D

11 Messages

 • 

192 Points

Tue, Jun 1, 2021 6:24 PM

L3 config

Hi guys, I have conf icx 48 on L3 firmware as it shows here:

telnet@ICX7150-24P Router(config)#sh run
Current configuration:
!
ver 08.0.90jT213
!
stack unit 1
  module 1 icx7150-24p-poe-port-management-module
  module 2 icx7150-2-copper-port-2g-module
  module 3 icx7150-4-sfp-plus-port-40g-module
  stack-port 1/3/1
  stack-port 1/3/3
!
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 100 name LAN by port
 untagged ethe 1/1/5 to 1/1/10
 router-interface ve 100
!
vlan 200 by port
 untagged ethe 1/1/13 to 1/1/15
 router-interface ve 200
!
!
!
!
!
!
!
!
!
!
!
!
!
aaa authentication web-server default local
aaa authentication login default local
enable aaa console
ip dhcp-client disable
ip dhcp-server enable
ip dhcp-server server-identifier 10.10.10.1
!
ip dhcp-server pool lan
 lease 1 0 0
 network 10.10.10.0 255.255.255.0
 option  3 ip 10.10.10.1
 option  6 ip 8.8.8.8
!
!
ip dhcp-server pool lan2
 lease 0 6 0
 network 10.10.20.0 255.255.255.0
 option  3 ip 10.10.20.1
 option  6 ip 8.8.8.8
 deploy
!
ip dns server-address 8.8.8.8 8.8.4.4
ip helper-use-responder-ip
ip route 0.0.0.0/0 192.168.1.1
!
username super password .....
!
!
!
!
web-management https
!
!
sz registrar
sz active-list 10.164.0.3 34.90.89.117
!
!
!
!
!
!
!
!
!
interface ethernet 1/1/1
 ip address 192.168.1.231 255.255.255.0
!
interface ethernet 1/3/1
 speed-duplex 1000-full
!
interface ethernet 1/3/2
 speed-duplex 1000-full
!
interface ethernet 1/3/3
 speed-duplex 1000-full
!
interface ethernet 1/3/4
 speed-duplex 1000-full
!
interface ve 100
 ip address 10.10.10.1 255.255.255.0
!
interface ve 200
 ip address 10.10.20.1 255.255.255.0
!
!
!
!
!
!
!
!
!
!
!
!
!
end

I cannot ping anything outside the gateway network from the vlan 100.

Any ideas?

27 Messages

 • 

410 Points

6 m ago

What are you trying to ping?

Are there routes on that device that terminates @ L3 whatever youre trying to ping? 

Employee

 • 

25 Messages

 • 

380 Points

Hello dominik_musura, 

It would be helpful to see outputs like:

ping x.x.x.x

show arp x.x.x.x

show ip route x.x.x.x

have you tried to ping the other way back?
we can check if the ping is getting to the ICX with 'debug ip icmp packets' + 'debug destination <telnet/ssh number>'

Let us know your comments!

--

Orlando Elias

Ruckus TAC

11 Messages

 • 

192 Points

@corey_costello I am trying to ping 8.8.8.8 and other devices on 192.168.1.0/24 network from vlan 100. 
I will send tonight icmp export

11 Messages

 • 

192 Points

I cannot ping other way either. 

11 Messages

 • 

192 Points

6 m ago

Hi,

here are outputs form icx

telnet@ICX7150-24P Router#ping 192.168.1.214
Sending 1, 16-byte ICMP Echo to 192.168.1.214, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 192.168.1.214   : bytes=16 time=108ms TTL=64
Success rate is 100 percent (1/1), round-trip min/avg/max=108/108/108 ms.
telnet@ICX7150-24P Router#show arp 192.168.1.214
No.   IP Address       MAC Address    Type     Age Port               Status
1     192.168.1.214    46d9.78d0.364b Dynamic  0    1/1/1             Valid
telnet@ICX7150-24P Router#show ip route
Total number of IP routes: 3
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP  Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
        Destination        Gateway         Port          Cost          Type Uptime
1       0.0.0.0/0          192.168.1.1     e 1/1/1       1/1           S    3m24s
2       10.10.10.0/24      DIRECT          ve 100        0/0           D    3m1s
3       192.168.1.0/24     DIRECT          e 1/1/1       0/0           D    3m25s 

192.168.1.214 is device connected directly to gateway

Employee

 • 

25 Messages

 • 

380 Points

Hey Dominik, 

We can see the ping to the next hop is successful.

If I understood correctly, when pinging 192.168.1.214 source 10.10.10.1 is not working.

I would assume 1.214 does not know a route back to 10.10.10.1

Is there any way we can verify the routes in the next-hop router con confirm whether it knows how to come back?

--

Orlando Elias

Ruckus TAC

11 Messages

 • 

192 Points

Unfortunatetly no, because it is some basic isp modem... 

Employee

 • 

25 Messages

 • 

380 Points

Hey Dominik, 

That is basically the reason why.

The modem won't know how to reply to requests coming from those networks unless configured with some default/static routes.

Let me know if you had any questions or concerns :)

--

Orlando Elias

Ruckus TAC

Important Announcement