Connectivity problems with Cisco routers and switches

Discussion in 'Cisco' started by Oliver Habegger, Feb 18, 2005.

  1. Hi news group

    I am not a Cisco specialist and I am just looking for a feedback for a
    problem we are facing at our ISP infrastructure.

    We got two ISPs and they are doing BGP together. This was now checked
    various times and is obviously not the problem.

    The symthoms are, from one of this router we cannot ping a certain internal
    IP address, but from the other we can. Between the ISP routers and the
    firewall cluster we have Catalyst 2950-12 Switch.

    when I plugin a PC directly to this switch, we have no problem at all
    reaching everything without interruption. But comming from the Internet,
    certain IP are reachable for 30 seconds then down for another 30 seconds and
    reachable again. Toggeling the whole day up and down.

    Now what I have seen on the Cisco switch is the following:

    interface FastEthernet0/1
    description router2
    switchport access vlan 200
    switchport mode access
    speed 100
    duplex full

    interface FastEthernet0/2
    description router1
    switchport access vlan 200
    speed 100
    duplex full

    And router 1 is the one having problem reaching certain internal IPs. Has it
    something to do with the line "switchport mode access" which is missing
    there?

    Thanks and bye,
    Oliver



    ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
     
    Oliver Habegger, Feb 18, 2005
    #1
    1. Advertising

  2. Oliver Habegger

    Merv Guest

    post the complete configs for both routers and the 2950 switch
     
    Merv, Feb 18, 2005
    #2
    1. Advertising

  3. > post the complete configs for both routers and the 2950 switch
    Sorry I got no access and the routers, so I don't know what the
    configuration is.

    For the switch I could provide more infos if you tell me what exactly you
    need! Except passwords and IPs of course ;-))

    Bye, Oliver



    ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
     
    Oliver Habegger, Feb 18, 2005
    #3
  4. Oliver Habegger

    Merv Guest

    you should definitely have "switch mode access" configured on both
    switch ports that are connected to your routers
     
    Merv, Feb 18, 2005
    #4
  5. Oliver Habegger

    Merv Guest

    so who is running the ping tests to the internal IP address ? Your
    ISPs?

    If you can ping the Internal IP address from the switch but not via the
    routers, then you also need to look at the firewall config to see what
    it accepts or blocks with repsect to ICMP echo anbd echo-reply.

    Set up a monitoring port on your switch and then capture the ICMP
    traffic using something like Etherreal while the ping tests are
    conducted from the router that does not work - do you see an inbound
    ICMP echo from the router?

    put a sniifer on the inside segment to see if that ICMP echo makes it
    thru the firewall
     
    Merv, Feb 18, 2005
    #5
  6. > so who is running the ping tests to the internal IP address ? Your
    > ISPs?

    The ISP did the tests from the routers and repported be that from one router
    the IPs are not reachable. I presonally can do the test from the Internat
    and see the ping toggeling up and down. So I guess this is because once it
    runs through router 1 and 20 seconds later through router 2. This is what i
    feel, but I guess this does not really help, does it?

    > If you can ping the Internal IP address from the switch but not via the
    > routers, then you also need to look at the firewall config to see what
    > it accepts or blocks with repsect to ICMP echo anbd echo-reply.

    No, block everything is opne fpr ICMP at this time. And as I mentions from a
    PC connected to this switch it works ok.

    > put a sniifer on the inside segment to see if that ICMP echo makes it
    > thru the firewall

    This is the next stept we have planned to do, I just though I will ask here
    first so I get some ideas what it could be.

    > you should definitely have "switch mode access" configured on both
    > switch ports that are connected to your routers

    Ok, this already helps me, as this is not configured on the port which leads
    to the router having a problem. We are going to change this first!

    Thanks and bye,
    Oliver



    ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
     
    Oliver Habegger, Feb 18, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ed Simmons
    Replies:
    1
    Views:
    390
  2. Laura Li
    Replies:
    2
    Views:
    738
    Howard Huntley
    Sep 10, 2004
  3. zher
    Replies:
    3
    Views:
    938
    Pete Mainwaring
    Sep 27, 2004
  4. Juan Carlos
    Replies:
    2
    Views:
    638
    hxl0209
    Mar 31, 2011
  5. Greg
    Replies:
    5
    Views:
    8,837
    Sarcasmus
    Jul 1, 2013
Loading...

Share This Page