CCNP Switch - DHCP and Multilayer Switching ?
Hi Everyone,
I am using a 3550 Switch. I have DHCP set up on it. A client computer has leased a ip address. The computer can ping the 3550. The 3550 CAN NOT ping the pc. However the PC shows up in the 3550's adjacencies table. Any ideas why the 3550 can not ping the pc?
Thanks!
I am using a 3550 Switch. I have DHCP set up on it. A client computer has leased a ip address. The computer can ping the 3550. The 3550 CAN NOT ping the pc. However the PC shows up in the 3550's adjacencies table. Any ideas why the 3550 can not ping the pc?
Thanks!
Comments
-
Node Man
Member Posts: 668 ■■■□□□□□□□
Also - I now have a second pc leasing an IP, and it can not ping the first pc. -
OfWolfAndMan
Member Posts: 923 ■■■■□□□□□□
What's the config look like?:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
Node Man
Member Posts: 668 ■■■□□□□□□□
Here is the config:
Core_2#show run
Building configuration...
Current configuration : 3285 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Core_2
!
enable password ccna
!
no aaa new-model
ip subnet-zero
ip routing
no ip domain-lookup
ip dhcp excluded-address 172.16.0.1 172.16.0.127
ip dhcp excluded-address 192.16.0.1
!
ip dhcp pool CiscoLab
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
lease infinite
!
ip dhcp pool IPBLOCK
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
lease infinite
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/1
description MGMT Link
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/2
no switchport
ip address 192.168.0.1 255.255.255.0
!
interface FastEthernet0/3
switchport mode dynamic desirable
!
interface FastEthernet0/4
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/5
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/6
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/7
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/8
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/9
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/10
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/11
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/12
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/13
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/14
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/15
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/16
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/17
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/18
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/19
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/20
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/21
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/22
switchport mode dynamic desirable
shutdown
!
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol pagp
channel-group 1 mode desirable
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol pagp
channel-group 1 mode desirable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
!
interface Vlan2
no ip address
!
interface Vlan3
description Linksys
no ip address
shutdown
!
interface Vlan1000
ip address 172.16.0.7 255.255.255.0
!
ip default-gateway 192.168.0.1
ip classless
ip default-network 192.168.0.0
ip route 192.168.0.0 255.255.255.0 192.168.0.1
ip http server
ip http secure-server
!
!
control-plane
!
!
line con 0
password ccna
line vty 0 4
password ccna
no login
line vty 5 15
no login
!
end -
theodoxa
Member Posts: 1,340 ■■■■□□□□□□
Windows Firewall is likely treating your lab subnet as a "Public Network" and blocking PING. If these are Desktop PCs (You won't be connecting them to Public Wi-Fi), you can safely allow PING for "Public Networks"
Control Panel > System and Security > Windows Firewall > Advanced Settings (On the Left Side) > Inbound Rules > Enable anything that starts with "File and Printer Sharing (Echo Request". Do the same thing for Outbound Rules.R&S: CCENT → CCNA → CCNP → CCIE [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ] -
fredrikjj
Member Posts: 879
The computer can ping the 3550.
The 3550 CAN NOT ping the pc.
Thanks!
A possible scenario is that you are sourcing the ping on the 3550 from something that the PC can't reach. This means that you don't have a default gateway configured on the PC. The PC can still reach the 3550 because it's on the same subnet and don't need a gateway to reach it. -
Node Man
Member Posts: 668 ■■■□□□□□□□
Thanks Theodoxa, you were correct. Allowing local network fixed it!
-
Danielh22185
Member Posts: 1,195 ■■■■□□□□□□
Interesting. I would not have guessed it being a windows thing. I think I may toy with this myself just to see.Currently Studying: IE Stuff...kinda...for now...
My ultimate career goal: To climb to the top of the computer network industry food chain.
"Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi -
RouteMyPacket
Member Posts: 1,104
I would highly recommend you get rid of "switchport mode dynamic desirable" on all ports. They should be either access or trunk ports. Sure you have them shut but get in the habit of recognizing that and removing it.
int range f0/3 - 22
switchport host
shutModularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
Danielh22185
Member Posts: 1,195 ■■■■□□□□□□
RouteMyPacket wrote: »I would highly recommend you get rid of "switchport mode dynamic desirable" on all ports. They should be either access or trunk ports. Sure you have them shut but get in the habit of recognizing that and removing it.
int range f0/3 - 22
switchport host
shut
He's obviously running it in default setup. I'd say pretty harmless in a lab enviornment but yes can cause trunking in areas you may not want it.Currently Studying: IE Stuff...kinda...for now...
My ultimate career goal: To climb to the top of the computer network industry food chain.
"Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi -
Heero
Member Posts: 486
If you can ping one way but not the other and there is no network-based firewall/NAT involved, then your first thing to check should be any host-based firewalls. It is common for windows PCs not to respond to inbound echo-requests while still being able to send echo-requests out and receive echo-replies.
-
theodoxa
Member Posts: 1,340 ■■■■□□□□□□
Danielh22185 wrote: »Interesting. I would not have guessed it being a windows thing. I think I may toy with this myself just to see.
Windows blocks PING (inbound) and Disabled File Sharing by default on "Public" Networks. The problem is that it treats what it calls "Unidentified Networks" - most lab networks fall into this category - as "Public" by default.R&S: CCENT → CCNA → CCNP → CCIE [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ]
