Solved

Routing issue - cant ping network from switch but can from PC/server

Posted on 2014-07-21
16
2,459 Views
Last Modified: 2014-10-24
Our top level switch, (HP 3800-48G-4SFP+) sits on ip : 192.168.1.240.  
It contains several vlans, all with the range 172.16.xxx.xxx and have the ip 172.16.xxx.240 as the default gateway
IP helpers point to my DNS server's (192.168.1.18) on all vlan's

DHCP (currently stored on server : 192.168.1.12) holds all the dhcp config for the Vlans’s with:..
router : 172.16.xxx.240

The problem lies with the following:

We have just purchased a new fibre optic flat be laser, they have a switch & router with sits on the following ip range : 192.168.100.xxx, with a g/w of 192.168.100.200 (this is it's internal router).
On port 5 of this router, they have programed a route from : 192.168.1.0 /255.255.255.0 -> 192.168.100.200

I have PC's and server's which sit on switches under the top level which can ping the ip of 192.168.1.200.
All of these PC's/server's can also browse to http://192.168.1.200, all the VLAN's allow this ip to be pinged.

BUT

Our top level switch can’t ping this IP address at all.....this is also the case for ALL my hyper V server's and host's, they can't ping 192.168.1.200 either, they sit on trunks, 3, 5 & 7.

I've added the switch config to the question, so hopefully someone might notice what iv'e done wrong.

------switch config-------


Running configuration:

; hpStack Configuration Editor; Created on release #KA.15.09.0012
; Ver #03:01.1f.ef:f2

stacking
   member 1 type "J9576A" mac-address xxxxx
   member 2 type "J9576A" mac-address xxxxx
   exit
hostname "SYSPAL-CORE"
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-hdx sensitivity high
fault-finder duplex-mismatch-fdx sensitivity high
trunk 1/35,2/35 trk1 trunk
trunk 1/36,2/36 trk2 trunk
trunk 1/37-1/38,2/37-2/38 trk3 trunk
trunk 1/41,2/41 trk4 trunk
trunk 1/39-1/40,2/39-2/40 trk5 trunk
trunk 1/42,2/42 trk6 trunk
trunk 1/43-1/44,2/43-2/44 trk7 trunk
trunk 1/45,2/45 trk8 trunk
trunk 1/47,2/47 trk10 trunk
trunk 1/48,2/48 trk11 trunk
trunk 1/33,2/33 trk12 trunk
trunk 1/34,2/34 trk13 trunk
trunk 2/32 trk14 trunk
ip arp-age 30
ip route 0.0.0.0 0.0.0.0 192.168.1.25
ip routing
interface 2/33
   disable
   exit
interface 2/42
   disable
   exit
interface 2/47
   disable
   exit
interface 2/48
   disable
   exit
snmp-server community "syspal-public" unrestricted
oobm
   ip address dhcp-bootp
   member 1
      ip address dhcp-bootp
      exit
   member 2
      ip address dhcp-bootp
      exit
   exit
router ospf
   area 0.0.0.100 range 172.16.0.0 255.255.0.0 type summary
   area 0.0.0.100 range 192.168.1.0 255.255.255.0 type summary
   enable
   exit
router rip
   redistribute connected
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1/1-1/32,1/46,2/1-2/24,2/31,2/46,Trk1-Trk8,Trk10-Trk14
   untagged 1/49-1/52,2/25-2/30,2/49-2/52
   no ip address
   exit
vlan 99
   name "Management"
   ip address 172.16.99.240 255.255.255.0
   exit
vlan 100
   name "Servers"
   untagged 1/32,Trk14
   ip address 172.16.100.240 255.255.255.0
   ip helper-address 192.168.1.18
   jumbo
   exit
vlan 101
   name "Original Network"
   untagged 1/1-1/30,2/1-2/24,2/46,Trk10,Trk13
   ip address 192.168.1.240 255.255.255.0
   ip helper-address 192.168.1.18
   exit
vlan 105
   name "IT Office"
   untagged Trk1
   ip address 172.16.105.240 255.255.255.0
   ip helper-address 192.168.1.18
   jumbo
   exit
vlan 110
   name "HR Area"
   untagged Trk2
   ip address 172.16.110.240 255.255.255.0
   ip helper-address 192.168.1.18
   exit
vlan 115
   name "Sales Office"
   untagged 2/31,Trk3-Trk6
   ip address 172.16.115.240 255.255.255.0
   ip helper-address 192.168.1.18
   exit
vlan 120
   name "Production Area"
   untagged 1/46,Trk7-Trk8,Trk12
   ip address 172.16.120.240 255.255.255.0
   ip helper-address 192.168.1.18
   exit
vlan 125
   name "Wireless"
   untagged Trk11
   ip address 172.16.125.240 255.255.255.0
   ip helper-address 192.168.1.18
   exit
vlan 130
   name "Shop Floor Press"
   untagged 1/31
   ip address 172.16.130.240 255.255.255.0
   exit
primary-vlan 100
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
spanning-tree Trk3 priority 4
spanning-tree Trk4 priority 4
spanning-tree Trk5 priority 4
spanning-tree Trk6 priority 4
spanning-tree Trk7 priority 4
spanning-tree Trk8 priority 4
spanning-tree Trk10 priority 4
spanning-tree Trk11 priority 4
spanning-tree Trk12 priority 4
spanning-tree Trk13 priority 4
spanning-tree Trk14 priority 4
spanning-tree mode rapid-pvst
spanning-tree vlan 100 root primary
spanning-tree vlan 101 root primary
spanning-tree vlan 105 root primary
spanning-tree vlan 110 root primary
spanning-tree vlan 115 root primary
spanning-tree vlan 120 root primary
spanning-tree vlan 125 root primary
no autorun
no dhcp config-file-update
no dhcp image-file-update
0
Comment
Question by:thegiantsmurf
  • 5
  • 4
  • 4
16 Comments
 
