09-11-2022 11:22 AM
This is a real case for temporary solution required by customer :
-The all 3 SWs were able to ping each other through MGMT VLAN 100 SVI
-" IP default-gateway 192.168.100.1 " was configured on SW1 & SW2 but it is useless because " IP routing " is configured
- The issue is that the server was unable to Ping its GW on the 3rd SW until we performed " no IP routing " on SW1 and SW3 ".
Q : How is that possible although it is the the same VLAN and same broadcast domain ?
Q : Is that mean precedence is given to the layer 3 forwarding decision over the layer 2 process in C9500 or it has something with new IOS-XE updates or it is a Bug ? (All 3 switches have IOS-XE 17.3.4 )
I already discussed that with my colleagues and they confirmed the same behavior with C9500 and we finally agreed that :
1.If your are not going to use the SW as L3(no SVIs except MGMT ) so you have to disable " IP routing "
2.If you are going to use it as layer 3 so you have to configure a default route to the Core switch (SW3 in these case) through any SVI according to your network
I search for any source to confirm that but no result. I hope you can help me
09-11-2022 11:35 AM
it can work with ip routing enable the issue is in
L3SW-2
why ?
the trunk is allow VLAN but are VLAN is UP/UP or not ?
the VLAN must allow trunk and also must be UP/UP
09-11-2022 11:49 AM
The trunk allow all vlans it just native vlan as per customer request and both Vlans are UP/UP and the Server vlan is configured through the whole path to the GW
09-11-2022 12:22 PM
Are you config vtp ?
Are you config vtp purning ?
09-11-2022 12:34 PM
vtp --> it is transparent
vtp prunning -- > it is already enabled by default
09-11-2022 03:02 PM
Server-jumbo-L3SW1-1500-L3SW2-L3SW3
if the Server send L2 the frame is drop at L3SW2 because the packet is more than accept L3SW2
but with ip routing
the jumbo is fragment and pass without drop.
can check this point.
09-12-2022 03:12 AM
I do not think it is related to jumpo frames, it is just ping packets also it is working without "ip routing" not with it.
if we think about it according to logic:
1- The server will do ANDing process to know if the dst is in local network or remote network (dst is GW so it is in local network)
2-The server will perform ARP request to get the MAC address of the GW (broadcast in same vlan = same broadcast domain)
3-The VLAN 10 SVI will send an ARP response with it MAC address to the server
4-The server will be able to build the frame and will be able to ping its GW
All previous step related to logic as the SW1 will receive the frame from the server on a L2 port(switchport) and so on for SW2 and SW3
Also my team leader expecting that it will be a Bug in the IOS as it has no thing to do with logic and what we learned
09-12-2022 12:44 AM
Hello,
can you post the full running configs of all three switches ? Also, you count from left to right (left being what you call SW1, and right being what you call SW3) ?
09-12-2022 03:25 AM
All the configuration is already on the image any thing else is the default of the switch. As well as VTP mode is transparent and "ip routing" is enabled by default on C9500-48Y4C
For the count, yes from left to right --> Server -> SW1 -> SW2 -> SW3
Also, I had experience with that behavior 4 times before (two times solved with "no ip routing" and the other two times solved with default route to the core switch )
You can say it will ping in this case with "ip routing" enabled if I configured a default route to SW3 through VLAN 10 SVI
"ip route 0.0.0.0 0.0.0.0 192.168.100.1 "
09-12-2022 07:54 AM
OK,
let do this step by step,
I ask you for VLAN in trunk and you mention is allow and VLAN is UP/UP (even if the VLAN dont have IP it must be UP/UP)
when you ping (with ip routing)
do show mac-address
do you see the Server MAC is learn in L3SW1 from access port with VLAN 10
do you see the Server MAC is learn in L3SW2 from trunk port with VLAN 10
09-13-2022 03:08 PM
Yes ,Server MAC is in L3SW1 MAC table
No ,Server MAC is not in L3SW2 MAC table
09-13-2022 03:36 PM
show platform hardware fed active fwd-asic drops exceptions
can share the output of L3SW2
09-14-2022 06:17 AM
I can not right now I will check that on the next visit to the site
09-12-2022 06:37 AM - edited 09-12-2022 06:38 AM
Hello
You have trunks in-between all switches and the L3 for vlan 10 is on SW3 so disable ip routing on the sw1-2, it isnt required, the ip default gateway on SW1-2 will be for mgt reachability only
09-12-2022 07:39 AM
yes that is right and it is logic as it all occur in the same broadcast domain BUT it did not work until I disabled " ip routing" on SW1 &SW2
I posted that to find someone had experience with that behavior before and can clarify it to me if it is Bug or any thing else related to cisco IOS update or a feature of C9500 as I already searched a lot and I could not find any thing
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide