Cannot Ping Device on Different Subnet

While working on deploying the network at a new operations center in Texas, we ran into some issues regarding both security cameras and credit card reader device installations.  The security cameras and card readers are each installed and managed by other departments (ie Security dept., Help Desk, etc.)

These devices were initially plugged into ports configured by default as end-user data ports and received DHCP addresses.  However, due to the general security reasons and architectural design of the VLANs, their corresponding subnets, and network segmentation of the campus, the devices needed static addresses on purpose-specific subnets configured.  This required our network team to change switchport configs off the default DHCP vlan accordingly to allow for connectivity.

The problem here was many times the device (after static address assigned and port config updated) was only pinging from the local subnet.  Even on the Layer 3 switch, a ping was only successful when sourced from that subnet's SVI (eg #ping 192.168.100.27 source vl 200)

Turns out, when the device is only pinging on the local subnet, it was usually because of one (or both) of two simple reasons.

Reason 1 - Wrong Statically Assigned Subnet Mask

Our network was utilizing a mix of /26 & /27 networks for the same VLAN ID and IP address 3rd octet spread across various layer 3-separated closets.  The folks assigning the static address would configure either a /24 mask by habit or default, or mix up the /26 and the /27 masks, etc.  Once the mask was fixed to match the mask of the assigned subnet's local gateway, the issue was resolved.

Reason 2 - Wrong Statically Assigned Default Gateway

Again because our network was utilizing a mix of /26 & /27 networks for the same VLAN ID and 3rd octet spread across various layer 3-separated closets, the gateway was not always the same host address; so the first three octets were the same for all of these subnets, but the gateway differed in the fourth octet.  The folks assigning the static address would again, either do the standard gateway IP for a /24 network by default or habit, or confuse the correct gateway for that /26 or /27 subnet.  Once the gateway IP address was fixed, the device became reachable from outside its own subnet.

Can't Ping VLAN (ELAN) from Outside the Local LAN?

So here's a short post.

I installed a Cisco layer 3 switch and moved all the configs for the local LAN's VLANs, ip routing, from the old switch and router etc. over to the new switch.

Everything seemed fine and dandy upon completion, and I could ping back to Headquarters from the remote site, and could get internet and intranet access, etc.

However, it turned out that Headquarters (or any other remote site than the one where I installed the switch) reported they could not ping the ELAN for that site.
So all data, voice and wireless VLANs for that site were pingable from Headquarters, but the ELAN was not pingable.

Back on site, everything seemed to be working, and I could ping everything from within the local LAN.  It just seemed that from OUTSIDE my local LAN, ELAN was unreachable.


Solution:


I double-checked the EIGRP routing statement on the layer three switch with a simple "show run."
Sure enough the ELAN IP address was missing from the EIGRP statement.

Once I added that in, I was able to ping the ELAN from outside the LAN and it was available for Telecomm's purposes.


So if you can ping inside the network, but not FROM outside the network, check your routing statement!

...also, if you are adding in equipment, make sure your configs are correct!


Short Info on ELANs:

http://www.c-sharpcorner.com/Interviews/answer/851/what-is-a-vlan-what-is-an-elan-what-is-the-difference

Testing Network Connectivity

Ok, first up is an article how to simply check network connectivity with "ip config," and help troubleshooting network connectivity issues by using "ping" in a command prompt.

Ping (or Packet InterNet Groper) sends ICMP echo requests to target hosts and listens for ICMP echo replies.  It measures round trip time from transmission to reception, and reports errors and packet loss.

If your ping receives the same amount of packets that it sent, you're good.

OK, so here are some useful network-connectivity-checking commands that can be done from within a command/DOS prompt.

IP CONFIG:

1. ipconfig - Typing ipconfig in a command prompt gives you relevant network connection information (if present) on whatever various network adapters you may have in your machine.  The output includes IPv4 address, Subnet Mask, and Default Gateway.
2. ipconfig /all - This command gives even more detailed ipconfig information including the device's hostname and physical (MAC) address
3. ipconfig /release - This command will release (end) your network connection ip address
4. ipconfig /renew -  This command will renew (re-establish) your network connection ip address
5. ipconfig /flushdns - This command clears the local DNS cache

PING:

1. ping 127.0.0.1 - Pinging this address (also known as the Loopback Address) tests that your TCP/IP stack isn't corrupt (look for four packets sent/received) and tests if your NIC is functioning on the physical level
2. ping <your ip address> - pinging your own ip address (ex 192.168.1.100) tests if your NIC is functioning and that the computer was added to the network correctly
3. ping <your gateway> - This tests if your default gateway is functioning and that you can communicate with a local host on the local network
4. ping <an external address> - tests if routing and your internet connection are working

Take note that if your IP address shows as a 169.254.x.x address, your computer has an APIPA address  (automatically assigned private IP address) and you will only be able to communicate with hosts on your own subnet and cannot be routed anywhere.  This is often due to DHCP being unavailable to the machine.

Here's some additional information from Microsoft TechNet on pinging ip addresses:

https://technet.microsoft.com/en-us/library/Cc940095.aspx