Wired Intelligent Edge

Hello !

I'm a french user, i have a non blocking problem.

I configured two CX 8325, VSX is OK.
1 SVI per Vlan and active gateway enable

When i do a traceroute from a linux machine to a computer (for example), the first hop is the SVI ip address and the second the computer but traceroute is incomplete. Same problem il i do the traceroute from the CX.

Do you have any suggestions on this?

thanks !

------------------------------
Nicolas 
------------------------------

Hi Nicolas, could you provide more details? host to host traceroute (when hosts belong to different routed VLANs) passing through a routing switch which acts as the router for involved VLANs looks good when, from the source host, the first hop is the routing switch (SVI IP Address) and the last hop is the target host...or I misunderstood what you wrote? where is the issue on your traceroute?

------------------------------
Davide Poletto
------------------------------

Original Message:
Sent: Apr 01, 2022 06:26 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello !

I'm a french user, i have a non blocking problem.

I configured two CX 8325, VSX is OK.
1 SVI per Vlan and active gateway enable

When i do a traceroute from a linux machine to a computer (for example), the first hop is the SVI ip address and the second the computer but traceroute is incomplete. Same problem il i do the traceroute from the CX.

Do you have any suggestions on this?

thanks !

------------------------------
Nicolas GEORGES
------------------------------

Hello, thanks for the reply.

Example : Directly on one of the two CX switch, i can ping a host on a vlan but traceroute to the same host doesn't work  :

PING 172.16.X.X (172.16.X.X) 100(128) bytes of data.
108 bytes from 172.16.X.X: icmp_seq=1 ttl=128 time=0.222 ms
108 bytes from 172.16.X.X: icmp_seq=2 ttl=128 time=0.208 ms
108 bytes from 172.16.X.X: icmp_seq=3 ttl=128 time=0.233 ms
108 bytes from 172.16.X.X: icmp_seq=4 ttl=128 time=0.300 ms
108 bytes from 172.16.X.X: icmp_seq=5 ttl=128 time=0.174 ms

--- 172.16.X.X ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4090ms
rtt min/avg/max/mdev = 0.174/0.227/0.300/0.043 ms
LT60-C1# traceroute 172.16.X.X
traceroute to 172.16.X.X (172.16.X.X), 1 hops min, 30 hops max, 3 sec. timeout, 3 probes
1 172.16.X.X 0.221ms

Traceroute incomplete, it remains blocked.

Aruba Support just want me to upgrade firmware...
Maybe there is another solution

------------------------------
Nicolas 
------------------------------

Original Message:
Sent: Apr 05, 2022 11:35 AM
From: Davide Poletto
Subject: Traceroute pb witch two CX 8325

Hi Nicolas, could you provide more details? host to host traceroute (when hosts belong to different routed VLANs) passing through a routing switch which acts as the router for involved VLANs looks good when, from the source host, the first hop is the routing switch (SVI IP Address) and the last hop is the target host...or I misunderstood what you wrote? where is the issue on your traceroute?

------------------------------
Davide Poletto

Original Message:
Sent: Apr 01, 2022 06:26 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello !

I'm a french user, i have a non blocking problem.

I configured two CX 8325, VSX is OK.
1 SVI per Vlan and active gateway enable

When i do a traceroute from a linux machine to a computer (for example), the first hop is the SVI ip address and the second the computer but traceroute is incomplete. Same problem il i do the traceroute from the CX.

Do you have any suggestions on this?

thanks !

------------------------------
Nicolas
------------------------------

do you have ip icmp unreachable ?
Any FW blocking ICMP unreachable message ?

------------------------------
Vincent Giles
------------------------------

Original Message:
Sent: Apr 11, 2022 05:33 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello, thanks for the reply.

Example : Directly on one of the two CX switch, i can ping a host on a vlan but traceroute to the same host doesn't work  :

PING 172.16.X.X (172.16.X.X) 100(128) bytes of data.
108 bytes from 172.16.X.X: icmp_seq=1 ttl=128 time=0.222 ms
108 bytes from 172.16.X.X: icmp_seq=2 ttl=128 time=0.208 ms
108 bytes from 172.16.X.X: icmp_seq=3 ttl=128 time=0.233 ms
108 bytes from 172.16.X.X: icmp_seq=4 ttl=128 time=0.300 ms
108 bytes from 172.16.X.X: icmp_seq=5 ttl=128 time=0.174 ms

--- 172.16.X.X ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4090ms
rtt min/avg/max/mdev = 0.174/0.227/0.300/0.043 ms
LT60-C1# traceroute 172.16.X.X
traceroute to 172.16.X.X (172.16.X.X), 1 hops min, 30 hops max, 3 sec. timeout, 3 probes
1 172.16.X.X 0.221ms

Traceroute incomplete, it remains blocked.

Aruba Support just want me to upgrade firmware...
Maybe there is another solution

------------------------------
Nicolas 

Original Message:
Sent: Apr 05, 2022 11:35 AM
From: Davide Poletto
Subject: Traceroute pb witch two CX 8325

Hi Nicolas, could you provide more details? host to host traceroute (when hosts belong to different routed VLANs) passing through a routing switch which acts as the router for involved VLANs looks good when, from the source host, the first hop is the routing switch (SVI IP Address) and the last hop is the target host...or I misunderstood what you wrote? where is the issue on your traceroute?

------------------------------
Davide Poletto

Original Message:
Sent: Apr 01, 2022 06:26 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello !

I'm a french user, i have a non blocking problem.

I configured two CX 8325, VSX is OK.
1 SVI per Vlan and active gateway enable

When i do a traceroute from a linux machine to a computer (for example), the first hop is the SVI ip address and the second the computer but traceroute is incomplete. Same problem il i do the traceroute from the CX.

Do you have any suggestions on this?

thanks !

------------------------------
Nicolas
------------------------------

yes, it's the default setting.
No FW blocking ICMP.

------------------------------
Nicolas 
------------------------------

Original Message:
Sent: Apr 12, 2022 04:54 AM
From: Vincent Giles
Subject: Traceroute pb witch two CX 8325

do you have ip icmp unreachable ?
Any FW blocking ICMP unreachable message ?

------------------------------
Vincent Giles

Original Message:
Sent: Apr 11, 2022 05:33 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello, thanks for the reply.

Example : Directly on one of the two CX switch, i can ping a host on a vlan but traceroute to the same host doesn't work  :

PING 172.16.X.X (172.16.X.X) 100(128) bytes of data.
108 bytes from 172.16.X.X: icmp_seq=1 ttl=128 time=0.222 ms
108 bytes from 172.16.X.X: icmp_seq=2 ttl=128 time=0.208 ms
108 bytes from 172.16.X.X: icmp_seq=3 ttl=128 time=0.233 ms
108 bytes from 172.16.X.X: icmp_seq=4 ttl=128 time=0.300 ms
108 bytes from 172.16.X.X: icmp_seq=5 ttl=128 time=0.174 ms

--- 172.16.X.X ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4090ms
rtt min/avg/max/mdev = 0.174/0.227/0.300/0.043 ms
LT60-C1# traceroute 172.16.X.X
traceroute to 172.16.X.X (172.16.X.X), 1 hops min, 30 hops max, 3 sec. timeout, 3 probes
1 172.16.X.X 0.221ms

Traceroute incomplete, it remains blocked.

Aruba Support just want me to upgrade firmware...
Maybe there is another solution

------------------------------
Nicolas 

Original Message:
Sent: Apr 05, 2022 11:35 AM
From: Davide Poletto
Subject: Traceroute pb witch two CX 8325

Hi Nicolas, could you provide more details? host to host traceroute (when hosts belong to different routed VLANs) passing through a routing switch which acts as the router for involved VLANs looks good when, from the source host, the first hop is the routing switch (SVI IP Address) and the last hop is the target host...or I misunderstood what you wrote? where is the issue on your traceroute?

------------------------------
Davide Poletto

Original Message:
Sent: Apr 01, 2022 06:26 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello !

I'm a french user, i have a non blocking problem.

