Re: C9500 and IP routing issue

MohamedFetouh3525 · ‎09-11-2022

This is a real case for temporary solution required by customer :

-The all 3 SWs were able to ping each other through MGMT VLAN 100 SVI

-" IP default-gateway 192.168.100.1 " was configured on SW1 & SW2 but it is useless because " IP routing " is configured

- The issue is that the server was unable to Ping its GW on the 3rd SW until we performed " no IP routing " on SW1 and SW3 ".

Q : How is that possible although it is the the same VLAN and same broadcast domain ?

Q : Is that mean precedence is given to the layer 3 forwarding decision over the layer 2 process in C9500 or it has something with new IOS-XE updates or it is a Bug ? (All 3 switches have IOS-XE 17.3.4 )

I already discussed that with my colleagues and they confirmed the same behavior with C9500 and we finally agreed that :

1.If your are not going to use the SW as L3(no SVIs except MGMT ) so you have to disable " IP routing "

2.If you are going to use it as layer 3 so you have to configure a default route to the Core switch (SW3 in these case) through any SVI according to your network

I search for any source to confirm that but no result. I hope you can help me

MHM Cisco World · ‎09-11-2022

it can work with ip routing enable the issue is in
L3SW-2
why ?
the trunk is allow VLAN but are VLAN is UP/UP or not ?
the VLAN must allow trunk and also must be UP/UP

MohamedFetouh3525 · ‎09-11-2022

The trunk allow all vlans it just native vlan as per customer request and both Vlans are UP/UP and the Server vlan is configured through the whole path to the GW

MHM Cisco World · ‎09-11-2022

Are you config vtp ?

Are you config vtp purning ?

MohamedFetouh3525 · ‎09-11-2022

vtp --> it is transparent

vtp prunning -- > it is already enabled by default

MHM Cisco World · ‎09-11-2022

Server-jumbo-L3SW1-1500-L3SW2-L3SW3
if the Server send L2 the frame is drop at L3SW2 because the packet is more than accept L3SW2
but with ip routing
the jumbo is fragment and pass without drop.
can check this point.

MohamedFetouh3525 · ‎09-12-2022

I do not think it is related to jumpo frames, it is just ping packets also it is working without "ip routing" not with it.

if we think about it according to logic:

1- The server will do ANDing process to know if the dst is in local network or remote network (dst is GW so it is in local network)

2-The server will perform ARP request to get the MAC address of the GW (broadcast in same vlan = same broadcast domain)

3-The VLAN 10 SVI will send an ARP response with it MAC address to the server

4-The server will be able to build the frame and will be able to ping its GW

All previous step related to logic as the SW1 will receive the frame from the server on a L2 port(switchport) and so on for SW2 and SW3

Also my team leader expecting that it will be a Bug in the IOS as it has no thing to do with logic and what we learned

Georg Pauwen · ‎09-12-2022

Hello,

can you post the full running configs of all three switches ? Also, you count from left to right (left being what you call SW1, and right being what you call SW3) ?

MohamedFetouh3525 · ‎09-12-2022

All the configuration is already on the image any thing else is the default of the switch. As well as VTP mode is transparent and "ip routing" is enabled by default on C9500-48Y4C

For the count, yes from left to right --> Server -> SW1 -> SW2 -> SW3

Also, I had experience with that behavior 4 times before (two times solved with "no ip routing" and the other two times solved with default route to the core switch )

You can say it will ping in this case with "ip routing" enabled if I configured a default route to SW3 through VLAN 10 SVI

"ip route 0.0.0.0 0.0.0.0 192.168.100.1 "

MHM Cisco World · ‎09-12-2022

OK,
let do this step by step,
I ask you for VLAN in trunk and you mention is allow and VLAN is UP/UP (even if the VLAN dont have IP it must be UP/UP)
when you ping (with ip routing)
do show mac-address
do you see the Server MAC is learn in L3SW1 from access port with VLAN 10
do you see the Server MAC is learn in L3SW2 from trunk port with VLAN 10

MohamedFetouh3525 · ‎09-13-2022

Yes ,Server MAC is in L3SW1 MAC table

No ,Server MAC is not in L3SW2 MAC table

MHM Cisco World · ‎09-13-2022

show platform hardware fed active fwd-asic drops exceptions

can share the output of L3SW2

MohamedFetouh3525 · ‎09-14-2022

I can not right now I will check that on the next visit to the site

paul driver · ‎09-12-2022

Hello
You have trunks in-between all switches and the L3 for vlan 10 is on SW3 so disable ip routing on the sw1-2, it isnt required, the ip default gateway on SW1-2 will be for mgt reachability only

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MohamedFetouh3525 · ‎09-12-2022

yes that is right and it is logic as it all occur in the same broadcast domain BUT it did not work until I disabled " ip routing" on SW1 &SW2

I posted that to find someone had experience with that behavior before and can clarify it to me if it is Bug or any thing else related to cisco IOS update or a feature of C9500 as I already searched a lot and I could not find any thing