ping with source specified

When I ping the remote site from my core switch, it does not work. But when I specify "source vlan 10", it works. Why is that?
LVL 1
leblancAccountingAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
rfportillaConnect With a Mentor Commented:
Because whichever vlan the switch is using by default does not have access to the Internet, but VLAN 10 does.  Are you familiar with VLAN's?  They are used to segment traffic like a router.
0
 
leblancAccountingAuthor Commented:
My layer 3 core switch has a default route pointed to the distribution WAN layer 3 switch, then to the FW to access the internet. I have SVIs configured on my core switch. I believe all of my VLAN can access the Internet.
I did not have to specify the source vlan with the ping before I moved from layer 2 to layer 3 between the core switch and the distribution WAN layer 3 switch.
0
 
giltjrConnect With a Mentor Commented:
What IP address does your L3 core use by default?

Maybe your WAN L3 switch or your firewall does not have a route back to that address/subnet?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
leblancAccountingAuthor Commented:
On my L3 core, my default route is pointed to the next hop /30 of the WAN distribution L3 switch interface. All subnets are /24.
0
 
rfportillaCommented:
I don't know your switch.  Is there a command to determine the default network interface and/or vlan?  I think there might be a default vlan that is used internally that might be default in the management if.  I've seen many switches with extra interfaces and vlans that don't seem like they are needed, but they exist (and not always easily visible).  

In either case, is this just a curiosity or is there an issue stemming from this?
0
 
giltjrConnect With a Mentor Commented:
Assuming your setup is like:

CORE-L3 < -- > WAN-L3 <----> Firewall

Typically a L3 switch (your CORE-L3) will use the IP address of the SVI based on your routing table.  So if you are ping'ing 1.1.1.1, what is the IP address of the router it will use as the next hop.

I would assume that it would be the IP address in CORE-L3 that is on the subnet between CORE-L3 and WAN-L3.

So first thing to check is does the firewall have a route back to that subnet.
Second thing to check is does the firewall have a policy that would allow ICMP to/from that subnet.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.