Re: ASR 1004 configuration problem

n.indrajit · ‎09-19-2010

Hi guys,

I am facing problems to configure an ASR 1004 router, when I finish the basic configurations then I try to ping the router's interface (Interfaces are located in SPA module) itself but i couldn't; since the interface is up (Line and protocol both). but management interface (its in its own vrf) I can able to ping, I am wondering I have created a loopback interface, that also I can't able to ping. Please help me to sortout this problem. I am running on IOS asr1000rp2-ipbasek9.02.06.02.122-33.XNF2.bin more than ios i didn't install any packages.

Regards

Indrajit

marikakis · ‎09-19-2010

Hi Indrajit,

Which command are you using to ping the router's interfaces? From what I see from the documentation
(http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/Management_Ethernet.html#wp1059026)
pinging other interfaces using the Management Ethernet interface is done through the VRF (using "ping vrf Mgmt-intf " command).

Also, if you have another device directly connected to the ASR via a physical interface (same subnet), can you ping the ASR's physical interface IP address from there?

Kind Regards,
Maria

n.indrajit · ‎09-20-2010

Hi Maria,

Thank you for the reply.please check the following output

In this setup ASR's interface GigabitEthernet1/0/0 and L3 Switch's interface GigabitEthernet0/27 both are directly connected and under same subnet

ASRGW#sho ip int br

Interface IP-Address OK? Method Status Protocol

GigabitEthernet1/0/0 192.168.11.1 YES NVRAM up up

GigabitEthernet1/0/1 unassigned YES NVRAM down down

GigabitEthernet1/0/2 unassigned YES NVRAM administratively down down

GigabitEthernet1/0/3 unassigned YES NVRAM administratively down down

GigabitEthernet1/0/4 unassigned YES NVRAM administratively down down

GigabitEthernet0 xx.xx.xx.xx YES NVRAM up up <-------Management Int

Loopback0 1.1.1.1 YES NVRAM up up

ASR Side config

!
ip vrf green
rd 500:1

!
interface GigabitEthernet1/0/0
ip vrf forwarding green
ip address 192.168.11.1 255.255.255.0
negotiation auto
cdp enable
!

L3 Switch Side

!
ip vrf green
rd 500:1
!

interface GigabitEthernet0/27
no switchport
ip vrf forwarding green
ip address 192.168.11.2 255.255.255.0
speed 1000
duplex full
!

ASR side output

ASRGW#ping vrf green 192.168.11.2 <--------------------------------------------------Switch side interface

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Even its own vrf green interface unable to ping

SRGW#sho ip route vrf green

Routing Table: green
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.11.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.11.0/24 is directly connected, GigabitEthernet1/0/0
L        192.168.11.1/32 is directly connected, GigabitEthernet1/0/0
ASRGW#
ASRGW#
ASRGW#ping vrf green 192.168.11.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

L3 Switch side output

Switch# ping vrf green 192.168.11.2 <--------------------------------------------------here its own interface can able to ping

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#
Switch#
Switch# ping vrf green 192.168.11.1 <-------------------------------------------------- ASR interface can't ping

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#

Please try to find some solution because until i get connected I can't configure further more. I am also trying my best.

Regards

Indrajit.

marikakis · ‎09-20-2010

Hi Indrajit,

We might be having multiple issues here. My understanding is that this is a new router. In such a case I would do the following:

1. Remove the vrf associated configuration under the interfaces on both sides of the link (i.e. no ip vrf forwarding green)

2. Reconfigure the IP addresses on the 2 interfaces (router and switch, as those are also expected to be automatically removed)

3. Try to ping ASR's gi1/0/0 from ASR using exact command: ping vrf Mgmt-intf 192.168.11.1

4. Ping ASR's gi1/0/0 from switch using: ping 192.168.11.1

5. Ping switch's IP 192.168.11.2 from ASR (use extended ping command with source address 192.168.11.1 or via Mgmt-intf, whatever works)

Also, consider the following:

1. Issue a "show cdp neigh" on both sides of the link

2. Hardcode interface speed/duplex settings on the ASR

3. Issue a shut/no shut to the interfaces and/or remove re-insert cables (those are optics, right?)

If you get the interfaces to work without VRF's, then add the VRF config (and the IP addresses again) and see what happens.

BTW: Can you post output of "sh ip cef"?

In any case, I have been logged into an ASR 1000 only once and didn't do much, so I really hope I'm not your only chance of getting an answer to your issue.

Kind Regards,

Maria

dvangyzeghem · ‎09-20-2010

hi Indrajit,

Maybe its nothing but can you try fixing the speed and duplex on both side or use auto negotiation on both sides.

i know mixing these can cause some problems.

Br

Dimitri

n.indrajit · ‎09-20-2010

Hi Dimitri,

Please check the following out puts

ASRGW#sho int GigabitEthernet1/0/0
GigabitEthernet1/0/0 is up, line protocol is up
Hardware is SPA-5X1GE-V2, address is 68ef.bdca.4e40 (bia 68ef.bdca.4e40)
Internet address is 192.168.11.1/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is T
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:28, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     4963 packets input, 1145272 bytes, 0 no buffer
     Received 27 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 4936 multicast, 0 pause input
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 4 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
ASRGW#

Switch#sho int GigabitEthernet0/27
GigabitEthernet0/27 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0015.62a2.3443 (bia 0015.62a2.3443)
Internet address is 192.168.11.2/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX SFP
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 04:25:53, output 00:00:03, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     30 packets input, 4566 bytes, 0 no buffer
     Received 20 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 3 multicast, 0 pause input
     0 input packets with dribble condition detected
     28388 packets output, 3984306 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
Switch#

ASRGW#ping 192.168.11.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ASRGW#

ASRGW#ping vrf Mgmt-intf 192.168.11.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ASRGW#

Switch#ping 192.168.11.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#

Regards

Indrajit

marikakis · ‎09-20-2010

Hi Indrajit,

We need to fix any potential basic connectivity issues before we are able to ping successfully. In the CDP output you posted I can't see the router and switch detecting each other over the link. Do you have CDP enabled on the switch interface? If not, please enable it temporarily so we can see what's going on (related commands: sh cdp interface, sh cdp, cdp run, cdp enable).

Also clear the counters on both sides of the link (clear counter interface gi x/y/z).

Shut the interfaces on both sides of the link (shutdown command).

On ASR gigabit interface enter:

no negotiation auto

duplex full

speed 1000

no shut

(This basically hardcodes the speed/duplex settings I was talking about in my previous post and is also one of Dimitri's suggestions.)

On switch: no shut

Issue "sh cpd neigh" on both sides of the link. Wait a little bit for the devices. If you can see both devices detecting each other, then ping the router from the switch using normal ping.

Kind Regards,

Maria

n.indrajit · ‎09-21-2010

Maria,

I have enabled the cdp on both devices but more than this i have checked the arp table from both side they are not learning other side mac address.

ASR side interface i did "no negotiation auto" and manully configured duplex and speed but nothing improved. Both side "sh cpd neigh" also not gave the statistics about other device.

Regards

Indrajit

marikakis · ‎09-21-2010

Hi Indrajit,

CDP doesn't seem to work, ARP doesn't seem to work, looks we don't have good news from layer 2 so far. You still can't ping the loopback interface on the ASR from the ASR (via vrf Mgmt-intf)?

Another thing that worried me earlier was the show interface output you had posted in response to Dimitri. That is: on ASR side a counter says there are 0 packets output, while on the switch side I see both input and output. Do you still see the same thing? Are you sure the ASR is physically connected to that switch port and not some other?

You probably need to open a TAC case and have a cisco engineer examine if there is something the ASR specifically needs to function properly or we might be hitting a bug of some sort. One last thing you could do before that is make sure all you physical connections are stable, your cards/modules are properly seated, etc.

Kind Regards,

Maria

n.indrajit · ‎09-22-2010

Hi Maria,

We have consult with Cisco Engineers they have told our ASR is missing with a hw module "Embedded Services Processors (ESPs)" . Please check the following

ASR 1000 SPA and Optics Support

The Cisco ASR 1000 Series ESPs are responsible for the data-plane processing tasks, and all network traffic flows through them. The modules perform all baseline packet routing operations, including MAC classification, Layer 2 and Layer 3 forwarding, quality-of-service (QoS) classification, policing and shaping, security access control lists (ACLs), VPNs, load balancing, and NetFlow. They are also responsible for features such as firewalls, intrusion prevention, Network Based Application Recognition (NBAR), Network Address Translation (NAT), and Cisco IOS Flexible Pattern Matching.

http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-450070_ps2797_Products_Data_Sheet.html

Still we are analizing this issue becaue apart from physical connectivity even we are unable to ping ASR's loopback interfaces. so may be this ESP module cause this problem but not yet finalized.

Regards

Indrajit

marikakis · ‎09-22-2010

Hi Indrajit,

First of all, thank you very much for your feedback. Members of the forum are always curious about what happened in the end of a case and the information may help others in the future.

You really don't have an ESP? Since the engineers have already spotted a necessary hardware component missing, you need to address this issue first. Maybe when you have the ESP in place, you will also be able to ping the loopback. I'm speculating this because I've seen hardware where write's destined to the processor's local scratchpad memory still have to traverse the system's internal switch (packets looped over the internal network). Maybe traffic destined to the RP (such as ping loopback traffic) still has to traverse the active ESP (while traffic such as telnet to the management port is an exception). You could ask the engineers if such a thing is possible in this platform.

Kind Regards,

Maria

n.indrajit · ‎09-20-2010

Hi maria,

Now i have removed vrf, please check the following out puts that u requested

ASRGW#ping vrf Mgmt-intf 192.168.11.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

ASRGW#ping vrf Mgmt-intf 192.168.11.2 source GigabitEthernet1/0/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.11.1
.....
Success rate is 0 percent (0/5)

ASRGW#sho cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID        Local Intrfce     Holdtme    Capability Platform Port ID
OFFICE           Gig 0             105            R       xxxx
Switch           Gig 0             137           S I       xxxx Gig 6

ASRGW#sho ip cef
Prefix               Next Hop             Interface
0.0.0.0/0            no route
0.0.0.0/8            drop
0.0.0.0/32           receive
127.0.0.0/8          drop
192.168.11.0/24      attached             GigabitEthernet1/0/0
192.168.11.0/32      receive              GigabitEthernet1/0/0
192.168.11.1/32      receive              GigabitEthernet1/0/0
192.168.11.255/32    receive              GigabitEthernet1/0/0
224.0.0.0/4          drop
224.0.0.0/24         receive
240.0.0.0/4          drop
255.255.255.255/32   receive
ASRGW#

Switch#sho cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
Switch#

Switch#ping 192.168.11.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#

Regards

Indrajit