This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Routing problem

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Routing problem

Go to solution
boblin
L2 Linker

‎01-05-2021 05:05 PM

I am configuring a new AP-850. MGT port works fine and I can access the Internet. Now, I configure ethernet1/1 to access the Internet. 

pa-5.JPG

I also configure the routing. But can't ping 8.8.8.8. Do I miss something or how do I troubleshoot it?

pa-6.JPG

 

 

 

 

Bob Lin, Chicagotech-MVP, MCSE & CNE
Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on
http://www.ChicagoTech.net
How to Install and Configure Windows, VMware, Virtualization and Cisco on
http://www.HowToNetworking.com
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
SutareMayur
Cyber Elite
Cyber Elite

‎01-06-2021 12:21 AM - edited ‎01-06-2021 12:21 AM

Hi @boblin ,

 

First of all, please check if you have proper security policy on the firewall to allow traffic to internet from interface IP address. Also check if it is getting match as expected. You can verify it under traffic logs.

 

Now you have pointed default route towards 192.168.11.1 so is it the IP address of router where your internet link is terminated ? If it is the case, do you have source NAT configured  on the router? If firewall is passing traffic properly, please check if NAT is working.

 

In most of the cases when internet link is terminated on the firewall itself then default route is pointed towards ISP gateway to route traffic towards internet. And the NAT policy is configured on the firewall itself.

M

View solution in original post

0 Likes Likes
7 REPLIES 7

Go to solution
SutareMayur
Cyber Elite
Cyber Elite

‎01-06-2021 12:21 AM - edited ‎01-06-2021 12:21 AM

Hi @boblin ,

 

First of all, please check if you have proper security policy on the firewall to allow traffic to internet from interface IP address. Also check if it is getting match as expected. You can verify it under traffic logs.

 

Now you have pointed default route towards 192.168.11.1 so is it the IP address of router where your internet link is terminated ? If it is the case, do you have source NAT configured  on the router? If firewall is passing traffic properly, please check if NAT is working.

 

In most of the cases when internet link is terminated on the firewall itself then default route is pointed towards ISP gateway to route traffic towards internet. And the NAT policy is configured on the firewall itself.

M
0 Likes Likes

Go to solution
reaper
Cyber Elite
Cyber Elite

‎01-06-2021 04:31 AM

are you testing from the CLI? see if this one works:

ping source 192.168.11.12 host 192.168.11.1

if that works, do the following

traceroute source 192.168.11.12 host 1.1.1.1

meanwile keep an eye on your sessions from a second CLI to make sure your sessions are being allowed

show session all filter source 192.168.11.12

 

if you see them in DISCARD, your security policy is blocking, if they're in ACTIVE you may have an upstream issue, check your cabling etc

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

Go to solution
boblin
L2 Linker
In response to SutareMayur

‎01-06-2021 10:43 AM

Hi Mayur,

 

Thank you for the tips. 

 

Forgot to mention, if I test using ping source 192.168.11.12 (e1/1) host 8.8.8.8, it works. 

pa-7.JPG

If I unplug the MGT cable, ping doesn't work. It seems to me the traffic goes through MGT port. I think it could be the NAT settings, but can't figure it out. 

 

boblin_0-1609958570678.png

 

 

 

Bob Lin, Chicagotech-MVP, MCSE & CNE
Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on
http://www.ChicagoTech.net
How to Install and Configure Windows, VMware, Virtualization and Cisco on
http://www.HowToNetworking.com
0 Likes Likes

Go to solution
boblin
L2 Linker
In response to reaper

‎01-06-2021 10:51 AM

Forgot to mention, ping and traceroute works fine if I have MGT cable connecting. If I unplug the MGT cable, ping or traceroute doesn't work. show session all filter source 192.168.11.12 gets "No Active session". Any suggestions? 

Bob Lin, Chicagotech-MVP, MCSE & CNE
Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on
http://www.ChicagoTech.net
How to Install and Configure Windows, VMware, Virtualization and Cisco on
http://www.HowToNetworking.com
0 Likes Likes

Go to solution
reaper
Cyber Elite
Cyber Elite
In response to boblin

‎01-06-2021 10:57 AM

Did you apply the 'source'?

 

The management interface is completely different from the dataplane interfaces. If you do not add the 'source' the packet originates from the management interface which does not use the virtual router

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

Go to solution
boblin
L2 Linker
In response to reaper

‎01-06-2021 11:25 AM

How do you apply the source? When I ping, I do add source 192.168.11.12 which is e1/1 port.

 

pa-7.JPG

 

Bob Lin, Chicagotech-MVP, MCSE & CNE
Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on
http://www.ChicagoTech.net
How to Install and Configure Windows, VMware, Virtualization and Cisco on
http://www.HowToNetworking.com
0 Likes Likes

Go to solution
SutareMayur
Cyber Elite
Cyber Elite
In response to boblin

‎01-06-2021 10:03 PM

Hi @boblin ,

 

As @reaper said, MGMT & dataplane interfaces are completely different so if MGMT is down/removed, it should not create issue to dataplane interface traffic. To get more clarity about your network, is it possible for you to share topology diagram here?

M
0 Likes Likes
  • 1 accepted solution
  • 4309 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks