Forum Discussion
Muhammad_Irfan1
Cirrus
CirrusSimplest ping is not working between cisco switch and F5
I have created a vlan put 1 interface in that vlan as untagged as interface on the cisco switch side is access. created self ip of the vlan. Now i try to ping the SVI on cisco switch but ping stops from my own self ip. Same ping is unsuccessful from the cisco switch side. I have already installed 2 F5 and i am out of ideas that why ping is not working. when i take the cable out of F5 and put in laptop and try ping from laptop it works but not from F5. Please any idea. version is 11.2 in my previous F5 version was 11.4.
please help help
Self IP and laptop/switch IP on the same network?
Can you ping the self ip itself on the F5?
What if you take out the cable from the switch side and plug into the laptop - can you ping the self ip and vice versa?
Muhammad_Irfan1yes self ip and switch ip are on the same network. Yes i can ping the self ip from inside the f5. I will answer your 3 question after checking. thanks sir for your reply.- Muhammad_Irfan1ping from laptop to F5 and from F5 to laptop is also not working.
- Check to see if the interface is up: "tmsh show net interfaces" if not, can you try a different interface on the F5?
NikhilBEmployee
Self IP and laptop/switch IP on the same network?
Can you ping the self ip itself on the F5?
What if you take out the cable from the switch side and plug into the laptop - can you ping the self ip and vice versa?
- Muhammad_Irfan1yes self ip and switch ip are on the same network. Yes i can ping the self ip from inside the f5. I will answer your 3 question after checking. thanks sir for your reply.
- Muhammad_Irfan1ping from laptop to F5 and from F5 to laptop is also not working.
- NikhilBCheck to see if the interface is up: "tmsh show net interfaces" if not, can you try a different interface on the F5?
Gambler_168259Nimbostratus
We used a different interface + the interface configure for internal and external VLAN as well by giving self IPs to the laptop but from the F5 CLI prompt no reply of the ping response to the self IP.
- Gambler_168259
Connecting the internal & external VLAN cable coming from the core cisco switch to the laptop and configuring the laptop with internal self ip/gateway and external self ip/gateway the ping works and all the servers are responding to the ping indicating no issue towards uplink..
UWhile connecting it to the core switch using Layer-2 network with access ports on both sides, unable to move out of F5 LTM ahead of internal SELF IP which replying "Destination Host Un-reachable"..
shaggydo you see anything in the arp table on the f5 (in tmsh 'show net arp', from bash 'arp -n') or your laptop? are any AFM or packet filter rules defined on the f5 that could prevent ICMP to/from the self-IP? have you tried running tcpdump on the f5?
f5 config should be vlan with necessary interface as untagged. unique self-ip should be assigned to that vlan as traffic-group-local-only.
you could try another interface
- Muhammad_Irfan1I do not see anything in the dynamic arp table of F5 its empty. Haven't checked in laptop. There is not packet filter as its disabled, no AFM. I have tried tcpdump during which i tried pinging self ip from cisco. there were few arp requests in tcpdump and icmp request from cisco to F5 but no icmp reply packet in tcpdump. rest of the configurations are as you mentions. I have not idea why its not pinging. its platform LTM 2000s 11.2. Will upgrading the OS will solve the problem?
- shaggydoubtful as you do not know what the problem is. if you see arp requests on the f5 when you ping, physical is fine. if you see arp requests but no arp response, then it's probably IP-related. possibly the F5 doesn't have the address in the arp request, or the self-IP's mask is incorrect. can you share your self-IP config (tmsh list net self)?
- Brad_ParkerHave any changes been made to the ARP settings? If you have no entries in your Dynamic List, that is why you are getting no response. If possible you should post a copy of your bigip_base.conf so we can see what the config looks like.
- shaggy_121467
Cumulonimbus
do you see anything in the arp table on the f5 (in tmsh 'show net arp', from bash 'arp -n') or your laptop? are any AFM or packet filter rules defined on the f5 that could prevent ICMP to/from the self-IP? have you tried running tcpdump on the f5?
f5 config should be vlan with necessary interface as untagged. unique self-ip should be assigned to that vlan as traffic-group-local-only.
you could try another interface
- Muhammad_Irfan1I do not see anything in the dynamic arp table of F5 its empty. Haven't checked in laptop. There is not packet filter as its disabled, no AFM. I have tried tcpdump during which i tried pinging self ip from cisco. there were few arp requests in tcpdump and icmp request from cisco to F5 but no icmp reply packet in tcpdump. rest of the configurations are as you mentions. I have not idea why its not pinging. its platform LTM 2000s 11.2. Will upgrading the OS will solve the problem?
- shaggy_121467doubtful as you do not know what the problem is. if you see arp requests on the f5 when you ping, physical is fine. if you see arp requests but no arp response, then it's probably IP-related. possibly the F5 doesn't have the address in the arp request, or the self-IP's mask is incorrect. can you share your self-IP config (tmsh list net self)?
- Brad_ParkerHave any changes been made to the ARP settings? If you have no entries in your Dynamic List, that is why you are getting no response. If possible you should post a copy of your bigip_base.conf so we can see what the config looks like.
- Greg_Robinson_1
Can you issue the
,list net interface
andlist net vlan
output here? You mentioned that the TCPdump showed ARP requests... were those ARP requests not being answered?list net self - Muhammad_Irfan1
Connectivity is established after converting cisco port from access to TRUNK and moving interface from untagged to tagged in F5 LTM. weird behavior. Anyone have any clue why?
boneyardMVP
physical of virtual big-ip?- Muhammad_Irfan1Physical BIG IP LTM
Eng_Ahmad_38063Hi
I have same issue
my trapshooting is like this : 1. connect 2 LTM to L2 switch (LTM can not see LTM 2) 2. when I connect LTM1 to LTM2 back to back ping is working also I check duplex and speed is same in switch and F5
also when I check arp in switch no result
- Hamish
Cirrocumulus
You need to determine where the problem is. Methodically. By knowing what needs to flow, and proving what you can see and what you can't see that you would expect to.
What do you see when you tcpdump (On interface 0.0 i.e. ALL interfaces) at both ends at the same time.
If you ping from LTM1 to LTM2...
- Can you see traffic leaving (icmp-echo-request) LTM with the correct headers (Including VLAN)
- Can you see traffic (icmp-echo-request) ARRIVING at LTM2?
- Can you see the RESPONSE (icmp-echo-response) LEAVING LTM2?
- Can you see the RESPONSE (icmp-echo-response) arriving at LTM1 on the SAME interface that the echo-request was sent on?
- Eng_Ahmad_38063
I fix my issue
it was tagging an switch interface was access
we I use untag interface ping is working fine :-)