I configured two CX 8325, VSX is OK.
1 SVI per Vlan and active gateway enable

When i do a traceroute from a linux machine to a computer (for example), the first hop is the SVI ip address and the second the computer but traceroute is incomplete. Same problem il i do the traceroute from the CX.

Do you have any suggestions on this?

thanks !

------------------------------
Nicolas
------------------------------

ICMP redirect is enable ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCL: Powershell Module to use Aruba Central

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: Apr 12, 2022 05:17 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

yes, it's the default setting.
No FW blocking ICMP.

------------------------------
Nicolas 

Original Message:
Sent: Apr 12, 2022 04:54 AM
From: Vincent Giles
Subject: Traceroute pb witch two CX 8325

do you have ip icmp unreachable ?
Any FW blocking ICMP unreachable message ?

------------------------------
Vincent Giles

Original Message:
Sent: Apr 11, 2022 05:33 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello, thanks for the reply.

Example : Directly on one of the two CX switch, i can ping a host on a vlan but traceroute to the same host doesn't work  :

PING 172.16.X.X (172.16.X.X) 100(128) bytes of data.
108 bytes from 172.16.X.X: icmp_seq=1 ttl=128 time=0.222 ms
108 bytes from 172.16.X.X: icmp_seq=2 ttl=128 time=0.208 ms
108 bytes from 172.16.X.X: icmp_seq=3 ttl=128 time=0.233 ms
108 bytes from 172.16.X.X: icmp_seq=4 ttl=128 time=0.300 ms
108 bytes from 172.16.X.X: icmp_seq=5 ttl=128 time=0.174 ms

--- 172.16.X.X ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4090ms
rtt min/avg/max/mdev = 0.174/0.227/0.300/0.043 ms
LT60-C1# traceroute 172.16.X.X
traceroute to 172.16.X.X (172.16.X.X), 1 hops min, 30 hops max, 3 sec. timeout, 3 probes
1 172.16.X.X 0.221ms

Traceroute incomplete, it remains blocked.

Aruba Support just want me to upgrade firmware...
Maybe there is another solution

------------------------------
Nicolas 

Original Message:
Sent: Apr 05, 2022 11:35 AM
From: Davide Poletto
Subject: Traceroute pb witch two CX 8325

Hi Nicolas, could you provide more details? host to host traceroute (when hosts belong to different routed VLANs) passing through a routing switch which acts as the router for involved VLANs looks good when, from the source host, the first hop is the routing switch (SVI IP Address) and the last hop is the target host...or I misunderstood what you wrote? where is the issue on your traceroute?

------------------------------
Davide Poletto

Original Message:
Sent: Apr 01, 2022 06:26 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello !

I'm a french user, i have a non blocking problem.

I configured two CX 8325, VSX is OK.
1 SVI per Vlan and active gateway enable

When i do a traceroute from a linux machine to a computer (for example), the first hop is the SVI ip address and the second the computer but traceroute is incomplete. Same problem il i do the traceroute from the CX.

Do you have any suggestions on this?

thanks !

------------------------------
Nicolas
------------------------------

ICMP redirect is enable by default on CX, no ?

------------------------------
Nicolas 
------------------------------

Original Message:
Sent: May 02, 2022 03:30 PM
From: Alexis La Goutte
Subject: Traceroute pb witch two CX 8325

ICMP redirect is enable ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCL: Powershell Module to use Aruba Central

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Apr 12, 2022 05:17 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

yes, it's the default setting.
No FW blocking ICMP.

------------------------------
Nicolas 

Original Message:
Sent: Apr 12, 2022 04:54 AM
From: Vincent Giles
Subject: Traceroute pb witch two CX 8325

do you have ip icmp unreachable ?
Any FW blocking ICMP unreachable message ?

------------------------------
Vincent Giles

Original Message:
Sent: Apr 11, 2022 05:33 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello, thanks for the reply.

Example : Directly on one of the two CX switch, i can ping a host on a vlan but traceroute to the same host doesn't work  :

PING 172.16.X.X (172.16.X.X) 100(128) bytes of data.
108 bytes from 172.16.X.X: icmp_seq=1 ttl=128 time=0.222 ms
108 bytes from 172.16.X.X: icmp_seq=2 ttl=128 time=0.208 ms
108 bytes from 172.16.X.X: icmp_seq=3 ttl=128 time=0.233 ms
108 bytes from 172.16.X.X: icmp_seq=4 ttl=128 time=0.300 ms
108 bytes from 172.16.X.X: icmp_seq=5 ttl=128 time=0.174 ms

--- 172.16.X.X ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4090ms
rtt min/avg/max/mdev = 0.174/0.227/0.300/0.043 ms
LT60-C1# traceroute 172.16.X.X
traceroute to 172.16.X.X (172.16.X.X), 1 hops min, 30 hops max, 3 sec. timeout, 3 probes
1 172.16.X.X 0.221ms

Traceroute incomplete, it remains blocked.

Aruba Support just want me to upgrade firmware...
Maybe there is another solution

------------------------------
Nicolas 

Original Message:
Sent: Apr 05, 2022 11:35 AM
From: Davide Poletto
Subject: Traceroute pb witch two CX 8325

Hi Nicolas, could you provide more details? host to host traceroute (when hosts belong to different routed VLANs) passing through a routing switch which acts as the router for involved VLANs looks good when, from the source host, the first hop is the routing switch (SVI IP Address) and the last hop is the target host...or I misunderstood what you wrote? where is the issue on your traceroute?

------------------------------
Davide Poletto

Original Message:
Sent: Apr 01, 2022 06:26 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello !

I'm a french user, i have a non blocking problem.

I configured two CX 8325, VSX is OK.
1 SVI per Vlan and active gateway enable

When i do a traceroute from a linux machine to a computer (for example), the first hop is the SVI ip address and the second the computer but traceroute is incomplete. Same problem il i do the traceroute from the CX.

Do you have any suggestions on this?

thanks !

------------------------------
Nicolas
------------------------------

Original Message:
Sent: 5/3/2022 4:42:00 AM
From: NicoGeo
Subject: RE: Traceroute pb witch two CX 8325

ICMP redirect is enable by default on CX, no ?

------------------------------
Nicolas 
------------------------------

Original Message:
Sent: May 02, 2022 03:30 PM
From: Alexis La Goutte
Subject: Traceroute pb witch two CX 8325

ICMP redirect is enable ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCL: Powershell Module to use Aruba Central

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Apr 12, 2022 05:17 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

yes, it's the default setting.
No FW blocking ICMP.

------------------------------
Nicolas 

Original Message:
Sent: Apr 12, 2022 04:54 AM
From: Vincent Giles
Subject: Traceroute pb witch two CX 8325

do you have ip icmp unreachable ?
Any FW blocking ICMP unreachable message ?

------------------------------
Vincent Giles

Original Message:
Sent: Apr 11, 2022 05:33 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello, thanks for the reply.

Example : Directly on one of the two CX switch, i can ping a host on a vlan but traceroute to the same host doesn't work  :

PING 172.16.X.X (172.16.X.X) 100(128) bytes of data.
108 bytes from 172.16.X.X: icmp_seq=1 ttl=128 time=0.222 ms
108 bytes from 172.16.X.X: icmp_seq=2 ttl=128 time=0.208 ms
108 bytes from 172.16.X.X: icmp_seq=3 ttl=128 time=0.233 ms
108 bytes from 172.16.X.X: icmp_seq=4 ttl=128 time=0.300 ms
108 bytes from 172.16.X.X: icmp_seq=5 ttl=128 time=0.174 ms

--- 172.16.X.X ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4090ms
rtt min/avg/max/mdev = 0.174/0.227/0.300/0.043 ms
LT60-C1# traceroute 172.16.X.X
traceroute to 172.16.X.X (172.16.X.X), 1 hops min, 30 hops max, 3 sec. timeout, 3 probes
1 172.16.X.X 0.221ms

Traceroute incomplete, it remains blocked.

Aruba Support just want me to upgrade firmware...
Maybe there is another solution

------------------------------
Nicolas 

Original Message:
Sent: Apr 05, 2022 11:35 AM
From: Davide Poletto
Subject: Traceroute pb witch two CX 8325

Hi Nicolas, could you provide more details? host to host traceroute (when hosts belong to different routed VLANs) passing through a routing switch which acts as the router for involved VLANs looks good when, from the source host, the first hop is the routing switch (SVI IP Address) and the last hop is the target host...or I misunderstood what you wrote? where is the issue on your traceroute?

------------------------------
Davide Poletto

Original Message:
Sent: Apr 01, 2022 06:26 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello !

I'm a french user, i have a non blocking problem.

I configured two CX 8325, VSX is OK.
1 SVI per Vlan and active gateway enable

When i do a traceroute from a linux machine to a computer (for example), the first hop is the SVI ip address and the second the computer but traceroute is incomplete. Same problem il i do the traceroute from the CX.

Do you have any suggestions on this?

thanks !

------------------------------
Nicolas
------------------------------

It's enable :

C1# show run all | inc redirect
        ip icmp redirect

------------------------------
Nicolas
------------------------------

Original Message:
Sent: May 02, 2022 03:30 PM
From: Alexis La Goutte
Subject: Traceroute pb witch two CX 8325

ICMP redirect is enable ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCL: Powershell Module to use Aruba Central

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Apr 12, 2022 05:17 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

yes, it's the default setting.
No FW blocking ICMP.

------------------------------
Nicolas 

Original Message:
Sent: Apr 12, 2022 04:54 AM
From: Vincent Giles
Subject: Traceroute pb witch two CX 8325

do you have ip icmp unreachable ?
Any FW blocking ICMP unreachable message ?

------------------------------
Vincent Giles

Original Message:
Sent: Apr 11, 2022 05:33 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello, thanks for the reply.

Example : Directly on one of the two CX switch, i can ping a host on a vlan but traceroute to the same host doesn't work  :

PING 172.16.X.X (172.16.X.X) 100(128) bytes of data.
108 bytes from 172.16.X.X: icmp_seq=1 ttl=128 time=0.222 ms
108 bytes from 172.16.X.X: icmp_seq=2 ttl=128 time=0.208 ms
108 bytes from 172.16.X.X: icmp_seq=3 ttl=128 time=0.233 ms
108 bytes from 172.16.X.X: icmp_seq=4 ttl=128 time=0.300 ms
108 bytes from 172.16.X.X: icmp_seq=5 ttl=128 time=0.174 ms

--- 172.16.X.X ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4090ms
rtt min/avg/max/mdev = 0.174/0.227/0.300/0.043 ms
LT60-C1# traceroute 172.16.X.X
traceroute to 172.16.X.X (172.16.X.X), 1 hops min, 30 hops max, 3 sec. timeout, 3 probes
1 172.16.X.X 0.221ms

Traceroute incomplete, it remains blocked.

Aruba Support just want me to upgrade firmware...
Maybe there is another solution

------------------------------
Nicolas 

Original Message:
Sent: Apr 05, 2022 11:35 AM
From: Davide Poletto
Subject: Traceroute pb witch two CX 8325

Hi Nicolas, could you provide more details? host to host traceroute (when hosts belong to different routed VLANs) passing through a routing switch which acts as the router for involved VLANs looks good when, from the source host, the first hop is the routing switch (SVI IP Address) and the last hop is the target host...or I misunderstood what you wrote? where is the issue on your traceroute?

------------------------------
Davide Poletto

Original Message:
Sent: Apr 01, 2022 06:26 AM
From: Nicolas GEORGES
Subject: Traceroute pb witch two CX 8325

Hello !

I'm a french user, i have a non blocking problem.

I configured two CX 8325, VSX is OK.
1 SVI per Vlan and active gateway enable

When i do a traceroute from a linux machine to a computer (for example), the first hop is the SVI ip address and the second the computer but traceroute is incomplete. Same problem il i do the traceroute from the CX.

Do you have any suggestions on this?

thanks !

------------------------------
Nicolas
------------------------------