cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot ping or ssh outside of VLAN

Cannot ping or ssh outside of VLAN

chrisg2
New Contributor

I have recently set up some EX 5420-48port switches on-site at one of our plants. The subnet is 172.25.20.x/24. Now that I'm back at the office, I cannot ping, ssh, or communicate with these switches from my office subnet, which is 172.25.17.x/24.

I connected remotely to another switch in the plant subnet and it can ping the switches there in that same vlan without issue. However, me being at 172.25.17.200, I cannot. 

These are very basic configs - I simply powered them on, provided an IP and default gateway on the default VLAN, and turned on http and SSH access. 

What do I need to do on these switches to allow ping and ssh from anywhere on the network?

1 ACCEPTED SOLUTION

Gabriel_G
Extreme Employee

If you're in the same VLAN/Subnet as the switch IP and you cannot ping or SSH to the switch, I suspect one of the following:

1) A VLAN tagging issue
Helpful Layer 2 commands include:
show fdb
show fdb port <#>
show fdb vlan <#>
show port <#> vlan
show port <#> vid

The FDB should show the MAC of your PC on the ports in the direction of your PC.
The FDB should show the MAC of the switch on the ports in the direction of the switch.
If this is not the case, either the VLAN is not extended across a link, or for some other reason, traffic from that MAC is not being received on that port.

Layer 3 commands include:

ping <IP>
show iparp <IP>
show iparp port <#>
show iparp vlan <VLAN>

#In Windows CMD
arp -a

If the PC and switch have IPs in the same VLAN/Subnet, they should learn ARPs for each other after a ping attempt.
If this is not the case, see FDB commands above.

 

2) SSH is not enabled or windows firewall is preventing some traffic

enable ssh2

Windows firewall will blocking incoming ping requests.

 

 

If the PC/Switch are in different VLANs/Subnets, I would suspect a similar issue to the above, but troubleshoot between the switch and the switch's default gateway (show iproute), troubleshoot between the PC and it's default gateway, and troubleshoot between the 2 default gateways if they are different. Potential issues could be a wrong/missing default gateway, routing between VLANs not being enabled on relevant routers, or some routing rule blocking traffic.

Hope that helps!

 

View solution in original post

4 REPLIES 4

Brent_Addis
Contributor

Okay so because you can ping the switches locally, it's one of a few other things.

#1 - ACL's. You've mentioned the config is fairly blank, so unlikley

#2 - Ports plugged in incorrectly - You can ping it, so unlikley

#3 - Gateway address entered incorrectly. Possible

#4 - Routing issue further out in the network. Have you run a trace? Where does it stop?

#5 config issue on router. Can you log into the router and ping from there? Can you do a source ping from the router using an IP on the switch network and ping elsewhere into the network?

#6 subnet typo. Maybe? Too small a subnet entered on the switch will cause an issue if the gateway is outside of it.

 

-----
-Brent Addis / Extreme Black Belt #491

New to Extreme? Check out the Welcome series here - https://training.extremenetworks.com/welcome-series-1
Want to join the official Extreme learners discord? Let me know!

#6 shouldnt be possible I think. You cant configure the gateway if its outside a direct attached subnet.

too large subnet could be, because then the switch would try to reach the destination directly and not via Gateway.

Gabriel_G
Extreme Employee

If you're in the same VLAN/Subnet as the switch IP and you cannot ping or SSH to the switch, I suspect one of the following:

1) A VLAN tagging issue
Helpful Layer 2 commands include:
show fdb
show fdb port <#>
show fdb vlan <#>
show port <#> vlan
show port <#> vid

The FDB should show the MAC of your PC on the ports in the direction of your PC.
The FDB should show the MAC of the switch on the ports in the direction of the switch.
If this is not the case, either the VLAN is not extended across a link, or for some other reason, traffic from that MAC is not being received on that port.

Layer 3 commands include:

ping <IP>
show iparp <IP>
show iparp port <#>
show iparp vlan <VLAN>

#In Windows CMD
arp -a

If the PC and switch have IPs in the same VLAN/Subnet, they should learn ARPs for each other after a ping attempt.
If this is not the case, see FDB commands above.

 

2) SSH is not enabled or windows firewall is preventing some traffic

enable ssh2

Windows firewall will blocking incoming ping requests.

 

 

If the PC/Switch are in different VLANs/Subnets, I would suspect a similar issue to the above, but troubleshoot between the switch and the switch's default gateway (show iproute), troubleshoot between the PC and it's default gateway, and troubleshoot between the 2 default gateways if they are different. Potential issues could be a wrong/missing default gateway, routing between VLANs not being enabled on relevant routers, or some routing rule blocking traffic.

Hope that helps!

 

Stefan_K_
Valued Contributor

Guess in the dark: Wrong subnet mask (/16) on the new switches.

GTM-P2G8KFN