01-18-2012 05:33 AM - edited 03-04-2019 02:56 PM
Hi, may someone kindly guide me.
I’m a new CCNA and not have much working experience.
Lately some of the users migrate from a subnet to a new subnet. After migration, they cannot SSH into their servers. I did a sh ip route from both subnets gateways to the servers. Found out that there is path from old subnet gateway to the servers, but the new subnet gateway saying no routing table. Please advise could that be this simple that is the root cause.
We always encounter this kinds of problems.
May you guide me and give me some hints how to troubelshoot this type of problems and whatelse should I check.
Should I check the ACLs on all the routers on the path to the servers.
How can I know is this Firewall issue based on the information on my routers. I cannot access Firewall routers. And I couldn’t remember CCNA show me this.
If part of our networks is with service provider clouds, how can I isolate the problem and ensure it’s not providers issue.
Thanks all in advance
01-18-2012 05:41 AM
first of all you should check the path with ping and trace command. if both work then probably the it's the ACL issue,
do "sh ip access-list" and check which ACL's are active and which traffic should be permited.
01-18-2012 06:12 AM
Thank you Konstantin,
No, cannot ping nor traceroute from the new subnet gateway to the servers.
Should I do the sh ip access-list on the users subnet gateway, or the servers gateways, or both. Since there are many access-list, may I narrow it down just check the access list including the users subnet or the servers ip. May you let me know what is that command.
Thanks
01-18-2012 06:21 AM
if you can't ping or trace the server, it could be the folowing problems:
1. check the IP address information IP and subnetmask on servers on both subnets. Can server reach each other inside of same subnet?
2. check the default router configuration on the servers. can servers reach default gateway?
3. are both routers exchange the routing information? do you use static routes?
4. can server reach the IPof the router on the "remote" subnet?
5. If you use ACL's may be it's better to deactivate them on all interfaces during the tests (don't forget to activate them again after tests)
if you can check and answer all these questons, then you will probably find your problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide