HPE Community
HPE Aruba Networking & ProVision-based
1821639 Members
3306 Online
109633 Solutions
New Discussion

Trace Route or Ping from Switch is not reaching destination

 
SOLVED
Go to solution
Andrew_Schulz
Advisor

‎06-18-2013 01:58 PM

‎06-18-2013 01:58 PM

Trace Route or Ping from Switch is not reaching destination

Hi,

 

I have a bit of a strange issue going on. I have HP ProCurve 3500yl switches at my remote sites, when I try to ping or traceroute from the switch to a security zone on my firewall at my data center it does not resolve. However, If I ping or traceroute from a PC at the remote site that is connected to the HP switch, it does resolve to the zone on my firewall.

 

For example Remote Switch (A) with an IP of 10.0.2.1 ping to DMZ server behind firewall at Data center with an IP of 192.168.0.1 does not resovle.

 

From PC connected to remote Switch (A) with an IP of 10.0.2.2 ping to DMZ server behind firewall at Data center with an IP of 192.168.0.1 resovles.

 

Please let me know what more information I can provide to help in solving this.

0 Kudos
5 REPLIES 5
Vince_Whirlwind
Trusted Contributor

‎06-18-2013 04:26 PM

‎06-18-2013 04:26 PM

Re: Trace Route or Ping from Switch is not reaching destination

Is your problem that your switch is unable to resolve your DMZ Server name, or is the problem that your ping results in a "request timed out"?

0 Kudos
Andrew_Schulz
Advisor

‎06-19-2013 11:21 AM

‎06-19-2013 11:21 AM

Re: Trace Route or Ping from Switch is not reaching destination

I get a request timed out for the ping and when I do a trace it hits my core router in my data center and stops there. Again, clients at the remote site can ping and trace to the server in my DMZ without issue.

0 Kudos
Andrew_Schulz
Advisor

‎06-19-2013 11:45 AM

‎06-19-2013 11:45 AM

Re: Trace Route or Ping from Switch is not reaching destination

Another note: The remote swich can ping (by IP) anything at any other remote site and anything at my datacenter that is not behind my firewall (DMZ, Server Zone, etc.). This most certainly looks like a firewall issue from this perspective. However, when doing a ping from the switch it never gets to the firewall as I do not see traffic from it on my Firewall audit. But I do see the traffic when I do it from the Client.  

 

Is there a hop limit on the HP?

0 Kudos
Vince_Whirlwind
Trusted Contributor

‎06-19-2013 04:07 PM

‎06-19-2013 04:07 PM

Solution

Re: Trace Route or Ping from Switch is not reaching destination

Are you sure the switch is using the IP address you thin it is using?

 

Is it a layer-3 switch with multiple IP addresses, for example?

0 Kudos
Andrew_Schulz
Advisor

‎06-19-2013 04:32 PM

‎06-19-2013 04:32 PM

Re: Trace Route or Ping from Switch is not reaching destination

Yes, it is a l3 switch and it does have multiple IPs. You are correct, it is or was using a different IP than I thought. I now see that my firewall is blocking the traffic as it is being classified as a spoofing attempt. I am working to resolve that. Thanks. 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.