Wireless Access

Hi, We cannot ping from certain IP addresses to our 7030 controller, but the controller can ping those IP addresses. Does it blacklist certain IP? How to verify? Please advise.

 

Thanks,

Sam

There is a long list of reasons why you would have that problem, but you do not provide much detail.  Are all of the ip addresses on the same or different subnet?

Thanks for your reply. Those IP address are on different subnets from the controller IP, but only some IP in the subnet cannot ping the controller. Any idea?

Yes.  Please check the subnet masks and default gateways of those devices that cannot ping the controller.  They could be missing or incorrect.

Dear Colin,

 

We can ping the controller by adding the "trusted" command under the port-channel interface. 

Before that, we just have the "trusted" command under the gigabit-ethernet interface. We have two questions. Thanks a lot.

 

1. Does the port- channel configuration override the gigabit port configuration?

2. Before we added "trusted" command under the port-channel interface, we have "trusted vlan 1-4094" command.  It looks like the "trusted vlan" command doesn't allow all traffic from these vlan. Is this normal? How should it work?

 

interface gigabitethernet 0/0/1
description "GE0/0/1"
trusted
trusted vlan 1-4094
no spanning-tree
lacp timeout short
lacp group 7 mode active
!

interface gigabitethernet 0/0/2
description "GE0/0/2"
trusted
trusted vlan 1-4094
no spanning-tree
lacp timeout short
lacp group 7 mode active
!

interface port-channel 7

trusted     <<========================just added this command
trusted vlan 1-4094
switchport mode trunk

The port channel is untrusted by default when you create it. The port channel configuration overrides the configuration of the nterfaces that are members of the port channel, yes.