Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Ping issue

Hi Netpros,

It looks to me a very strange behavior, I cannot ping from my Router to the Servers/Workstations, but I can ping vice-versa. What could cause such a problem??

Thanks in advance for queries.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Ping issue

I had a similar problem to this once.

Topology: Internet <- Cisco 827 <- Laptop (using /29)

Laptop could not ping the Cisco 827, but the Cisco 827 could ping the Laptop.

I did a quick fix by changing the Laptop's IP address to use another IP address in the /29 range and then the Laptop was able to ping the Cisco 827.

I didn't investigate further sorry...

23 REPLIES

Re: Ping issue

Hi faizm,

Is this router serving as a gateway for your servers/workstations?

Any ACLs implemented on router for icmp?

Any firewalls implemented on workstation?

Regards,

Ankur

Re: Ping issue

Hi Ankur,

Thanks for a quick relpy. The Router is infact the Gateway for the Servers/Workstations. But the Router does not have any ACL's and no Firewall in between only a 2900 Switch with a flat configuration.

Regards

Re: Ping issue

Hi Faizm,

When you try to ping any workstation from router can you check if the arp entry is build up on the router or is it like incomplete arp entry?

Did it started happening all of sudden?

Regards,

Ankur

Re: Ping issue

Very often if you can ping in one direction but not the other, then it is a question of the source address of the ping. For example, when the PCs ping the router, they ping to one of the router's addresses. When the router pings the PCs, it is pinging from a source address that is different to the one that the PC is using.

Try using an extended ping to make sure the router is pinging from the address that the PCs are successfully pinging to. If that works, then try and work out which address the router is pinging from by default.

Kevin Dorrell

Luxembourg

Re: Ping issue

Hi,

When I do a extended ping it is pinging from serial interface as the source to the LAN, but when I ping from FastEthernet as the source to the LAN it is not. And the ip's which I am trying to ping are displayed in the ARP table.

Regards

Re: Ping issue

What are the factors associated with this kind of behavior?

Re: Ping issue

Hi Faizm,

Thats a strange behavior. If possible can you paste the output of "sh run"

Regards,

Ankur

Re: Ping issue

Hi Ankur,

Please take a look at the sh run output.

Regards

New Member

Re: Ping issue

can you pls check the routes configured in the PC or server correctly because this will create a problem , you can check it by using "route print " command in case of a windows machine

Re: Ping issue

Usually, if you ping an address from a router, the router uses the source address of the interface out of which it is performing the ping.

What if the interface has more than one IP address? Someone correct me if I am wrong, but I think it uses the primary address of the interface. Again, someone correct me if I am wrong, but I think it does that even if it has a secondary addresses in the same subnet as the target.

Other complications exist if you have two routes to the target, each out a different interface, and you are running per packet load balancing.

Kevin Dorrell

Luxembourg

Hall of Fame Super Silver

Re: Ping issue

Kevin is quite correct. The default behavior of the Cisco router is to use as source address for ping the address of the interface out of which it will send the ping packet. If the interface is configured with a secondary address it will use as source address the primary address, even if the target is in the subnet of the secondary address.

We have an option to over-ride this default behavior in extended ping where we have an option to specify the source address for the ping packet and can choose any other address from any other interface on the router.

HTH

Rick

Re: Ping issue

Hi Kevin/Rick,

But the "sh run" posted by the original poster does not have any secondary address configured on his lan interface so what else can be the reason of the symptom which he is facing?

Regards,

Ankur

Hall of Fame Super Silver

Re: Ping issue

Ankur

You are correct that the config as posted does not have secondary addresses.

While I believe that Kevin's comment is correct that sometimes when traffic will flow in one direction but not in the other, that it is a problem with routing I do not believe that is the issue here.

I believe that you asked a key question in your first post:

Any firewalls implemented on workstation?

and the original poster misunderstood and responded that there was no firewall "between" the end station and the router.

And I believe that you asked another good troubleshooting question when you asked if the MAC address showed up in the ARP table. The original poster responded that they do show up in the ARP table.

This leads me to guess that your first question may lead to the problem. I am guessing that there is a firewall implemented ON the workstation that is not alowing ping to the workstation.

HTH

Rick

Re: Ping issue

Rick,

There is no client firewall on any worksations or server. As I mentioned before in the post that I am able to ping succesfully to any Server/Workstation if I use an extended ping. If there was any client firewall on any Workstation or Server then the Router should not extended ping as well, right.

Thanks for the helpful replies guys.

Regards.

Silver

Re: Ping issue

This could be a routing issue then, though I'm not sure. I might guess the routing issue is on the workstation. Use a route print (on MS Windows platform) to see the route table for the systems.

Also, the problem could be a duplicate ip address issue. Confirm that you do not have two systems with the same ip address, especially same ip address with the router. Confirm that the mac addresses you see on the arp table of the system, is the mac address of the router and vice versa.

Please update us the result, we will like to know the outcome.

Re: Ping issue

Hi Olorunloba,

Thanks for the query. I will start my diagnostic again from the scrath and post an update soon.

Regards

Faiz

New Member

Re: Ping issue

To my thinking routing on the PC side is ok, after PING is working in this direction.

Are we sure there is a route on the router?

How about classless routing.

Silver

Re: Ping issue

Hmmm, see my thinking.

PC is connected to router ethernet interface, so most likely they should be on the same subnet. You perform 2 pings, one sourced from the ethernet interface, and the other sourced from the LAN interface.

The one sourced from the LAN interface does not reply, but the serial does. There is no fancy config, no policy base routing on the router, hence the forward path for both pings should be the same, since the destination is the same. I therefore assume that in both situations the packet get to the PC.

I will also assume that the PC will reply to both, since there are no firewalls. But the destination ip are now different, and hence the return path could be different. The router recieves the packet for the serial but not for the ethernet ip. This will imply that the reverse path for the ethernet ip is not ok. This however contradicts the fact that from the PC, pings were going to the router ethernet interface.

The only thing I can think of is that the replies to those routers ethernet interface were coming from another rogue device. Which will also explain the reason why normal pings from the router was not going through. A proxy-arp scenario could still allow pings to go through to and from the serial interface.

Theory, theory, theory. I hope the original poster can shed more light on the practical situation.

Hall of Fame Super Silver

Re: Ping issue

I agree that we need some clarification from the original poster. Perhaps faizm can supply some information to help us understand what is happening. In particular I would like some clarification of the topology: for at least one of the end stations involved what is its address, its mask, and its default-gateway. The config that he posted shows just one LAN interface and 2 serial interfaces. It also has a very interesting static route:

ip route 192.168.1.0 255.255.255.0 10.1.1.6

is there any significance in network 192.168.1.0? And what is at 10.1.1.6? Is it another router? Could it be the default gateway for the end stations?

If we can get this information perhaps we will figure out what the problem is.

HTH

Rick

New Member

Re: Ping issue

I had a similar problem to this once.

Topology: Internet <- Cisco 827 <- Laptop (using /29)

Laptop could not ping the Cisco 827, but the Cisco 827 could ping the Laptop.

I did a quick fix by changing the Laptop's IP address to use another IP address in the /29 range and then the Laptop was able to ping the Cisco 827.

I didn't investigate further sorry...

New Member

Re: Ping issue

Hi,

I had a similar issue with one of the machine that machine was not able to ping firwall ip address but all ip address in the local network.

only thing what we did is we put an static ip address in machine and it started working brfore it has a DHCP ip address.

Thanks

So even you can try putting static ip address if it is in DHCP.

New Member

Re: Ping issue

change the speed 100 to speed auto in the fast ethernet interface. this is the problem with speed mismatch.

Green

Re: Ping issue

Have you verified the subnet masks on both sides to see that they are the same?

It might also be helpful if you could bring up Ethereal (www.ethereal.com - it's free) on the PC and look for the inbound and outbound pings to verify the source and destination addresses (and possibly MACs, since they are all on a common LAN).

It sounds like a mask problem to me.

Good Luck

Scott

509
Views
11
Helpful
23
Replies
CreatePlease login to create content