cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1220
Views
10
Helpful
22
Replies

Can only ping 1/2 the hosts on a subnet.

dshowell
Level 1
Level 1

I have a Catalyst 9606 with several SVIs in the same vrf (interface vlan 5 and 10). I have a Catalyst 9300 connected to that 9606. There is a layer 2 LACP trunk between the 2, allowing VLAN 5 (VLAN 10 goes to a different switch). The 9300 has 20 or so users/servers on it. They are all in the same VLAN (5). If I source a ping from interface vlan 5 on the 9606, I can ping all of the hosts. If I source a ping from vlan 10 on the 9600 (same vrf as vlan 5), only about half of them respond. It is hit and miss as to what responds and what doesn't. For example .160-174 and .190-205 do not respond. However, .176-185 do respond. It is a x.x.x.128/25 network. I am thinking it is a default gateway or subnet mask misconfiguration on the servers. But am trying to rule anything else out.

Oddly enough, this same 9300 switch was recently migrated off an ASR. When it was connected to that router everything was pingable within the vrf. The L3 part on the ASR was port-channel1.5, with encapsulation dot1q 5. I am not sure if the ASR has some default configuration running in the background that would still allow connectivity, that the 9606 does not have.

 

22 Replies 22

The mac address table for vlan 5 on the 9600 has all of the MACs in the mac address table for vlan 5 on the 9300.

The 9606 has 4 9300s connected to it. VLAN 5 is trunked to each of those switches. All of the VLAN 5 MAC addresses on the 9300s show up in the vlan 5 mac address table on the 9606.

I don't think this is a L2 issue, or an ARP issue. I think it is a L3 issue.

show platform hardware fed [switch] active qos queue stats internal cpu policer <<-

show platform hardware fed [switch] active qos queue stats internal cpu policer <<- 

can you share both of 9600 ??

I can't paste the output here, since the switch is on a segregated network. What are you looking for?

One thing to note is that there are no Policer Dropped Bytes or Frames. There are also no Queue Drop Bytes or Frames. So qos is not blocking/dropping anything. There is not much on this 9606.

there is no Queue drop at all in any Queue ?

dshowell
Level 1
Level 1

Correct. It only has a 2% CPU utilization rate for the last 5 minutes. Like I said, there is not much going to or through the 9600, yet.

Screenshot (347).png
I run small lab, 
the this that make me think why half ?
the R1 and R2 config with different subnet mask but with same default GW, 
the GW IP is within the range subnet of R1 
the GW IP is not within the range subnet of R2

the R1 can ping Lo in R3 
R2 can not ping Lo in R3 

so wait you reply about checking the subnet mask 

I am waiting to hear back from the sys admins. They have to travel to get to the site with the servers. So, it might be a while before I hear back. I'll let you know what they find.

thanks a lot 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco