ACE 4700 - Cannot Ping the Alias

Similar Messages

• Cannot ping the gateway

  Hi
  Network:
  One firewall where the IP address is the gateway for all the internal computers and server
  From one if the internal computers I can ping the the gateway
  From the server I can ping all the internal computers but I cannot ping the gateway
  On the server I can ping:
  -  127.0.0.1, 
  - the IP address on the server
  - All the internal computers
  A hint would be nice
  Best Regards
  John B

  Arp -a
  Interface: 10.0.0.2 on Interface 0x1000003
    Internet Address      Physical Address      Type
    10.0.0.1              10-7b-ef-3a-58-09     dynamic  
    10.0.0.26             00-01-e6-b4-e1-fe     dynamic  
  Ipconfig /all
  Windows 2000 IP Configuration
   Host Name . . . . . . . . . . . . : krogh01
   Primary DNS Suffix  . . . . . . . : Krogh.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Krogh.local
  Ethernet adapter Inside:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7760 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-0B-CD-1C-7C-D9
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.1
   DNS Servers . . . . . . . . . . . : 10.0.0.2
                                       212.242.40.3
                                       212.242.40.51
  Ping 10.0.0.1
  Pinging 10.0.0.1 with 32 bytes of data:
  Request timed out.
  Request timed out.
  Request timed out.
  Request timed out.
  Ping statistics for 10.0.0.1:
      Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 0ms, Maximum =  0ms, Average =  0ms
  Ping 10.0.0.26
  Pinging 10.0.0.26 with 32 bytes of data:
  Reply from 10.0.0.26: bytes=32 time=1ms TTL=64
  Reply from 10.0.0.26: bytes=32 time<10ms TTL=64
  Reply from 10.0.0.26: bytes=32 time<10ms TTL=64
  Reply from 10.0.0.26: bytes=32 time<10ms TTL=64
  Ping statistics for 10.0.0.26:
      Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 0ms, Maximum =  1ms, Average =  0ms
  I can ping every computer on internal network without any problems, it is only the gateway I have problem with.
  I have now made a ping session from a computer on the internal network:
  Microsoft Windows [version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation. Alle rettigheder forbeholdes.
  C:\Users\lh>ipconfig /all
  Windows IP-konfiguration
     Værtsnavn. . . . . . . . . . . . . . . . . . : NUC-lone
     Primært DNS-suffiks. . . . . . . . . . . . . : Krogh.local
     Nodetype . . . . . . . . . . . . . . . . . . : Hybrid
     IP-routing aktiveret . . . . . . . . . . . . : Nej
     WINS-proxy aktiveret . . . . . . . . . . . . : Nej
     Søgeliste for DNS-suffiks. . . . . . . . . . : Krogh.local
  Ethernet-netværkskort LAN-forbindelse:
     Forbindelsesspecifikt DNS-suffiks. . . . . . :
     Beskrivelse. . . . . . . . . . . . . . . . . : Intel(R) Ethernet Connection I
  218-V
     Fysisk adresse . . . . . . . . . . . . . . . : C0-3F-D5-61-7A-3A
     DHCP aktiveret . . . . . . . . . . . . . . . : Ja
     Automatisk konfiguration aktiveret . . . . . : Ja
     Link-local-IPv6-adresse . . . . . : fe80::5c7a:dcbe:f8:7de7%11(Foretrukken)
     IPv4-adresse . . . . . . . . . . . . . . . . : 10.0.0.113(Foretrukken)
     Undernetmaske. . . . . . . . . . . . . . . . : 255.255.255.0
     Rettigheden opnået . . . . . . . . . . . . . : 12. december 2014 03:15:59
     Rettigheden udløber. . . . . . . . . . . . . : 19. december 2014 08:05:30
     Standardgateway. . . . . . . . . . . . . . . : 10.0.0.1
     DHCP-server. . . . . . . . . . . . . . . . . : 10.0.0.1
     DHCPv6 IAID . . . . . . . . . . . : 247480277
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-40-6D-C9-C0-3F-D5-61-7A-3A
     DNS-servere. . . . . . . . . . . . . . . . . : 10.0.0.2
  212.242.40.3
  212.242.40.51
     NetBIOS over Tcpip . . . . . . . . . . . . . : Aktiveret
  Tunnel-netværkskort isatap.{B46FAFD6-A60A-48D9-967D-4081FAE7F6AE}:
     Medietilstand. . . . . . . . . . . . . . . . : Mediet afbrudt
     Forbindelsesspecifikt DNS-suffiks. . . . . . :
     Beskrivelse. . . . . . . . . . . . . . . . . : Microsoft ISATAP-netværkskort
     Fysisk adresse . . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP aktiveret . . . . . . . . . . . . . . . : Nej
     Automatisk konfiguration aktiveret . . . . . : Ja
  Tunnel-netværkskort Teredo Tunneling Pseudo-Interface:
     Medietilstand. . . . . . . . . . . . . . . . : Mediet afbrudt
     Forbindelsesspecifikt DNS-suffiks. . . . . . :
     Beskrivelse. . . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interf
  ace
     Fysisk adresse . . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP aktiveret . . . . . . . . . . . . . . . : Nej
     Automatisk konfiguration aktiveret . . . . . : Ja
  C:\Users\lh>ping 10.0.0.1
  Pinger 10.0.0.1 med 32 byte data:
  Svar fra 10.0.0.1: byte=32 tid=1ms TTL=64
  Svar fra 10.0.0.1: byte=32 tid=1ms TTL=64
  Svar fra 10.0.0.1: byte=32 tid=1ms TTL=64
  Svar fra 10.0.0.1: byte=32 tid=1ms TTL=64
  Ping-statistikker for 10.0.0.1:
      Pakker: Sendt = 4, modtaget = 4, tabt = 0 (0% tab),
  Beregnet tid for rundtur i millisekunder:
      Minimum = 1ms, Maksimum = 1ms, Gennemsnitlig = 1ms
  C:\Users\lh>
  A hint would be nice :-)
  Best Regards
  John B

• Clients cannot ping the default gateway when connected to SSID

  Here is my environment,
  My controller is vWLC installed in ESXi which has to vNet Cards configured with all vlans(4095), then it is connected to a 3560 switch with trunk. The configuration of the switch interface is as belows:
  LS3560CG#sh run int fa0/1
  Building configuration...
  Current configuration : 138 bytes
  interface FastEthernet0/1
  description To_WLC
  switchport trunk encapsulation dot1q
  switchport mode trunk
  spanning-tree portfast
  end
  The IP of management interface of WLC is 10.10.10.90, VLAN is 10, DHCP primary is 10.10.10.1 which is in the 3560, the DHCP pool is configured as blows:
  LS3560CG#sh run int fa0/1
  Building configuration...
  Current configuration : 138 bytes
  interface FastEthernet0/1
  description To_WLC
  switchport trunk encapsulation dot1q
  switchport mode trunk
  spanning-tree portfast
  end
  The SSID is BYOD and I can connect the SSID and get the IP address such as 10.10.10.118/24, but for now, i cannot ping 10.10.10.1, but i can ping 10.10.10.90:
  Can anyone help me with this? Thanks

  Hi Scott
  Correct! I have resolved this a few minutes earlier. I have assigned the vSwitch to Promiscuous Mode but forgot to switch it to "Accept", the default value is "Reject"
  Thanks so much!

• Main Server cannot ping the 2nd server in another location but the 2nd server can ping the main server

     
  I have 3  servers :  Main server, and 2 file servers in another country.
  My main server can only ping the 2nd file server.
  But both of  our 2 file servers from another country can ping the main server.
  In short, I cannot remote to the first file server.
  The settings on both file servers are the same. And I don't have issues in accessing the 2nd file server using the Main server.
  Can somebody have the patience to help me figure out the issue?

  Being able to ping the server does not mean that you remotely access it.
  If you are trying to RDP a server then you need to check that RDP is enabled on the server and that traffic to port 3389 is not blocked or filtered. You can use PortQryUI for checking.
  For testing, you can temporary disable security software running on the servers and try again. Also, check the filtering done on network equipment in between your servers.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• My MacBook cannot resolve the alias when attempting to connect to LAN wired devices (WD Live Media Centre), and says operation can't be comp-leted because the original item can't be found.???

  I have 2 WD Live Media Centre devices hard-wired on my LAN. My MacBook can find these devices on the network, but when it tries to access the USB drive which is attached to the media centres, a message says the Mac it "resolving the alias to USB drive", but then says operation can't be completed because the roiginal item (USB Drive) can't be found. My PC, which is also hard-wired on the network, has no problem accessing these USB drives. Is there some adjustment I need to make?

  Well, try this (I was able to fix my with these steps):
  Go Utilities > Disk Utility
  Select your Startup Disk, e.g. Macintosh HD
  Then, under the First Aid Tab, click Verify Disk Permissions.
  If there are errors, then click repair Disk Permissions.
  After it is done, restart the computer and see if your problem is resolved.
  I hope this help.
  Zeke
  www.ZekeYuen.com/blog/

• Cannot ping the IP of the NET MGT Port

  Dear all,
  I configred the console port of the servers sunfire v440, v210
  v240
  as follow
  netsc_ipaddr =172.17.0.x
  netsc_ipnetmask= 255.255.255.0
  netsc_ipgateway =172.17.0.1
  netsc_tpelinktest="true"
  netsc_dhcp="false"
  I couldn't ping the IP address,
  When I put a cable between the NET MGT port and the switch the light is not on in the switch and climbing in the server
  H\akim

  Not sure what you mean by
  "climbing in the server". But
  the NET-MGMT port is
  10Mbit so if your switch port
  is set to 100-FULL and
  autonegotiation is turned
  off it won't work.
  Or else you have a bad cable
  or switch port, which is actually
  fairly common.

• Cannot Ping the ACS

  I am unable to ping the ACS solution engine 4.0 from my Win 2003 Server with AD installed. But the ACS can access and ping my Win 2003 server.
  I can also access the ACS Console using the same server through the browser on the 2002 port.
  Wat am i doing wrong.. please help.

  Try this link:
  http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_tech_note09186a008071bdf9.shtml
  Looks to be your issue

• I cannot ping the WWW via the shell with SWPS

  hi
  I have installed sun web proxy server, this work fine and i can access with my browser to whatever page but when i do it by example
  -bash-3.00# ping www.google.com
  no answer from www.google.com

  this is my routing table netstat -nr
  Routing Table: IPv4
  Destination Gateway Flags Ref Use Interface
  default 172.24.0.1 UG 1 4265449
  172.24.0.0 172.24.0.3 U 1 2191 vnet0:4
  224.0.0.0 172.24.0.3 U 1 0 vnet0:4
  but if i do traceroute www.google.com i receive this
  traceroute: Warning: www.google.com has multiple addresses; using 209.85.133.99
  traceroute to www.google.com (209.85.133.99), 30 hops max, 40 byte packets
  1 * * *
  2 * * *

• Cannot ping windows 2008 r2 while it is possible for another machine in the same network

  Hi,
  Recently I have set up a new server with windows 2008 r2 enterprise OS which is a domain member server. 
  At network layer I have two networks one with 192.168.1.0/22 and another with 10.0.0.0/24 network IDs.
  My problem is that I cannot ping the newly installed server from a specific machine. Server's IP address is 192.168.1.56 and the specific machine's IP address is 10.0.0.12 and it is a windows XP machine. Of course I have to say that this problem belongs
  only to this WinXP machine and all the layer 3 issues are tested and correct. This issue happens while at the same time I can ping domain controller which also is a windows 2008 r2 enterprise box and its IP address is 192.168.1.53. It turns more complicated
  when I learned I can ping the winxp machine and connect to it from new server through remote desktop. Firewall also is not the obstacle because I turned it off completely. 
  Can anybody help me fix the problem?
  TIA
  Bijan

  Hi,
  Check the path ping from xp machine to server its timing out after reaching 192.168.1.254 , What kind of a device is 192.168.1.254 IP belongs to.
  Tracing
  route to sp45newfs.ph45.local [192.168.1.56]
  over
  a maximum of 30 hops:
  0  B15-333.PH45.LOCAL [10.0.0.12]
  1  192.168.1.254
  2     *        *        *
  Computing
  statistics for 50 seconds...
            Source to Here   This Node/Link
  Hop
   RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           B15-333.PH45.LOCAL [10.0.0.12]
                                0/ 100 =  0%   |
  1    0ms     0/ 100 =  0%     0/ 100 =  0%  (192.168.1.254)----------(Which device has this IP)
                              100/ 100 =100%   |
  2  ---     (100/ 100 =100% )---(100% loss)    0/ 100 =  0%  B15-333.PH45.LOCAL [0.0.0.0]
  Trace
  complete.
  Regards,
  Srivishnu.K

• I can SSH from the outside but cannot ping ISP gateway from 2911

  Hello all,
  I came across a rather strange issue. I am able to SSH to the device from my home but while I am consoled in, I cannot ping the ISP gateway or any other IP's. As expected, all trace-routes fail without hitting the gateway as the first hop. I have been reading about the NVI0 interface and I decided to use it. Most of the sample cofigs on here use the "old" ip nat inside / outside on the appropriate interfaces. What do you guys suggest?
  Here is the running config. It is rather simple since i did not add all the access-lists except the ones I thought necessary to test the circuit. Please point out any mistakes or errors. Thanks in advance!
  Current configuration : 1679 bytes
  ! Last configuration change at 04:05:17 UTC Fri Sep 12 2014
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname StandbyGZ-2911
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$BRaM$igChPMXLeHjgYR7EGk/Nb/
  no aaa new-model
  no ipv6 cef
  no ip source-route
  ip cef
  no ip domain lookup
  ip domain name StandbyGZ.local
  ip name-server 211.136.20.203
  ip name-server 211.139.136.68
  multilink bundle-name authenticated
  license udi pid CISCO2911/K9 sn FGL174410H9
  username StandbyGZ secret 5 $1$CXWC$m6kqTGbf0HDLCvkfU7.RA/
  ip ssh version 2
  interface GigabitEthernet0/0
   no ip address
   shutdown
   duplex auto
   speed auto
  interface GigabitEthernet0/1
   description UPLINK TO CHINA MOBILE
   ip address 183.x.x.x 255.255.255.128
   ip access-group REMOTE-ADMIN-ACL in
   no ip redirects
   ip nat enable
   duplex auto
   speed auto
  interface GigabitEthernet0/2
   description CONNECTION TO LAN SWITCH 3650-CORE
   ip address 10.10.1.254 255.255.254.0
   no ip redirects
   ip nat enable
   duplex auto
   speed auto
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat source list LAN-NAT-ACL interface GigabitEthernet0/1 overload
  ip route 0.0.0.0 0.0.0.0 183.x.x.x
  ip access-list standard LAN-NAT-ACL
   permit 10.10.0.0 0.0.1.255
  ip access-list extended REMOTE-ADMIN-ACL
   permit tcp host 68.107.195.213 any eq 22 log
  control-plane
  line con 0
   exec-timeout 0 0
   logging synchronous
  line aux 0
  line vty 0 4
   exec-timeout 0 0
   logging synchronous
   login local
   transport input ssh
   transport output ssh
  scheduler allocate 20000 1000
  end
  StandbyGZ-2911# sh ip int br
  Interface                            IP-Address        OK?   Method      Status                  Protocol
  GigabitEthernet0/0         unassigned        YES    NVRAM     administratively  down down
  GigabitEthernet0/1         183.x.x.x             YES    NVRAM     up                         up
  GigabitEthernet0/2         10.10.1.254       YES    NVRAM     up                         up
  NVI0                                 183.x.x.x             YES    unset          up                         up
  StandbyGZ-2911#sh ip route
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route, + - replicated route
  Gateway of last resort is 183.233.184.129 to network 0.0.0.0
  S*    0.0.0.0/0 [1/0] via 183.233.184.129
        10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C        10.10.0.0/23 is directly connected, GigabitEthernet0/2
  L        10.10.1.254/32 is directly connected, GigabitEthernet0/2
        183.233.0.0/16 is variably subnetted, 2 subnets, 2 masks
  C        183.x.x.x/25 is directly connected, GigabitEthernet0/1
  L        183.x.x.x/32 is directly connected, GigabitEthernet0/1

  Hi Chris,
  That is what how I am used to configure the NAT, but IOS 12.3 and on introduced interface NVI0, which according to cisco documentation should make applying the NAT statements "easier". IP nat enable has to be enabled on all interfaces and then NVI0 makes the "inside" and "outside" decisions. I was hoping that someone could clarify the real use of that NVI0 interface and if it causes problems. Apparently it cannot be removed from the config. 

• Cannot ping REAL server IP addresses from CSM 6500

  I have a dual 6500/CSM routed topology in which the traffic from clients to the server VIP works fine. However, in preparation for some upcoming work, I find that I cannot ping the REAL server IP addresses. This would seem to be an important troubleshooting step. Any ideas why this wouldn't work?

  Gilles, followup question. If I understand this, what you outlined above will allow traffic external coming into the 6500/CSM to be forwarded thru to the REAL server IPs. If it wasn't clear, I was trying to ping from the native-mode 6500 that contains the CSM. I've tried regular and extended pings using the CSM-configured server VLAN's IP and alias IP, but get no response back from any of the REAL server IP addresses.
  Is what you've indicated required to ping even if I'm on the 6500 which contains the CSM?

• Cannot ping VIP in One-Arm mode

  Hello.
  I can ping the ip addresses of the vlan and access via management, the real-servers are Active along with the VIP service (ie. show service-policy) but I cannot ping the VIP interface and traces do not show any traffic hitting it because the 6500 the ACE (vc4710ace-mz.A1_8_0a) is connecting to has no ARP entry for the VIP.
  It's in One-Arm mode; one gig-link to core, vlan 141.
  I've attached the config.
  Anyone got any ideas what I'm missing, please?

  Hi,
  the default gateway of your servers is the upstream router.
  Have a look at following link: http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_One_Arm_Mode_with_Source_NAT_on_the_Cisco_Application_Control_Engine_Configuration_Example
  Nevermind the picture, it should look more like this: http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Using_an_Existing_Chained_Certificate_and_Key_in_One_Arm_Mode_Configuration_Example
  HTH,
  Dario

• "SOME" devices can resolve the ALIAS (CNAME record) for a device, but not the REAL name (A record) - Why? How do I fix this?

  I'm running the DNS server role on Windows Server 2012 R2 on a physical machine on my home network.
  My AD is configured with a non-registered name - let's say it's "home.acme.ca" and the DNS server is configured to host that zone.  I also configured a 2nd zone in the DNS server called "myinf.acme.ca".  They both run on a physical
  server with an IP of 192.168.1.10
  The DHCP server on my Cable Modem is configured to hand out 192.168.1.10 as the only DNS server to every device on my network.  On my servers (with static IP addresses), 192.168.1.10 is configured as the only DNS server available for them. 
  I took the DNS servers from my Cable Provider and configured a Forwarder on my server to send name resolution requests to them only if my DNS server can not answer the request - basically for any name resolution request that does not end with ".home.acme.ca"
  or ".myinf.acme.ca"
  The "home.acme.ca" zone is populated with 'A' records for all of the physical and virtual servers and PC's on my network.
  The "myfin.acme.ca" zone is populated with 'CNAME' records that point directly to the 'A' record in "home.acme.ca" - for example, I have a serve named s000abc123ww.home.acme.ca with an 'A' record providing an IP address of 192.168.1.20 and
  I created a 'CNAME' (alias) record named 'webserver.myinf.acme.ca' which points to the 'A' record 's000abc123ww.home.acme.ca'
  2 of my 6 machines can resolve the alias but not the real name of the server!
  .10 is the Domain Controller.  All of the other machines (except .98) are members of the home.acme.ca domain.
  I attempted to ping 's000abc123ww.home.acme.ca' AND 'webserver.myinf.acme.ca' on the following 6 computers.  I used the fully qualified name in all cases.
  4 of the below machines are able to resolve BOTH names.  The other 2 can resolve the Alias but not the real name!
  I don't understand how this is possible, but I would like to fix it...!!!  Please help?
  .10 - Server 2012 R2 (Physical) -  Hosts Active Directory and DNS.
  .20 - Server 2012 R2 (Virtual)   -  Runs SQL Server
  .21 - Server 2012 R2 (Virtual)   -  Runs Apache
  .22 - Server 2012 R2 (Virtual)  -   Runs Apache.  This is the device I am trying to ping (s000abc123ww)
  .98 - Windows 7 (Physical)
  .99 - Windows 7  (Virtual)
  .21 (which is configured nearly identically to .20 and .22) can resolve and ping the Alias, but not the real name.
  .98 can also resolve and ping the Alias, but not the real name.
  The rest of the machines can resolve and ping both the alias and the real name.
  All of the Virtual Machines are running under Hyper-V on the .10 physical server.
  All the devices are on the same subnet.
  Thank in advance to anyone who can help me understand and correct this problem!
  Jim

  Hi,
  CNAME resource records are recommended for use in the following scenarios:
  • When a host that is specified in an A resource record in the
  same zone needs to be renamed
  • When a generic name for a well-known server, such as www, must resolve to a group of individual computers (each with individual A resource records) that provide the same
  service, for example, a group of redundant Web servers
  Therefore please try to create your CNNAM record in the same zone and try again.
  The related KB:
  Adding, Changing, and Deleting Resource Records
  http://technet.microsoft.com/en-us/library/cc779020(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• 1602i standalone AP cannot ping RADIUS server

  I have a new 1602i standalone AP trying to use RADIUS authentication.  For some reason the 1602 cannot ping the RADIUS server, but will get a response from other devices.  Both are on the same subnet, the new one at .213 and the RADIUS at .209.
  AP6#ping xxx.xx.120.209
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to xxx.xx..120.209, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  AP6#ping xxx.xx.120.217
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to xxx.xx..120.217, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
  The RADUIS server is able to ping the new AP successfully.
  AP1#ping xxx.xx.120.213
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to xxx.xx.120.213, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
  Any thoughts to why that AP is unable to ping that one particular client?  Other APs are successfully contacting it for RADIUS authentication.

  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname AP6
  logging rate-limit console 9
  enable secret 5 xxxxxxxxxxxx
  aaa new-model
  aaa group server radius rad_eap
   server xxx.xx.120.209 auth-port 1812 acct-port 1813
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  clock timezone -0500 -5 0
  clock summer-time -0400 recurring
  no ip routing
  no ip cef
  dot11 syslog
  dot11 ssid xxx.xx
     authentication open eap eap_methods
     authentication network-eap eap_methods
     authentication key-management wpa
  crypto pki token default removal timeout 0
  username Cisco privilege 15 password 7 xxxxx
  bridge irb
  interface Dot11Radio0
   no ip address
   no ip route-cache
   encryption mode ciphers tkip
   ssid  MANH
   antenna gain 0
   stbc
   beamform ofdm
   station-role root
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface Dot11Radio1
   no ip address
   no ip route-cache
   shutdown
   antenna gain 0
   dfs band 3 block
   channel dfs
   station-role root
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface GigabitEthernet0
   no ip address
   no ip route-cache
   duplex auto
   speed auto
   bridge-group 1
   bridge-group 1 spanning-disabled
   no bridge-group 1 source-learning
  interface BVI1
   ip address dhcp client-id GigabitEthernet0
   no ip route-cache
  ip forward-protocol nd
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  snmp-server view dot11view ieee802dot11 included
  snmp-server community  RW
  snmp-server chassis-id AP6
  snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
  snmp-server enable traps tty
  snmp-server enable traps entity
  snmp-server enable traps disassociate
  snmp-server enable traps deauthenticate
  snmp-server enable traps authenticate-fail
  snmp-server enable traps dot11-qos
  snmp-server enable traps switch-over
  snmp-server enable traps rogue-ap
  snmp-server enable traps wlan-wep
  snmp-server enable traps config-copy
  snmp-server enable traps config
  snmp-server enable traps syslog
  snmp-server enable traps cpu threshold
  snmp-server enable traps aaa_server
  snmp-server host .0.39 public
  radius-server local
    user user1 nthash 7
  radius-server attribute 32 include-in-access-req format %h
  radius-server host xxx.xx.120.209 auth-port 1812 acct-port 1813 key 7
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  line vty 0 4
   transport input all
  sntp server xxx.xx.0.11
  sntp broadcast client
  end

• Bringing up a third interface - cannot ping servers

  Hi All,
  I have a CSS 11503 that already had 2 interfaces up and running fine. The frontend is on vlan 26 and backend server vlan is on vlan 836. Now, I have some servers on vlan 301 that needed load balancing and brought up the third interface.
  Here is my config
  interface 1/1
  bridge vlan 836
  interface 1/2
  bridge vlan 26
  interface 2/1 (this is the new interface)
  bridge vlan 301
  circuit VLAN836
  ip address 10.10.235.5 255.255.255.128
  circuit VLAN26
  ip address 10.10.26.5 255.255.255.0
  circuit VLAN301
  ip address 10.44.0.5 255.255.252.0
  Here is the "show ip route" output
  BCMDC-CSS1# sh ip route
  prefix/length next hop if type proto age metric
  10.1.20.0/22 10.1.22.150 2 mgmt local -- --
  0.0.0.0/0 10.10.26.1 1022 remote static 5342983 0
  10.44.0.0/22 10.44.0.5 1021 local local 7122 0
  10.10.26.0/24 10.10.26.5 1022 local local 5343307 0
  10.10.235.0/25 10.10.235.5 1023 local local 5343288 0
  Show arp contains all the servers I want to ping and here is the arp table on the CSS
  10.44.0.1 00-00-0c-07-ac-1f dynamic 2/1
  10.44.0.2 00-d0-02-f3-a8-00 dynamic 2/1
  10.44.0.3 00-09-12-ed-6f-00 dynamic 2/1
  10.44.0.20 00-11-25-9d-e4-98 dynamic 2/1
  10.44.0.21 00-11-25-9d-ee-d7 dynamic 2/1
  10.44.0.30 00-11-25-9d-e6-86 dynamic 2/1
  10.44.0.31 00-14-5e-3c-71-38 dynamic 2/1
  10.44.0.32 00-11-25-4a-82-a1 dynamic 2/1
  10.44.0.33 00-14-5e-3e-60-e1 dynamic 2/1
  10.44.0.34 00-11-25-9e-e5-ce dynamic 2/1
  10.44.0.35 00-11-25-9c-66-c9 dynamic 2/1
  10.44.0.40 00-1a-64-4f-21-bc dynamic 2/1
  10.44.0.41 00-1a-64-4f-23-6e dynamic 2/1
  10.44.0.50 00-1a-64-4f-2f-74 dynamic 2/1
  10.44.0.51 00-1a-64-4f-22-72 dynamic 2/1
  10.44.0.60 00-1a-64-4f-1c-ba dynamic 2/1
  10.44.0.61 00-1a-64-4f-13-06 dynamic 2/1
  I cannot ping any of the 10.44.0.x address. The interface is up and it is connected to a 6509 switch as an accessport on vlan301 and it shows up and up.
  There are no ACLs configured. I am just trying to ping the servers before I can write the content rules.
  Any ideas?

  OK. I figured out that I cannot ping the servers. But, I cannot ping the circuit vlan 301 IP from the router which is 10.44.0.5.
  However, I can ping vlan 836 circuit IP like 10.10.235.5 Here is the ping result from the router where the css is connected to
  gw1>ping 10.10.235.5
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 10.10.235.5, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
  gw1>ping 10.44.0.5
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 10.44.0.5, timeout is 2 seconds:
  Success rate is 0 percent (0/5)