Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
0
Helpful
6
Replies

Simple but weird Cisco 9200 switch problem

David0531
Level 1
Level 1

‎09-05-2024 08:52 AM

IMG_4309.jpg


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

I have a network setup where SW2 cannot communicate with the NMS (Network Management System), but other switches in similar positions, like SW3 and SW4, can communicate without any issues.  The VLANs are not configured directly on the switches using vlan xX commands; instead, the VLANs are defined on sub-interfaces on a firewall, which connects to the switches via a trunk link.

When I ping the NMS from SW2, I can see debug information on SW2, meaning the ping packets are reaching SW2. However, SW2 is unable to reply back to the NMS, even though other switches (SW3 and SW4) in the same setup can communicate without any issues. The trunk links between the switches and firewall carry the necessary VLANs, and the problem appears to be isolated to SW2.

SW3 and SW4 is configured with SVI of vlan 351, while SW2  is configured with SVI of vlan 350. 

SW2 can ping gateway, which is on the firewall subinterface.

 

This suggests the issue might be with the trunk configuration, SVI (Switch Virtual Interface) settings, or firewall routing and ACL policies related to SW2. However, the rest of the network with the same configuration works  as expected, making it a localized problem to SW2.

I want to figure out why SW2 is unable to communicate with the NMS, while other switches can.

Labels:
0 Helpful
6 Replies 6

Pavel Tarakanov
Cisco Employee
Cisco Employee

‎09-05-2024 09:17 AM

Can you take capture of the traffic on the firewall? On the port faced to SW2 in VLAN 350 ICMP replies from SW2 to NMS visible?

0 Helpful

David0531
Level 1
Level 1
In response to Pavel Tarakanov

‎09-05-2024 10:13 AM

thanks for reply. please comment more. is this an ios issue?

0 Helpful

MHM Cisco World
VIP
VIP

‎09-05-2024 09:32 AM

The VLANs are not configured directly on the switches using vlan xX commands <<- this is wrong and make issue here

When you allow vlan in trunk that not meaning add vlan auto so you need to add vlan to SW manually 

MHM

0 Helpful

David0531
Level 1
Level 1

‎09-05-2024 09:35 AM

thanks to reply.

i started a ping from NMS, then i debug ip icmp from sw2, i can see icmp messages from NMS.

Also,i  used to be able to ping SW2 from SW1 and ssh from SW1 to Sw2, as they are have same vlan SVI. Now, i changed IP of SW2, i cannot ping SW2 from SW1 now.

0 Helpful

David0531
Level 1
Level 1

‎09-05-2024 09:40 AM

There are many cisco 9200 switches in the environment. one thing i noticed is  many  of them are vtp domain servers.

i have changed sw2 to client. won't help still.

0 Helpful

MHM Cisco World
VIP
VIP
In response to David0531

‎09-05-2024 09:44 AM

Only do 

Show vlan in each SW in path to FW 

Check if you see vlan or not

Dont depend on vtp 

MHM

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card