10-08-2021 08:02 AM
Good day all,
I'm perplexed by an issue I am having. So I am setting up and Cisco ISE solution on my network. The thought was '"hey let me use a test switch to be sure things will jive before production". So I set up a 3850 and setup a trunk port to my existing switch on the production network which is a 9300. I get link lights on both ends but for some reason the test switch (3850) cant ping across to the switch it's trunked to. I have set the no ip routing and configured the 9300 switch to be the default gateway. I even tried enabling ip routing and setting the 9300 switch as the default gateway and its been a no go both ways. What is throwing me for a loop is the fact its populating IP in the routing table for both the 9300 and the actual legit gateway on my network whenever I change them back and forth. But the test switch (3850) cant ping the 9300 its trunk to on a regular old ethernet port. Any takes on this issue I have look at the routing table even the mac-address table and ip arp for the particular IP the Hardware address is "Incomplete"
10-08-2021 08:15 AM
As i understand the setup :
Cat 9300 configured Layer 3 SVI x.x.x.1 you made a Layer 2 Trunkl with Cat 3850 setup VLAN interface config x.x.x.100 (example) default-gateway x.x.x.1 setup on 3850, you are not able to ping from Cat 3850 to x.x.x.1 - is this correct ?
On Cat 3850 are you able to ping local IP x.x.x.100 ?
can you post below information :
show vlan (from both swithes)
show ip interface brief (from both the switches)
show etherchannel summary (both the switches)
show run interface port-channel X ( from both the switches)
show ip route from 3850
10-08-2021 08:20 AM - edited 10-08-2021 08:40 AM
Its actually trunking to another Layer 2 switch which is the 9300 so technically I'm trying to add another Layer 2 access switch to an existing Layer 2 switch where users are to test my Cisco ISE solution. So I don't interrupt my actual users should something go wrong I am just testing things on this 3850
10-08-2021 08:38 AM
Agreed, Do you small network topology to understand the issue ?
But the test switch (3850) cant ping the 9300 its trunk to on a regular old ethernet port.
where is your Layer 3 IP you are pinging ? what VLAN number is this ? it would be nice if you can post the config.
10-08-2021 08:58 AM
I am gathering the config now but yes my Layer 3 IP can ping the first 9300 but can reach the 3850 that is trunked to it. I put the Layer 3 IP in the default-gateway and the Layer 2 9300 just to see. They where put in the routing table but neither worked below is the config you asked for
10-08-2021 09:11 AM
3850 sho vlan bri
3850switch1#sho vlan bri
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 active
10 active
100 active
103 active
104 active Gi1/0/24
105 active
111 active Gi1/0/26
112 active
114 active
199 active
200 active Gi1/0/7, Gi1/0/8, Gi1/0/9 Gi1/0/10, Gi1/0/11, Gi1/0/13Gi1/0/16, Gi1/0/17, Gi1/0/18
201 active Gi1/0/5, Te1/1/2
202 active
203 active
204 active
300 active
666 DISABLED active Gi1/0/2, Gi1/0/3, Gi1/0/4 Gi1/0/6, Gi1/0/12, Gi1/0/14
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
Gi1/0/15, Gi1/0/19, Gi1/0/20
Gi1/0/21, Gi1/0/22, Gi1/0/23
Gi1/0/25, Gi1/0/27, Gi1/0/28
Gi1/0/29, Gi1/0/30, Gi1/0/31
Gi1/0/32, Gi1/0/33, Gi1/0/34
Gi1/0/35, Gi1/0/36, Gi1/0/37
Gi1/0/38, Gi1/0/39, Gi1/0/40
Gi1/0/41, Gi1/0/42, Gi1/0/43
Gi1/0/44, Gi1/0/45, Gi1/0/46
Gi1/0/47, Gi1/0/48, Te1/1/1
991 active
998 NATIVE active
999 NETWORK_MGNT active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
3850 # sho ip int bri
Vlan1 unassigned YES NVRAM administratively down down
Vlan201 172.16.1.2 YES NVRAM up up
Vlan202 unassigned YES unset up up
Vlan203 172.16.3.1 YES NVRAM up up
Vlan999 172.16.0.11 YES NVRAM up up
GigabitEthernet0/0 unassigned YES NVRAM down down
GigabitEthernet1/0/1 unassigned YES unset up up
3850 sho ip route
H168-switch1#sho ip route
Extended Host Mode is enabled
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 172.16.0.2 to network 0.0.0.0
S* 0.0.0.0/0 [0/0] via 172.16.0.2 (This is the Layer 2 9300) weather it is this IP or the Layer 3 ip which is (172.16.0.1) it's populated to the routing table but I still cant ping across
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
C 172.16.0.0/24 is directly connected, Vlan999
L 172.16.0.11/32 is directly connected, Vlan999
C 172.16.1.0/24 is directly connected, Vlan201
