This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Ping thru device and static route qestion

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Ping thru device and static route qestion

Dragan
Not applicable

‎03-30-2015 02:53 PM

Hi,

i have one 2050n device in my lab; device is running 4.1.6.

Interface 1/1 is configured for as dhcp client and i am able to ping update server and obtain dynamic updates. I have no devices/clients connected to inside LAN. Inside lan is on ethernet 1/2.

Interfaces 1/2 and 1/1 are setup for L3, zone is default (trust/untrust) with interface assigned to appropriate zones.

i setup ethernet 1/2 with ip address of internal LAN (10.1.1.1/24) but it is not physically connected to any switch or other devices. it shows interface 1/2 is configured but down (red link state).

Security policy is to allow any any from trust to untrust.

Virtual router is setup with default settings, both interfaces (1/1 and 1/2) are in virtual router, static route is setup for destination 0.0.0.0/0 on interface 1/1. If i try to enter default gateway in static route as a next hop, the commit is failing. Only way to get commit not to fail is to have Next hop - None.

Question 1:

i tried to use ping command from PAN CLI and not getting any response if i do following:

ping source 10.1.1.1 host 8.8.8.8

if i do ping host 8.8.8.8 = ping is fine (i am guessing in this case source is management interface)

Why i am unable to ping using source interface of 10.1.1.1?

Question 2:

Is there are a reason why commit is failing when adding static route to use default gateway provided by ISP?

Thanks for your responses.

0 Likes Likes
1 REPLY 1

gwesson
L7 Applicator

‎04-02-2015 11:58 AM

1. Your ping is failing because your interface isn't connected to anything. If you're sourcing your ping from Ethernet1/2, which is showing as configured but down, there is no way it could work. Even though your default gateway is set to use Eth1/1, since that interface is legitimately down, the packet cannot be sent using that interface. It works without specifying the interface because it uses the management interface as you guessed.

2. Since your Ethernet1/1 (ISP interface) is DHCP, the default gateway is configured by your ISP and there is no need to configure the 0.0.0.0/0 route on Eth1/1. You can remove that static route from your virtual router since it is not needed.

Regards,

Greg

0 Likes Likes
  • 1821 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks