>Having said that, I wish I could explain why can ping from the
switch but not from the user's PC.
It's sometimes important to remember that *transit* traffic and
*originated* traffic aren't necessarily handled identically. You
could set up an ACL matching your ICMP (and potentially UDP trace)
traffic from the PC to the destination exactly and then run some debug
to try to see what's happening. But since it's a production box, you
might want to wait for a maintenance window if you have one coming
up. Or just look very closely at your config for policy that might be
impacting transit traffic but not locally-originated traffic...
____________________________________________
There are only 10 types of people in the world:
Those who understand binary and those who do not...
On Feb 8, 2011, at 10:48 , Jersey Guy wrote:
> Thanks Dima, I can't swap IPs since it's a production environment.
>
> I can tell that routing/NAT is broken at the destination end. The
> source IP
> is in overlap IP space of another AS# that we merged with. There's
> NAT in
> place to deal with this but there's something not set up correctly
> with this
> source subnet in question. Having said that, I wish I could explain
> why I
> can ping from the switch but not from the user's PC.
>
> thanks, JG
>
>
> On Tue, Feb 8, 2011 at 11:36 AM, Dima Muzychko <muzychko_at_gmail.com>
> wrote:
>
>> Hi
>>
>> I would suggest to swap ip-addresses of DG and PC...
>> You might get a case when ping works from PC but stops working from
>> DG. It
>> will identify existence of PBR or FW
>>
>>
>>
>> 2011/2/8 Carl Gosselin <carl.gosselin_at_altizone.com>
>>
>>> Jersey,
>>> Look into your routing table for that destination.
>>> If the routing table follows the same path as the traceroute from
>>> the
>> 6509
>>> then you will know that the routing of that hop is fine.
>>>
>>> My guess is that you may have some PBR defined on your network...
>>>
>>> Look for route-maps that would select your source traffic and send
>>> it a
>>> different way then the information in the routing table....
>>>
>>> Also the target host? Does it use a different default GW then the
>>> router
>>> send the packet on the last hop?
>>>
>>> Any default routes used on the path?
>>>
>>> You must draw out the network with the routing hop by hop to be
>>> able to
>>> find the issue... Both ways... From the source to the destination
>>> and the
>>> reverse...
>>>
>>> This is not something that anyone can answer easily on a forum...
>>>
>>> /Carl
>>>
>>>
>>>
>>> On 2011-02-08, at 10:32, Jersey Guy <guy.jersey_at_gmail.com> wrote:
>>>
>>>> Hi Larry,
>>>> I can ping successfully from the 6509 using the source IP of the
>>>> vlan
>> on
>>>> which the user sits. From the user's PC, cannnot ping the same
>>>> address!
>>> If I
>>>> do a trace from the pc, it does after 8 hops. I don't know what
>>>> the 8th
>>> hop
>>>> is, as I'm not able to telnet to it (connection refused). When I
>>>> get
>> into
>>>> the 7th hop and do a trace for the destination IP, the route
>>>> points to
>> a
>>>> different machine than the 8th hop in the traceroute. That is
>>>> weird.
>>>>
>>>> On Fri, Feb 4, 2011 at 6:27 AM, Larry H <larryh12203_at_gmail.com>
>>>> wrote:
>>>>
>>>>> Have you tried to ping from the 6509 using the source ip of one
>>>>> of the
>>> user
>>>>> vlan's? What is the result? What about a trace from the pc?
>>>>> Where does
>>> it
>>>>> die?
>>>>>
>>>>> Thanks
>>>>> Larry Hadrava
>>>>> CCIE #12203
>>>>>
>>>>> Sent from my iPad
>>>>>
>>>>> On Feb 3, 2011, at 6:16 PM, Jersey Guy <guy.jersey_at_gmail.com>
>>>>> wrote:
>>>>>
>>>>>> From the user's machine I can ping plenty of other IPs
>>>>>> including the
>>>>> default
>>>>>> gateway and other IPs many hops away.
>>>>>>
>>>>>> On Thu, Feb 3, 2011 at 6:07 PM, Raghav Bhargava
>>>>>> <raghavbhargava12_at_gmail.com>wrote:
>>>>>>
>>>>>>> Did u check the user machine..whether there is a host firewall
>>> blocking
>>>>>>> icmp on his machine..
>>>>>>>
>>>>>>> -Raghav
>>>>>>>
>>>>>>> On Thu, Feb 3, 2011 at 2:35 PM, Jersey Guy
>>>>>>> <guy.jersey_at_gmail.com>
>>>>> wrote:
>>>>>>>
>>>>>>>> Folks,
>>>>>>>> I have a 6509 switch with a few user vlans. From the switch I
>>>>>>>> can
>>> ping
>>>>> a
>>>>>>>> certain IP address that sits multiple hops away. From user
>>> workstations
>>>>>>>> that
>>>>>>>> have this switch as their default gateway, I can't ping the
>>>>>>>> same IP
>>>>>>>> address.
>>>>>>>> I've checked the usual stuff - subnet mask, being able to
>>>>>>>> ping the
>>>>> default
>>>>>>>> gateway, being able to ping other IPs, rebooting the darn
>>>>>>>> PC....no
>>>>> change.
>>>>>>>> For clarification, when on the switch, I run extended ping
>>>>>>>> with the
>>>>> user's
>>>>>>>> vlan as the source address. It works fine. Just can't ping
>>>>>>>> from the
>>>>> user's
>>>>>>>> machine! Any pointers/ideas please?!
>>>>>>>>
>>>>>>>> TIA
>>>>>>>>
>>>>>>>>
>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>
>>>>>>>>
>>> _______________________________________________________________________
>>>>>>>> Subscription information may be found at:
>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Warm Regards
>>>>>>> Raghav
>>>>>>
>>>>>>
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>>
>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Feb 08 2011 - 11:21:20 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART