traceroute issue / SG3210 does not reply
Hi!
I'm new to tp-link and i've got a good first impression especially in price per performance.
I got a new setup with some vlans and the switch is acting as cross-vlan gateway/router and its working very fine
My Issue:
I don't find any setting or documentation about how to enable the traceroute replies - the default setting seem to block the icmp responses
icmp-echo/ping gives me a reply - but i cannot trace the gateway, which i would like to enable for my internal network to make a smooth troubleshooting possible.
i don't find anything in security settings.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I use L3 routing on my core switch for all vlans and I can trace to and from it just fine. What is the exact issue you are experiencing ?
- Copy Link
- Report Inappropriate Content
it gives a reply if the destination is the router ip.
if the destination is an ip in the network where the tp-link interface is in between it discards / times out for this hop.
from any vlan or source.
C:\Users\%username%> tracert 8.8.8.8
Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:
1 * * * TIMEOUT ---> tp-link switch/router doesn't Reply
2 <1 ms <1 ms <1 ms <truncated> FIREWALL
3 2 ms 1 ms 3 ms <truncated> Internal ISP Gateway
4 12 ms 10 ms 11 ms <truncated> other public ip
5 15 ms 11 ms 11 ms <truncated> other public ip
6 11 ms 15 ms 11 ms <truncated> other public ip
7 16 ms 16 ms 16 ms <truncated> other public ip
8 16 ms 17 ms 18 ms 192.178.105.117
9 16 ms 23 ms 21 ms 216.239.63.97
10 19 ms 16 ms 16 ms dns.google [8.8.8.8]
- Copy Link
- Report Inappropriate Content
This may be related to your configuration. How did you set up your VLANs? Also, have you made any other settings?
- Copy Link
- Report Inappropriate Content
not that i am aware of any additional settings.
but basically you can confirm it shouldn't drop the icmp in default config like the other helpful mention?
i just have some vlans with dhcp enabled and interfaces on them to do intervlan routing.
on the interface 10.10.2.0 the ip is still secondary cause it had an ip change (it was 192.168.2.0/24 before, but same vlan)
didnt changed it to primary by now.
here is a config export with username truncated:
SG3210X-M2#show running-config
!SG3210X-M2
vlan 2
name "LAN_Client"
vlan 7
name "Wifi_7_secure"
vlan 66
name "legacy_untrust"
vlan 250
name "LAN_mgmt"
serial_port baud_rate 38400
ip dns-address primary 8.8.8.8
system-time ntp UTC+01:00 0.at.pool.ntp.org pool.ntp.org 12
system-time dst predefined Europe
user name #### TRUNCATED####
telnet disable
no service reset-disable
service dhcp server
ip dhcp server excluded-address 10.10.2.1 10.10.2.100
ip dhcp server excluded-address 10.10.2.200 10.10.2.254
ip dhcp server excluded-address 10.10.7.1 10.10.7.100
ip dhcp server excluded-address 10.10.7.200 10.10.7.254
ip dhcp server pool "wifi7"
network 10.10.7.0 255.255.255.0
lease 2880
default-gateway 10.10.7.254
dns-server 10.10.7.11
ip dhcp server pool "lan"
network 10.10.2.0 255.255.255.0
lease 2880
default-gateway 10.10.2.254
dns-server 10.10.2.11
ip dhcp server pool "wifi7"
address 10.10.7.100 hardware-address 1c:0b:8b:8c:43:71 hardware-type ethernet
ip http secure-session timeout 30
no snmp-server
no ip http server
lldp
ip route 0.0.0.0 0.0.0.0 10.10.2.11
ip route 10.10.2.0 255.255.255.0 10.10.2.254
ip route 10.10.7.0 255.255.255.0 10.10.7.254
ip route 10.10.250.0 255.255.255.0 10.10.250.254
ip route 192.168.2.0 255.255.255.0 192.168.2.254
ip route 192.168.7.0 255.255.255.0 192.168.7.254
no controller cloud-based
interface vlan 1
shutdown
ip address 192.168.0.254 255.255.255.0
description "legacy untrustet"
no ipv6 enable
ip local-proxy-arp
#
interface vlan 2
ip address 192.168.2.254 255.255.255.0
ip address 10.10.2.254 255.255.255.0 secondary
description "LAN_Client"
no ipv6 enable
ip local-proxy-arp
#
interface vlan 7
ip address 10.10.7.254 255.255.255.0
description "Wifi_7secure"
no ipv6 enable
ip local-proxy-arp
ip dhcp relay default-interface
#
interface vlan 250
ip address 10.10.250.254 255.255.255.0
description "LAN_mgmt"
no ipv6 enable
#
interface two-gigabitEthernet 1/0/1
switchport general allowed vlan 66 untagged
no switchport general allowed vlan 1
#
interface two-gigabitEthernet 1/0/2
switchport general allowed vlan 250 untagged
switchport general allowed vlan 2 tagged
switchport pvid 250
no switchport general allowed vlan 1
#
interface two-gigabitEthernet 1/0/3
switchport general allowed vlan 2 untagged
switchport pvid 2
no switchport general allowed vlan 1
#
interface two-gigabitEthernet 1/0/4
switchport general allowed vlan 2 untagged
switchport pvid 2
no switchport general allowed vlan 1
#
interface two-gigabitEthernet 1/0/5
switchport general allowed vlan 2 untagged
switchport pvid 2
no switchport general allowed vlan 1
#
interface two-gigabitEthernet 1/0/6
switchport general allowed vlan 7 untagged
switchport pvid 7
no switchport general allowed vlan 1
#
interface two-gigabitEthernet 1/0/7
switchport general allowed vlan 7 untagged
switchport pvid 7
no switchport general allowed vlan 1
#
interface two-gigabitEthernet 1/0/8
switchport general allowed vlan 2 untagged
switchport pvid 2
no switchport general allowed vlan 1
#
interface ten-gigabitEthernet 1/0/9
#
interface ten-gigabitEthernet 1/0/10
#
end
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 83
Replies: 4
Voters 0
No one has voted for it yet.