Meraki

Community

Inter-VLAN Pinging

Garrett
Here to help
‎Oct 21 2021 3:24 PM
‎Oct 21 2021 3:24 PM

Inter-VLAN Pinging

I have to be missing something simple..

 

I have a MS320-24P

An SVI configured with running a DHCP Scope.

 

I plug two devices into the VLAN configured for the SVI as access ports.

 

Both devices grab DHCP addresses no problem. Both devices can ping the interface. But the dashboard tool to ping from the interface to the device fails as well as the device to device ping attempt.

 

The traffic shouldn't even be leaving the switch? So I am confused on how the devices can not ping each other?

 

 

Any advice appreciated. 

Labels:
0 Kudos
7 Replies 7
BrandonS
Kind of a big deal
‎Oct 21 2021 3:29 PM
‎Oct 21 2021 3:29 PM

Do the devices happen to be Windows machines? Software firewall blocking ping?

- Ex community all-star (⌐⊙_⊙)
In response to BrandonS
Garrett
Here to help
‎Oct 21 2021 3:31 PM
‎Oct 21 2021 3:31 PM

Windows machines.

 

Confirmed there is no software blocking. 

0 Kudos
In response to Garrett
Brash
Kind of a big deal
Kind of a big deal
‎Oct 21 2021 3:45 PM
‎Oct 21 2021 3:45 PM

If the two Windows machines are on the same L2 (VLAN and subnet), it should be a fairly simple flow.
What you've described is very typical of Windows firewall (especially Windows server) - blocking all inbound ping requests. For testing, I would disable the firewall completely.

 

Other than that, I would start by:

 - Check ARP on both machines to verify whether they have address resolution for eachother. In cmd, type "arp -a"
 and check for the other machine's IP.

 - Run up wireshark on both machines and run a ping from one to the other to determine which direction the ping is failing.

 

From the above tests, you should be able to verify whether the issue is a machine not replying or the switch blocking a ping request/reply. That way you can focus your troubleshooting to the appropriate device.

0 Kudos
In response to Brash
Garrett
Here to help
‎Oct 22 2021 7:17 AM
‎Oct 22 2021 7:17 AM

This is the interesting part.. 

 

Both devices have the gateway in the ARP table. But not each other.

 

Both devices can ping and get response when pinging the gateway.

 

From the dashboard the interface IP can not ping the clients.

 

Packet capture shows the devices just not responding to pings.

 

To rule out any windows firewall or issues like that, I put the devices on my other VLAN and have no issues pinging between. 

0 Kudos
In response to Garrett
BrandonS
Kind of a big deal
‎Oct 22 2021 8:34 AM
‎Oct 22 2021 8:34 AM

I guess you don’t have port isolation enabled?

- Ex community all-star (⌐⊙_⊙)
0 Kudos
In response to BrandonS
Garrett
Here to help
‎Oct 22 2021 8:37 AM
‎Oct 22 2021 8:37 AM

Disabled on all ports.

 

The thing that is so weird is how the clients can ping the gateway and get response.

 

But the there is no response when the gateway initiates the ping. 

 

Another oddity is the ARP table for the switch in the dashboard sees both clients...

0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎Oct 22 2021 12:15 AM
‎Oct 22 2021 12:15 AM

With Meraki Switches you can do a capture on the switch-ports. With that you see what enters the switch and what leaves from the switch.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.