shawn muzzey
asked on
Can't ping gateway any longer
So our network has been running as is for several years without any problems until I tried to install a new switch the other day. So the other day I configured a new Cisco 2960x then added it to the network. When I first added the switch I had made a mistake and there was a IP conflict so I changed the IP and all was well, so I thought. The next morning I noticed that my VMWARE cluster was giving me an error for not being able to reach it's isolation address. I know it uses the default firewall/gateway(ICMP is allowed) so I tried to ping from the ESXi server but I was not able to . I then tried to ping from my system and I was able to ping the gateway. All of these systems are not the same network but different switches so I tried another system on my switch and I could not ping. I also tried from all of the switches with no luck.
So at this point I am unable to ping the gateway from anything but my system and the only difference is I am using a static address but so are the switches. The strange part is I would have never noticed this if it wasn't for VMWARE as everything is working normally and traffic is being routed through the firewall/gateway. I looked at the ARP tables on the systems and switches and the MAC is correct on all for the gateway. I also did a scan for duplicate address but none were found. I even rebooted the switches with no luck so I am a loss at the moment. I am not a network engineer but I get to play one at work from time to time so any help is appreciated.
Thank you
So at this point I am unable to ping the gateway from anything but my system and the only difference is I am using a static address but so are the switches. The strange part is I would have never noticed this if it wasn't for VMWARE as everything is working normally and traffic is being routed through the firewall/gateway. I looked at the ARP tables on the systems and switches and the MAC is correct on all for the gateway. I also did a scan for duplicate address but none were found. I even rebooted the switches with no luck so I am a loss at the moment. I am not a network engineer but I get to play one at work from time to time so any help is appreciated.
Thank you
atlas_shuddered
Was the VMware cluster moved to the new switch?
ASKER
No nothing has changed other than the addition of a new switch that I have since removed trying to resolve this. Also I can't ping from any other system on the same network other than my own.
I guess a few questions then.
1. What type of device is at your gateway? Firewall, router, switch, etc.?
2. Can you ping inside the networks? In other words, can you ping from the say the cluster to your local PC, from a file server to an AD server?
3. Can you ping from your gateway to anything in the local network other than your PC?
1. What type of device is at your gateway? Firewall, router, switch, etc.?
2. Can you ping inside the networks? In other words, can you ping from the say the cluster to your local PC, from a file server to an AD server?
3. Can you ping from your gateway to anything in the local network other than your PC?
ASKER
The gateway is a firewall.
I can ping inside the network including from the switch to my pc, from cluster to my pc. domain/servers to my pc going both ways.
From the gateway/firewall I can ping my pc, ESXi servers, switches appears to be everywhere.
I can ping inside the network including from the switch to my pc, from cluster to my pc. domain/servers to my pc going both ways.
From the gateway/firewall I can ping my pc, ESXi servers, switches appears to be everywhere.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok so after checking the logs I didn't see anything being blocked for ping. The firewall is a fortinet so I did a search to be sure I was looking at the correct logs and stumbled on a thread where a user had to use a workaround because he was not able to ping. Apparently Fortinet blocks ping if you set Admin to restrict login to trusted host even if you allow ping on the interface.
I removed an old user the other day and the rest of the users restrict access to the internal network so this caused any internal pings to fail
Thank you for the help.
I removed an old user the other day and the rest of the users restrict access to the internal network so this caused any internal pings to fail
Thank you for the help.
No problem Good luck with the new switch.