This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Enterprise
Community Forums Switches
[All About Switches] The ...

[All About Switches] The Interface Address of a Downstream Router Cannot Be Pinged Remotely

Latest reply: Mar 9, 2018 08:38:20 949 1 1 0
display all floors #1

Involved Products and Versions

S9300 V200R008

Networking

In Figure 1-1, the Switch is uplink connected to two CE switches, and the two CE switches are uplink connected to two NE routers. The Switch, CE switches, and NE routers communicate using OSPF routes. Two equal-cost default routes destined for the Switch are configured on the downstream user-side Router.

Figure 1-1 Interface address of a downstream router unable to be pinged remotely

20180308102420977001.png

 

Symptom

IP address 60.18.223.82 of the uplink interface (connected to GE3/0/24 of the Switch) on the user-side Router cannot be pinged (from a remote IP address 111.203.45.3), but the IP address of another uplink interface (connected to GE3/0/0 of the Switch) can be pinged normally.

Cause Analysis

The urpf strict allow-default-route command has been configured on the downlink interfaces of the Switch.

Procedure

                          Step 1     When the ping operation fails, run the following command to collect traffic statistics on the Switch. The command output shows that the Switch received packets replied by the Router but uplink interfaces of the Switch did not send packets out.

[Switch] display traffic policy statistics interface GigabitEthernet 3/0/24 outbound verbose rule-base class tj
 
Interface: GigabitEthernet3/0/24
Traffic policy outbound: tj
Rule number: 4
Current status: success
Statistics interval: 300
---------------------------------------------------------------------
Classifier: tj operator or
Behavior: tj
Board : 3
rule 5 permit icmp source 111.203.45.3 0 destination 60.18.223.82 0 (match-counter 0)
---------------------------------------------------------------------
Passed | Packets: 218
 
Bytes: 17,004 
Rate(pps): 0 
Rate(bps): 120
---------------------------------------------------------------------
Dropped  Packets: 0 
Bytes: 0 
Rate(pps): 0 
Rate(bps): 0
---------------------------------------------------------------------

[Switch] display traffic policy statistics interface GigabitEthernet 3/0/0 inbound verbose rule-base class tj
 
Interface: GigabitEthernet3/0/0
Traffic policy inbound: tj
Rule number: 4
Current status: success
Statistics interval: 300
---------------------------------------------------------------------
Classifier: tj operator or
Behavior: tj
Board : 3
rule 5 permit icmp source 111.203.45.3 0 destination 60.18.223.82 0 (match-counter 0)
---------------------------------------------------------------------
Passed | Packets: 0
 
Bytes: 0 
Rate(pps): 0 
Rate(bps): 0
---------------------------------------------------------------------
Dropped  Packets: 0 
Bytes: 0 
Rate(pps): 0 
Rate(bps): 0
---------------------------------------------------------------------
rule 10 permit icmp source 60.18.223.82 0 destination 111.203.45.3 0 (match-counter 0)
---------------------------------------------------------------------
Passed  Packets: 113 
Bytes: 8,814 
Rate(pps): 0 
Rate(bps): 120
---------------------------------------------------------------------
Dropped  Packets: 0 
Bytes: 0

                          Step 2     Check configurations of GE3/0/24 and GE3/0/0.

The following configuration includes the urpf strict allow-default-route command. During ARP learning on GE3/0/24 and the ping from 111.203.45.3 to 60.18.223.82, an ICMP reply packet was received from GE3/0/0. URPF detects that the source IP address of the packet in the routing table and ARP table does not match the source interface of the packet, and drops the packet. Therefore, the ping failed.

#
interface GigabitEthernet3/0/0
 description description2
 port link-type access
 port default vlan 600
 traffic-policy tj inbound
 traffic-policy tj outbound
 urpf strict allow-default-route
#
interface GigabitEthernet3/0/24
 description description1
 port link-type access
 port default vlan 607
 traffic-policy tj inbound
 traffic-policy tj outbound
 urpf strict allow-default-route

This problem is solved after the urpf strict allow-default-route command configuration is deleted from GE3/0/0 and GE3/0/24.

----End

  • x
  • convention:

Helpful (1) Favorite(0) Share Report
Admin Created Mar 9, 2018 08:38:20 Helpful(0) Helpful(0)

thanks for your sharing!
  • x
  • convention:
Come on!
Back to list

Reply

Reply
Advanced
B Color Image Link Quote Code Smilies
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy Terms of Use
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

Fast reply Scroll to top