IPARP Question

  • 1
  • 1
  • Question
  • Updated 5 years ago
  • Answered
Create Date: May 30 2013 8:34PM

Can anyone tell me what the output of IPARP means? I am unable to contact one of my vlans from outside of the switch. In other words, if I ping a device at IP 1.1.80.254 on vlan 800 from the core switch (an x670), I get a response. If I attempt to ping it from a host on another vlan, which means the x670 should be routing between the two, I can't get a response. These networks are all directly connected so no routing protocol is in use. 

I did iparp vlan and saw the following: 

* Slot-1 CORE # show iparp "vlan100"
VR            Destination      Mac                Age  Static  VLAN          VID   Port
VR-Default    1.1.80.2        02:04:96:7d:e9:34    6      NO  storage       800   1:41
VR-Default    1.1.80.3        02:04:96:7d:ff:da    6      NO  storage       800   1:43
VR-Default    1.1.80.20       00:25:90:99:61:88    8      NO  storage       800   1:43
VR-Default    1.1.80.254      00:25:90:61:36:04    0      NO  storage       800   1:43

Dynamic Entries  :          38             Static Entries            :          0
Pending Entries  :           0
In Request       :      359032             In Response               :      13524
Out Request      :       25773             Out Response              :     182597
Failed Requests  :        2029
Proxy Answered   :           0
Rx Error         :           0             Dup IP Addr               :         0.0.0.0
Rejected Count   :      149003             Rejected IP               :     1.1.80.254
Rejected Port    :        1:43             Rejected I/F              : vlan200

Max ARP entries  :        8192             Max ARP pending entries   :        256
ARP address check:    Enabled              ARP refresh               :    Enabled
Timeout          :          20 minutes     ARP Sender-Mac Learning   :   Disabled
Locktime         :        1000 milliseconds
Retransmit Time  :        1000 milliseconds
Reachable Time   :      900000 milliseconds (Auto)

The portion that caught my attention was the "rejected IP" section (which is the IP of the device I'm trying to ping), and the "rejected I/F" which is actually a different vlan from the one the device I'm pinging belongs to. Could this be related at all to why I can't get to that device? 

Please note, I have at least 5 other vlans set up in the same manner and am having no issues reaching them at the moment, so it seems to be specific to this vlan. 

Thanks in advance. 

(from transient1)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 5 years ago

  • 1
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: May 31 2013 10:25AM

Hi,

did you enable ipforwarding on the vlan ?

--
Jarek

(from Jaroslaw_Kasjaniuk)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: May 31 2013 4:05PM

Hi Jarek,

Yes, ipforwarding is enabled for all vlans. 

(from transient1)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: May 31 2013 4:39PM

Do you have any ACL like destination/source address 1.1.80.0/24 - deny, on any vlans ?

Jarek

(from Jaroslaw_Kasjaniuk)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: May 31 2013 5:24PM

No, no ACLs at all. 

(from transient1)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: May 31 2013 5:46PM

Host with IP 1.1.80.254 has a default route or knowledge where to send response to your IP adress ?

Jarek

(from Jaroslaw_Kasjaniuk)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: May 31 2013 8:52PM

Yes, the default route was set to the IP of the vlan on the core switch. 

I went ahead and deleted the vlan from all the switches, and started over again. It's working now. I must have missed something in the configuration that I simply could not see from the show commands. 

Thanks for taking the time to help me out. 

(from transient1)

This conversation is no longer open for comments or replies.