Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ping to destination is success, but trace is failing

Hi,

              Unable to get trace from cisco switch 3560. We can able to ping 8.8.8.8, internet also working if we connect any PC after cisco switch. Please find the trace below and give any suggestion for this.

 

R1#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/15/17 ms

R1#traceroute ip 8.8.8.8

Type escape sequence to abort.
Tracing the route to google-public-dns-a.google.com (8.8.8.8)

  1  *  *  *
  2  *  *  *
  3  *  *  *
  4  *  *  *
  5  *  *  *
  6  *  *  *
  7  *  *  *
  8  *  *  *
  9  *  *  *
 10  *  *  *
 11  *  *  *
 12  *  *  *
 13  *  *  *
 14  *  *  *
 15  *  *  *
 16  *  *  *
 17  *  *  *
 18  *  *  *
 19  *  *  *
 20  *  *  *
 21  *  *  *
 22  *  *  *
 23  *  *  *
 24  *  *  *
 25  *  *  *
 26  *  *  *
 27  *  *  *
 28  *  *  *
 29  *  *  *
 30  *  *  *

6 REPLIES
Silver

Try checking for any ACLs

Try checking for any ACLs applied. Probably icmp-traceroute is blocked.
Also, can you try doing "traceroute 8.8.8.8" skip the IP, first time seeing someone added a prefix "ip" before the, well, IP

New Member

Hi,     There is no ACL's in

Hi,

 

    There is no ACL's in network. Please find the trace again.

 

TRI-SMSC-3560-1#traceroute 8.8.8.8

Type escape sequence to abort.
Tracing the route to google-public-dns-a.google.com (8.8.8.8)

  1  *  *  *
  2  *  *  *
  3  *  *  *
  4  *  *  *
  5  *  *  *
  6  *  *  *
  7  *  *  *
  8  *  *  *
  9  *  *  *
 10  *  *  *
 11  *  *

Super Bronze

More information is required

More information is required.

Post up your switch configuration.

Also tell us what you are connecting the PC to when you bypass the switch, and how that device is normally connected to the switch.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

Hi,    Please find the

Hi,

 

   Please find the configuration file in attachment. 

 

Server/PC --> 3560 Sw --> Firewall --> NIB.

 

This is the connectivity.

Hi, Usually a Firewall (ASA)

Hi,

 

Usually a Firewall (ASA) will block the trace for security measures, so what you can do on the firewall, if it is an ASA or PIX is the following:

 

 You need to enable icmp error inspection to see all intermediate hosts.

 

 policy-map global_policy

 class inspection_default

  inspect icmp errors

 

Take a look to this Link to the command reference:

 http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/i2.html#pgfId-1760544

The reason for such behavior is that by default ASA (a security device!) will hide all

hosts on path for ICMP time-exceeded messages behind NAT.

 

Or you could follow this other workaround:

http://www.petenetlive.com/KB/Article/0000753.htm

 

Please don't forget to rate and mark as correct the helpful Post!

 

David Castro,

 

Regards,

New Member

Hi, use this command R1

Hi,

 

use this command R1#traceroute 8.8.8.8

 

and to stop the process press ctrl+shift+6

 

 

 

Get Free Pre-Sales Technical Support and purchase Networking Hardware Equipment at lowest prices with fast shipment at www.thenetworkhardware.com
124
Views
0
Helpful
6
Replies
CreatePlease to create content