SOLVED
Hello!
I would check default gateway setting on your servers. It must be set to respective Vlan-interface on the 5130
Hello!
That is very strange indeed, but still all the symptoms points us to a hypothesys that traffic to outside subnets is not routed by the servers to VLAN-interfaces, as unlike many other vendors, IP routing is enabled in all Comware products by default, so there should be nothing that stops it.
Could you check the following:
1. Enable IP TTL expired and IP Unreachable ICMP messages in the switch:
system-view
ip ttl-expires enabled
ip unreachables enabled
return
2. run traceroute from a host in one VLAN to a host in other VLAN
3. run 'ipconfig /all', 'arp -a' and 'route print' on both hosts (valid for Windows hosts, if you use other OS, collect IP information of all network interfaces, routing table and ARP cache)
4. From the 5130 ping both servers using different source VLAN interface, for example if you have two VLANs - 10 and 20, with ip addresses assigned 10.0.10.1/24 and 10.0.20.1/24 respectively, and your servers in each VLAN are 10.0.10.100/24 and 10.0.20.100/24 (for example) run two pairs of ping commands:
a. ping servers using source IP of their VLAN interface:
ping 10.0.10.100
ping 10.0.20.100
b. ping servers using other VLAN as a source:
ping -a 10.0.20.1 10.0.10.100
ping -a 10.0.10.1 10.0.20.100
If you will run a Wireshark on each host at that time, it will greatly help us as we will see if ICMP echos are reaching the servers and if servers reply at all, and if they do - what is the destination MAC address of these replies - it should be equal to 5130's VLAN interface MAC (can be checked by 'display interface <Vlan-interface> | i hardware')
5. Generate 'display diag' after all tests above.
Then share the information collected on Steps 2-5 with me - console outputs, Wiresharek traces, diag from the 5130, hopefully together we'll find the root cause.
Hello!
I have sent you a PM with FTP dropbox details.
Thank you!
Hello!
Thank you for providing the data!
After checking the 'ping -a' commands output it became obvious that the host in VLAN 20 with IP address 10.25.6.1 is the issue:
[HPE]ping -a 10.24.44.1 10.25.6.1
Ping 10.25.6.1 (10.25.6.1) from 10.24.44.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
Since the same host is pingable from VLAN 20, but not from VLAN 40 everything points us to my initial guess - default gateway setting. The fact other host in VLAN 40 can be pinged from VLAN 20 IP address on the switch only confirms that guess.
If we check the 'ipconfig /all' output from that host we immediately see the issue:
Default Gateway . . . . . . . . . : 0.0.0.0
10.25.6.254
That host has two default gateway and the first one is the host itself, which is totally wrong.
'route print' output confirms this:
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.25.6.1 Default <<<<<<<< ISSUE!!!
0.0.0.0 0.0.0.0 10.25.6.254 Default
===========================================================================
Wireshark trace also shows us that ICMP echos arrive on the host, but it doesn't send out ICMP echo replies back. ARP is the most interesting part, check following packets:
#1834 - incoming ICMP echo from 10.24.44.1
#1835 - PC sends out ARP request for 10.24.44.1 <<<<<< !!!!! Totally wrong behavior
I hope it is clear now what is going on here - that default route on the host that points to itself as default gateway is the root cause.
Hope it helps!