Inter-VLAN Pinging

Garrett
Here to help

Inter-VLAN Pinging

I have to be missing something simple..

 

I have a MS320-24P

An SVI configured with running a DHCP Scope.

 

I plug two devices into the VLAN configured for the SVI as access ports.

 

Both devices grab DHCP addresses no problem. Both devices can ping the interface. But the dashboard tool to ping from the interface to the device fails as well as the device to device ping attempt.

 

The traffic shouldn't even be leaving the switch? So I am confused on how the devices can not ping each other?

 

 

Any advice appreciated. 

7 Replies 7
BrandonS
Kind of a big deal

Do the devices happen to be Windows machines? Software firewall blocking ping?

- Ex community all-star (⌐⊙_⊙)
Garrett
Here to help

Windows machines.

 

Confirmed there is no software blocking. 

Brash
Kind of a big deal
Kind of a big deal

If the two Windows machines are on the same L2 (VLAN and subnet), it should be a fairly simple flow.
What you've described is very typical of Windows firewall (especially Windows server) - blocking all inbound ping requests. For testing, I would disable the firewall completely.

 

Other than that, I would start by:

 - Check ARP on both machines to verify whether they have address resolution for eachother. In cmd, type "arp -a"
 and check for the other machine's IP.

 - Run up wireshark on both machines and run a ping from one to the other to determine which direction the ping is failing.

 

From the above tests, you should be able to verify whether the issue is a machine not replying or the switch blocking a ping request/reply. That way you can focus your troubleshooting to the appropriate device.

Garrett
Here to help

This is the interesting part.. 

 

Both devices have the gateway in the ARP table. But not each other.

 

Both devices can ping and get response when pinging the gateway.

 

From the dashboard the interface IP can not ping the clients.

 

Packet capture shows the devices just not responding to pings.

 

To rule out any windows firewall or issues like that, I put the devices on my other VLAN and have no issues pinging between. 

BrandonS
Kind of a big deal

I guess you don’t have port isolation enabled?

- Ex community all-star (⌐⊙_⊙)
Garrett
Here to help

Disabled on all ports.

 

The thing that is so weird is how the clients can ping the gateway and get response.

 

But the there is no response when the gateway initiates the ping. 

 

Another oddity is the ARP table for the switch in the dashboard sees both clients...

KarstenI
Kind of a big deal
Kind of a big deal

With Meraki Switches you can do a capture on the switch-ports. With that you see what enters the switch and what leaves from the switch.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.