Unable to ping peer ip address on VLAN
The ACE active & standby modules are completely in synch, however I cannot ping the peer ip address of the vlan given below. I can't ping the ip address 1.1.1.42 from within the standby ACE module as well. Ping is allowed in the service-policy permitall via management policy-map. What could be the reason ?
vlan 80 is not shared and defined in admin context.
Active ACE Module:
interface vlan 80
ip address 1.1.1.41 255.255.255.0
peer ip address 1.1.1.42 255.255.255.0
mac-sticky enable
access-group input permitvlantraffic
service-policy input permitall
no shutdown
The primary-inservice option has been added to the loadbalance vip icmp-reply active command in policy map class configuration mode. When you specify this option, the ACE replies to an ICMP ping only if the primary server farm state is UP, regardless of the state of the backup server farm. If this option is enabled and the primary server farm state is DOWN, the ACE discards the ICMP request and the request times out.
Similar Messages
-
Unable to ping IP address from SG300 -10p switch
i have two core switches, we have configured the vlan 70 in both core switch
sh run int vlan 70 --ip address: 182.94.177.34/28
configured the HSRP in both routers.
we have configured port in vlan 77 in access switch 4507R-E , we are able to ping the ip address.
again we have installed on Cisco SG300 10p switch case cading to Cisco 4507R-E access switch.
we have give below commands
switch manangement IP :
switch38cbaf(config)int vlan1
switch38cbaf(config-if)#ip address 124.4.67.47 255.255.255.0
switch38cbaf(config)#vlan database
switch38cbaf(config-if)vlan 70
switch38cbaf(config)#int gigabitethernet1
switch38cbaf(config-if)#switchport mode access
switch38cbaf(config-if)#switch access vlan 77
Trunk Configuration
switch38cbaf(config)#int gigabitEthernet9
switch38cbaf(config-if)#description << Trunk | connected to access switch 4507R-E | Fa4/1 >>
switch38cbaf(config-if)#swtichport mode trunk
switch38cbaf(config-if)#switchport trunk allowed vlan 77
problem:
i am assigned the ip address 182.94.177.44 to our desktop and connected to port Gi1
I am able to ping 182.94.177.33, 34 and 35 Ip Address but unable to ping 182.94.177.44Some things to check/verify -
a) is there a typo in your configuration above ie. you have created vlan 70 according to your configuration but the actual vlan you are using is vlan 77
b) does the trunk link between the access 4500 and the core switch allow vlan 77
c) try pinging from the client and not to it as there may be a firewall on the PC.
Jon -
Hello,
I have a new setup I'm trying to build with a WLC2106 and 4 1142n's (currently just trying to get 1 working). I have the WLC running 7.0.98.0. I built a new VLAN on our core network (3560g) and have the ap-manager, management interfaces ip'ed in that vlan. I also have the AP plugged into the PoE port on port 8 and it ip'ed in the same VLAN. The AP associates to the WLC, i am able to configure it from the WLC, but i cannot ping it, from the WLC or from anywhere. I cannot ping anything from console on the AP either.
My assumption is once, i get ip connectivity established, the AP will be able to communicate to our network DHCP server and issue out IP's. I just can't figure out what is wrong with the network setup. I have the trunk configured properly on the core switch from the WLC, i can ping other hosts on the other vlans that are allowed.
Interfaces on WLC:
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
ap-manager 1 5 10.108.5.3 Static Yes No
management 1 5 10.108.5.2 Static No No
office-vlan-2 1 2 10.108.111.96 Dynamic No No
virtual N/A N/A 1.1.1.1 Static No No
AP Config:
infraspawap2#show capwap ip config
LWAPP Static IP Configuration
IP Address 10.108.5.5
IP netmask 255.255.255.240
Default Gateway 10.108.5.1
I've been staring at this for days and just can't figure it out (so it's probably just something simple i've missed). Any help is greatly appreciated.
Thanks,
BenSo i may have solved this, or at least provided a work-around. I made the new Vlan for MGMT and AP interfaces native on the switch and changed the config on the WLC to untagged. I also disabled DHCP proxy. This allowed clients to retrieve DHCP from our network server and get connected to the LAN, however i was still unable to ping the AP.
I then moved everyhting into a different VLAN (already existing) and had the same results. I then moved the AP off of the WLC and used a power brick to connect it directly to the backbone switch. This rectified the issue. I am now able to ping accross all vlans to/from the AP. My only question really is why not from the switch on the WLC? what was/ wasn't i doing that prevented this when directly connected to the WLC? -
I'm trying to configure PPPoE between two routers ...PPPoE is establishing , but unable to ping
Server
username R4 password 0 CISCO
bba-group pppoe CISCO
virtual-template 1
interface Virtual-Template1
ip address 19.19.34.3 255.255.255.0
peer default ip address pool pool
ppp authentication chap
ip local pool pool 19.19.34.4
interface FastEthernet0/1
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer1
mtu 1492
ip address negotiated
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
ppp authentication chap callin
ppp chap hostname R4
ppp chap password 0 CISCO
no cdp enable
*Feb 10 18:32:04.595: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Feb 10 18:32:04.599: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Feb 10 18:32:04.599: Vi2 PPP: Sending cstate UP notification
*Feb 10 18:32:04.599: Vi2 PPP: Processing CstateUp message
*Feb 10 18:32:04.603: PPP: Alloc Context [49B191F8]
*Feb 10 18:32:04.603: ppp13 PPP: Phase is ESTABLISHING
*Feb 10 18:32:04.603: Vi2 PPP: Using dialer call direction
