I have run into this issue even with them being on the same subnet. Try the route solution I mentioned. If it doesn't work then nothing lost right? I had a student in class last week with the exact same issue and it was in fact the routes.
Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Apr 17, 2010, at 9:28 AM, Sumit Mahla <[email protected]> wrote: > Thanks Brandon, > > > the problem here is not about networks to which i want ACS to reach... > problem is that ACS has IP add 10.11.11.25 and R1 f0/1 which has ip > 10.11.11.1 (same subnet). ACS is not even able to ping the directly connected > subnet. > > what i think is it should atleast ping the connected subnet... > > Please correct me if i am wrong... > > Thanks for the guidance. > > > > From: [email protected] > To: [email protected] > Subject: Re: [OSL | CCIE_Security] Ping not successful > Date: Sat, 17 Apr 2010 09:05:55 -0700 > CC: [email protected] > > If you do a "route print" you will probably see a number if persist and > routes that are pointing to the 10.1.1.1 address as a gateway. You need to > delete those routes and add new routes for the networks you need ACS to > reach using the correct gateway. Use the "route add" and "route delete" > commands. > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities at www.ipexpert.com/communities and our > public website at www.ipexpert.com > > On Apr 17, 2010, at 7:02 AM, Sumit Mahla <[email protected]> wrote: > > Hello, > > i had an issue today while doing some LAB. > > > ACS PC, R1 f0/1 and IPS Mgmt interface where all in VLAN 10, > > Switchports connected to these devices where showing UP UP. > > I was able to ping IPS and R1 F0/1 from each other but ACS was not reachable > from any of the two devices. > > > ACS IP = 10.11.11.25/24 (VM Ware interface) = Vlan 10 > R1 f0/1 = 10.11.11.1/24 = VLan 10 > IPS Mgmt = 10.11.11.15 = vlan 10 > > > when i did some research on this, i foung that Switch mac address table was > showing some MAC learned dynamically on switch's port f0/14 where this ACS > PC was connected. The MAC address in the mac table on switch was different > then the MAC assigned to VMware interface of the ACS. > > > and when i checked the arp table on R1 it din't had any arp entry for ACS PC. > > Ping to loopback 127.0.0.1 from ACS was successfull > Ping to its own IP (10.11.11.25) was successfull > but ping from ACS PC to any other device failed. > > > > Could anyone please let me know what could be the issue? > > > Catch the changing security environment Get it now. > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > The battle for the FIH Hockey World Cup Drag n' drop
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
