cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Check the Interface VLAN and SGT mapping

209
Views
0
Helpful
0
Comments

Verify which VLAN or SGT is assigned to the switchport. The VLAN or SGT can be assigned and verified as follows.

Description of the issue

The VLAN or the SGT is not applied to the packets originating from a client connected to a particular physical interface.

Possible causes

  • The VLAN or SGT is not correctly configured for the physical interface.
  • CTS environment data is not downloaded at the fabric edge.
  • SVI (Switch Virtual Interface) is not created for the IP pool that is configured in Cisco DNA Center for the physical interface.

Solution

Use the following commands and verify whether thee VLAN or SGT is pushed properly to the fabric edges.

VLAN and SGT verification

  1. Run the following command and check to ensure that the VLAN has been created for the IP pool.
    show vlan br
  2. Specify the VLAN ID obtained from the previous step, and run the following command.
    show run int vlan <VLAN ID>
  3. Run the following command:
    sh run int <physical interface where client is connected>
    The output of the command should show the following configuration:
    'switchport access vlan <VLAN ID>

    ...

    cts manual

    policy static sgt <SGT ID>

Following is a sample VLAN and SGT configuration verification.

3850_FE_1#sh run int gigl/0/13
Building configuration...
Current configuration : 257 bytes
!
interface GigabitEtherenet1/0/13
switchport access vlan 1021
switchport mode access
device-tracking attach-policy IPDT_MAX_10
load-interval 30
cts manual
policy static sgt 4
no propagate sgt
no macro auto processing
spanning-tree portfast
end

Recommended Actions

For VLAN configuration errors

In the case of VLAN configuration errors, you do not find thee VLAN ID in the output of the verification command. Check the provisioning status of the fabric edge on the Cisco DNA Center Provision page.

If the provisioning status indicates a failure, then open . TAC case to further troubleshoot the issue.

For SGT configuration errors

In the case of an SGT configuration error, you do not find the SGT ID in the output of the verification command. If the SGT is not configured correctly, then complete the following steps:

  1. Verify whether all AAA servers are UP, using the following command:
    sh aaa servers
    In the output of the command, thee status of all AAA servers should be UP.
  2. Verify whether the CTS environment data is downloaded to the Switch, using the following command.
    sh cts environment-data

Open a TAC case and provide the status of the AAA servers and mention whether the CTS environment data is downloaded to the Switch to enable further troubleshooting.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards