Re: a problem with ACE10

ROMAN TOMASEK · ‎11-29-2010

Hi,

I installed ACE10 into Cat6500 with 12.2(33)SXI4a software. I configured svclc group with vlan 5. I created SVI for vlan 5 on the Cat6500 and I configured interface vlan 5 on the ACE. I cann't ping from Catalyst into ACE and vice versa. I'm sending you the output from some commands from Catalyst and ACE.

Router#sho module
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
3    1 Application Control Engine Module      ACE10-6500-K9      SAD1122046D
7    2 Supervisor Engine 720 (Active)         WS-SUP720-3B       SAD0911072L

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
3 001b.2ad2.efa8 to 001b.2ad2.efaf   1.4   8.6(0.252-En 3.0(0)A1(4a) Ok
7 0011.9201.d760 to 0011.9201.d763   4.3   8.5(2)       12.2(33)SXI4 Ok

Mod Sub-Module                  Model              Serial       Hw     Status
---- --------------------------- ------------------ ----------- ------- -------
7 Policy Feature Card 3       WS-F6K-PFC3B       SAD0910055J 2.0    Ok
7 MSFC3 Daughterboard         WS-SUP720          SAD0910085E 2.3    Ok

Mod Online Diag Status
---- -------------------
3 Pass
7 Pass

Router#show ip int brie

Vlan5 20.0.0.3 YES manual up up

Router#ping 20.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Router#sho arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 20.0.0.1                0   Incomplete      ARPA
Internet 20.0.0.3                -   0014.1bdf.4140 ARPA   Vlan5

Router#sho vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active
2    SYS-SW-MNG                       active
5    RT                               active
6    VLAN0006                         active

Router#sho svclc module
Module Vlan-groups
------ -----------
03 1

Router#sho svclc vlan-group
Display vlan-groups created by both ACE module and FWSM commands

Group    Created by      vlans
-----    ----------      -----
    1           ACE      5

switch/Admin# sho run
Generating configuration....

boot system image:c6ace-t1k9-mz.3.0.0_A1_4a.bin

access-list test1 ethertype permit any

access-list test line 8 extended permit icmp any any
access-list test line 16 extended permit ip any any

class-map type management match-any mgmt
2 match protocol telnet any
3 match protocol icmp any

policy-map type management first-match M
class mgmt
permit
access-group input test1

interface vlan 5
ip address 20.0.0.1 255.255.255.0
no normalization
access-group input test
access-group output test
service-policy input M
no shutdown
ip route 0.0.0.0 0.0.0.0 20.0.0.3

switch/Admin# sho arp

Context Admin
================================================================================
IP ADDRESS      MAC-ADDRESS        Interface Type      Encap NextArp(s) Status
================================================================================
20.0.0.1        00.1b.2a.d2.ef.a9 vlan5     INTERFACE LOCAL     _         up
20.0.0.3        00.14.1b.df.41.40 vlan5     GATEWAY    2      219 sec      up
================================================================================
Total arp entries 2

switch/Admin# sho ip route

Routing Table for Context Admin (RouteId 0)

   Codes: H - host,   I - interface
          S - static,      N - nat
          A - need arp resolve,      E - ecmp

Destination         Gateway          Interface         Flags
------------------------------------------------------------------------
0.0.0.0             20.0.0.3         vlan5             S
20.0.0.0/24         0.0.0.0          vlan5             IA

Total route entries = 2

So it seems like the hw problem. So is it true?

Thank you.

Best Regards

Roman

yushimaz · ‎11-29-2010

> Internet 20.0.0.1 0 Incomplete ARPA

From above output, it seems Cat6k cannot get arp response from ACE.

This means Cat6k cannot receive arp packets or ACE cannot send.

To find out the root cause, I need capture trace between Cat6k and ACE.

Can you get capture trace on Te3/1?

When you enable 'debug arp' on Cat6k and 'debug arpmgr packets' on ACE

and then issue 'clear arp', can you see the following output? (Note: If you

configure other interfaces on cat6k, debug command makes an impact on

your system.)

## clear arp on ACE

# on ACE

switch/Admin# cle arp

switch/Admin# 2010 Nov 30 00:00:10.062532 arp/icmp mgr: (ctx:0)ARPDBG:Sent Arp REQUEST Dest 20.0.0.3 mac 00.00.00.00.00.00 Src 20.0.0.1 mac 00.07.0e.0f.2c.a1 on vlan 5 on interface id 2

2010 Nov 30 00:00:10.063521 arp/icmp mgr: (ctx:0)ARPDBG: Recd Arp RESPONSE Dest 20.0.0.1 mac 00.07.0e.0f.2c.a1 Src 20.0.0.3 mac 00.16.9c.6d.e5.80 on vlan 5 on interface 2

# on sup720

*Nov 30 00:00:10.075: IP ARP: rcvd req src 20.0.0.1 0007.0e0f.2ca1, dst 20.0.0.3 Vlan5

*Nov 30 00:00:10.075: IP ARP: sent rep src 20.0.0.3 0016.9c6d.e580,

dst 20.0.0.1 0007.0e0f.2ca1 Vlan5

## clear arp on sup720

# on ACE

switch/Admin# 2010 Nov 30 00:00:17.655721 arp/icmp mgr: (ctx:0)ARPDBG: Recd Arp REQUEST Dest 20.0.0.1 mac 00.07.0e.0f.2c.a1 Src 20.0.0.3 mac 00.16.9c.6d.e5.80 on vlan 5 on interface 2

2010 Nov 30 00:00:17.656595 arp/icmp mgr: (ctx:0)ARPDBG:Sent Arp RESPONSE Dest 20.0.0.3 mac 00.16.9c.6d.e5.80 Src 20.0.0.1 mac 00.07.0e.0f.2c.a1 on vlan 5 on interface id 2

2010 Nov 30 00:00:17.656719 arp/icmp mgr: (ctx:0)ARPDBG: Recd Arp RESPONSE Dest 20.0.0.3 mac ff.ff.ff.ff.ff.ff Src 20.0.0.3 mac 00.16.9c.6d.e5.80 on vlan 5 on interface 2

# on sup720

sup720#cle arp

*Nov 30 00:00:17.667: IP ARP: sent req src 20.0.0.3 0016.9c6d.e580,

dst 20.0.0.1 0007.0e0f.2ca1 Vlan5

*Nov 30 00:00:17.667: IP ARP: refresh static entry 127.0.0.51 with tableid 0 on idb EOBC0/0

*Nov 30 00:00:17.667: IP ARP: sent req src 127.0.0.51 0000.1500.0000,

dst 127.0.0.21 0000.1200.0000 EOBC0/0

*Nov 30 00:00:17.671: IP ARP: sent rep src 127.0.0.51 0000.1500.0000,

dst 127.0.0.51 ffff.ffff.ffff EOBC0/0

*Nov 30 00:00:17.671: IP ARP: sent rep src 20.0.0.3 0016.9c6d.e580,

dst 20.0.0.3 ffff.ffff.ffff Vlan5

*Nov 30 00:00:17.671: IP ARP: rcvd rep src 127.0.0.21 0000.1200.0000, dst 127.0.0.51 EOBC0/0

*Nov 30 00:00:17.671: IP ARP: rcvd rep src 20.0.0.1 0007.0e0f.2ca1, dst 20.0.0.3 Vlan5

I confirmed the behavior with 12.2(18)SXF16/A2(3.2a). I use your configuration on ACE.

(I use different version both switch and ACE since I currently use them for another

troubleshooting. If they becomes free, I'll try to reproduce with your version.)

I'm not sure ACE is wrong but I would suggest to upgrade ACE since A1(4a) is very old.

Regards,

Yuji

ROMAN TOMASEK · ‎12-03-2010

Hello Yuji,

I tried your method and the result is in the attachment. It seems that ACE sent ARP request, but there is no response from Sup (on the Sup this arp request is not seen). When I cleared the arp table on the SUP - the request was seen on the SUP and the ACE and the ACE sent response to the Sup.

It seems that the problem is with communication from ACE into SUP. The reverse communication seems without problem.

I would like to upgrade ACE module into higher version, but there is no way for this upgrade (because the communication between ACE and SUP is broken):-( Is there some other way how this upgrade can be provided?

Thank you.

Roman

litrenta · ‎12-07-2010

IS this a VSS chassis ?

Can I see show run and show ver from switch ?

You may need to boot via EOBC to get the correct image on the ace see:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/administration/guide/upgrade.html#wp1028345

ROMAN TOMASEK · ‎01-10-2011

Hello,

I'm sorry for my late answer. It is the standalone switch (no VSS). I'm sending you the requested outputs. I tired to use ACE sw A2(3.2), but the result is same:-( See:

switch/Admin# sho ver
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
loader: Version 12.2[120]
system: Version A2(3.2) [build 3.0(0)A2(3.2)]
system image file: [SUP] disk0:c6ace-t1k9-mz.A2_3_2.bin
installed license: no feature license is installed

Hardware
Cisco ACE (slot: 8)
cpu info:
    number of cpu(s): 2
    cpu type: SiByte
    cpu: 0, model: SiByte SB1 V0.2, speed: 700 MHz
    cpu: 1, model: SiByte SB1 V0.2, speed: 700 MHz
memory info:
    total: 826136 kB, free: 262548 kB
    shared: 0 kB, buffers: 1356 kB, cached 0 kB
cf info:
    filesystem: /dev/cf
    total: 1014624 kB, used: 360736 kB, available: 653888 kB

last boot reason: reload command by admin
configuration register: 0x1
switch kernel uptime is 0 days 0 hour 21 minute(s) 10 second(s)

switch/Admin# ping 20.0.0.2
Pinging 20.0.0.2 with timeout = 2, count = 5, size = 100 ....

No response received from 20.0.0.2 within last 2 sec
No response received from 20.0.0.2 within last 2 sec
No response received from 20.0.0.2 within last 2 sec
No response received from 20.0.0.2 within last 2 sec
No response received from 20.0.0.2 within last 2 sec
5 packet sent, 0 responses received, 100% packet loss
switch/Admin# sho vlan
Vlans configured on SUP for this module
vlan5
switch/Admin# sho int vlan 5

vlan5 is up, VLAN got assigned from the supervisor

Hardware type is VLAN
MAC address is 00:1b:2a:d2:ef:a9
Mode : routed
IP address is 20.0.0.1 netmask is 255.255.255.0
FT status is non-redundant
Description:not set
MTU: 1500 bytes
Last cleared: never
Last Changed: Sat Jan 1 00:39:24 2000
No of transitions: 1
Alias IP address not set
Peer IP address not set
Assigned from the Supervisor, up on Supervisor

     0 unicast packets input, 39162 bytes
     552 multicast, 25 broadcast
     0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops
     77 unicast packets output, 11228 bytes
     0 multicast, 52 broadcast
     0 output errors, 0 ignored
switch/Admin# sho ip int brie
Interface       IP-Address      Status                  Protocol
vlan5           20.0.0.1        up                      up
vlan6           unassigned      down                    down

Best Regards

Roman

david.stout · ‎01-12-2011

Try one of the following.

On ACE Module

interface vlan 5
no access-group output test

On switch

no svclc vlan-group 1 5

svclc vlan-group 1 5

Just the first things that came to mind for me.

Regards

Dave

CZ SmartNet OMG team · ‎01-12-2011

Hello,

I tried your recommendation, but the behaviour is same:-( I cann't ping between ACE and Cat6500.

See:

Router#sho ip int brie
Interface                  IP-Address      OK? Method Status                Protocol
Vlan1                      unassigned      YES unset administratively down down
Vlan5                      20.0.0.2        YES manual up                    up
GigabitEthernet5/1         unassigned      YES unset administratively down down
GigabitEthernet5/2         unassigned      YES unset administratively down down
Router#sho run | inc svcl
svclc module 8 vlan-group 1
svclc vlan-group 1 5
Router#ping 20.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Router#

Router#sho arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 20.0.0.1                0   Incomplete      ARPA
Internet 20.0.0.2                -   001a.3097.fa40 ARPA   Vlan5

switch/Admin# sho vlan
Vlans configured on SUP for this module
vlan5
switch/Admin# sho run interface
Generating configuration....

interface vlan 5
ip address 20.0.0.1 255.255.255.0
no normalization
access-group input test
service-policy input M
no shutdown
interface vlan 6
ip address 10.0.0.2 255.0.0.0
access-group input test
access-group output test
service-policy input M
no shutdown

switch/Admin# sho ip int brie
Interface       IP-Address      Status                  Protocol
vlan5           20.0.0.1        up                      up
vlan6           10.0.0.2        down                    down
switch/Admin# ping 20.0.0.2
Pinging 20.0.0.2 with timeout = 2, count = 5, size = 100 ....

No response received from 20.0.0.2 within last 2 sec
No response received from 20.0.0.2 within last 2 sec
No response received from 20.0.0.2 within last 2 sec
No response received from 20.0.0.2 within last 2 sec
No response received from 20.0.0.2 within last 2 sec
5 packet sent, 0 responses received, 100% packet loss
switch/Admin# sho int vlan 5

vlan5 is up, VLAN got assigned from the supervisor

Hardware type is VLAN
MAC address is 00:1b:2a:d2:ef:a9
Mode : routed
IP address is 20.0.0.1 netmask is 255.255.255.0
FT status is non-redundant
Description:not set
MTU: 1500 bytes
Last cleared: never
Last Changed: Sat Jan 1 00:22:51 2000
No of transitions: 3
Alias IP address not set
Peer IP address not set
Assigned from the Supervisor, up on Supervisor
Previous State: Sat Jan 1 00:22:33 2000, VLAN not assigned from the superviso
r
Previous State: Sat Jan 1 00:16:37 2000, administratively up
     0 unicast packets input, 19325 bytes
     268 multicast, 17 broadcast
     0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops
     20 unicast packets output, 3354 bytes
     0 multicast, 26 broadcast
     0 output errors, 0 ignored
switch/Admin#
switch/Admin# sho arp

Context Admin
================================================================================
IP ADDRESS      MAC-ADDRESS        Interface Type      Encap NextArp(s) Status
================================================================================
20.0.0.1        00.1b.2a.d2.ef.a9 vlan5     INTERFACE LOCAL     _         up
20.0.0.2        00.1a.30.97.fa.40 vlan5     LEARNED    3      14129 sec    up
20.0.0.3        00.00.00.00.00.00 vlan5     GATEWAY    -       * 2 req     dn
================================================================================
switch/Admin# sho ver
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
loader: Version 12.2[120]
system: Version A2(3.2) [build 3.0(0)A2(3.2)]
system image file: [SUP] disk0:c6ace-t1k9-mz.A2_3_2.bin
installed license: no feature license is installed

Hardware
Cisco ACE (slot: 8)
cpu info:
    number of cpu(s): 2
    cpu type: SiByte
    cpu: 0, model: SiByte SB1 V0.2, speed: 700 MHz
    cpu: 1, model: SiByte SB1 V0.2, speed: 700 MHz
memory info:
    total: 826136 kB, free: 262856 kB
    shared: 0 kB, buffers: 1360 kB, cached 0 kB
cf info:
    filesystem: /dev/cf
    total: 1014624 kB, used: 360736 kB, available: 653888 kB

last boot reason: reload command by admin
configuration register: 0x1
switch kernel uptime is 0 days 0 hour 16 minute(s) 48 second(s)

Thank you

Roman