BCSITS
asked on
Unable to ping Cisco switch
Hi Guys,
Recfently, one of our Cisco switches has stopped responding to ping. It was contactable a few days ago but one day it stopped responding to ping only. We can successfully telnet to the device and login. This device cannot ping any device in the same domain except one router that is directly connected to it. It can also ping 4 switches that are connected together via trunk ports and are in the same VTP domain. There is another router connected to it that it cannot ping nor can the router ping it however, the router can ping the other 4 switches. It was also able to do this last week.
I have had a look at the config but i cannot see anything that would be stopping it from responding.
Any ideas?
Recfently, one of our Cisco switches has stopped responding to ping. It was contactable a few days ago but one day it stopped responding to ping only. We can successfully telnet to the device and login. This device cannot ping any device in the same domain except one router that is directly connected to it. It can also ping 4 switches that are connected together via trunk ports and are in the same VTP domain. There is another router connected to it that it cannot ping nor can the router ping it however, the router can ping the other 4 switches. It was also able to do this last week.
I have had a look at the config but i cannot see anything that would be stopping it from responding.
Any ideas?
why do devices stop responding to ping requests?
Maybe the arp tables on the directly connected router need to be cleared.
if the ip default-gateway was set incorrectly, you wouldn't be able to telnet to it
you could try clear int vlan1 to see if that fixes it
take a look at the physical interface (sh int) that you're coming in on the switch - see if anything there looks unusual, you could also clear int on that interface.
If you can reboot the switch, I'd give that a try
Maybe the arp tables on the directly connected router need to be cleared.
if the ip default-gateway was set incorrectly, you wouldn't be able to telnet to it
you could try clear int vlan1 to see if that fixes it
take a look at the physical interface (sh int) that you're coming in on the switch - see if anything there looks unusual, you could also clear int on that interface.
If you can reboot the switch, I'd give that a try
I'd check for ACLs.. The fact that you can telnet to it means that ARP is working, so you can resolve the MAC address and communicate to it.. Unless it is a failure that a reboot would fix, I'd think it's probably an access control list on the switch, restricting ICMP in some way,
Also, check VLANs to verify subnet masks on the devices in question..
Can you post configs?
Also, check VLANs to verify subnet masks on the devices in question..
Can you post configs?
ASKER
SWITCH CONFIG
interface Vlan1
ip address 192.168.10.2 255.255.255.0
!
ip default-gateway 192.168.10.254
ip classless
ip http server
!
snmp-server community XXXXXX RO
snmp-server ifindex persist
!
control-plane
!
banner motd ^C
************************** ********** ********** ********
* *
* ---- Unauthorised Access Prohibited ---- *
* *
* Your access to this device will be logged *
* *
************************** ********** ********** ********
^C
!
line con 0
line vty 0 4
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
line vty 5 15
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
!
ntp clock-period 36029858
ntp server 192.168.1.253
ntp server 192.168.1.252 prefer
end
DIRECTLY CONNECTED ROUTER THAT CAN CONNECT
class-map match-any Citrix
match access-group name Citrix-ACL
!
!
policy-map WAN
class Citrix
priority percent 80
set dscp af41
class class-default
bandwidth remaining percent 100
random-detect
policy-map Global
class class-default
shape average 10240000
service-policy WAN
!
!
!
!
interface FastEthernet0/0
no ip address
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.2.253 255.255.255.0 secondary
ip address 192.168.10.252 255.255.255.0
ip helper-address 192.168.1.203 redundancy hsrp-Fa0/0.1-2
ip helper-address 192.168.1.201 redundancy hsrp-Fa0/0.1-2
ip helper-address 192.168.3.210 redundancy hsrp-Fa0/0.1-2
no keepalive
standby 2 ip 192.168.2.254
standby 2 preempt
standby 10 ip 192.168.10.254
standby 10 priority 105
standby 10 preempt delay minimum 120
standby 10 track FastEthernet0/1
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.3.252 255.255.255.0
ip helper-address 192.168.3.210 redundancy hsrp-Fa0/0.3-3
standby 3 ip 192.168.3.254
standby 3 priority 105
!
interface FastEthernet0/1
bandwidth 10240
ip address 10.10.10.254 255.255.255.252
ip route-cache flow
speed 100
full-duplex
service-policy output Global
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
network 192.168.2.0
network 192.168.3.0
network 192.168.10.0
timers bgp 15 45
neighbor 10.10.10.253 remote-as 7474
neighbor 10.10.10.253 weight 100
neighbor 10.10.10.253 route-map PREPEND_BACKUP out
neighbor 192.168.2.252 remote-as 65000
neighbor 192.168.2.252 next-hop-self
neighbor 192.168.2.252 weight 50
no auto-summary
!
ip forward-protocol nd
ip route 192.168.44.0 255.255.255.0 192.168.10.1
!
ip flow-export source FastEthernet0/0.1
ip flow-export version 5
ip flow-export destination 192.168.1.57 9996
!
no ip http server
no ip http secure-server
!
ip access-list extended Citrix-ACL
permit tcp any 192.168.1.0 0.0.0.255 eq 1494
permit udp any 192.168.1.0 0.0.0.255 eq 2598
!
access-list 71 permit 192.168.2.0 0.0.0.255
access-list 72 permit any
snmp-server community XXXXXX RO
snmp-server ifindex persist
no cdp run
route-map PREPEND_BACKUP permit 10
match ip address 71
set as-path prepend 65000 65000
!
route-map PREPEND_BACKUP permit 20
match ip address 72
!
!
!
!
control-plane
!
!
!
!
!
!
!
banner motd ^C
************************** ********** ********** ********
* *
* ---- Unauthorised Access Prohibited ---- *
* *
* Your access to this device will be logged *
* *
************************** ********** ********** ********
^C
!
line con 0
login local
line aux 0
line vty 0 4
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
line vty 5 15
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp server 192.168.1.253
ntp server 192.168.1.252 prefer
sntp server 192.168.1.252
sntp server 192.168.1.253
sntp server 192.168.1.254
end
DIRECTLY CONNECTED ROUTER THAT CANNOT CONNECT
class-map match-any Citrix
match access-group name Citrix-ACL
!
!
policy-map WAN
class Citrix
priority percent 80
set dscp af41
class class-default
bandwidth remaining percent 100
random-detect
policy-map Global
class class-default
shape average 100480000
service-policy WAN
!
!
!
!
interface FastEthernet0/0
no ip address
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.10.253 255.255.255.0 secondary
ip address 192.168.2.252 255.255.255.0
ip helper-address 192.168.1.203 redundancy hsrp-Fa0/0.1-2
ip helper-address 192.168.1.201 redundancy hsrp-Fa0/0.1-2
ip helper-address 192.168.3.210 redundancy hsrp-Fa0/0.1-2
no keepalive
standby 2 ip 192.168.2.254
standby 2 priority 105
standby 2 preempt delay minimum 120
standby 2 track FastEthernet0/1
standby 10 ip 192.168.10.254
standby 10 preempt
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.3.253 255.255.255.0
ip helper-address 192.168.3.210 redundancy hsrp-Fa0/0.3-3
standby 3 ip 192.168.3.254
standby 3 preempt
!
interface FastEthernet0/1
bandwidth 10240
ip address 10.10.2.254 255.255.255.252
ip route-cache flow
speed 100
full-duplex
service-policy output Global
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
network 192.168.2.0
network 192.168.3.0
network 192.168.10.0
timers bgp 15 45
neighbor 10.10.2.253 remote-as 7474
neighbor 10.10.2.253 weight 100
neighbor 10.10.2.253 route-map PREPEND_BACKUP out
neighbor 192.168.10.252 remote-as 65000
neighbor 192.168.10.252 next-hop-self
neighbor 192.168.10.252 weight 50
no auto-summary
!
ip forward-protocol nd
ip route 192.168.3.0 255.255.255.0 192.168.10.4
ip route 192.168.44.0 255.255.255.0 192.168.10.1
!
ip flow-export source FastEthernet0/0.1
ip flow-export version 5
ip flow-export destination 192.168.1.57 9996
!
no ip http server
no ip http secure-server
!
ip access-list extended Citrix-ACL
permit tcp any 192.168.1.0 0.0.0.255 eq 1494
permit tcp any 192.168.1.0 0.0.0.255 eq 2598
!
access-list 71 permit 192.168.10.0 0.0.0.255
access-list 71 permit 192.168.3.0 0.0.0.255
access-list 72 permit any
snmp-server community XXXXXX RO
snmp-server ifindex persist
no cdp run
route-map PREPEND_BACKUP permit 10
match ip address 71
set as-path prepend 65000 65000
!
route-map PREPEND_BACKUP permit 20
match ip address 72
!
!
!
!
control-plane
!
!
!
!
!
!
!
banner motd ^C
************************** ********** ********** ********
* *
* ---- Unauthorised Access Prohibited ---- *
* *
* Your access to this device will be logged *
* *
************************** ********** ********** ********
^C
!
line con 0
login local
line aux 0
line vty 0 4
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
line vty 5 15
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp server 192.168.1.253
ntp server 192.168.1.252 prefer
sntp server 192.168.1.252
sntp server 192.168.1.253
sntp server 192.168.1.254
end
visio1.png
interface Vlan1
ip address 192.168.10.2 255.255.255.0
!
ip default-gateway 192.168.10.254
ip classless
ip http server
!
snmp-server community XXXXXX RO
snmp-server ifindex persist
!
control-plane
!
banner motd ^C
**************************
* *
* ---- Unauthorised Access Prohibited ---- *
* *
* Your access to this device will be logged *
* *
**************************
^C
!
line con 0
line vty 0 4
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
line vty 5 15
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
!
ntp clock-period 36029858
ntp server 192.168.1.253
ntp server 192.168.1.252 prefer
end
DIRECTLY CONNECTED ROUTER THAT CAN CONNECT
class-map match-any Citrix
match access-group name Citrix-ACL
!
!
policy-map WAN
class Citrix
priority percent 80
set dscp af41
class class-default
bandwidth remaining percent 100
random-detect
policy-map Global
class class-default
shape average 10240000
service-policy WAN
!
!
!
!
interface FastEthernet0/0
no ip address
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.2.253 255.255.255.0 secondary
ip address 192.168.10.252 255.255.255.0
ip helper-address 192.168.1.203 redundancy hsrp-Fa0/0.1-2
ip helper-address 192.168.1.201 redundancy hsrp-Fa0/0.1-2
ip helper-address 192.168.3.210 redundancy hsrp-Fa0/0.1-2
no keepalive
standby 2 ip 192.168.2.254
standby 2 preempt
standby 10 ip 192.168.10.254
standby 10 priority 105
standby 10 preempt delay minimum 120
standby 10 track FastEthernet0/1
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.3.252 255.255.255.0
ip helper-address 192.168.3.210 redundancy hsrp-Fa0/0.3-3
standby 3 ip 192.168.3.254
standby 3 priority 105
!
interface FastEthernet0/1
bandwidth 10240
ip address 10.10.10.254 255.255.255.252
ip route-cache flow
speed 100
full-duplex
service-policy output Global
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
network 192.168.2.0
network 192.168.3.0
network 192.168.10.0
timers bgp 15 45
neighbor 10.10.10.253 remote-as 7474
neighbor 10.10.10.253 weight 100
neighbor 10.10.10.253 route-map PREPEND_BACKUP out
neighbor 192.168.2.252 remote-as 65000
neighbor 192.168.2.252 next-hop-self
neighbor 192.168.2.252 weight 50
no auto-summary
!
ip forward-protocol nd
ip route 192.168.44.0 255.255.255.0 192.168.10.1
!
ip flow-export source FastEthernet0/0.1
ip flow-export version 5
ip flow-export destination 192.168.1.57 9996
!
no ip http server
no ip http secure-server
!
ip access-list extended Citrix-ACL
permit tcp any 192.168.1.0 0.0.0.255 eq 1494
permit udp any 192.168.1.0 0.0.0.255 eq 2598
!
access-list 71 permit 192.168.2.0 0.0.0.255
access-list 72 permit any
snmp-server community XXXXXX RO
snmp-server ifindex persist
no cdp run
route-map PREPEND_BACKUP permit 10
match ip address 71
set as-path prepend 65000 65000
!
route-map PREPEND_BACKUP permit 20
match ip address 72
!
!
!
!
control-plane
!
!
!
!
!
!
!
banner motd ^C
**************************
* *
* ---- Unauthorised Access Prohibited ---- *
* *
* Your access to this device will be logged *
* *
**************************
^C
!
line con 0
login local
line aux 0
line vty 0 4
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
line vty 5 15
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp server 192.168.1.253
ntp server 192.168.1.252 prefer
sntp server 192.168.1.252
sntp server 192.168.1.253
sntp server 192.168.1.254
end
DIRECTLY CONNECTED ROUTER THAT CANNOT CONNECT
class-map match-any Citrix
match access-group name Citrix-ACL
!
!
policy-map WAN
class Citrix
priority percent 80
set dscp af41
class class-default
bandwidth remaining percent 100
random-detect
policy-map Global
class class-default
shape average 100480000
service-policy WAN
!
!
!
!
interface FastEthernet0/0
no ip address
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.10.253 255.255.255.0 secondary
ip address 192.168.2.252 255.255.255.0
ip helper-address 192.168.1.203 redundancy hsrp-Fa0/0.1-2
ip helper-address 192.168.1.201 redundancy hsrp-Fa0/0.1-2
ip helper-address 192.168.3.210 redundancy hsrp-Fa0/0.1-2
no keepalive
standby 2 ip 192.168.2.254
standby 2 priority 105
standby 2 preempt delay minimum 120
standby 2 track FastEthernet0/1
standby 10 ip 192.168.10.254
standby 10 preempt
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.3.253 255.255.255.0
ip helper-address 192.168.3.210 redundancy hsrp-Fa0/0.3-3
standby 3 ip 192.168.3.254
standby 3 preempt
!
interface FastEthernet0/1
bandwidth 10240
ip address 10.10.2.254 255.255.255.252
ip route-cache flow
speed 100
full-duplex
service-policy output Global
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
network 192.168.2.0
network 192.168.3.0
network 192.168.10.0
timers bgp 15 45
neighbor 10.10.2.253 remote-as 7474
neighbor 10.10.2.253 weight 100
neighbor 10.10.2.253 route-map PREPEND_BACKUP out
neighbor 192.168.10.252 remote-as 65000
neighbor 192.168.10.252 next-hop-self
neighbor 192.168.10.252 weight 50
no auto-summary
!
ip forward-protocol nd
ip route 192.168.3.0 255.255.255.0 192.168.10.4
ip route 192.168.44.0 255.255.255.0 192.168.10.1
!
ip flow-export source FastEthernet0/0.1
ip flow-export version 5
ip flow-export destination 192.168.1.57 9996
!
no ip http server
no ip http secure-server
!
ip access-list extended Citrix-ACL
permit tcp any 192.168.1.0 0.0.0.255 eq 1494
permit tcp any 192.168.1.0 0.0.0.255 eq 2598
!
access-list 71 permit 192.168.10.0 0.0.0.255
access-list 71 permit 192.168.3.0 0.0.0.255
access-list 72 permit any
snmp-server community XXXXXX RO
snmp-server ifindex persist
no cdp run
route-map PREPEND_BACKUP permit 10
match ip address 71
set as-path prepend 65000 65000
!
route-map PREPEND_BACKUP permit 20
match ip address 72
!
!
!
!
control-plane
!
!
!
!
!
!
!
banner motd ^C
**************************
* *
* ---- Unauthorised Access Prohibited ---- *
* *
* Your access to this device will be logged *
* *
**************************
^C
!
line con 0
login local
line aux 0
line vty 0 4
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
line vty 5 15
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp server 192.168.1.253
ntp server 192.168.1.252 prefer
sntp server 192.168.1.252
sntp server 192.168.1.253
sntp server 192.168.1.254
end
visio1.png
How are the switchport interfaces configured that connect to each of these routers? I assume they're both as dot1q.
Can you try to ping the switch again but using 192.168.10.253 as source? What happens if you try to traceroute the switch from the router that cannot get to it?
Can you try to ping the switch again but using 192.168.10.253 as source? What happens if you try to traceroute the switch from the router that cannot get to it?
ASKER
traceroute and ping using 192.168.10.253 as a source are both successful.
using traceroute from the router that cannot connect returns 3 *
output of switchport config
interface FastEthernet0/30
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust dscp
macro description cisco-router
auto qos voip trust
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/31
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust dscp
macro description cisco-router
auto qos voip trust
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
using traceroute from the router that cannot connect returns 3 *
output of switchport config
interface FastEthernet0/30
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust dscp
macro description cisco-router
auto qos voip trust
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/31
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust dscp
macro description cisco-router
auto qos voip trust
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
Can you do these two from router #2?:
sh ip route
sh standby FastEthernet0/0 (or FastEthernet0/0.1)
I suspect it's treating that 192.168.10.0 network as an external network and therefore forwarding traffic to the switch to its default route (this happens when you have secondary IPs).
As to why it was working before, perhaps a state change on hsrp could have anything to do with it? (can check last state change via sh standby)
sh ip route
sh standby FastEthernet0/0 (or FastEthernet0/0.1)
I suspect it's treating that 192.168.10.0 network as an external network and therefore forwarding traffic to the switch to its default route (this happens when you have secondary IPs).
As to why it was working before, perhaps a state change on hsrp could have anything to do with it? (can check last state change via sh standby)
ASKER
sh standby fa0/0.1 output
FastEthernet0/0.1 - Group 2
State is Active
11 state changes, last state change 1w5d
Virtual IP address is 192.168.2.254
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.076 secs
Preemption enabled, delay min 120 secs
Active router is local
Standby router is 192.168.10.252, priority 100 (expires in 9.192 sec)
Priority 105 (configured 105)
Track interface FastEthernet0/1 state Up decrement 10
IP redundancy name is "hsrp-Fa0/0.1-2" (default)
FastEthernet0/0.1 - Group 10
State is Standby
9 state changes, last state change 1w5d
Virtual IP address is 192.168.10.254
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.140 secs
Preemption enabled
Active router is 192.168.10.252, priority 105 (expires in 9.300 sec)
Standby router is local
Priority 100 (default 100)
IP redundancy name is "hsrp-Fa0/0.1-10" (default)
the switch that is not pingable used to have another Vlan with an ip address assigned to it which has since been removed. i think that since then this switch has not been contactable.
sh ip route does not show anything out of the ordinary
C 192.168.10.0/24 is directly connected, FastEthernet0/0.1
FastEthernet0/0.1 - Group 2
State is Active
11 state changes, last state change 1w5d
Virtual IP address is 192.168.2.254
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.076 secs
Preemption enabled, delay min 120 secs
Active router is local
Standby router is 192.168.10.252, priority 100 (expires in 9.192 sec)
Priority 105 (configured 105)
Track interface FastEthernet0/1 state Up decrement 10
IP redundancy name is "hsrp-Fa0/0.1-2" (default)
FastEthernet0/0.1 - Group 10
State is Standby
9 state changes, last state change 1w5d
Virtual IP address is 192.168.10.254
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.140 secs
Preemption enabled
Active router is 192.168.10.252, priority 105 (expires in 9.300 sec)
Standby router is local
Priority 100 (default 100)
IP redundancy name is "hsrp-Fa0/0.1-10" (default)
the switch that is not pingable used to have another Vlan with an ip address assigned to it which has since been removed. i think that since then this switch has not been contactable.
sh ip route does not show anything out of the ordinary
C 192.168.10.0/24 is directly connected, FastEthernet0/0.1
-Could you initiate a ping from the switch to 192.168.10.253? If successful, leave it running and then try to ping from the router again (without specifying source 192.168.10.253).
Don't think the other vlan that was removed would have anything to do, since we're looking at the native vlan and we're not routing.
Important bit: is vlan 1 your native vlan on all switches?
Don't think the other vlan that was removed would have anything to do, since we're looking at the native vlan and we're not routing.
Important bit: is vlan 1 your native vlan on all switches?
ASKER
still no result. while pinging from switch to router (which is successful) i try pinging the switch from the router but it still fails.
yes Vlan 1 is the native Vlan across all switches.
i will check one of our primary routers for ACL and post back if i find anything or not.
switches in the same vtp domain can ping the 10.2 switch. they are all in the same vlan. any device outside of the 10.x nw cannot ping this device.
i will investigate further and post the results.
thanks
yes Vlan 1 is the native Vlan across all switches.
i will check one of our primary routers for ACL and post back if i find anything or not.
switches in the same vtp domain can ping the 10.2 switch. they are all in the same vlan. any device outside of the 10.x nw cannot ping this device.
i will investigate further and post the results.
thanks
Pretty odd..
Few other things:
1. Can you see the switch in question via 'show cdp neigh det' from the router?
2. Would you be able to add a static ARP entry for the switch on the router? 'ip arp static' i believe is the syntax you need to use.
Few other things:
1. Can you see the switch in question via 'show cdp neigh det' from the router?
2. Would you be able to add a static ARP entry for the switch on the router? 'ip arp static' i believe is the syntax you need to use.
ASKER
CDP is not configured on the router. adding a static arp entry has not fixed it. still cannot contact outside of its subnet.
i will reboot this switch tonight to see if it makes any difference.
i will reboot this switch tonight to see if it makes any difference.
is command
ip route
enabled globally (not just on interfaces) on router which cant ping to switch?
ip route
enabled globally (not just on interfaces) on router which cant ping to switch?
ASKER
i have had a look at the BGP routes briefly and found something that may be of interest. my knowledge of BGP is limited and would like some clarification. here is a small output of the following cmd: sh bgp from the router 192.168.10.252.
Network Next Hop Metric LocPrf Weight Path
*> 192.168.2.0 0.0.0.0 0 32768 i
* 10.10.10.253 100 7474 7474 i
*> 192.168.3.0 0.0.0.0 0 32768 i
*> 192.168.7.0 10.10.10.253 100 7474 7474 ?
*> 192.168.9.0 10.10.10.253 100 7474 i
*> 192.168.10.0 0.0.0.0 0 32768 i
*> 192.168.11.0 10.10.10.253 100 7474 i
*> 192.168.13.0 10.10.10.253 100 7474 i
*> 192.168.15.0 10.10.10.253 100 7474 i
*> 192.168.17.0 10.10.10.253 100 7474 i
*> 192.168.18.0 10.10.10.253 100 7474 i
*> 192.168.19.0 10.10.10.253 100 7474 i
*> 192.168.20.0 10.10.10.253 100 7474 7474 i
*> 192.168.32.0 10.10.10.253 100 7474 i
*> 192.168.33.0 10.10.10.253 100 7474 i
*> 192.168.34.0 10.10.10.253 100 7474 i
r> 192.168.44.0 10.10.10.253 100 7474 7474 ?
*> 192.168.50.0 10.10.10.253 100 7474 7474 ?
*> 192.168.58.0 10.10.10.253 100 7474 i
this if from the router that cannot connect, 192.168.2.252, same command:
*> 192.168.7.0 10.10.2.253 100 7474 7474 ?
*> 192.168.9.0 10.10.2.253 100 7474 i
* 192.168.10.0 10.10.2.253 100 7474 7474 i
*> 0.0.0.0 0 32768 i
*> 192.168.11.0 10.10.2.253 100 7474 i
*> 192.168.13.0 10.10.2.253 100 7474 i
could this be an issue? both of these routers are directly connected to the 192.168.10.2 switch.
thanks
Network Next Hop Metric LocPrf Weight Path
*> 192.168.2.0 0.0.0.0 0 32768 i
* 10.10.10.253 100 7474 7474 i
*> 192.168.3.0 0.0.0.0 0 32768 i
*> 192.168.7.0 10.10.10.253 100 7474 7474 ?
*> 192.168.9.0 10.10.10.253 100 7474 i
*> 192.168.10.0 0.0.0.0 0 32768 i
*> 192.168.11.0 10.10.10.253 100 7474 i
*> 192.168.13.0 10.10.10.253 100 7474 i
*> 192.168.15.0 10.10.10.253 100 7474 i
*> 192.168.17.0 10.10.10.253 100 7474 i
*> 192.168.18.0 10.10.10.253 100 7474 i
*> 192.168.19.0 10.10.10.253 100 7474 i
*> 192.168.20.0 10.10.10.253 100 7474 7474 i
*> 192.168.32.0 10.10.10.253 100 7474 i
*> 192.168.33.0 10.10.10.253 100 7474 i
*> 192.168.34.0 10.10.10.253 100 7474 i
r> 192.168.44.0 10.10.10.253 100 7474 7474 ?
*> 192.168.50.0 10.10.10.253 100 7474 7474 ?
*> 192.168.58.0 10.10.10.253 100 7474 i
this if from the router that cannot connect, 192.168.2.252, same command:
*> 192.168.7.0 10.10.2.253 100 7474 7474 ?
*> 192.168.9.0 10.10.2.253 100 7474 i
* 192.168.10.0 10.10.2.253 100 7474 7474 i
*> 0.0.0.0 0 32768 i
*> 192.168.11.0 10.10.2.253 100 7474 i
*> 192.168.13.0 10.10.2.253 100 7474 i
could this be an issue? both of these routers are directly connected to the 192.168.10.2 switch.
thanks
Since 192.168.10.0/24 is a directly connected network, that bgp entry will not make it to the routing table as the directly connected route takes precedence.
I'll see if i can get packet tracer going and try to replicate your environment
I'll see if i can get packet tracer going and try to replicate your environment
please see the interface f0/0.1 address
this connected router
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.2.253 255.255.255.0 secondary
ip address 192.168.10.252 255.255.255.0
this router is not connected
nterface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.10.253 255.255.255.0 secondary
ip address 192.168.2.252 255.255.255.0
the secondary address is not same on both side
please make sure this is right i this it should same on both side
this connected router
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.2.253 255.255.255.0 secondary
ip address 192.168.10.252 255.255.255.0
this router is not connected
nterface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.10.253 255.255.255.0 secondary
ip address 192.168.2.252 255.255.255.0
the secondary address is not same on both side
please make sure this is right i this it should same on both side
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
no answers in thread solved issue
can you post cli config here (redact sensitive data)
JAN MA CCNA