Connectivity problems with Cisco routers and switches

Hi news group

I am not a Cisco specialist and I am just looking for a feedback for a
problem we are facing at our ISP infrastructure.

We got two ISPs and they are doing BGP together. This was now checked
various times and is obviously not the problem.

The symthoms are, from one of this router we cannot ping a certain internal
IP address, but from the other we can. Between the ISP routers and the
firewall cluster we have Catalyst 2950-12 Switch.

when I plugin a PC directly to this switch, we have no problem at all
reaching everything without interruption. But comming from the Internet,
certain IP are reachable for 30 seconds then down for another 30 seconds and
reachable again. Toggeling the whole day up and down.

Now what I have seen on the Cisco switch is the following:

interface FastEthernet0/1
description router2
switchport access vlan 200
switchport mode access
speed 100
duplex full

interface FastEthernet0/2
description router1
switchport access vlan 200
speed 100
duplex full

And router 1 is the one having problem reaching certain internal IPs. Has it
something to do with the line "switchport mode access" which is missing
there?

Thanks and bye,
Oliver

 

post the complete configs for both routers and the 2950 switch

 

post the complete configs for both routers and the 2950 switch
Sorry I got no access and the routers, so I don't know what the
configuration is.

For the switch I could provide more infos if you tell me what exactly you
need! Except passwords and IPs of course ;-))

Bye, Oliver

 

you should definitely have "switch mode access" configured on both
switch ports that are connected to your routers

 

so who is running the ping tests to the internal IP address ? Your
ISPs?

If you can ping the Internal IP address from the switch but not via the
routers, then you also need to look at the firewall config to see what
it accepts or blocks with repsect to ICMP echo anbd echo-reply.

Set up a monitoring port on your switch and then capture the ICMP
traffic using something like Etherreal while the ping tests are
conducted from the router that does not work - do you see an inbound
ICMP echo from the router?

put a sniifer on the inside segment to see if that ICMP echo makes it
thru the firewall

 

so who is running the ping tests to the internal IP address ? Your

The ISP did the tests from the routers and repported be that from one router
the IPs are not reachable. I presonally can do the test from the Internat
and see the ping toggeling up and down. So I guess this is because once it
runs through router 1 and 20 seconds later through router 2. This is what i
feel, but I guess this does not really help, does it?

No, block everything is opne fpr ICMP at this time. And as I mentions from a
PC connected to this switch it works ok.

This is the next stept we have planned to do, I just though I will ask here
first so I get some ideas what it could be.

Ok, this already helps me, as this is not configured on the port which leads
to the router having a problem. We are going to change this first!

Thanks and bye,
Oliver