LVL 10

Assisted Solution

by:schaps
schaps earned 500 total points
ID: 40209066
It's not clear to me how the laser device has the IP address of 192.168.1.200. You might provide more information on how that's connected to the network and configured (I also don't know what a "fibre optic flat be laser" is, if that is relevant). Is there some reason one device needs its own router?

When I have had such odd issues, one method of troubleshooting which has been helpful is to choose one device, ideally a PC/laptop of some sort, and attach it to a port on your core switch, and then change the VLAN on that port in a systematic fashion to all the VLANs you have, each time getting a new IP address in the correct range (or assigning statically, as needed), and then pinging a group of hosts, servers, gateway, etc. and tracking what works, what doesn't. This takes the device variable and location on the network out of the mix and often will clearly illustrate what is happening, why some pings get through, some don't. Something important along those lines to remember is that sometimes the lack of ping response doesn't mean the initial ping isn't getting through, but only that the ping response is not finding a route back.

At minimum, that procedure I described helps determine what to test next. Sometimes it's setting up a sniffer on a mirrored port to see if pings are getting through to a host and whether it's even sending a response (sometimes firewall rules disable ping responses to certain subnets/hosts).

More info?
0
 

Author Comment

by:thegiantsmurf
ID: 40209290
The laser has several unit's attached to it's own network (in the 192.168.100.xxx range - Remote PC, CNC pump, internal sensors, camera's etc etc, all managable and diagnosed by IP).

The router (which sit's on 192.168.100.200) dishes out the rules to allow communication on it's own internal range.
(Everything that sit's on this network has a gateway of 192.168.100.200)
On Port 5 of this router, is a cat5e cable which connects to our live network switch (on the 192.168.1.xxx range)

The router has the rule that creates a static IP of 192.168.1.200 and pumps it through port 5.

I can ping this ip from nearly every machine in the company EXCEPT for the top level switch and ALL my hyper V servers running from the trunks 3,5 & 7.
0
 
LVL 10

Accepted Solution

by:
schaps earned 500 total points
ID: 40209392
Trunks 3, 5 and 7 are unique in that they consist of four ports, two on each stack member. The others are all one port on each stack member. So that is too big a coincidence to ignore. I like HP Networking mostly, but HP trunking is an area that has given me many problems over the years.

Try this: on whichever of the three trunks is least vital, either unplug three of the four cables or administratively disable three of the four ports, wait a minute, and then try pinging from a server on that VLAN. I suspect it might work.

If you don't want to try that but can do a port mirror off whatever switch/port goes to the laser router, put a sniffer on it, and see if your pings are arriving there, it would help narrow down whether it's a matter of pings or ping responses not getting through.
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 40213032
Did I miss something or do you have two 192.168.1.x networks in your config?
This one:
vlan 101
   name "Original Network"
   untagged 1/1-1/30,2/1-2/24,2/46,Trk10,Trk13
   ip address 192.168.1.240 255.255.255.0
   ip helper-address 192.168.1.18
   exit

and the one "behind" the laser.

If that is the case, I can't understand how the packets can be routed to the "correct" 192.168.1.x network.

Also, I can't see a vlan or route to 192.168.100.x in your config, so it would mean that the packets to it are routed to the "default gateway" without any specific rule, which seems weird to me.

When using ping as a diagnosis tool, it is always a goog idea to ping something that sits BEHIND any routing device. Pinging a router interface can give you the false impression that your routing does work when actually you have reached one of the other interfaces of the router, which "knows" all its interfaces even without a correct routing.

I think that a kind of schema of your network could help us (me) having a better understanding of your network topology, since for now I just can't understand it.

Ah, something else (certainly not relevant): ip-helper is for DHCP, not for DNS. And you don't need an ip-helper to 192.168.1.18 for the network 192.168.1.x (since 192.168.1.18 is in the same network, it will receive the DHCP broadcasts from the DHCP clients).
0
 

Author Comment

by:thegiantsmurf
ID: 40381017
I've requested that this question be deleted for the following reason:

We have decided to abandon this project
0
 
LVL 10

Expert Comment

by:schaps
ID: 40376917
The OP may have decided to abandon the project, but it was not until after I and another spent some time analyzing his config, asking questions, and offering some ideas. Not really fair to abandon, in my opinion.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 16

Expert Comment

by:vivigatt
ID: 40381018
Not fair to abandon a question that some experts have been working on and have provided valuable leads...
0
 
LVL 10

Expert Comment

by:schaps
ID: 40393310
Recommendation: close request, split points between vivigatt and me.

After evaluating the information provided, I offered suggestions in two posts:

40209066
and
40209392

vivigatt also offered some good information in:

40213032

There is no way to tell whether this project was really "abandoned," or whether if, in fact, our help led to a solution. Even if our help contributed to a realization that the setup was or would be problematic, points should be awarded for that contribution we made.

If the request is closed with no points, that sets a bad precedent for a way to get help from this forum and then not report back success and not have to pay the points.

Thanks for your consideration.
0
 

Author Comment

by:thegiantsmurf
ID: 40393827
The only way we got this to work was t create a standalone (none virtualized server) and run the following command in dos :

route -p add 192.168.100.0 MASK 255.255.255.0 192.168.1.200

This works, that is why the 'project' was dropped.
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 40394364
I agree with comment
http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_28480184.html#a40393310
I would recommend to split the points evenly between the 3 comments that were quoted previously.

The OP resolved his issue, which seems to be a routing issue, as we suspected (and as I suspect our comments led him to find out), with a static route.
It may not be the cleanest way to solve the issue and the reason for the issue is not clear, but if it works...
0
 
LVL 10

Expert Comment

by:schaps
ID: 40396149
The question was abandoned for 90 days, and in order to support this protest, I had to spend another block of time trying to understand how the O.P.'s stated work-around could have worked given the provided details, since after that amount of time, I had little recollection of the specific issue. I won't spend any more time on this given the likelihood that no points will be awarded.
I understand your policy, but I think it's not in the long-term best interest of this community to allow abandoned requests/questions to be withdrawn after time and effort has been invested in an attempt to help. I know it has a negative effect on my enthusiasm to contribute.

Please consider my protest on this to be withdrawn, I am out.
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 40397326
I agree with schaps.
I will not waste any more time on this issue.
I have to remember the name of the O.P. (TheGiantSmurf, easy to remember!) and I will certainly not make any effort to answer any future question by him, since he did not try to provide us with the details that would have made it possible to support him efficiently and since he did not even want to recognize our efforts to try to help.
0
 

Author Comment

by:thegiantsmurf
ID: 40402770
I'll split the points where is required....but as per my previous posts I was unable to get the hyper v servers to see the separate network.

With management pushing me & engineers only being in site for 2 days when the original post was created, I was being pushed to find a quick solution.

The static route in dos in a windows 2003 server solved our problem....
I don't want to burn any bridge with any technical guys here....I'm sorry if I have :-(
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now