[nsp] Question about a ping.
Stephen Gill
gillsr@yahoo.com
Thu, 25 Jul 2002 16:15:41 -0500
2500 users in one broadcast domain?? -grimaces-
Perhaps you have a netmask problem on the server or computer?=20
As per the ACL, you might enable logging for each of the entries and see
where that takes you.
-- steve
-----Original Message-----
From: cisco-nsp-admin@puck.nether.net
[mailto:cisco-nsp-admin@puck.nether.net] On Behalf Of WATTIER Denis
Sent: Thursday, July 25, 2002 11:47 AM
To: 'cisco-nsp@puck.nether.net'
Subject: [nsp] Question about a ping.
Hello,
A customer has got a Cisco 4006 with a MSFC and sup II in order to route
inter-vlan(usual).
He has got a vlan 1 with approximatly 2500 users (the interface of the
vlan
1 is 10.12.10.6)
A computer connects to the 4006 (@IP 10.X.X.X) on the vlan 1.
A server connects to the 4006 (@IP 10.1.8.121) on the vlan 1.
Ping Computer -> Server : OK
Ping Server -> Computer : OK
Now we are deconnecting the server from the 4006.
If we ping the computer to server, the answer of the ping is :
H:\>ping ps002121 -t
Pinging ps002121 [10.1.8.121] avec 32 octets de donn=E9es :
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.=20
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
Request time out
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
Request time out
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
Request time out
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
R=E9ponse de 10.12.10.6 : Impossible de joindre le r=E9seau de =
destination.
Why have i got "R=E9ponse de 10.12.10.6 : Impossible de joindre le =
r=E9seau
de
destination"=20
altought it will have to do layer two (because it's in the same vlan and
it's the switch)
and so the packet hasn't have to reach the layer 3.
I think that the theoric answer will always be "Request time out".
We add ACL on layer 3 (on MSFC)
Configuration ACL
interface Port-channel1.1
description Interface-virtuelle-VLAN1-Natif
encapsulation dot1Q 1 native
ip address 10.12.10.6 255.0.0.0
ip access-group 100 in
no ip redirects
no ip directed-broadcast
standby 255 priority 100
standby 255 preempt
standby 255 ip 10.12.10.5
access-list 100 permit ip 10.0.0.0 0.255.255.255 host 10.12.10.5
access-list 100 permit ip 10.0.0.0 0.255.255.255 host 10.12.10.6
access-list 100 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
access-list 100 permit ip any any
Why is the packet not dropped?
Thanx you for all.
_______________________________________________
cisco-nsp mailing list real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/