This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- Time to live exceeded for a specific ip only
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Time to live exceeded for a specific ip only
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-06-2021 03:47 PM
Hi All,
Please help me to find out exact root cause of following case
I have recently install X440G2-48p-10G4 in our network with ExtremeXOS version 31.1.1.3 31.1.1.3-patch1-1 by release-manager, in fact all of our old switches are same model, configuration of each switch as follows,
- One super vlan with 3 sub vlan and ip forwarding is enabled, there was no problem as such till date but when we have installed the new switch of same model just few days back a typical problem started, all ip’s of of one sub vlan range working perfectly except one, the ip is 10.91.95.7, when i ping this ip from a p.c it is saying Time to live exceeded, where as all ip’s on same sub-vlan’s ip range working perfectly and users are facing no issue, the sub vlan address range is 10.91.95.1-10.91.95.254.
- When I do tracerout that ip from switch it is going to other switches vsuper ip on the network, in which that 10.91.95.7 series ip not exist at all, ideally that traceroute should indicate same switch vsuper ip which is 10.91.1.203, but it is showing some wrong ip’s of other switch, when i do show iproute following is the output, in which bold one is wrong, when i reboot the switch following bold line gone but error still exist when i ping this 10.91.95.7 ip it is saying Time to live exceeded in reply where as this ip is not exist in any p.c/device in my entire network.
Ori Destination Gateway Mtr Flags VLAN Duration
#s Default Route 10.91.1.250 1 UG---S-um--f- vsuper 0d:21h:20m:28s
#d 10.91.0.0/16 10.91.1.203 1 U------um--f- vsuper 0d:21h:20m:30s
#i 10.91.95.7/32 10.91.95.7 1 UG-----um--f- vsuper 0d:0h:5m:0s
10.91.1.250 is our main gateway of all switches which is provided by different dept and all of our switch uplink terminate on that switch.
PLEASE HELP ME FIND OUT EXACT ISSUE
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-23-2021 03:14 PM
Hi,
I think some more details on the network design might be helpful.
Under ‘show iproute’ #i says the route appeared in the routing table as due to ICMP Redirect. This must’ve been sent from some adjacent router. You could try to block ICMP with ACLs for instance and see if the routing table keeps off that single entry. If then you have TTL exceeded, that suggests packet dying when hopping between routers (could happen with static routing being misconfigured for example). I’d go for some thorough packet capture filtering for a packet that dies to see what’s going on.
https://extremeportal.force.com/ExtrArticleDetail?an=000082238
Hope that helps,
Tomasz
P.S. Try ‘disable icmp useredirects’, the ACL is an overkill here. Just found such command.
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-08-2021 11:16 AM
Ori Destination Gateway Mtr Flags VLAN Duration
#s Default Route 10.91.1.250 1 UG---S-um--f- vsuper 0d:21h:20m:28s
#d 10.91.0.0/16 10.91.1.203 1 U------um--f- vsuper 0d:21h:20m:30s
#i 10.91.95.7/32 10.91.95.7 1 UG-----um--f- vsuper 0d:0h:5m:0s
The 10.91.1.250(Model: Summit x460-24t) is the default router/gateway(This device is beyond my control and maintained by others)of my entire lan, and 10.91.1.203 is the ip of vsuper vlan of the new switch which act as gateway for sub vlans of that super vlan “vsuper”.
here is the output of iparp
show iparp 10.91.95.7
VR Destination Mac Age Static VLAN VID Port
Dynamic Entries : 116 Static Entries : 0
Pending Entries : 0
ARP address check: Enabled ARP refresh : Enabled
Timeout : 20 minutes ARP Sender-Mac Learning : Disabled
Locktime : 1000 milliseconds
Retransmit Time : 1000 milliseconds
Reachable Time : 900000 milliseconds (Auto)
Fast Convergence : Off
ARP Global Settings
Max Entries : 12288
Max Pending Entries : 256
Max Proxy Entries : 256
Apparently there is no entry
I do not have any idea about FDB, I configured the switch same way i does every time, this problem is particularly started with this new switch, i do not know why.
My other old switch vlan(vsuper) ip as follows
10.91.1.200
10.91.1.201
10.91.1.202
if u want i can provide vlan config of those but configurations are almost same except ip.
Thanks in advance.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-08-2021 08:49 AM
Which device is the router on this VLAN? Do you see an ARP entry for 10.91.95.7 on the router?
Do you see an FDB entry for the end-system on the switch where it is connected?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-08-2021 04:42 AM
Thanks for your help, here is the vlan configuration of newly installed switch in which I am facing problem:
# show configuration vlan
#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-52
configure vr VR-Default add ports 1-52
configure vlan default delete ports 1-52
enable iparp gratuitous protect vlan Default
create vlan "aruba"
create vlan "biometric"
create vlan "vsub-cr5-accounts"
create vlan "vsuper"
configure vlan vsuper tag 100
disable port 7
disable port 31
disable port 32
disable port 33
disable port 34
disable port 35
disable port 36
disable port 37
disable port 38
disable port 39
disable port 40
disable port 41
disable port 43
disable port 45
disable port 46
disable port 47
disable port 49
configure ports 49 auto off speed 10000 duplex full
disable port 50
configure ports 50 auto off speed 10000 duplex full
disable port 51
disable port 52
configure vlan aruba add ports 42-43 untagged
configure vlan biometric add ports 45-46 untagged
configure vlan vsub-cr5-accounts add ports 1-30 untagged
configure vlan vsuper add ports 44,47-48 untagged
configure vlan vsuper ipaddress 10.91.1.203 255.255.0.0
enable ipforwarding vlan vsuper
configure vlan "vsuper" add subvlan "vsub-cr5-accounts"
configure vlan "vsub-cr5-accounts" subvlan-address-range 10.91.95.1 - 10.91.95.254
disable subvlan-proxy-arp vlan "vsub-cr5-accounts"
configure vlan "vsuper" add subvlan "biometric"
configure vlan "biometric" subvlan-address-range 10.91.142.50 - 10.91.142.55
disable subvlan-proxy-arp vlan "biometric"
configure vlan "vsuper" add subvlan "aruba"
configure vlan "aruba" subvlan-address-range 10.91.11.100 - 10.91.11.110
disable subvlan-proxy-arp vlan "aruba"
IF YOU WANT OTHER OLD SWITCHES VLAN CONFIGURATION I CAN PROVIDE, THOUGH ALL CONFIGURATIONS ARE SIMILAR EXCEPT IP RANGE.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-07-2021 07:51 PM
Hello show config vlan will be helpful.
Regards
Stephan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-07-2021 01:18 PM
What specific area you want of configuration?I can provide all config of our lan switch, but gateway routers is not my control.
