Solved

Cisco Layer 3 routing issues

Posted on 2015-01-09
9
254 Views
Last Modified: 2015-01-12
We have 2 different networks that were previously connected via a Metro E link between a sonicwall and a Cisco 3750 switch. Didn't have any issues, we used static routes on the two sides and everything worked fine. We're now in the process of moving from Metro E to MPLS provided by Time Warner Telecom, but seem to have some routing issue that is bugging me.

We have Site A which has a PC network of 192.168.155.0 / 255.255.255.0
We have Site B which has a PC network of 10.128.60.0 / 255.255.254.0

Site A has a ISP provided cisco router which holds the MPLS and then that ISP router we have plugged into our Cisco 3750 switch. The ISP's customer facing interface is configued as 10.128.62.1 / 255.255.254.0, and our Switch that this is connected to has a port configured with an IP of 10.128.62.2

Site B the MPLS is plugged into an Adtran router.

The issue we are having is this:

From a Site A computer on the network we can ping the interface on the switch (10.128.62.2), but we cannot ping the interface on the Cisco router (10.128.62.1). However if we are logged into our switch we can ping that interface as well as ping everything on the other side of the MPLS at Site B.

Site B can ping all the way to 10.128.62.2 but that's it.

I feel like somehow I'm missing some sort of route or config item to enable routing from one side to the other but I'm not sure.

Here is the config from the Site A cisco switch:


Cisco3750-Stack#sh run
Building configuration...

Current configuration : 15712 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco3750-Stack
!
enable secret 5 
!
username ans privilege 15 secret 5 
username administrator privilege 15 secret 5 
no aaa new-model
clock timezone CST -6
switch 1 provision ws-c3750-24p
switch 2 provision ws-c3750g-24t
system mtu routing 1500
ip subnet-zero
ip routing
no ip domain-lookup
ip dhcp excluded-address 192.168.120.1 192.168.120.99
!
ip dhcp pool PublicWireless
   network 192.168.120.0 255.255.254.0
   default-router 192.168.120.1
   dns-server 8.8.8.8 8.8.4.4
!
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2  1
mls qos srr-queue input cos-map queue 1 threshold 3  0
mls qos srr-queue input cos-map queue 2 threshold 1  2
mls qos srr-queue input cos-map queue 2 threshold 2  4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3  3 5
mls qos srr-queue input dscp-map queue 1 threshold 2  9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3  0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3  32
mls qos srr-queue input dscp-map queue 2 threshold 1  16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2  33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2  49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2  57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3  40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3  5
mls qos srr-queue output cos-map queue 2 threshold 3  3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3  2 4
mls qos srr-queue output cos-map queue 4 threshold 2  1
mls qos srr-queue output cos-map queue 4 threshold 3  0
mls qos srr-queue output dscp-map queue 1 threshold 3  40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3  48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3  56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3  16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3  32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1  8
mls qos srr-queue output dscp-map queue 4 threshold 2  9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3  0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
!
no file verify auto
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
no spanning-tree vlan 97
!
vlan internal allocation policy ascending
!
interface FastEthernet1/0/1
 switchport access vlan 10
 switchport mode access
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
!
interface FastEthernet1/0/2
 switchport access vlan 10
 switchport mode access
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
!
interface FastEthernet1/0/3
 switchport access vlan 10
 switchport mode access
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
!
interface FastEthernet1/0/4
 switchport access vlan 21
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet1/0/5
 description Cisco 2811 #2, 172.16.1.3
 switchport access vlan 10
 switchport mode access
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface FastEthernet1/0/6
 description IPCC Express server
 switchport access vlan 10
 switchport mode access
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
!
interface FastEthernet1/0/7
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet1/0/8
 description Adtran router
 switchport access vlan 97
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet1/0/9
 description Public Access Point
 switchport access vlan 120
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet1/0/10
 switchport access vlan 21
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet1/0/11
 switchport access vlan 21
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet1/0/12
 description Olympus-Endoserver Server
 switchport access vlan 156
 switchport mode access
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/0/13
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 100
 switchport trunk allowed vlan 100,110
 switchport mode trunk
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/0/14
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 100
 switchport trunk allowed vlan 100,110
 switchport mode trunk
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/0/15
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 100
 switchport trunk allowed vlan 100,110
 switchport mode trunk
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/0/16
 switchport access vlan 156
 switchport mode access
 switchport voice vlan 10
 speed 100
 duplex full
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
!
interface FastEthernet1/0/17
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 100
 switchport trunk allowed vlan 100,110
 switchport mode trunk
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/0/18
 spanning-tree portfast
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 100
 switchport trunk allowed vlan 100,110
 switchport mode trunk
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/0/21
 switchport trunk encapsulation dot1q
 spanning-tree portfast
!
interface FastEthernet1/0/22
 description Public Access Point vla
 switchport access vlan 120
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet1/0/23
 description Public Access Point vlan
 switchport access vlan 120
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet1/0/24
 description Fiber transceiver
 switchport access vlan 189
 switchport mode access
 speed 100
 duplex full
 spanning-tree portfast
!
interface GigabitEthernet1/0/1
 mls qos trust cos
!
interface GigabitEthernet1/0/2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet2/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/5
 description Cisco 2811 #2, 172.16.1.3
 switchport access vlan 10
 switchport mode access
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
!
interface GigabitEthernet2/0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/7
 description Public Access Point
 switchport access vlan 120
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet2/0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/11
 switchport access vlan 21
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/12
!
interface GigabitEthernet2/0/13
 description Cisco servers
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport mode access
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/14
 description Cisco servers
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport mode access
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/15
 description Cisco servers
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport mode access
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/16
 description Cisco servers
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport mode access
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/17
 no switchport
 ip address 10.233.233.1 255.255.255.252
 shutdown
 speed 100
 duplex full
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 priority-queue out
 mls qos trust dscp
 auto qos voip trust
!
interface GigabitEthernet2/0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/20
 description Uplink to Dell switch 192.168.155.30
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/21
 description Uplink to Dell switch 192.168.155.16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/22
 no switchport
 ip address 10.128.62.2 255.255.254.0
 speed 100
 duplex full
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/23
 description Uplink to Dell switch 192.168.155.6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet2/0/24
 description Fiber transceiver
 switchport access vlan 189
 switchport mode access
 speed 100
 duplex full
 auto qos voip trust
 spanning-tree portfast
!
interface Vlan1
 ip address 192.168.155.1 255.255.255.0
!
interface Vlan10
 ip address 172.16.1.1 255.255.255.0
 ip helper-address 172.16.1.2
!
interface Vlan20
 ip address 192.168.196.1 255.255.255.0
!
interface Vlan21
 ip address 192.168.197.1 255.255.255.0
!
interface Vlan97
 ip address 192.168.97.1 255.255.255.0
!
interface Vlan100
 ip address 192.168.195.1 255.255.255.0
 ip helper-address 192.168.155.25
 ip helper-address 192.168.155.24
!
interface Vlan110
 ip address 192.168.210.1 255.255.255.0
 ip helper-address 192.168.155.25
 ip helper-address 192.168.155.24
!
interface Vlan120
 ip address 192.168.120.1 255.255.254.0
!
interface Vlan156
 ip address 192.168.156.1 255.255.255.0
!
interface Vlan189
 ip address 192.168.189.2 255.255.255.252
!
interface Vlan198
 ip address 192.168.198.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.189.1
ip route 10.128.48.0 255.255.254.0 10.128.62.1
ip route 10.128.50.0 255.255.254.0 10.128.62.1
ip route 10.128.54.0 255.255.254.0 10.128.62.1
ip route 10.128.56.0 255.255.254.0 10.128.62.1
ip route 10.128.58.0 255.255.254.0 10.128.62.1
ip route 10.128.60.0 255.255.254.0 10.128.62.1
ip route 74.203.158.96 255.255.255.240 192.168.97.2
ip route 192.168.100.0 255.255.252.0 192.168.97.2
ip http server
ip http authentication local
!
access-list 120 permit icmp any 192.168.0.0 0.0.255.255 log
access-list 120 permit ip any host 192.168.120.1 log
access-list 120 permit ip host 192.168.120.1 any log
access-list 120 deny   ip any 10.0.0.0 0.255.255.255 log
access-list 120 deny   ip any 192.168.0.0 0.0.255.255 log
access-list 120 deny   ip any 172.16.0.0 0.0.255.255 log
access-list 120 permit ip any any log
arp 192.168.155.5 03bf.c0a8.9b05 ARPA
snmp-server community mgg-jW9Fn37FP RO
snmp-server enable traps tty
snmp-server enable traps license
!
control-plane
!
!
line con 0
line vty 0 4
 exec-timeout 0 0
 password 7 
 login
 length 0
line vty 5 14
 exec-timeout 0 0
 password 7
 login
line vty 159
 password 7
 login
!
ntp clock-period 36029375
ntp server 173.242.114.154
ntp server 169.229.70.183
end

Cisco3750-Stack#

Open in new window

0
Comment
Question by:themightydude
  • 4
  • 4
9 Comments
 
LVL 3

Expert Comment

by:Dimitris Ioakimoglou
ID: 40541750
Hey,
I order to simplify troubleshooting a bit, could you please run "show ip route" and posting the results, so that we can actually see what's on your current routing table?

Thanks!
0
 
LVL 4

Author Comment

by:themightydude
ID: 40542138
Here you go:


Cisco3750­Stack#sh ip route

Codes: C ­ connected, S ­ static, R ­ RIP, M ­ mobile, B ­ BGP

D ­ EIGRP, EX ­ EIGRP external, O ­ OSPF, IA ­ OSPF inter area

N1 ­ OSPF NSSA external type 1, N2 ­ OSPF NSSA external type 2

E1 ­ OSPF external type 1, E2 ­ OSPF external type 2

i ­ IS­IS, su ­ IS­IS summary, L1 ­ IS­IS level­1, L2 ­ IS­IS level­2

ia ­ IS­IS inter area, * ­ candidate default, U ­ per­user static route

o ­ ODR, P ­ periodic downloaded static route

Gateway of last resort is 192.168.189.1 to network 0.0.0.0

C 192.168.210.0/24 is directly connected, Vlan110

C 192.168.195.0/24 is directly connected, Vlan100

C 192.168.196.0/24 is directly connected, Vlan20

C 192.168.197.0/24 is directly connected, Vlan21

C 192.168.198.0/24 is directly connected, Vlan198

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, Vlan10

C 192.168.156.0/24 is directly connected, Vlan156

192.168.189.0/30 is subnetted, 1 subnets

C 192.168.189.0 is directly connected, Vlan189

10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks

C 10.128.62.0/23 is directly connected, GigabitEthernet2/0/22

S 10.128.58.0/23 [1/0] via 10.128.62.1

S 10.128.56.0/23 [1/0] via 10.128.62.1

S 10.128.60.0/23 [1/0] via 10.128.62.1

S 10.128.50.0/23 [1/0] via 10.128.62.1

S 10.128.48.0/23 [1/0] via 10.128.62.1

S 10.128.54.0/23 [1/0] via 10.128.62.1

C 192.168.97.0/24 is directly connected, Vlan97

C 192.168.155.0/24 is directly connected, Vlan1

74.0.0.0/28 is subnetted, 1 subnets

S 74.203.158.96 [1/0] via 192.168.97.2

S* 0.0.0.0/0 [1/0] via 192.168.189.1

C 192.168.120.0/23 is directly connected, Vlan120

S 192.168.100.0/22 [1/0] via 192.168.97.2

Cisco3750­Stack#

Open in new window

0
 
LVL 57

Expert Comment

by:giltjr
ID: 40543113
Can you show the routing able from SITE B's? Router.
0
 
LVL 4

Author Comment

by:themightydude
ID: 40543186
Routing table from Site B Adtran:


0.0.0.0  0.0.0.0  10.128.60.250  1  Static      

10.128.0.0  255.255.254.0  209.203.111.217  20  BGP      

10.128.48.0  255.255.254.0  209.203.111.217  20  BGP      

10.128.50.0  255.255.254.0  209.203.111.217  20  BGP      

10.128.54.0  255.255.254.0  209.203.111.217  20  BGP      

10.128.56.0  255.255.254.0  209.203.111.217  20  BGP      

10.128.58.0  255.255.254.0  209.203.111.217  20  BGP      

10.128.60.0  255.255.254.0  0.0.0.0  0  Connected      

10.128.62.0  255.255.254.0  209.203.111.217  20  BGP      

64.132.245.252  255.255.255.252  209.203.111.217  20  BGP      

66.192.190.20  255.255.255.252  209.203.111.217  20  BGP      

66.192.190.32  255.255.255.252  209.203.111.217  20  BGP      

128.10.53.0  255.255.255.0  209.203.111.217  20  BGP      

128.10.55.0  255.255.255.0  209.203.111.217  20  BGP      

128.10.60.0  255.255.255.0  0.0.0.0  0  Connected      

128.10.61.0  255.255.255.0  209.203.111.217  20  BGP      

198.18.3.136  255.255.255.252  209.203.111.217  20  BGP      

198.18.4.136  255.255.255.252  209.203.111.217  20  BGP      

198.18.9.132  255.255.255.252  209.203.111.217  20  BGP      

198.19.147.4  255.255.255.252  209.203.111.217  20  BGP      

209.203.111.216  255.255.255.252  0.0.0.0  0  Connected
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 57

Expert Comment

by:giltjr
ID: 40543230
Site B has no specific route to  192.168.155.0/30.

So it must be taking the default.  It's default route says to go to 10.128.60.250.  You need to find what 10.128.60.250 is and look at it's routing table.
0
 
LVL 4

Author Comment

by:themightydude
ID: 40543377
We'll check on that and also check with the ISP providing the MPLS, but would that explain why from Site A we can ping 10.128.62.2 which is the interface on the switch there but not able to ping 10.128.62.1 which is the interface on the ISP provided cisco router, yet we can ping it from the switch?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 40543485
Below is what I think you have.  I don't  think the 10.128.62.1/23, has a route back to 192.168.155.0/24.  

You can ping 10.128.62.2 because it is on your device and you have setup your routing table correctly.
From your device 10.126.62.2 you can ping 10.128.62.1 because their device is on the same subnet and will respond, you can also ping to other addresses because your routing table is at SITE B is correct.

I believe that you can't ping 10.128.62.1 from 192.168.155.0/24 because their device 10.128.62.1 does not know about your 192.168.155.0/24.

I believe that 10.128.60.250/23 is their device that connect to your L3 device at SITE B.

SITE A - 192.168.155.0/24
         
      10.128.62.2/23 -- YOUR L3 device
               /\
                |
               \/
        10.128.62.1/23  -- Their L3 device
               /\
                |
               \/
        MPLS CLOUD              
               /\
                |
               \/              
        10.128.60.250/23 Their L3 device
               /\
                |
               \/            
        10.128.60.???/23 Your L3 device            

SITE B - 10.128.60.0/23
0.0/23
0
 
LVL 4

Author Comment

by:themightydude
ID: 40543497
Got it resolved.

Issue ended up being that the ISP's MPLS router at Site A did not have routes for any of the networks sitting behind the Site A switch.

They added routes and it's working now.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40544262
Thanks for the points and glad you found the  problem.  I don't know if you did this as part of your trouble shooting, but I always find it very helpful to draw a picture/diagram (even a simple stick one like I did above) and then look at where I can ping from/to and where I can't.

I don't know if you know it, but when you ping from a multi-homed device (like a L3 switch or router)  most of them will use as a source address the IP address that is in the same subnet as the router to that network.

So in your situation, when you were on your L3 device in site A, if you ping'ed any host whose route was via 10.128.62.1, the source address used would have been 10.128.62.2.

Does the above make sense?
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now