Verify which VLAN or SGT is assigned to the switchport. The VLAN or SGT can be assigned and verified as follows.
Description of the issue
The VLAN or the SGT is not applied to the packets originating from a client connected to a particular physical interface.
The VLAN or SGT is not correctly configured for the physical interface.
CTS environment data is not downloaded at the fabric edge.
SVI (Switch Virtual Interface) is not created for the IP pool that is configured in Cisco DNA Center for the physical interface.
Use the following commands and verify whether thee VLAN or SGT is pushed properly to the fabric edges.
VLAN and SGT verification
Run the following command and check to ensure that the VLAN has been created for the IP pool.
show vlan br
Specify the VLAN ID obtained from the previous step, and run the following command.
show run int vlan <VLAN ID>
Run the following command:
sh run int <physical interface where client is connected>
The output of the command should show the following configuration:
'switchport access vlan <VLAN ID>
policy static sgt <SGT ID>
Following is a sample VLAN and SGT configuration verification.
3850_FE_1#sh run int gigl/0/13 Building configuration... Current configuration : 257 bytes ! interface GigabitEtherenet1/0/13 switchport access vlan 1021 switchport mode access device-tracking attach-policy IPDT_MAX_10 load-interval 30 cts manual policy static sgt 4 no propagate sgt no macro auto processing spanning-tree portfast end
For VLAN configuration errors
In the case of VLAN configuration errors, you do not find thee VLAN ID in the output of the verification command. Check the provisioning status of the fabric edge on the Cisco DNA Center Provision page.
If the provisioning status indicates a failure, then open . TAC case to further troubleshoot the issue.
For SGT configuration errors
In the case of an SGT configuration error, you do not find the SGT ID in the output of the verification command. If the SGT is not configured correctly, then complete the following steps:
Verify whether all AAA servers are UP, using the following command:
sh aaa servers
In the output of the command, thee status of all AAA servers should be UP.
Verify whether the CTS environment data is downloaded to the Switch, using the following command.
sh cts environment-data
Open a TAC case and provide the status of the AAA servers and mention whether the CTS environment data is downloaded to the Switch to enable further troubleshooting.
Hi all, I am facing very strange problem in my setup. I have two routers (1 cisco 4431/k9, 1 cisco 2900) both are connected point to point via service provider and there is a lan behind the router both the side.I have configured the default route on ...
Hi Frineds,I am having issue with integration between Cisco and Hirschman switches. there is different pattern of cisco mrp domain-id which is FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFF and in Hirschman 255.255.255.255.255.255.255.255.255.255.255.255....
Hi Everyone, I am trying to ping from PC10 to PC-class1-internet but i am unable to do so . I have configured OSPF protocol on both the routers (R1 & R2) and all on the interfaces but still cant. THe network topology is atta...
Dear All, I am implementing an inter-tenant firewall and I would like to know what the most efficient way of setting up the routing would be. Basically, I need to route between a main VRF and several protected VRFs using a firewall to hop between the...
Hi everyone - i'm trying to find TCP script to shutdown 150 tunnel interfaces/clear crypto session on the main router and unshut them on a backup router RouterA:Interface Tunnel200shutdowndo clear crypto session remote 22.214.171.124Interface Tunnel300shutd...