Join Log in
Score:0
LeRouteur avatar Server

Cannot ping GW using static IP in a specific subnet, but can ping it using another subnet

de flag
LeRouteur

I just ran against a strange problem a few weeks ago, and I'm still scraching my head about it.

We have an auth server (WServ 2016) running ADDS/ADFS/DNS/DHCP, having 172.17.0.5/24 as static IP and GW set to 172.17.0.1. The 172.17.0.5/24 subnet is dedicated to common services used by each subnet.

There are other subnets, such as 172.17.1.0/24 (managed services), 172.17.127.0/24 (storage ressources) and 172.17.128.0/20 (hosting ressources).

A pfSense router/FW makes the job for inter-subnet communication and Internet access (there are virtual IPs on the LAN NIC).

I had to reboot the auth server a few hours ago, and it won't go back online. I cannot ping the GW using the 172.17.0.5/24 IP, or using any IP in the 172.17.0.0/24 subnet. But if I set the static IP to 172.17.1.19/24 i.e., I can ping everything and access the Internet.

There is no FW rule blocking the communication between subnets, since this a pre-prod network.

I suspected an equipment already using the 172.17.0.5 IP, but since the whole subnet appears to be blocked, I don't know what to check.

Any idea about this?

47
0 + 0
LeRouteur avatar
de flag
LeRouteur
Server just went back online, but after 1 hour... is there any troubleshooting step I can do?
0
Reply
Arden Smith avatar
pe flag
Arden Smith
Please update your question and provide more detail. You can your RCA inspecting the logs for warning or errors, please share the logs.
0
Reply
LeRouteur avatar
de flag
LeRouteur
@ArdenSmith what is a RCA? And I don't know what to check for logs, the pfSense maybe?
0
Reply
Score:0
Zac67 avatar Server
ru flag
Zac67

I cannot ping the GW using the 172.17.0.5/24 IP, or using any IP in the 172.17.0.0/24 subnet. But if I set the static IP to 172.17.1.19/24 i.e., I can ping everything and access the Internet.

Apparently, that server has moved to a different VLAN (assuming your subnets are separated into VLANs). Check switch configs and cabling.

0 + 0
LeRouteur avatar
de flag
LeRouteur
I do not have any VLAN configured on my pfSense. The switches used are non-manageable (cost reduction...). So the subnets are separated by using pfSense's virtual IPs as gateways on a single physical NIC, and the subnets are cabled through a few switches going on a single on to this NIC.
0
Reply
Zac67 avatar
ru flag
Zac67
Where's the sense in using multiple IP subnets without VLANs? One of the other possibilities is a MAC-IP binding/static ARP entry on the pfSense - but without a proper description of your network we could guess for ages (which is off-topic here btw).
0
Reply
LeRouteur avatar
de flag
LeRouteur
These are pre-prod network for a really small client we have, and they reported us this problem. I can make a scheme and add it to my description tomorrow.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.