03-20-2015 03:52 AM - edited 03-03-2019 07:47 AM
Hi,
Unable to get trace from cisco switch 3560. We can able to ping 8.8.8.8, internet also working if we connect any PC after cisco switch. Please find the trace below and give any suggestion for this.
R1#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/15/17 ms
R1#traceroute ip 8.8.8.8
Type escape sequence to abort.
Tracing the route to google-public-dns-a.google.com (8.8.8.8)
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
03-20-2015 04:12 AM
Try checking for any ACLs applied. Probably icmp-traceroute is blocked.
Also, can you try doing "traceroute 8.8.8.8" skip the IP, first time seeing someone added a prefix "ip" before the, well, IP
03-20-2015 04:36 AM
Hi,
There is no ACL's in network. Please find the trace again.
TRI-SMSC-3560-1#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to google-public-dns-a.google.com (8.8.8.8)
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * *
03-20-2015 04:57 AM
More information is required.
Post up your switch configuration.
Also tell us what you are connecting the PC to when you bypass the switch, and how that device is normally connected to the switch.
Aaron
03-20-2015 05:16 AM
03-21-2015 12:18 PM
Hi,
Usually a Firewall (ASA) will block the trace for security measures, so what you can do on the firewall, if it is an ASA or PIX is the following:
You need to enable icmp error inspection to see all intermediate hosts.
policy-map global_policy
class inspection_default
inspect icmp errors
Take a look to this Link to the command reference:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/i2.html#pgfId-1760544
The reason for such behavior is that by default ASA (a security device!) will hide all
hosts on path for ICMP time-exceeded messages behind NAT.
Or you could follow this other workaround:
http://www.petenetlive.com/KB/Article/0000753.htm
Please don't forget to rate and mark as correct the helpful Post!
David Castro,
Regards,
03-20-2015 05:08 AM
Hi,
use this command R1#traceroute 8.8.8.8
and to stop the process press ctrl+shift+6
Get Free Pre-Sales Technical Support and purchase Networking Hardware Equipment at lowest prices with fast shipment at www.thenetworkhardware.com |
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: