[nsp] Question about a ping.

WATTIER Denis denis.wattier@arche.fr
Thu, 25 Jul 2002 18:47:07 +0200


Hello,

A customer has got a Cisco 4006 with a MSFC and sup II in order to =
route
inter-vlan(usual).
He has got a vlan 1 with approximatly 2500 users (the interface of the =
vlan
1 is 10.12.10.6)
A computer connects to the 4006 (@IP 10.X.X.X) on the vlan 1.
A server connects to the 4006 (@IP 10.1.8.121) on the vlan 1.
Ping Computer -> Server : OK
Ping Server -> Computer : OK
Now we are deconnecting the server from the 4006.
If we ping the computer to server, the answer of the ping is :

H:\>ping ps002121 -t
Pinging ps002121 [10.1.8.121] avec 32 octets de donn=E9es :
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.=20
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
Request time out
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
Request time out
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
Request time out
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.

Why have i got "R=E9ponse de 10.12.10.6 : Impossible de joindre le =
r=E9seau de
destination"=20
altought it will have to do layer two (because it's in the same vlan =
and
it's the switch)
and so the packet hasn't have to reach the layer 3.

I think that the theoric answer will always be "Request time out".

We add ACL on layer 3 (on MSFC)

Configuration ACL
interface Port-channel1.1
 description Interface-virtuelle-VLAN1-Natif
 encapsulation dot1Q 1 native
 ip address 10.12.10.6 255.0.0.0
 ip access-group 100 in
 no ip redirects
 no ip directed-broadcast
 standby 255 priority 100
 standby 255 preempt
 standby 255 ip 10.12.10.5

access-list 100 permit ip 10.0.0.0 0.255.255.255 host 10.12.10.5
access-list 100 permit ip 10.0.0.0 0.255.255.255 host 10.12.10.6
access-list 100 deny   ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
access-list 100 permit ip any any
Why is the packet not dropped?

Thanx you for all.