can ping external host from PC but not from switch

Cooky

Golden Member
Apr 2, 2002
1,408
0
76
My PC and 3 Cisco switches are in the same LAN, I can ping and trace route from my PC but can't from any of the switches.

Do they use different ports or protocols? Can anyone please tell me what's going on?
Thanks.
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
do you have DNS setup, default gateways?

switchs will get an IP, but not always get a gateway. Also, if you are pinging by name, it may not have DNS setup so that it can resolve the name.
 

Cooky

Golden Member
Apr 2, 2002
1,408
0
76
Thanks for the reply.

Yes, I have DNS and default gateway set up.
I can't ping or traceroute w/ IP either so I don't think it's DNS related.

I can ping and traceroute to hosts within the same network, but just can't do it on outside hosts. At first I thought it's the Pix blocking traffic but since I can do it from my PC, that's ruled out...
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
does the traceroute get to your default gateway? Can you ping one step beyond your gateway? Traceroute one step? This is a routing issue, which means IP settings and gateway check, then router working, then firewall check.
 

Cooky

Golden Member
Apr 2, 2002
1,408
0
76
Can't traceroute to default gateway, but can ping the gateway from the same switch(es).

This is part of the ACL I found on our firewall, which is applied to the inside interface:
access-list inside_access_in permit icmp any any

Doesn't it mean I can ping from any internal host to any external host? Like I said the switches and my PC are in the same network (on the inside interface of the Pix) so I don't understand how I could be experiencing this problem...
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
how did you define the gateway? If you can ping the gateway, but a tracert doesn't work, then it does not realize that the gateway is the gateway, is my suspicion.
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
sounds like an addressing problem.

is this only one VLAN? VLAN 1?

what are the IPs of the PCs and what is the management IP address of the switch? Is the management IP in VLAN 1?

All kinds of different things could cause this.
 

Cooky

Golden Member
Apr 2, 2002
1,408
0
76
I defined the gateway by the "ip default-gateway x.x.x.x" command and I see it in the "show run".

Right now we have a flat network w/ only 1 vlan (vlan 1). I defined the switch IP on "int vlan 1".

I'm a contractor at this place and they wouldn't give me the password for the Pix.
The "show run" I have from the Pix was printed out several months ago so I suspect the ACL's have been modified and some rules are preventing me from doing traceroute from the switches.
This is just too weird...
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
if you can ping your default gateway, and you have the correct ip subnet/mask, and you know the address is unique and a 'show ip route' shows a default route then it has to be in the pix.
 

Cooky

Golden Member
Apr 2, 2002
1,408
0
76
Both "show ip redirects" and "show run" indicates I have the default gateway set up. It's not in "show ip route" though, I think that's because we haven't enabled layer3 switching on the switches.

Must be the Pix like spidey said...

Edit
this is off topic but does anyone know if cat3524XL is capable of layer 3 switching?? I thought it was but when I tried to issue the commands I got "command not recognized" error.
 

Rookie

Golden Member
Jan 27, 2000
1,178
0
76
I believe the cat3524XL can do layer 3 switching with either the EMI or SMI...
 

Cooky

Golden Member
Apr 2, 2002
1,408
0
76
nope, 3500 xl is layer2 only
Great, that totally screws up my original plan...guess I'll have to route inter-vlan traffic to another switch/router.

thanks for the reply.
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Originally posted by: Cooky
nope, 3500 xl is layer2 only
Great, that totally screws up my original plan...guess I'll have to route inter-vlan traffic to another switch/router.

thanks for the reply.

heh, they are considered one of the failures of cisco's line.

If you need design/topology help post another thread. I love doing design.