Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 29 subscribers
  • Views 52700 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Interface not reachable any more

ThomasMahin

Hello,

i have a strange problem with one of the eight interfaces of my XG135-Appliance

The last three months all was working fine, but since today I have the problem, that i can't reach (ping, tracert) one of my interfaces (config not changed)
So devices connected to this interface cannot establish an internet connection
For testing my notebook is now directly connected to the interface...same problem

I always get "destination host unreachable"

The Interface has the IP 172.30.1.10 /24
DHCP is working fine (range for testing 172.30.1.11-20, /24), i get an IP, but i can't reach the interface-IP and so the gateway for this net

Now the strange part of this:
If i change the IP of the interface from the 172.30.*.* net to another, e.g. 192.168.*.* all is working fine
By changing back to 172.30.*.* i can't reach my interface again


I had this before at the beginning, while testing the XG
At this time i thought i did something wrong, so i reset the XG and all was working fine after this...till now

What i tried to do so far:
- a simple restart of the device ->no change
- disabling/re-enabling the Port ->no change
- disabling interface, restart XG an enable interface -> no change

As workaround, as described above, i changed the ip of the interface to the 192.168.*.* net

Anyone the same issue?
What else can i try to get this working with the original interface config?
If procurable without resetting the device

Thanks
Thomas



This thread was automatically locked due to age.
  • 0

    Hi Thomas,

    I am a bit confused, if you are not able to reach the gateway on 172.xx IP address, how were you able to change the interface IP address ? 

    What is the firmware version on XG? 

    Thanks

  • 0 in reply to sachingurung

    Hi Sachin,

    sorry for that...i forgot to mention, that I have theXG135 Appliance (8 Ports)
    I'm still able to acces the admin webconsole from one of the other interfaces
    Only from one port i have the problem that devices cannot reach it

    I hope now it's easier to understand

    Firmware is the newest: 15.01.0 MR-2


    Thanks
    Thomas

  • 0 in reply to ThomasMahin

    Hi Thomas,

    That helped! Login to GUI from the port you are able to. Navigate through 

    Check if you have HTTP and HTTPS box selected for the concerned interface. 

    Hope that helps :)

  • 0 in reply to sachingurung

    Hi Sachin,


    i edited my post above again, sorry for the missunderstandings

    My problem is, that the interface itself is not reachable, even by pinging or try a "traceroute/tracert"
    By trying to ping or run the tracert command i always get the "destination host not reachable" error.
    From this net it should not be possible to access the webconsole, so the boxes described by you below are not checked.
    Though, the interface should be reachable by network commands like ping, tracert/tracerout?

    The packages cannot "go trough" the interface, because it's not even reachable for them and i can't get an internet connection.

    I hope now it  become clear what my problem is

    Thanks

  • 0 in reply to ThomasMahin

    Hi Thomas,

    Device access allows limiting the administrative access of the following device services from various default zones, LAN, WAN, DMZ, VPN and customs zones.If you uncheck all the services for device access, all the traffic will be dropped. So if you are not able to ping, that might be because ICMP option is unchecked. Also, check if there is a drop rule configured in "Local Service ACL Exception Rule" option. PFA screenshot.

    Thanks

  • 0 in reply to sachingurung

    Hi Sachin,

    I checked this. There's no Exception Rule and the Device Acces Options should be ok:

    But i think this couldn't be a problem with the configuration of the zone.
    As described changing the interface IP is enough to get this working (without changing anything in this zone)



    Thanks
    Thomas

  • 0 in reply to ThomasMahin

    Thomas,

    LAN_30 has the issue, right? Connect a computer on that zone, make sure a policy rule exists where DNS and HTTP/S services are enabled and post a TCPDUMP from XG CLI while you try to ping www.google.com

    From CLI, type:tcpdump icmp

    Post the output.

    Thanks.

  • 0 in reply to lferrara

    Hi Luk,

    for testing this i have a "any-any" rule from the "LAN_30" zone
    I can't post you the tcpdump because there's nothing coming in on the XG from the interface the "LAN_30" zone is assigned to.

    By trying to ping www.google.de i get an "unknown host" error because the computer can't reach a DNS server
    To bypass this, i edited the hosts-file and then got a "destination host unreachable" error

    The tcpdump on the XG showed nothing coming from the affected port the whole time
    By changing the interface IP to 192.168.30.* for testing again, everything is working fine and the tcpdump shows me the packages.
    Changing back to 172.30.*.* it's like at the beginning....traffic doesn't reach the Interface and tcpdump doesn't show new packages coming from affected interface any more

    So there's the following problem:
    - Interface IP 172.30.1.10 (or any other 172.30.*.* IP) and computer (directly connected to interface on XG) get IP ->computer can't reach interface IP and because of this can't ping www.google.de or another adress outside
    - Interface IP 192.168.30.10 and computer (directly connected to interface on XG) get IP ->Computer is able to reach interface IP and can ping www.google.de or other adresses outside

    It seems there's a problem only affecting the 172.30.*.* net range on the XG, but i really don't get what this could be


    Thanks
    Thomas

  • 0 in reply to ThomasMahin

    Hi Thomas,

    If LAN_30 has the issue, it's clear from the screenshot as the HTTP & HTTPS access are not selected. Please select the required device access protocols.

    Thanks 

  • 0 in reply to sachingurung

    Hi Sachin,


    I tested this, but it doesn't work.
    But I'm not talking about the HTTP/HTTPS Acces to the Webconsole of the XG.
    Even ICMP Packages (ping) can't reach the interface, this is not an issue with the admin services options

    By changing this i'm only allowed to access the admin console from the network (if the network itself would work) i'm coming from
    But my problem is, that the basic network isn't working
    -> ICMP packages not reaching the interface

    And as described above...by changing the Interface IP to 192.168.30.* (device access HTTP/HTTPS empty as in screenshot) this is working
    So this has nothing to do with my device access options?

    Thanks
    Thomas