Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to ping device outside the vlan

I have one equipment i.e attendance reader. Its worked very fine for few days but now it is not working properly.

I am not able to ping the same device outside the vlan.

Its pinging fine when I am ping the device from same vlan ip.

please suggest on this what should be the problem.

 

 

If I changed the IP address of the device it starts work properly.

46 REPLIES
New Member

Is intervlan routing

Is intervlan routing configured in your network??? If not , then do it, till then  it won't ping outside your vlan

New Member

Yes its already configured in

Yes its already configured in network. other devices are working fine except this attendance reader.

 

If I changed the IP address of the device it starts work properly.

Cisco Employee

Try checking the ARP cache to

Try checking the ARP cache to see if it has captured the MAC address of the remote device. If this is not happening, then some thing is wrong with the gateway.

New Member

Hii , I have also tried to

Hii ,

 

I have also tried to clear the arp cache in core switch.

what else I can do with arp.

After clearing this still it is not working. gateway is set properly

 

If I changed the IP address of the device it starts work properly.

New Member

Hi,Can you show the config of

Hi,

Can you show the config of switch port?

 

New Member

interface GigabitEthernet1/0

di interface gi1/0/19
 GigabitEthernet1/0/19 current state: UP
 IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 4431-9201-0ef2
 Description: GigabitEthernet1/0/19 Interface
 Loopback is not set
 Media type is twisted pair, Port hardware type is 1000_BASE_T
 100Mbps-speed mode, full-duplex mode
 Link speed type is autonegotiation, link duplex type is autonegotiation
 Flow-control is not enabled
 The Maximum Frame Length is 10240
 Broadcast MAX-ratio: 100%
 Unicast MAX-ratio: 100%
 Multicast MAX-ratio: 100%
 PVID: 72
 Mdi type: auto
 Port link-type: access
  Tagged   VLAN ID : none
  Untagged VLAN ID : 72
 Port priority: 0
Last clearing of counters:  Never
 Peak value of input: 1944 bytes/sec, at 2015-04-03 11:28:05
 Peak value of output: 762799 bytes/sec, at 2015-04-11 13:41:34
 Last 300 seconds input:  0 packets/sec 0 bytes/sec 0%
 Last 300 seconds output:  2 packets/sec 214 bytes/sec 0%
 Input (total):  109461 packets, 12820297 bytes
         107167 unicasts, 2294 broadcasts, 0 multicasts, 0 pauses
 Input (normal):  109461 packets, 12820297 bytes
         107167 unicasts, 2294 broadcasts, 0 multicasts, 0 pauses
 Input:  0 input errors, 0 runts, 0 giants, - throttles
         0 CRC, 0 frame, 0 overruns, 0 aborts
         - ignored, - parity errors
 Output (total): 62340621 packets, 7405401147 bytes
         5827628 unicasts, 49373567 broadcasts, 7139426 multicasts, 0 pauses
 Output (normal): 62340621 packets, 7405401147 bytes
         5827628 unicasts, 49373567 broadcasts, 7139426 multicasts, 0 pauses
 Output: 0 output errors, - underruns, - buffer failures
         0 aborts, 0 deferred, 0 collisions, 0 late collisions
         - lost carrier, - no carrier

Do a sh Mac address-table

Do a sh Mac address-table interface gig1/0/20

output should be the Mac of the attendance reader.

 

on the local switch and core switch type

show arp | i "ip add of attendance reader"

 

output should show ip and Mac of attendance reader

 

if not,  it's probably a man in the middle attack.

 

and if so, I would recommend dynamic arp inspection.

New Member

No mac address found on

No mac address found on access port 1/0/20 where attendance reader is connected.

 

On core output is

It showing attendance readers mac address.

Now I see your response and

Now I see your response and my response.  Not sure why I'm not seeing them. 

I have experienced this on 3 different devices and two networks.  Hmm....

 

 

Do a show Mac address-table

Do a show Mac address-table address 0017.6189.2b45

on your distribution switch.  Has it been learned on a port?  If so, what is connected to that port?  Is it the local switch where the reader resides?

New Member

no mac address found of

no mac address found of command sh mac address-table gi1/0/20

with show arp command there no mac id found on local switch.

 

with sh arp  command on core switch there is mac id entry of attendance reader.

I received an email alert

I received an email alert letting me know you responded back, but I'm not seeing it here, so I'm not sure why not, but ...Im wondering if something is going on with Cisco's web site, because I have been seeing this off and on since yesterday. ??

**************************************************

"No mac address found on access port 1/0/20 where attendance reader is connected, but on the core it shows the readers mac address"

**************************************************

On the core enter "show mac address-table address xxxx.xxxx.xxxx(reader's mac)

This will show the swithport where the mac was learned.  Port could be another switch.

You may need to walk the network with show cdp and show mac until you locate the port where that mac address was learned. 

 

May be duplicate mac/ arp poisoning/ ....

 

Do a sh mac address-table

Do a 

sh mac address-table address 0017.6189.2b45 on the next access switch.  Which port learned the Mac and what is connected to that port?

I would create a monitor

I would create a monitor session and do a packet capture on the port that connects the attendance reader.  It should give a clue to what's happening.

New Member

#sh mac address-table address

#sh mac address-table address 0017.6189.2b45
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  72    0017.6189.2b45    DYNAMIC     Gi1/0/5
Total Mac Addresses for this criterion: 1

On this port one access layer switch is connected.To this switch another switch connected.

To the second switch attendance reader is connected.

 

i.e.Dist->Access->Access->Attendance reader.

New Member

No mac address found on

No mac address found on access layer switch.

When you say no Mac address

When you say no Mac address on access layer switch, you are referring to the access switch that is directly connected to your distribution switch and not the switch where the reader resides, correct?

 

odd that the distribution switch is learning the Mac.  Mac table times out after 5 minutes by default.

New Member

No mac address found on

No mac address found on access switch.

Also no mac address found on switch where attendance reader is connected.

New Member

Check the default gateway on

Check the default gateway on your attendance machine. It should probably be set to an IP on your switch

New Member

Hii,The default gateway is

Hii,

The default gateway is properly set in the device.

New Member

Hi, Attendance reader and you

Hi,

 

Attendance reader and you is in same vlan or is there any Firewall between attendance reader and you.

 

Thanks

Kafi

 

 

New Member

Hiii Kafi, I am able to ping

Hiii Kafi,

 

I am able to ping attendance reader when my system is in same vlan.

But I am not able if my system is in other vlan.

There is no firewall.

By the description of the

By the description of the problem what i understood is you are unable to ping  the device form a different vlan. 

now other key point here is *If I changed the IP address of the device it starts work properly.* 

are you assigning the IP address in the range of other VLAN which you are trying to reach from.

Some check points here are 

do you have trunk enabled between the switches and between switches to to the Router.

do have your encapsulation configured properly.

Have you applied any access-list which is not allowed with the IP you are trying to reach.

 

You may get much faster answer if you could put it in pictorial way.

 

Regards Thanveer "Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
New Member

Hii, If I give same vlans

Hii,

 

If I give same vlans different IP to device its work properly.I can ping it from anywhere.

Yes I have enabled trunk.

No I have not applied any access list.

Encapsulation configured properly.

 

Thanks,

Aasif

You mean to say that if your

You mean to say that if your system is in the same vlan which is configured for the Attendance reader then you are able to ping, otherwise no. is that the problem?

Regards Thanveer "Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
New Member

Yes.I have two device which

Yes.

I have two device which has same problem now.

I have change the ip address for one of them then its working fine.

And If I give that attendance readers IP to my laptop then I can ping laptop from anywhere.

I have also change the device but still the problem is not resolved.

 

so you mean to say that one

so you mean to say that one of the devices is working fine after changing the IP address and still the other one is encountering the same issue?

Check if you have any duplex mismatches. 

 

Need more clarification on this to give the proper solution, give a pictorial view of the same.

 

Regards Thanveer "Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
New Member

Hiii, I have checked the

Hiii,

 

I have checked the duplex its on automode.

And its fullduplex.

See I have same issue few months ago that time I have change the device but still its not working.

Then I have connect my laptop to the same port on which device is connected and give its ip to laptop then laptop works fine.

Then I decided to change the IP address of the device after that the device is working fine till now.

But I have encounter same problem for my other device now.

So I just come to know changing the IP its not the solution. Something is went wrong which is to be found out.

So please help me to get out of this as I have tried all my abilities to sort out this problem.

 

Hi, You were referring about

Hi, You were referring about changing the IP, you said when you change the IP you were able to ping. The IP which you changed is of which VLAN? 

When your PC is in the vlan 72, are you able o ping the attendance Reader?

Is the device in Vlan 98 able to reach attendance reader?

Regards Thanveer "Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
446
Views
4
Helpful
46
Replies
CreatePlease to create content