L 172.16.1.2/32 is directly connected, Vlan201
C 172.16.3.0/24 is directly connected, Vlan203
L 172.16.3.1/32 is directly connected, Vlan203
9300 sho vlan bri
9300-Switch1#sho vlan bri
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
10 active
100 active
200 active Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27, Gi1/0/28, Gi1/0/29, Gi1/0/30, Gi1/0/31, Gi1/0/32, Gi1/0/33, Gi1/0/34
Gi1/0/35
201 active Te1/1/1
202 active
203 active
300 active
666 DISABLED active Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/37, Gi1/0/38, Gi1/0/39, Gi1/0/40, Gi1/0/41, Gi1/0/42, Gi1/0/43, Gi1/0/44, Gi1/0/45
Gi1/0/46, Gi1/0/47, Gi1/0/48, Te1/1/2, Te1/1/3, Te1/1/4, Te1/1/5, Te1/1/6, Te1/1/7
998 NATIVE_VLAN active
999 NETWORK_MGNT active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
9300-Switch1#sho ip int bri
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
Vlan999 172.16.0.2 YES NVRAM up up
Output omitted
GigabitEthernet1/0/36 unassigned YES unset up up (This is port trunking to 3850)
10-08-2021 09:25 AM
On 3850 configure default-gateway to 172.16.0.1
Make sure 172.16.0.11 address free not conflicting
further to know better
Cat 9300 post below information ( alow post where this connect to uplink port)
show run GigabitEthernet1/0/36
show run interface vlan 999
show ip route
Cat 3850 post below information
show run GigabitEthernet1/0/X - where the port connected Cat 9300
show run interface vlan 999
show ip route
10-08-2021 12:12 PM
The IP is definitely free, the default gateway has been on 172.16.0.1 when I do a show ip arp and filter on the Layer 3 it definitely shows me 172.16.0.11 with the vlan and mac address so there is definitely something I am missing as they still cannot ping but obviously see each other here is the config you asked for below:
9300-Switch1#sho run int gi1/0/36
Building configuration...
Current configuration : 244 bytes
!
interface GigabitEthernet1/0/36
description
switchport access vlan 999
switchport mode trunk
switchport nonegotiate
switchport block unicast
storm-control broadcast level bps 1g
spanning-tree guard root
ip dhcp snooping trust
end
9300-Switch1#sho run int vlan999
Building configuration...
Current configuration : 93 bytes
!
interface Vlan999
description Management
ip address 172.16.0.2 255.255.255.0
end
9300-Switch1#sho ip route
Extended Host Mode is enabled
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 172.16.0.1 to network 0.0.0.0
S* 0.0.0.0/0 [0/0] via 172.16.0.1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/24 is directly connected, Vlan999
L 172.16.0.2/32 is directly connected, Vlan999
3850-switch2#sho run int gi1/0/1
Building configuration...
Current configuration : 161 bytes
!
interface GigabitEthernet1/0/1
description Trunk to Access Switch1 P36
switchport access vlan 200
switchport trunk native vlan 998
switchport mode trunk
end
3850-switch2#sho run int vlan999
Building configuration...
Current configuration : 94 bytes
!
interface Vlan999
description Management
ip address 172.16.0.11 255.255.255.0
end
3850-switch2#sho ip route
Extended Host Mode is enabled
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 172.16.0.1 to network 0.0.0.0
S* 0.0.0.0/0 [0/0] via 172.16.0.1
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
C 172.16.0.0/24 is directly connected, Vlan999
L 172.16.0.11/32 is directly connected, Vlan999
C 172.16.1.0/24 is directly connected, Vlan201
L 172.16.1.2/32 is directly connected, Vlan201
C 172.16.3.0/24 is directly connected, Vlan203
L 172.16.3.1/32 is directly connected, Vlan203
10-08-2021 02:53 PM
Thanks for the information, its much better now.
1. From 3850 can you able to ping 172.16.0.11 (Locally ?)
2. From 3850 can you able to ping 172.16.0.2
3. From Cat 9300 can you able to ping 172.16.0.1 ?
4. From Cat 9300 can you able to ping 172.16.0.11 ?
On cat 9300 remove this command and test it.
interface GigabitEthernet1/0/36
no switchport block unicast
On 3850 ( gig 1/0/1 is connected Cat 9300) if so let leave it as trunk port rather than access port
interface GigabitEthernet1/0/1
no switchport access vlan 200
10-09-2021 12:15 AM
Hello,
post the full running configs of both switches (sh run) and indicate (by putting a description on the interfaces) which two interfaces are used for the connection between the 3850 and the 9300.
There probably is a mismatch somewhere...seeing the full configs should reveal any issues.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide