Solved

Traceroute Question

Posted on 2009-04-09
9
369 Views
Last Modified: 2012-05-06
I do a trace route to an address on a switch called S1

From R1 the traceroute shows R2 - R3 - S1 (works)
From R2 the traceroute shows R3 and then it gets stuck
From R3 the traceroute shows S1  (works)

Same address:
Ping from R1: OK!
Ping from R2: fails
Ping from R3: OK!

I'm a networking newbie and I don't understand how a traceroute that goes thru R2 works but if initiated from R2 it doesn't work.

What could account for that behavior?  
0
Comment
Question by:MajorBigDeal
  • 5
  • 4
9 Comments
 
LVL 5

Expert Comment

by:ionut_mir
ID: 24113653
It seems like the switch doesn't "know" how to reach the IP address of R2.
The trace goes through R2 but with R1's source IP address.

Check routing table (if it has) on S1. Or put a route so that any packet generated by the S1 to "know" how to get to R2.
If you have a default gateway on S1 pointing to R3, than check R3's routing table.
0
 
LVL 11

Author Comment

by:MajorBigDeal
ID: 24114110
Sorry, I'm really confused.  Do you mean that R2 doesn't know how to reach the switch? Or maybe I'm missing a basic concept.  

I'm starting at R1 then it goes to R2 and then to R3 and then to the switch (S1).  So doesn't that mean that R2 must know how to get to S1?

But if I start at R2, it doesn't know.
0
 
LVL 5

Expert Comment

by:ionut_mir
ID: 24114135
When you are starting the trace at R1, the packet leaves the R1 with a source IP address which never changes (unless a nat, but I doubt it). It reaches R2 (this router responds with an echo reply), and then the packet travels away to R3 router - the source IP address is the same (R1's address). When it receives the packet S1 knows how to get to R1.

But when you are starting at R2 , on the way back the switch doesn't know how to get to R2.

Try to follow, step-by-step, the packet on his way to the switch, and the way back as well. Check if at any point the device has an way to the destination address.

I think that the switch doesn't have a route to R2. I hope I am not mistaking!
0
 
LVL 11

Author Comment

by:MajorBigDeal
ID: 24114325
Ah, thank you that makes more sense now.

So, if I am on S1 I should not be able to ping R2, is that true?

I can't check for another 9 hours but the reason I ask is that I think I am able to ping R2 from S1.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 5

Expert Comment

by:ionut_mir
ID: 24114616
This is my guess, yes.

If the switch can ping R2 then you should check a little more carefully the entire path of access-lists or any other causes that could prevent icmp packets to get to S1.

Good luck!
0
 
LVL 11

Author Comment

by:MajorBigDeal
ID: 24118853
RIght, I was just able to test and S1 can ping R2.  

So what your are saying is that an access-list could prevent a ping from originating on R2 while allowing it to traverse R2? I'll look again keeping that in mind.  Please let me know if that is not what you are saying.
0
 
LVL 11

Author Comment

by:MajorBigDeal
ID: 24119147
I don;t see any access-lists applied to any interfaces.  There is a vlan though.
0
 
LVL 5

Accepted Solution

by:
ionut_mir earned 250 total points
ID: 24121528
It is a little bit odd what is happening... you can't ping S1 from R2 but you can ping R2 from S1.
If it is possible, try to post some configs that you consider relevant, and a little drawing of your network, maybe we are missing something here...
0
 
LVL 11

Author Comment

by:MajorBigDeal
ID: 24181698
Yes, I'm sure we are missing something here and I appreciate your willingness to help.  This has now become the problem of someone much more experienced in networking than I and he is also having difficulty. Anyway, I'm moving on.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Router DMZ 5 53
DNS on-premise and on-cloud 15 118
command "logging persistent size 100000000 filesize 200000" in ASR1K 5 29
Quality settings for cisco routers 8 51
It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now