[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cannot ping AP1231 from Switch

Posted on 2009-02-10
7
Medium Priority
?
946 Views
Last Modified: 2013-11-09
I have an AP connected to FA0/1 with the config below. I can't ping or telnet to the AP from the switch its connected to but I can from any other device.

From the switch in question, I can ping the gateway of the AP also.

What could be the problem?

Building configuration...
 
Current configuration : 12495 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CCTA_MDF_1:3
!
enable secret 5 $1$DU6Y$rvzjvZzPSTwiUDFSWMrTP/
!
errdisable recovery cause link-flap
errdisable recovery interval 60
ip subnet-zero
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos min-reserve 5 170
mls qos min-reserve 6 10
mls qos min-reserve 7 65
mls qos min-reserve 8 26
mls qos
udld aggressive
 
!
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
 switchport access vlan 123
 switchport mode access
 no ip address
!
-------
interface Vlan1
 no ip address
 no ip route-cache
 no ip mroute-cache
 shutdown
!
interface Vlan121
 ip address 10.2.160.13 255.255.224.0
 no ip route-cache
 no ip mroute-cache
!
ip default-gateway 10.2.160.1
ip classless
ip http server
!
!
snmp-server engineID local 00000009020000027E60CD00
snmp-server community private RW
snmp-server community public RO
snmp-server chassis-id 0x12
!
line con 0
line vty 0 4
 password ***
 login
 length 0
line vty 5 15
 password ***
 login
!
end
 
 
 
CCTA_MDF_1:3#show cdp ne de
-------------------------
Device ID: CCTA_AP_01
Entry address(es):
  IP address: 10.30.164.11
Platform: cisco AIR-AP1231G-A-K9    ,  Capabilities: Trans-Bridge
Interface: FastEthernet0/1,  Port ID (outgoing port): FastEthernet0
Holdtime : 174 sec
 
Version :
Cisco Internetwork Operating System Software
IOS (tm) C1200 Software (C1200-K9W7-M), Version 12.2(15)XR2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 17-Sep-04 13:40 by kellythw
 
advertisement version: 2
Duplex: full
Power drawn: 6.460 Watts
Management address(es):
 
-------------------------
CCTA_MDF_1:3#ping 10.30.164.11
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.30.164.11, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
CCTA_MDF_1:3#ping 10.30.164.1
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.30.164.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
CCTA_MDF_1:3#

Open in new window

0
Comment
Question by:jjmartineziii
  • 4
  • 3
7 Comments
 
LVL 2

Expert Comment

by:ciscoml320
ID: 23605449
At quick glance, it looks like a routing problem from the AP side of the network.  is the AP configured with proper default gateway?

Could you post the config of the router? or at least the routing table of the router...
any ACLs involved?


0
 
LVL 12

Author Comment

by:jjmartineziii
ID: 23605491
Here is the router config with parts removed.

!
version 12.4
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CCTA-VGW
!
boot-start-marker
boot system flash c2801-spservicesk9-mz.124-3h.bin
boot-end-marker
!
logging buffered 16384 informational
logging rate-limit 200
enable secret 5 $***
!
no aaa new-model
!
resource policy
!
clock timezone CST -6
clock summer-time CDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.20.94.1 10.20.94.10
!
ip dhcp pool IP_PHONES
   network 10.20.94.0 255.255.254.0
   option 150 ip 10.20.0.20
   dns-server 10.0.0.8
   default-router 10.20.94.1
!
!
no ip domain lookup
ip multicast-routing
!
voice-card 0
!
!
--SNIP---
!
!
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 auto qos voip trust
 service-policy output AutoQoS-Policy-Trust
!
interface FastEthernet0/0.121
 description CCTA-Data
 encapsulation dot1Q 121 native
 ip address 10.2.160.1 255.255.224.0
 ip helper-address 10.0.0.7
 ip pim sparse-dense-mode
 ip cgmp
 no snmp trap link-status
!
interface FastEthernet0/0.122
 description CCTA-Voice
 encapsulation dot1Q 122
 ip address 10.20.94.1 255.255.254.0
 ip pim sparse-dense-mode
 ip cgmp
 no snmp trap link-status
 h323-gateway voip bind srcaddr 10.20.94.1
!
interface FastEthernet0/0.123
 description CCTA-Wireless
 encapsulation dot1Q 123
 ip address 10.30.164.1 255.255.252.0
 ip access-group 100 out
 ip helper-address 10.0.0.7
 ip pim sparse-dense-mode
 ip cgmp
 no snmp trap link-status
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/2/0
 description LINK to Admin
 ip address 10.254.1.206 255.255.255.252
 ip access-group 100 out
 ip pim sparse-dense-mode
 auto qos voip trust
 service-policy output AutoQoS-Policy-Trust
!
router eigrp 2922
 redistribute connected
 redistribute static
 network 10.0.0.0
 no auto-summary
 no eigrp log-neighbor-changes
!
ip default-gateway 10.254.1.205
ip classless
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.254.1.205
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip pim rp-address 1.1.1.1
!
logging trap notifications
logging source-interface Serial0/2/0
logging 10.0.0.50
access-list 100 deny   icmp any any
access-list 100 permit ip any host 10.0.0.6
access-list 100 permit ip any host 10.0.0.9
access-list 100 permit ip any host 10.0.5.30
access-list 100 permit ip any host 10.0.0.41
access-list 100 permit ip any host 10.0.0.45
access-list 100 permit ip any host 10.2.33.26
access-list 100 permit ip host 10.0.0.41 any
access-list 100 permit ip host 10.0.0.45 any
access-list 100 permit tcp any 10.1.0.0 0.0.0.255
access-list 100 permit tcp any 10.5.0.0 0.0.0.255
access-list 100 permit tcp any host 10.0.3.30 eq www
access-list 100 permit tcp any host 10.0.0.42 eq www
access-list 100 permit tcp any host 10.0.0.44 eq www
access-list 100 permit tcp any 10.5.0.0 0.0.255.255 eq www
access-list 100 permit tcp any 10.1.0.0 0.0.255.255 eq www
access-list 100 permit tcp any 10.20.0.0 0.0.255.255 eq www
access-list 100 permit tcp any 10.30.0.0 0.0.255.255 eq www
access-list 100 permit tcp any 10.2.47.0 0.0.0.255 eq www
access-list 100 deny   tcp any 10.0.0.0 0.255.255.255 eq www
access-list 100 permit tcp host 67.79.96.129 eq smtp any
access-list 100 permit tcp host 67.79.96.129 eq pop3 any
access-list 100 deny   tcp any eq smtp any log
access-list 100 deny   tcp any eq pop3 any log
access-list 100 deny   tcp any any eq 135 log
access-list 100 deny   tcp any eq 139 any log
access-list 100 deny   tcp any any eq 139 log
access-list 100 deny   tcp any eq 445 any log
access-list 100 deny   tcp any any eq 445 log
access-list 100 deny   tcp any any eq 1025 log
access-list 100 deny   tcp any any eq 2302 log
access-list 100 deny   tcp any any eq 4444 log
access-list 100 deny   tcp any any eq 4662 log
access-list 100 deny   tcp any any eq 5555 log
access-list 100 deny   tcp any any eq 6343 log
access-list 100 deny   tcp any any eq 6346 log
access-list 100 deny   tcp any any eq 6348 log
access-list 100 deny   udp any any eq 6348 log
access-list 100 deny   tcp any any eq 6667 log
access-list 100 deny   tcp any any eq 6954 log
access-list 100 deny   tcp any any eq 6969 log
access-list 100 deny   tcp any any eq 6991 log
access-list 100 permit ip any any

!
!
!
---SNIP---
!
ntp server 10.0.0.1
end
0
 
LVL 12

Author Comment

by:jjmartineziii
ID: 23605507
Here is a piece of the AP config:
interface FastEthernet0
 no ip address
 no ip route-cache
 speed 100
 full-duplex
 ntp broadcast client
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 10.30.164.11 255.255.252.0
 no ip route-cache
!
ip default-gateway 10.30.164.1

Open in new window

0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 2

Accepted Solution

by:
ciscoml320 earned 2000 total points
ID: 23605550
this may be the problem
"access-list 100 deny   icmp any any"

0
 
LVL 2

Expert Comment

by:ciscoml320
ID: 23605596
one thing you can try
do a  repeated ping from the switch to the AP
"ping 10.30.164.11 rep 100"

then
examine the number of hits you're getting on ACL100 on the router, specifically the line i mentioned above.
This would indicate that your ICMP packets are getting dropped by that ACL
if you do want to have ICMP reachability to the AP, then you can add a permit rule at the top of the ACL for the IP, then start denying ICMP for "any any"
hope this helps...

let me know
0
 
LVL 12

Author Comment

by:jjmartineziii
ID: 23605603
doh! i SWEAR it wasn't even allowing me to telnet from the connected switch. i tried it again just now and it was working. (i wasn't worried about pining, just telneting)

Thanks!
0
 
LVL 2

Expert Comment

by:ciscoml320
ID: 23605648
awesome...Happy ending!
take care.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Multi-source agreements are important because they set standards that all manufacturers should follow to ensure that devices are compatible with multiple vendors. The multi-source agreement (MSA) is an agreement that establishes how multiple vendors…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses
Course of the Month18 days, 10 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question