*Feb 10 18:32:04.603: Vi2 PPP: Treating connection as a callout
*Feb 10 18:32:04.603: Vi2 PPP: Session handle[DE00000E] Session id[13]
*Feb 10 18:32:04.603: Vi2 LCP: Event[OPEN] State[Initial to Starting]
*Feb 10 18:32:04.603: Vi2 PPP: No remote authentication for call-out
*Feb 10 18:32:04.603: Vi2 LCP: O CONFREQ [Starting] id 1 len 14
*Feb 10 18:32:04.603: Vi2 LCP: MRU 1492 (0x010405D4)
*Feb 10 18:32:04.603: Vi2 LCP: MagicNumber 0x19869166 (0x050619869166)
*Feb 10 18:32:04.603: Vi2 LCP: Event[UP] State[Starting to REQsent]
R4#Feb 10 18:32:04.607: Vi2 LCP: I CONFREQ [REQsent] id 1 len 19
*Feb 10 18:32:04.607: Vi2 LCP: MRU 1492 (0x010405D4)
*Feb 10 18:32:04.607: Vi2 LCP: AuthProto CHAP (0x0305C22305)
*Feb 10 18:32:04.607: Vi2 LCP: MagicNumber 0x177669A8 (0x0506177669A8)
*Feb 10 18:32:04.607: Vi2 LCP: O CONFACK [REQsent] id 1 len 19
*Feb 10 18:32:04.607: Vi2 LCP: MRU 1492 (0x010405D4)
*Feb 10 18:32:04.607: Vi2 LCP: AuthProto CHAP (0x0305C22305)
*Feb 10 18:32:04.607: Vi2 LCP: MagicNumber 0x177669A8 (0x0506177669A8)
*Feb 10 18:32:04.607: Vi2 LCP: Event[Receive ConfReq+] State[REQsent to ACKsent]
*Feb 10 18:32:04.607: Vi2 LCP: I CONFACK [ACKsent] id 1 len 14
*Feb 10 18:32:04.607: Vi2 LCP: MRU 1492 (0x010405D4)
*Feb 10 18:32:04.607: Vi2 LCP: MagicNumber 0x19869166 (0x050619869166)
*Feb 10 18:32:04.607: Vi2 LCP: Event[Receive ConfAck] State[ACKsent to Open]
*Feb 10 18:32:04.607: Vi2 PPP: Queue CHAP code[1] id[1]
*Feb 10 18:32:04.619: Vi2 PPP: Phase is AUTHENTICATING, by the peer
*Feb 10 18:32:04.619: Vi2 CHAP: Redirect packet to Vi2
*Feb 10 18:32:04.619: Vi2 CHAP: I CHALLENGE id 1 len 23 from "R3"
*Feb 10 18:32:04.619: Vi2 LCP: State is Open
*Feb 10 18:32:04.619: Vi2 CHAP: Using hostname from interface CHAP
*Feb 10 18:32:04.619: Vi2 CHAP: Using password from interface CHAP
*Feb 10 18:32:04.619: Vi2 CHAP: O RESPONSE id 1 len 23 from "R4"
*Feb 10 18:32:04.631: Vi2 CHAP: I SUCCESS id 1 len 4
*Feb 10 18:32:04.631: Vi2 PPP: Phase is FORWARDING, Attempting Forward
*Feb 10 18:32:04.631: Vi2 PPP: Queue IPCP code[1] id[1]
*Feb 10 18:32:04.635: Vi2 PPP: Phase is ESTABLISHING, Finish LCP
*Feb 10 18:32:04.635: Vi2 PPP: Phase is UP
*Feb 10 18:32:04.635: Vi2 IPCP: Protocol configured, start CP. state[Initial]
*Feb 10 18:32:04.635: Vi2 IPCP: Event[OPEN] State[Initial to Starting]
*Feb 10 18:32:04.635: Vi2 IPCP: O CONFREQ [Starting] id 1 len 10
*Feb 10 18:32:04.635: Vi2 IPCP: Address 0.0.0.0 (0x030600000000)
*Feb 10 18:32:04.635: Vi2 IPCP: Event[UP] State[Starting to REQsent]
*Feb 10 18:32:04.635: Vi2 PPP: Process pending ncp packets
*Feb 10 18:32:04.635: Vi2 IPCP: Redirect packet to Vi2
*Feb 10 18:32:04.635: Vi2 IPCP: I CONFREQ [REQsent] id 1 len 10
*Feb 10 18:32:04.635: Vi2 IPCP: Address 19.19.34.3 (0x030613132203)
*Feb 10 18:32:04.635: Vi2 IPCP: O CONFACK [REQsent] id 1 len 10
*Feb 10 18:32:04.639: Vi2 IPCP: Address 19.19.34.3 (0x030613132203)
*Feb 10 18:32:04.639: Vi2 IPCP: Event[Receive ConfReq+] State[REQsent to ACKsent]
*Feb 10 18:32:04.639: Vi2 IPCP: I CONFNAK [ACKsent] id 1 len 10
*Feb 10 18:32:04.639: Vi2 IPCP: Address 19.19.34.4 (0x030613132204)
*Feb 10 18:32:04.639: Vi2 IPCP: O CONFREQ [ACKsent] id 2 len 10
*Feb 10 18:32:04.639: Vi2 IPCP: Address 19.19.34.4 (0x030613132204)
*Feb 10 18:32:04.639: Vi2 IPCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
*Feb 10 18:32:04.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
*Feb 10 18:32:04.643: Vi2 IPCP: I CONFACK [ACKsent] id 2 len 10
*Feb 10 18:32:04.643: Vi2 IPCP: Address 19.19.34.4 (0x030613132204)
*Feb 10 18:32:04.643: Vi2 IPCP: Event[Receive ConfAck] State[ACKsent to Open]
*Feb 10 18:32:04.651: Vi2 IPCP: State is Open
*Feb 10 18:32:04.651: Di1 IPCP: Install negotiated IP interface address 19.19.34.4
*Feb 10 18:32:04.655: Di1 Added to neighbor route AVL tree: topoid 0, address 19.19.34.3
*Feb 10 18:32:04.655: Di1 IPCP: Route not installed to 19.19.34.3Please go through the link below may help you to configure the router
http://www.dslreports.com/faq/10952 -
Unable to connect to Access Point over VLAN
I have a Cisco Aironet 1142 that I am unable to ping or connect to in order to manage and unable to connect to the SSIDs . I have changed the native VLAN to 318 on the 1142. I have also set the port on my 3750X to trunk with the native VLAN set at 318. The 1142 can ping its IP address but not the Default Gateway. The switch is able to ping the Default Gateway but not the 1142. Any suggestions based upon the configs included below? Many thanks!
Aironet 1142:
interface Dot11Radio0.318
encapsulation dot1Q 318 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1.318
encapsulation dot1Q 318 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0.318
encapsulation dot1Q 318 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 172.17.18.200 255.255.255.0
no ip route-cache
ip default-gateway 172.17.18.1
3750X:
interface GigabitEthernet1/0/30
switchport trunk encapsulation dot1q
switchport trunk native vlan 318
switchport trunk allowed vlan 3,318,956
switchport mode trunk
switchport nonegotiate
switchport voice vlan 220
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICYYes, unable to ping 172.17.18.1. BVI interface is up
#sh int bvi1
BVI1 is up, line protocol is up
Hardware is BVI, address is e8b7.48f5.0f7e (bia e8ba.70e7.d430)
Internet address is 172.17.18.200/24
MTU 1500 bytes, BW 54000 Kbit/sec, DLY 5000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 03:18:25, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
133 packets input, 9926 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
1610 packets output, 189086 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out -
Unable to ping from mz to virtual interface of asa
Dear All,
one of my SNMP server 10.242.103.42 sits in MZ zone,and ACE 4710 is connected to core switch,coreswitch is connected to firewall asa.
Now iam trying to ping from MZ zone SNMP server to loadbalancer ip 10.242.105.1,iam unable to ping my LB interface to discover SLB on my SNMP server.
plese help me
srinivasIs your device seeing the mac-address of the ASA in order to send the packets? What do the logs show on the firewall itself? Can you see the ARP entry on the ASA firewall for that host?
Mike -
ASA5520 AnyConnect SSL VPN Connected but unable to ping my inside LAN
Hi there, please forgive if I have missed any forum protocols as this is my first post.
I am trying to configure Anyconnect SSL VPN. I am able to connect to the VPN on a laptop, witch is able to download the anyconnect client from the ASA. I am unable to ping any of my IP's that are on the inside of my ASA. Before posting here I have spent many hours on forums and watching videos on anyconnect SSL VPN creation and I am following it to the T but still no ping. Any help would be very much appreciated.
Inside 192.168.1.254/24
Outside dhcp
VPN Pool 192.168.250.1-50/24
Inside LAN 192.168.1.0/24
: Saved
ASA Version 8.4(4)1
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address dhcp setroute
interface GigabitEthernet0/1
nameif inside
security-level 99
ip address 192.168.1.254 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 99
ip address 192.168.100.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name dock.local
same-security-traffic permit inter-interface
object network inside-network-object
subnet 192.168.1.0 255.255.255.0
object network management-network-object
subnet 192.168.100.0 255.255.255.0
object network NETWORK_OBJ_192.168.250.0_25
subnet 192.168.250.0 255.255.255.128
object-group network AllInside-networks
network-object object inside-network-object
network-object object management-network-object
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit icmp any any echo-reply
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
access-list split_tunnel standard permit 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpn_pool 192.168.250.1-192.168.250.100 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic AllInside-networks interface
nat (inside,any) source static any any destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25 no-proxy-arp route-lookup
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable 4433
http 192.168.100.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.100.0 255.255.255.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_anyconnect internal
group-policy GroupPolicy_anyconnect attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelall
split-tunnel-network-list value split_tunnel
default-domain value dock.local
username test password JAasdf434ey521ZCT encrypted privilege 15
tunnel-group anyconnect type remote-access
tunnel-group anyconnect general-attributes
address-pool vpn_pool
default-group-policy GroupPolicy_anyconnect
tunnel-group anyconnect webvpn-attributes
group-alias anyconnect enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:24bcba3c4124ab371297d52260135924
: end :: Saved
ASA Version 8.4(4)1
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address dhcp setroute
interface GigabitEthernet0/1
nameif inside
security-level 99
ip address 192.168.1.254 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 99
ip address 192.168.100.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name dock.local
same-security-traffic permit inter-interface
object network inside-network-object
subnet 192.168.1.0 255.255.255.0
object network management-network-object
subnet 192.168.100.0 255.255.255.0
object network NETWORK_OBJ_192.168.250.0_25
subnet 192.168.250.0 255.255.255.0
object-group network AllInside-networks
network-object object inside-network-object
network-object object management-network-object
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit icmp any any echo-reply
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
access-list split_tunnel standard permit 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool Anyconnect-pool 192.168.250.1-192.168.250.100 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic AllInside-networks interface
nat (inside,outside) source static inside-network-object inside-network-object destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25
nat (inside,outside) source static management-network-object management-network-object destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.100.2 255.255.255.255 management
http 192.168.100.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.100.0 255.255.255.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_Anyconnect_VPN internal
group-policy GroupPolicy_Anyconnect_VPN attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelall
split-tunnel-network-list value split_tunnel
default-domain value dock.local
username sander password f/J.5nLef/EqyPfy encrypted
username aveha password JA8X3IiqPvFFsZCT encrypted privilege 15
tunnel-group Anyconnect_VPN type remote-access
tunnel-group Anyconnect_VPN general-attributes
address-pool Anyconnect-pool
default-group-policy GroupPolicy_Anyconnect_VPN
tunnel-group Anyconnect_VPN webvpn-attributes
group-alias Anyconnect_VPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4636fa566ffc11b0f7858b760d974dee
: end: -
Cisco 4507 Switch - Clients are unable to renew the IP Address
Hello .
i have cisco 4505 core switch with different DCHP pool bind with different Vlan
clients from one DHCP pool are unable to renew the ip address . while others DHCP pools configured on the same switch are working fine .
please Advice .Hello Leo ,
Below are the requested info :
DA-V02#sh ip dhcp binding | begin 10.1.X
10.1.X.21 0184.2b2b.adfc.74 Infinite Manual
10.1.X.22 0100.1ec9.7820.fd Infinite Manual
10.1.X.23 0100.1aa0.6f32.f7 Infinite Manual
10.1.X.24 0100.1ec9.782d.b0 Infinite Manual
10.1.X.26 01f0.4da2.25e7.b3 Infinite Manual
10.1.X.27 0100.1aa0.7872.71 Infinite Manual
10.1.X.30 0118.0373.2957.d4 Infinite Manual
10.1.X.31 01b8.ac6f.a4d2.03 Infinite Manual
10.1.X.32 0100.2170.407c.96 Infinite Manual
10.1.X.33 0100.1ec9.6ba3.d5 Infinite Manual
10.1.X.34 0100.2170.407b.c2 Infinite Manual
10.1.X.35 0100.1ec9.782a.11 Infinite Manual
10.1.X.36 0100.1ec9.6c31.32 Infinite Manual
10.1.X.37 0100.26b9.c283.09 Infinite Manual
10.1.X.38 0100.2170.407c.59 Infinite Manual
10.1.X.39 0100.2170.407c.74 Infinite Manual
10.1.X.40 0100.1ec9.6c33.2c Infinite Manual
10.1.X.41 0100.1aa0.6f1f.6d Infinite Manual
10.1.X.42 0100.1ec9.6b9e.d8 Infinite Manual
10.1.X.43 0100.1ec9.6a8b.cf Infinite Manual
10.1.X.44 0100.1ec9.782c.f3 Infinite Manual
10.1.X.45 0100.2170.4074.cf Infinite Manual
10.1.X.46 0100.1ec9.6c38.38 Infinite Manual
10.1.X.47 0100.1ec9.782c.5b Infinite Manual
10.1.X.48 0100.2170.4077.06 Infinite Manual
10.1.X.49 0184.2b2b.ae10.f0 Infinite Manual
10.1.X.50 0100.2170.407c.e6 Infinite Manual
10.1.X.51 0100.1e4f.4f31.14 Infinite Manual
10.1.X.56 0100.1ec9.783e.b1 Infinite Manual
10.1.X.57 01b8.ca3a.a2d3.b0 Infinite Manual
10.1.X.59 019c.934e.1811.d8 Infinite Manual
10.1.X.80 019c.934e.1810.cc Infinite Manual
10.1.X.87 0100.1ec9.6c1e.e3 Mar 17 2014 10:10 PM Automatic
10.1.X.98 0014.38e1.c9a0 Infinite Manual
10.1.X.114 01b8.ca3a.a31b.fe Mar 18 2014 12:57 AM Automatic
10.1.X.204 0100.1ec9.7829.5e Mar 17 2014 10:10 PM Automatic
10.1.X.205 0100.1ec9.77ea.a7 Mar 17 2014 11:46 PM Automatic
10.1.X.206 0184.2b2b.adfc.c1 Mar 17 2014 10:47 PM Automatic
10.1.X.207 01a4.badb.f89e.90 Mar 17 2014 11:39 PM Automatic
10.1.X.208 0100.1aa0.6f31.6c Mar 18 2014 01:01 AM Automatic
10.1.X.242 0108.0037.8c00.ea Infinite Manual
10.1.X.243 0000.aac1.636f Infinite Manual
10.1.X.244 0800.379b.21f0 Infinite Manual
10.1.H.205 0100.2584.1870.11 Mar 18 2014 10:23 AM Automatic
10.1.H.206 0100.2584.186f.32 Mar 18 2014 10:29 AM Automatic
ip dhcp excluded-address 10.1.X.1 10.1.X.63
ip dhcp excluded-address 10.1.X.240 10.1.X.254
ip dhcp excluded-address 10.1.X.242
ip dhcp excluded-address 10.1.X.243
ip dhcp excluded-address 10.1.X.244
ip dhcp excluded-address 10.1.X.130
ip dhcp pool floor2_users
network 10.1.X.0 255.255.255.0
default-router 10.1.X.1
dns-server 10.9.57.21 10.8.57.22
domain-name corp.ank.ad
lease 0 12
interface VlanX
ip address 10.1.X.1 255.255.255.0 -
Cisco 1941 Router-on-a-Stick w/ 11VLANs trunked to a Cisco 2960: From the Switch I can Ping a device in another VLAN, that device cannot ping back. Some devices can ping devices in other VLANs and the device in the other VLAN can successfully return the Ping. Have a look at the attached diagram.
Router Config:
show run
Building configuration...
Current configuration : 7224 bytes
! Last configuration change at 09:05:48 EDT Wed Aug 6 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname ROUTER
boot-start-marker
boot-end-marker
no aaa new-model
clock timezone EDT -8 0
ip cef
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO1941/K9
object-group network Net_Obj_Group1
description This network group allows all 10.0.0.0 and Email Forwarder server through to the Plt PCs
205.191.0.0 255.255.0.0
10.0.0.0 255.0.0.0
object-group network Net_Obj_Group2
description This Network Group includes the Host IPs allowed through the Plant Router
host 10.194.28.23
host 10.194.28.25
host 10.194.28.26
host 10.194.28.27
host 10.194.28.28
host 10.194.28.29
host 10.194.28.37
host 10.194.28.39
host 10.194.28.40
host 10.194.28.70
host 10.194.28.130
host 10.194.28.131
host 10.194.28.132
host 10.194.28.133
host 10.194.28.134
host 10.194.28.135
host 10.194.28.136
host 10.194.28.137
host 10.194.28.138
host 10.194.28.139
host 10.194.28.140
host 10.194.28.141
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Port Ge0/0 to IT Enterprise network Switch GE1/0/38
ip address 10.194.28.111 255.255.255.0
ip access-group 105 in
ip access-group 106 out
ip nat outside
ip virtual-reassembly in
shutdown
duplex full
speed auto
no mop enabled
interface GigabitEthernet0/1
description Port to Plant PCN-K/L24 Sw1 Port 0/24
no ip address
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/1.102
description Port to VLAN 102
encapsulation dot1Q 102
ip address 192.168.102.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.104
description Port to VLAN 104
encapsulation dot1Q 104
ip address 192.168.104.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.105
description Port to VLAN 105
encapsulation dot1Q 105
ip address 192.168.105.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.106
description Port to VLAN 106
encapsulation dot1Q 106
ip address 192.168.106.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.107
description Port to VLAN 107
encapsulation dot1Q 107
ip address 192.168.107.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.111
description Port to VLAN 111
encapsulation dot1Q 111
ip address 192.168.111.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.117
description Port to VLAN 117
encapsulation dot1Q 117
ip address 192.168.117.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.121
description Port to VLAN 121
encapsulation dot1Q 121
ip address 192.168.121.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.125
description Port to VLAN 125
encapsulation dot1Q 125
ip address 192.168.125.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.150
description Port to to VLAN 150
encapsulation dot1Q 150
ip address 192.168.150.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.999
description Port to VLAN 999
encapsulation dot1Q 999
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
no ip http secure-server
ip nat inside source static 192.168.102.201 10.194.28.23
ip nat inside source static 192.168.121.201 10.194.28.25
ip nat inside source static 192.168.106.251 10.194.28.26
ip nat inside source static 192.168.107.245 10.194.28.27
ip nat inside source static 192.168.102.251 10.194.28.28
ip nat inside source static 192.168.150.201 10.194.28.29
ip nat inside source static 192.168.107.179 10.194.28.37
ip nat inside source static 192.168.111.201 10.194.28.39
ip nat inside source static 192.168.105.201 10.194.28.40
ip nat inside source static 192.168.106.21 10.194.28.70
ip nat inside source static 192.168.107.146 10.194.28.130
ip nat inside source static 192.168.107.156 10.194.28.131
ip nat inside source static 192.168.107.161 10.194.28.132
ip nat inside source static 192.168.107.181 10.194.28.133
ip nat inside source static 192.168.107.191 10.194.28.134
ip nat inside source static 192.168.106.202 10.194.28.135
ip nat inside source static 192.168.106.212 10.194.28.136
ip nat inside source static 192.168.117.190 10.194.28.137
ip nat inside source static 192.168.117.100 10.194.28.138
ip nat inside source static 192.168.106.242 10.194.28.139
ip nat inside source static 192.168.125.100 10.194.28.140
ip nat inside source static 192.168.125.99 10.194.28.141
ip nat outside source static 10.194.28.23 10.194.28.23
ip nat outside source static 10.194.28.25 10.194.28.25
ip nat outside source static 10.194.28.26 10.194.28.26
ip nat outside source static 10.194.28.27 10.194.28.27
ip nat outside source static 10.194.28.28 10.194.28.28
ip nat outside source static 10.194.28.29 10.194.28.29
ip nat outside source static 10.194.28.37 10.194.28.37
ip nat outside source static 10.194.28.39 10.194.28.39
ip nat outside source static 10.194.28.40 10.194.28.40
ip nat outside source static 10.194.28.70 10.194.28.70
ip nat outside source static 10.194.28.130 10.194.28.130
ip nat outside source static 10.194.28.131 10.194.28.131
ip nat outside source static 10.194.28.132 10.194.28.132
ip nat outside source static 10.194.28.133 10.194.28.133
ip nat outside source static 10.194.28.134 10.194.28.134
ip nat outside source static 10.194.28.135 10.194.28.135
ip nat outside source static 10.194.28.136 10.194.28.136
ip nat outside source static 10.194.28.137 10.194.28.137
ip nat outside source static 10.194.28.138 10.194.28.138
ip nat outside source static 10.194.28.139 10.194.28.139
ip nat outside source static 10.194.28.140 10.194.28.140
ip nat outside source static 10.194.28.141 10.194.28.141
ip route 0.0.0.0 0.0.0.0 10.194.28.1
access-list 105 permit ip object-group Net_Obj_Group1 object-group Net_Obj_Group2
access-list 106 permit ip object-group Net_Obj_Group2 object-group Net_Obj_Group1
dialer-list 1 protocol ip permit
control-plane
banner login ^CC
Login banner for Plant Router #01^C
banner motd ^CC
MOTD Banner for Plant Router^C
line con 0
password XXXXXXXXX
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password XXXXXXXXX
logging synchronous
login
transport input all
scheduler allocate 20000 1000
ntp server 10.199.100.92
end
Switch Config:
sh ru
Building configuration...
Current configuration : 6513 bytes
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname K24Sw01
boot-start-marker
boot-end-marker
no aaa new-model
clock timezone EDT -5
clock summer-time EDT recurring
udld aggressive
crypto pki trustpoint TP-self-signed-593746944
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-593746944
revocation-check none
rsakeypair TP-self-signed-593746944
4B58BCE9 44
quit
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0
no ip address
interface GigabitEthernet0/1
description Trunk port for vlans 105, 111, 125 and 999 from K24Sw01 port Ge0/1 to P22Sw01 port Ge0/24
switchport trunk allowed vlan 105,111,125,999
switchport mode trunk
interface GigabitEthernet0/2
description Trunk port for vlans 150 and 999 from K24Sw01 port Ge0/2 to N25Sw01 port Ge0/26
switchport trunk allowed vlan 150,999
switchport mode trunk
interface GigabitEthernet0/3
description Trunk port for vlans 102, 104, 106, 107, 117 and 999 from K24Sw01 port Ge0/3 to K28Sw01 port Ge0/26
switchport trunk allowed vlan 102,104,106,107,117,999
switchport mode trunk
interface GigabitEthernet0/4
description Trunk port for vlans 102, 106, 107 and 999 from K24Sw01 port Ge0/4 to H23Sw01 port Ge0/26
switchport trunk allowed vlan 102,106,107,999
switchport mode trunk
interface GigabitEthernet0/5
description Trunk port for vlans 121, 125 and 999 from K24Sw01 port Ge0/5 to M21Sw01 port Ge0/24
switchport trunk allowed vlan 121,125,999
switchport mode trunk
interface GigabitEthernet0/6
description OPEN
spanning-tree portfast
interface GigabitEthernet0/7
description OPEN
spanning-tree portfast
interface GigabitEthernet0/8
description OPEN
spanning-tree portfast
interface GigabitEthernet0/9
description OPEN
spanning-tree portfast
interface GigabitEthernet0/10
description VLan 102 access port
switchport access vlan 102
spanning-tree portfast
interface GigabitEthernet0/11
description - VLan 104 access port
switchport access vlan 104
spanning-tree portfast
interface GigabitEthernet0/12
description - VLan 105 access port
switchport access vlan 105
spanning-tree portfast
interface GigabitEthernet0/13
description - VLan 106 access port
switchport access vlan 106
spanning-tree portfast
interface GigabitEthernet0/14
description - VLan 107 access port
switchport access vlan 107
spanning-tree portfast
interface GigabitEthernet0/15
description - VLan 111 access port
switchport access vlan 111
spanning-tree portfast
interface GigabitEthernet0/16
description - VLan 117 access port
switchport access vlan 117
spanning-tree portfast
interface GigabitEthernet0/17
description - VLan 121 access port
switchport access vlan 121
spanning-tree portfast
interface GigabitEthernet0/18
description - VLan 125 access port
switchport access vlan 125
spanning-tree portfast
interface GigabitEthernet0/19
description - VLan 150 access port
switchport access vlan 150
spanning-tree portfast
interface GigabitEthernet0/20
description - VLan 999 access port
switchport access vlan 999
spanning-tree portfast
interface GigabitEthernet0/21
description OPEN
spanning-tree portfast
interface GigabitEthernet0/22
description OPEN
spanning-tree portfast
interface GigabitEthernet0/23
description OPEN
spanning-tree portfast
interface GigabitEthernet0/24
description From ROUTER Gw ge0/1
switchport trunk allowed vlan 102,104-107,111,117,121,125,150,999
switchport mode trunk
interface GigabitEthernet0/25
interface GigabitEthernet0/26
interface Vlan1
no ip address
no ip route-cache
shutdown
interface Vlan102
ip address 192.168.102.253 255.255.255.0
interface Vlan104
no ip address
no ip route-cache
interface Vlan105
no ip address
no ip route-cache
interface Vlan106
no ip address
no ip route-cache
interface Vlan107
no ip address
no ip route-cache
interface Vlan111
no ip address
no ip route-cache
interface Vlan117
no ip address
no ip route-cache
interface Vlan121
no ip address
no ip route-cache
interface Vlan125
no ip address
no ip route-cache
interface Vlan150
no ip address
no ip route-cache
interface Vlan999
no ip address
no ip route-cache
ip default-gateway 192.168.102.1
ip http server
ip http secure-server
snmp-server engineID local 00000009020000019634C2C0
snmp-server community public RO
snmp-server location
snmp-server contact
banner motd ^CCC ADMIN USE ONLY! ^C
line con 0
session-timeout 10
password xxxxxx
logging synchronous
login
stopbits 1
line vty 0 4
session-timeout 10
password xxxxxxx
login
line vty 5 15
session-timeout 10
password xxxxxxxx
login
ntp server 10.199.100.92
end
K24Sw01#HI Mark,
Here is the my config:
Create sub-interfaces, set 802.1Q trunking protocol and ip address on each sub-interface
Router(config)#interface f0/0
Router(config-if)#no shutdown
(Note: The main interface f0/0 doesn’t need an IP address but it must be turned on)
Router(config)#interface f0/0.10
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.10.1 255.255.255.0
Router(config-subif)#interface f0/0.20
Router(config-subif)#encapsulation dot11 20
Router(config-subif)#ip address 192.168.20.1 255.255.255.0
(Note: In the “encapsulation dot1q 10″ command, 10 is the VLAN ID this interface operates in)
Configure VLAN
Switch(config)#vlan 10
Switch(config-vlan)#name SALES
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name TECH
Set ports to access mode & assign ports to VLAN
Switch(config)#interface range fa0/1
Switch(config-if)#no shutdown
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 15
Switch(config-if)#interface range fa0/3
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode access
Switch(config-if)# switchport access vlan 20
Switch(config-if)#interface range fa0/5
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode trunk
1. Please check all your port are up.
2. Check the config once again.
3. Make sure the swicth and router connection port configured as trunk and it should be up.
This config is working for me,
Regards
Dont forget to rate helpful posts. -
Unable to ping across subinterfaces
Hi everyone,
This is my first time using this service so please be gentle.
I have an 871 router connected to a 2960 switch via two ports; both ports are configured as trunks.
On one of the router's trunks, I have set up subinterfaces.
My issue is - how come I can't ping across subinterfaces, or even VLANs? Any suggestions would greatly help.
Following are my router's config and CDP output for both the router and switch:
Current configuration : 6000 bytes
! Last configuration change at 16:08:47 C Wed Oct 23 2013 by root
! NVRAM config last updated at 14:32:14 C Fri Jul 19 2013 by root
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
hostname kai-vlan-gw
boot-start-marker
boot-end-marker
enable secret 5 $1$lcxP$E3AqTmhjOU7dVGPhEEQCN1
no aaa new-model
resource policy
clock timezone C 3
ip subnet-zero
ip cef
no ip bootp server
ip domain name kenyanalliance.local
ip name-server 192.168.5.1
ip multicast-routing
ip ssh time-out 60
login block-for 100 attempts 3 within 100
crypto pki trustpoint TP-self-signed-1536830124
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1536830124
revocation-check none
rsakeypair TP-self-signed-1536830124
username root password 7 10455D485044111E1E57
class-map type port-filter match-all DHCP_Traffic
match port udp 67
class-map type port-filter match-all Telnet_Traffic
match port tcp 23
policy-map type port-filter Unnecessary_Ports
class DHCP_Traffic
drop
class Telnet_Traffic
drop
interface FastEthernet0
interface FastEthernet1
switchport mode trunk
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
no ip address
duplex auto
speed auto
interface FastEthernet4.5
encapsulation dot1Q 5
ip address 192.168.5.245 255.255.255.0
no snmp trap link-status
interface FastEthernet4.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.10.250
no snmp trap link-status
interface FastEthernet4.11
encapsulation dot1Q 11
ip address 192.168.11.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.11.250
no snmp trap link-status
interface FastEthernet4.12
encapsulation dot1Q 12
ip address 192.168.12.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.12.250
no snmp trap link-status
interface FastEthernet4.13
encapsulation dot1Q 13
ip address 192.168.13.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.13.250
no snmp trap link-status
interface FastEthernet4.14
encapsulation dot1Q 14
ip address 192.168.14.254 255.255.255.0
ip helper-address 192.168.14.250
no snmp trap link-status
interface FastEthernet4.15
encapsulation dot1Q 15
ip address 192.168.15.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.15.250
no snmp trap link-status
interface FastEthernet4.16
encapsulation dot1Q 16
ip address 192.168.16.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.16.250
no snmp trap link-status
interface FastEthernet4.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.20.250
no snmp trap link-status
interface Vlan1
ip address 10.10.10.25 255.255.255.0
ip route-cache flow
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.5.254
ip route 172.20.20.8 255.255.255.248 192.168.5.150
ip route 172.22.254.0 255.255.255.224 192.168.20.253 name TO-AKI
ip route 192.168.0.0 255.255.255.0 192.168.5.252 name Mombasa
ip route 192.168.1.0 255.255.255.0 192.168.5.252 name Thika
ip route 192.168.18.0 255.255.255.0 192.168.5.252 name Kisumu
ip route 192.168.21.0 255.255.255.0 192.168.5.150 name Machakos
ip route 192.168.22.0 255.255.255.0 192.168.5.150 name Bunyala_Yard
ip route 192.168.23.0 255.255.255.0 192.168.5.150 name Meru
ip route 192.168.100.0 255.255.255.0 192.168.5.150
no ip http server
ip http authentication local
ip http secure-server
logging trap debugging
logging 192.168.20.12
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
control-plane host
control-plane
banner exec ^C
Please be advised that you must be an administrator to proceed.
Failure to comply with this notification could lead to prosecution.
^C
banner login ^C
==============================================================
You're logging in to a restricted device. Please contact the
administrator if you need access!!
==============================================================
^C
line con 0
no modem enable
line aux 0
line vty 0 4
password 7 130E43435E5F073F3977
login local
transport preferred ssh
transport input ssh
scheduler max-task-time 5000
ntp clock-period 17174973
ntp server 128.138.141.172
end
Rouer CDP neighbors:
kai-vlan-gw#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
etsw1 Fas 1 142 S I WS-C2960-2Fas 0/23
etsw1 Fas 4 152 S I WS-C2960-2Gig 0/1
Switch CDP neighbors:
etsw1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
kai-vlan-gw.kenyanalliance.local
Fas 0/23 150 R S I 871 Fas 1
kai-vlan-gw.kenyanalliance.local
Gig 0/1 156 R S I 871 Fas 4
etsw3 Gig 0/2 177 S I WS-C2960- Gig 0/2
Kenyan_Alliance_MPLS_HQ
Fas 0/7 158 R S I 871 Fas 0
Kenya_Alliance.yourdomain.com
Fas 0/13 151 R S I 1841 Fas 0/0
Kenya_Alliance_HQ
Fas 0/14 158 R S I 881 Fas 3Thanks for your response.
Yes, the Vlans exist on the switch. Here's my switch config:
Current configuration : 3125 bytes
! Last configuration change at 10:13:13 C Thu Oct 24 2013
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname etsw1
enable secret 5 $1$QtkT$ArHPOKJqiLtNCA1/a0cjr.
no aaa new-model
clock timezone C 3
system mtu routing 1500
ip subnet-zero
ip name-server 192.168.5.1
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0/1
switchport access vlan 5
switchport mode access
interface FastEthernet0/2
switchport access vlan 5
switchport mode access
interface FastEthernet0/3
interface FastEthernet0/4
description VMHost_10.10.10.6
switchport mode trunk
interface FastEthernet0/5
description VMHost_10.10.10.7
switchport mode trunk
interface FastEthernet0/6
switchport access vlan 5
switchport mode access
interface FastEthernet0/7
switchport access vlan 5
switchport mode access
interface FastEthernet0/8
description VMHost_10.10.10.6
switchport mode trunk
interface FastEthernet0/9
description VMHost_10.10.10.7
switchport mode trunk
interface FastEthernet0/10
switchport access vlan 5
switchport mode access
interface FastEthernet0/11
switchport access vlan 20
switchport mode access
interface FastEthernet0/12
switchport access vlan 5
switchport mode access
interface FastEthernet0/13
switchport mode trunk
interface FastEthernet0/14
switchport access vlan 5
switchport mode access
interface FastEthernet0/15
description VMHost_10.10.10.6
switchport access vlan 20
switchport mode trunk
interface FastEthernet0/16
description Proxy_Server
switchport access vlan 5
switchport mode access
interface FastEthernet0/17
description VMHost_10.10.10.7
switchport mode trunk
interface FastEthernet0/18
switchport mode trunk
interface FastEthernet0/19
description VMHost_10.10.10.7
switchport mode trunk
interface FastEthernet0/20
switchport access vlan 5
switchport mode access
interface FastEthernet0/21
switchport access vlan 20
switchport mode access
shutdown
interface FastEthernet0/22
switchport mode trunk
interface FastEthernet0/23
description Mgmnt_VLAN_Int
switchport access vlan 5
switchport mode trunk
interface FastEthernet0/24
interface GigabitEthernet0/1
switchport mode trunk
interface GigabitEthernet0/2
switchport mode trunk
interface Vlan1
ip address 10.10.10.1 255.255.255.0
no ip route-cache
ip default-gateway 10.10.10.25
ip http server
logging trap debugging
logging 192.168.20.12
control-plane
banner login ^C
============================================================
You're logging in to a restricted device. Please contact the
administrator if you need access!!
============================================================
^C
line con 0
password 7 15195F5D517928313A60
login
line vty 0 4
session-timeout 5
password 7 15195F5D517928313A60
login
line vty 5 15
login
ntp clock-period 36029439
ntp server 10.10.10.25
end -
Unable to Ping IP when using route redistribution
Hi Everyone,
I have below setup
R1 is running EIGRP and connected to R2 via EIGRP
R2 is Running OSPF and connected to R3 via OSPF.
R2 is doing the redistribution of eigrp to ospf and vice versa.
R1 config
interface FastEthernet1/0/1
ip address 10.1.12.1 255.255.255.0
R1# sh ip eigrp nei
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.1.12.2 Fa1/0/1 13 01:47:54 652 3912 0 14
R2 config
interface FastEthernet0/16
ip address 10.1.12.2 255.255.255.0
sh ip eigrp nei
EIGRP-IPv4:(100) neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.1.12.1 Fa0/16 12 01:49:44 1 200 0 36
interface FastEthernet0/19
ip address 10.1.23.2 255.255.255.0
sh ip ospf 10 neighbor
Neighbor ID Pri State Dead Time Address Interface
10.1.23.3 1 FULL/DR 00:00:38 10.1.23.3 FastEthernet0/19
Redistribution config on R2
router ospf 10
router-id 10.1.23.2
log-adjacency-changes
redistribute eigrp 100 subnets
network 10.1.23.0 0.0.0.255 area 10
distribute-list 1 out
router eigrp 100
redistribute ospf 10 metric 100 100 100 100 100
no auto-summary
network 10.1.12.0 0.0.0.255
R3 config
interface FastEthernet0/16
ip address 10.1.23.3 255.255.255.0
Neighbor ID Pri State Dead Time Address Interface
10.1.23.2 1 FULL/BDR 00:00:36 10.1.23.2 FastEthernet0/16
R1 Routing Table shows routes learned via ospf network of R1.
R1#sh ip route eigrp 100
10.0.0.0/8 is variably subnetted, 15 subnets, 2 masks
D EX 10.1.10.1/32 [170/25628160] via 10.1.12.2, 01:17:03, FastEthernet1/0/1
D EX 10.1.11.1/32 [170/25628160] via 10.1.12.2, 01:17:03, FastEthernet1/0/1
D EX 10.1.8.1/32 [170/25628160] via 10.1.12.2, 01:17:03, FastEthernet1/0/1
D EX 10.1.9.1/32 [170/25628160] via 10.1.12.2, 01:17:03, FastEthernet1/0/1
D EX 10.1.13.1/32 [170/25628160] via 10.1.12.2, 01:17:03, FastEthernet1/0/1
D EX 10.1.7.1/32 [170/25628160] via 10.1.12.2, 01:17:03, FastEthernet1/0/1
D EX 10.1.23.0/24 [170/25628160] via 10.1.12.2, 01:17:03, FastEthernet1/0/1
i am able to ping the IP of OSPF interface of R2 but not of R3 as shown below
R1# ping 10.1.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.23.2, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
R1# ping 10.1.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.23.3, timeout is 2 seconds:
Success rate is 0 percent (0/5)
R1#
Need to know even the route is in routing table why i am umable to ping the IP 10.0.23.3?
Also unable to ping the loopback IP of R3 below
R1# ping 10.1.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.10.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Regards
MaheshHi Alain,
Yes R3 was getting the filtered EIGRP routes from R1 via R2.
i removed the distribute list on R2 and ping worked fine now.
I understood now why ping was not working earlier as R1 int IP 10.1.12.1 was dropped by the distribute list.
Now i added this to ACL 1 on R2 which is used by distribute list on R2 and ping works fine now while using distribute list on R2.
Best regards
Mahesh -
PIX 501 unable to ping vpnclient
Hi,
Here is the topology:
vpnclient ------->Internet---->Broadband router (with port forwarding) -----> PIX-------->Internal network
vpn client is able to establish VPN connection with PIX. VPN client can ping internal network machines (which i wasn't able to do until i used nat-treverse command). but PIX is unable to ping vpnclient's IP addresses or inside address of PIX.
++VPN Client getting this++
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : abc.com
Link-local IPv6 Address . . . . . : fe80::b940:3053:3f6f:a4c1%23
IPv4 Address. . . . . . . . . . . : 10.10.10.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
PIX> en
Password: *****
PIX# sh run
: Saved
PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 9jNfZuG3TC5tCVH0 encrypted
hostname PIX
domain-name cisco
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list in2out permit ip 172.16.0.0 255.255.255.0 10.10.10.0 255.255.255.0
pager lines 24
logging on
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 172.16.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool clientpool 10.10.10.10-10.10.10.20 mask 255.255.255.0
pdm location 172.16.0.26 255.255.255.255 inside
pdm location 192.168.0.0 255.255.255.0 outside
pdm location 172.16.0.27 255.255.255.255 inside
pdm location 10.10.10.0 255.255.255.224 outside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list in2out
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication ssh console LOCAL
http server enable
http 172.16.0.26 255.255.255.255 inside
http 172.16.0.27 255.255.255.255 inside
http 172.16.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server outside 192.168.0.6 configpix
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-aes-256 esp-sha-hmac
crypto dynamic-map ipsec_map 1 set transform-set myset
crypto map outside_map 10 ipsec-isakmp dynamic ipsec_map
crypto map outside_map interface outside
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp log 25
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption aes-256
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
vpngroup remoteClient address-pool clientpool
vpngroup remoteClient dns-server 172.16.0.1
vpngroup remoteClient default-domain abc.com
vpngroup remoteClient split-tunnel in2out
vpngroup remoteClient split-dns abc.com
vpngroup remoteClient idle-time 1800
vpngroup remoteClient password ********
telnet 0.0.0.0 0.0.0.0 outside
telnet 172.16.0.0 255.255.255.0 inside
telnet timeout 15
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.0.0 255.255.255.0 outside
ssh timeout 60
management-access outside
console timeout 0
dhcpd address 172.16.0.20-172.16.0.40 inside
dhcpd dns 194.168.4.100 194.168.8.100
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15Hi all,
Thanks all for the valueable reply's.
last time i have done modification with following commands to access cisco pix 515e from telnet from outside interface:
access-list outside_access_in permit icmp any any
access-list outside_access_in permit ip any any
access-list inside_access_out permit ip any any
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 192.168.168.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 192.168.80.0 255.255.255.0
access-list outside_cryptomap_30 permit ip 192.168.1.0 255.255.255.0 192.168.80.0 255.255.255.0
access-list 100 permit tcp any eq telnet host PIX_inside eq telnet
access-list 100 permit tcp any eq telnet host pix_outside eq telnet
access-list 100 permit tcp any eq telnet host 182.73.110.160 eq telnet
after adding the above commands i am facing this, my internet link is up and working fine, but not able to get ping reply from internet isp or dns server ip, i.e- 202.56.230.5. -
Unable to ping to the internet
if you do an nslookup then a server 8.8.8.8 what do you see?
Hey guys,
I have a weird issue. I am unable to ping out from the LAN. Pinging 8.8.8.8 goes nowhere and other sites as well.
SonicWall shows all internal to external services are allowed.
Internally everything is pingable.
I am also unable to ping from within the SonicWall Diagnostics tool. It just says IP address not responding.
NSA3500.
This topic first appeared in the Spiceworks Community -
How do I ping an IP address on a mac?
I have just entered the realm of wifi and high speed internet. According to the linksys technical support guy in India, who I could not understand, I need to ping the IP address of a range expander I bought to get it to work properly. I do not know how to do this on my mac. It is working now but very slowly. The linksys people know nothing about macs; he tried guiding me through it on XP. If you have any knowledge of linksys products I have the wre54g.
http://www.circuitcity.com/ccd/productDetail.do?oid=93822&WT.mcn=58&WT.mc_t=U&cm_ven=PAID%20SEARCH&cm_cat=ADVERTISING.COM&cm_pla=DATAFEED-%3EPR ODUCTS&cm_ite=1%20PRODUCT&cmkeycode=58
It came with software that supposedly is not essential, and is not compatible with macs.
PLEASE HELP - Thanks!!!!Sorry for the late response, but I don't think you can do what you want from your Mac directly. You need to check with your Linksys router's documentation and do it from there.
Frankly, these sorts of problems are why I recommend that people who are not knowledgable with networking spend the extra money to buy an AirPort Extreme base station. If you have problems with an AirPort Extreme, you can post here or you can simply call Apple and odds are, you'll get a technician who is easily understandable. -
I'm unable to add the email address for iMessage, that I was using before iOS 7 to my iPhone, because it says that it is "in use by another device," but I have no other devices. How do I resolve this so I can add this email address to my iPhone to send and recieve iMessages?
Sync your iPhone to iTunes, and see if that does the trick. Also you could try a Soft Reset with no Risk to Data. Holding down both the Sleep button and the Home button until the Apple logo appears and then waiting for the Reset to bring you iPhone back to the lock screen. Are you trying to add the email at Settings>Messages>Send and Receive from (2 Addresses) your iPhone number and your email address?
Maybe you are looking for
-
Error message when installing soundbla
I just install Vista and am loving it, my only prblem I have encountered is an error message when trying to install the Vista drivers. The error message I recieve is "Setup is unable to detect a supported product on your system. Please ensure that yo
-
HT201209 Redeem button not appearing??
The redeem button is not appearing in itunes or app store even though i scroll all the way to the bottom. There is nothing on the screen at all. Any ideas? This is a childs ipod and we may not have entered any charge / credit details when we set it u
-
MetaData files using CrossComponent
Hi Experts, Can any one send me the metadata files using crosscomponent in DC's. Thanks Usha.G
-
Generate accessors does not pick up all member variables
jdev 9052 i have a class containing the following member variables: private String PrincipalName = null; private String DisplayName = null; private String Surname = null; private String FullName = null; private String Identifier = null; private Strin
-
Since installing 10.8 I keep losing the ability to use many trackpad gestures, e.g. four finger swipe for desktop changes or mission control, two finger side-swipe for notifications, etc. If I reboot I get the use of them for a while but then they st