it will have to do layer two (because it's in the same vlan and

it's the switch)

and so the packet hasn't have to reach the layer 3.

I think that the theoric answer will always be "Request time out".

We add ACL on layer 3 (on MSFC)

Configuration ACL

interface Port-channel1.1

description Interface-virtuelle-VLAN1-Natif

encapsulation dot1Q 1 native

ip address 10.12.10.6 255.0.0.0

ip access-group 100 in

no ip redirects

no ip directed-broadcast

standby 255 priority 100

standby 255 preempt

standby 255 ip 10.12.10.5

access-list 100 permit ip 10.0.0.0 0.255.255.255 host 10.12.10.5

access-list 100 permit ip 10.0.0.0 0.255.255.255 host 10.12.10.6

access-list 100 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255

access-list 100 permit ip any any

Why is the packet not dropped?

Thanx you for all.

4 REPLIES
Cisco Employee

Re: 4006 with L3 -> How can you explain this phenomem?

Access-lists are not supported on port-channel interfaces

http://www.cisco.com/warp/public/473/28.html#ACL

Regarding ping drops from computer to server, check to see if you see any errors on switch ports. Also put a sniffer and see who is not responding to the ICMP requests

DWA
New Member

Re: 4006 with L3 -> How can you explain this phenomem?

Thx You for your answer.

I think that there is no error on switch ports but I will verify with the customers.

Anyway, we don't understand why the Layer 3 answers to a ping launched between a client and a server located in the same VLAN if the server is deconnected -> because it's only switched on level 2 (due to the same Vlan).

I think that frames don't have to reach the layer 3 and so enter inside the ACL.

New Member

Re: 4006 with L3 -> How can you explain this phenomem?

Regardless of whether or not the two hosts are on the same IP subnet, the packet goes to layer 3 because you are pinging the IP address, which resides at layer 3. The packet still has to go to the router to see if the host is on the same subnet.

DWA
New Member

Re: 4006 with L3 -> How can you explain this phenomem?

Thx you edmonds robert for your answer

but i thought that the VLAN was like a switch if we stay at the same IP subnet,

and to communicate between the server and the client, we doesn't have to reach the Layer 3.

By exemple, you take a switch and you put the server and client on the switch with the same IP subnet,

You don't have to need a router to etablish communication between Client and Server.

So for me and the customer, it's not a normal process that the Layer 3 answer to the request.

93
Views
4
Helpful
4
Replies