Can't ping a device on the network

SOLVED
tantony
Head in the Cloud

Can't ping a device on the network

I have two laptops connected to a switch, which is connected to my MX. The MX is giving out the correct dhcp to both laptops.

 

My problem is that one laptop can ping devices on the network, while the other laptop cannot ping the device.

 

What could be the reason?

1 ACCEPTED SOLUTION

Figure it out.  The subnet and gw on the cameras were not set correctly.  I was using the WiFi and LAN connection, that's why I could access it, and the other laptop couldn't.

 

Everything works now.

View solution in original post

12 REPLIES 12
MarcP
Kind of a big deal

Windows Firewall? 😉

Did you try to whitelist (Just for testing)? Or any group poliys applied to one of the laptops?

tantony
Head in the Cloud

It's not the firewall, our firewall is managed by Symantec on both devices.  Did not try the GP.  I'll try that.

Every time I think's its not the computers firewall, it ends up being the problem lol.

However, assuming its not, then are both machines on the same VLAN?

If so, does one of them have a custom group policy that might be whitelisting/restricting access to something?

If not, then does your firewall allow communications between those two different subnets or are you blocking them with firewall rules on the MX for inter-vlan communications?
Nolan Herring | nolanwifi.com
TwitterLinkedIn

both machines are on the same VLAN (1)

 

I'm sure it's the firewall because when I connect my laptop to the same switch, I have no issue, so it have to be laptop specific.

Couple of questions:

  • The laptop is the initiator of the pings right?
  • You say both machines are on the same VLAN, that's the device that's pinging and the device that's supposed to be answering right?
  • What can the laptop ping? Can it ping anything? If it's a specific device the cause might be an (erroneous) static arp entry on the laptop. On windows you can check the ARP table using the arp -a, see if the IP you're pinging is in there. If it is, check if the MAC-address is correct.
  • Have you made a packet capture on the port the laptop is connected to? This should allow you to see what's going on. You should see the following phases (assuming they're indeed both on the same VLAN):
    • ARP broadcast trying to resolve the IP you're pinging to a MAC address (unless the MAC is already in the ARP cache)
    • ARP unicast reply from the addressee, this lets your laptop know which MAC address it can be reached on
    • ICMP unicast directed towards the just resolved MAC address
    • ICMP unicast reply from the addressee
  • You say you're sure it's the firewall because you have no issues when you connect your laptop to the same switch. What about the same port. Port configuration might not be identical.

Yes, the laptop is the initiator of the ping

 

yes

 

I'm trying to ping 172.16.63.205, which is an AXIS camera.  I can ping it from my laptop, but not from another laptop on the same network.  Both laptops can ping other cameras, so I'm not sure if it's an issue with the AXIS camera.

 

I didn't try packet capture yet.

 

I need to check on this also.

Here's an example of what you should see in a packet capture:

arp_and_ping.png

ok, I'll try that.

 

It's weird, I can ping 172.16.63.217 (foscam camera), but not 172.16.63.205 (AXIS camera)

Just thought of this: Could be a wrong subnet mask setting on the AXIS camera. That may cause this kind of issue where it can respond to one IP in the range but not another.

tantony
Head in the Cloud

I didn't have the chance to try packet capture yet, but I noticed that when I do a tracert to 172.16.63.205, it goes directly to that IP, so I only have one hop.

 

But, the other laptop goes to 192.168.2.1 (which is a cisco 2900 router), but then it drops.

 

Both laptops are on the 172.17.0.x ip address.

 

I have the Cisco 2900 router connected to MX because I'm on a trial Meraki.

Could you post the output of the ipv4 part of the "route print" command on the laptop?

Figure it out.  The subnet and gw on the cameras were not set correctly.  I was using the WiFi and LAN connection, that's why I could access it, and the other laptop couldn't.

 

Everything works now.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels