cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
548
Views
0
Helpful
6
Replies

Ping to destination is success, but trace is failing

Hi,

              Unable to get trace from cisco switch 3560. We can able to ping 8.8.8.8, internet also working if we connect any PC after cisco switch. Please find the trace below and give any suggestion for this.

 

R1#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/15/17 ms

R1#traceroute ip 8.8.8.8

Type escape sequence to abort.
Tracing the route to google-public-dns-a.google.com (8.8.8.8)

  1  *  *  *
  2  *  *  *
  3  *  *  *
  4  *  *  *
  5  *  *  *
  6  *  *  *
  7  *  *  *
  8  *  *  *
  9  *  *  *
 10  *  *  *
 11  *  *  *
 12  *  *  *
 13  *  *  *
 14  *  *  *
 15  *  *  *
 16  *  *  *
 17  *  *  *
 18  *  *  *
 19  *  *  *
 20  *  *  *
 21  *  *  *
 22  *  *  *
 23  *  *  *
 24  *  *  *
 25  *  *  *
 26  *  *  *
 27  *  *  *
 28  *  *  *
 29  *  *  *
 30  *  *  *

6 Replies 6

LJ Gabrillo
Level 5
Level 5

Try checking for any ACLs applied. Probably icmp-traceroute is blocked.
Also, can you try doing "traceroute 8.8.8.8" skip the IP, first time seeing someone added a prefix "ip" before the, well, IP

Hi,

 

    There is no ACL's in network. Please find the trace again.

 

TRI-SMSC-3560-1#traceroute 8.8.8.8

Type escape sequence to abort.
Tracing the route to google-public-dns-a.google.com (8.8.8.8)

  1  *  *  *
  2  *  *  *
  3  *  *  *
  4  *  *  *
  5  *  *  *
  6  *  *  *
  7  *  *  *
  8  *  *  *
  9  *  *  *
 10  *  *  *
 11  *  *

More information is required.

Post up your switch configuration.

Also tell us what you are connecting the PC to when you bypass the switch, and how that device is normally connected to the switch.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Hi,

 

   Please find the configuration file in attachment. 

 

Server/PC --> 3560 Sw --> Firewall --> NIB.

 

This is the connectivity.

Hi,

 

Usually a Firewall (ASA) will block the trace for security measures, so what you can do on the firewall, if it is an ASA or PIX is the following:

 

 You need to enable icmp error inspection to see all intermediate hosts.

 

 policy-map global_policy

 class inspection_default

  inspect icmp errors

 

Take a look to this Link to the command reference:

 http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/i2.html#pgfId-1760544

The reason for such behavior is that by default ASA (a security device!) will hide all

hosts on path for ICMP time-exceeded messages behind NAT.

 

Or you could follow this other workaround:

http://www.petenetlive.com/KB/Article/0000753.htm

 

Please don't forget to rate and mark as correct the helpful Post!

 

David Castro,

 

Regards,

Jerry Paul
Level 1
Level 1

Hi,

 

use this command R1#traceroute 8.8.8.8

 

and to stop the process press ctrl+shift+6

 

 

 

Get Free Pre-Sales Technical Support and purchase Networking Hardware Equipment at lowest prices with fast shipment at www.thenetworkhardware.com
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco