[c-nsp] Am I being very stupid or....

Jan Gregor jan.gregor at chronix.org
Fri Jul 5 12:07:41 EDT 2013


Hi,

the "ip verify unicast reverse-path" blocks local ping. If you want to
allow it, you can user the "allow-self-ping" option to the command.

Best regards,

Jan

On 07/05/2013 05:53 PM, Chris Knipe wrote:
> Hi All,
> 
> I can't believe I am doing this, but I am either missing something VERY
> obvious, or I am in need for some assistance on this one... 
> 
> I have a VLAN configured on a Port-Channel (all other VLAN's on the same
> Port-Channel is working absolutely fine).
> 
> #sh run int po1.105
> Building configuration...
> 
> Current configuration : 429 bytes
> !
> interface Port-channel1.105
> encapsulation dot1Q 105
>  ip address 198.18.0.1 255.255.255.240
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip nbar protocol-discovery
>  ip virtual-reassembly in
>  ip verify unicast reverse-path
>  keepalive 30
> end
> 
> The interface is up/up
> #sh int po1.105
> Port-channel1.105 is up, line protocol is up 
>   Hardware is GEChannel, address is 0021.d816.0380 (bia 0021.d816.0380)
>   Description: WBTG-HS01 LAN
>   Internet address is 198.18.0.1/28
>   MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, 
>      reliability 255/255, txload 1/255, rxload 1/255
>   Encapsulation 802.1Q Virtual LAN, Vlan ID  105.
>   ARP type: ARPA, ARP Timeout 04:00:00
>   Keepalive set (30 sec)
>   Last clearing of "show interface" counters never
> 
> Yet, from the console on the router ON WHICH the Interface is configured
> (yes, local router - this is not even a remote ping over a wire):
> #ping 198.18.0.1
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 198.18.0.1, timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
> 
> Can someone perhaps shed some light for me as to why this would be
> occurring?  We're looking at a C3825 running IOS 12.5
> 
> Thanks for your time - hopefully this is me being an 1d10t
> 
> --
> Chris.
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20130705/26f565be/attachment.sig>


More information about the cisco-nsp mailing list