Solved: BDI not passing traffic to directly connected interfaces - Page 2

davejumby · ‎11-01-2018

Hi here is a post of my configurations however I'm not able to pass traffic from the router to any device directly connected to the interfaces.

interface GigabitEthernet0/0/0 
no ip address
no shutdown
negotiation auto
no mop enabled
no mop sysid
no ip redirects
no ip unreachables
no ip proxy-arp
cdp enable
service instance 11 ethernet
encapsulation dot1q 11
rewrite ingress tag pop 1 symmetric
bridge-domain 11
! 
service instance 12 ethernet
encapsulation dot1q 12
rewrite ingress tag pop 1 symmetric
bridge-domain 12
! 
service instance 14 ethernet
encapsulation dot1q 14
rewrite ingress tag pop 1 symmetric
bridge-domain 14
! 
service instance 17 ethernet
encapsulation dot1q 17
rewrite ingress tag pop 1 symmetric
bridge-domain 17
!

interface BDI12
description "MTN INTERNET CONNECTION To DC SWITCH"
encapsulation dot1Q 12
vrf forwarding NSSF-HQSC-MTNEDGE-VRF
ip address 10.20.0.1 255.255.255.248
ip nbar protocol-discovery
no shutdown
no mop enabled
no mop sysid
no ip redirects
no ip unreachables
no ip proxy-arp
!


interface GigabitEthernet0/0/3
description "OUTSIDE LINK TO DC SWITCH 2"
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
negotiation auto
cdp enable

!
service instance 111 ethernet
encapsulation dot1q 11
rewrite ingress tag pop 1 symmetric
bridge-domain 111
!
service instance 112 ethernet
encapsulation dot1q 12
rewrite ingress tag pop 1 symmetric
bridge-domain 112
!
service instance 114 ethernet
encapsulation dot1q 14
rewrite ingress tag pop 1 symmetric
bridge-domain 114
!
service instance 321 ethernet
encapsulation dot1q 321
rewrite ingress tag pop 1 symmetric
bridge-domain 321




interface BDI112
description INTERNET LINK TO MTN
vrf forwarding NSSF-HQSC-MTNEDGE-VRF
ip address 10.0.0.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
encapsulation dot1Q 12
!

I need help here guys the next hops respectively are 10.0.0.2 and 10.20.0.2

Georg Pauwen · ‎11-02-2018

Hello,

odd indeed. Firewalls often don't allow ICMP. But you say you cannot even ping both ways when you connect a PC to

GigabitEthernet0/0/0 ?

Post the output of

debug ip icmp

when you ping from the router...

davejumby · ‎11-02-2018

this is the only output I'm getting after I turn on debugging and I ping

*Nov  2 06:20:43.154: %IOSXE_INFRA-3-PUNT_SVC_TYPE_UNKNOWN:

Punted packet with unknown service type 73

Georg Pauwen · ‎11-02-2018

Hello,

post the output of:

debug platform condition ipv4 10.0.20.1/32 both

debug platform condition ipv4 10.0.20.2/32 both

davejumby · ‎11-02-2018

This is the output when I ping 10.20.0.1, there's no output when I ping 10.20.0.2

*Nov 2 06:47:01.787: ICMP: echo reply sent, src 10.20.0.1, dst 10.20.0.1, topology BASE, dscp 0 topoid 5
*Nov 2 06:47:01.787: ICMP: echo reply rcvd, src 10.20.0.1, dst 10.20.0.1, topology BASE, dscp 0 topoid 5
*Nov 2 06:47:01.787: ICMP: echo reply sent, src 10.20.0.1, dst 10.20.0.1, topology BASE, dscp 0 topoid 5
*Nov 2 06:47:01.787: ICMP: echo reply rcvd, src 10.20.0.1, dst 10.20.0.1, topology BASE, dscp 0 topoid 5

davejumby · ‎11-02-2018

Hi Georg

I found out what the problem was , the PCs firewall was blocking the pings , I'm now ok

Georg Pauwen · ‎11-02-2018

Good stuff, glad it is working now !