ip routing command doesn't work on cisco 9000v - Page 3

nsom · ‎05-28-2023

Hi I am trying to enable routing on cisco 9000v for intervlan routing betwen two vlans.
I am trying to enable routing as explained in different articles using ip routing command however this command doesn't work as there are other options that need to be executed post this command and I ma not sure what to use. Please suggest
```

switch(config)# ip routing

event-history internal multicast

switch(config)# ip routing

^

% Incomplete command at '^' marker.

```

MHM Cisco World · ‎05-28-2023

show ip arp <<- this I need to see output
I need to double check 00:02:00:0f:00 mac address for which VLAN or Hosts

nsom · ‎05-28-2023

show ip arp

Flags: * - Adjacencies learnt on non-active FHRP router

+ - Adjacencies synced via CFSoE

# - Adjacencies Throttled for Glean

CP - Added via L2RIB, Control plane Adjacencies

PS - Added via L2RIB, Peer Sync

RO - Re-Originated Peer Sync Entry

D - Static Adjacencies attached to down interface

IP ARP Table for context default

Total number of entries: 2

Address Age MAC Address Interface Flags

192.168.15.2 00:01:37 0050.5663.7660 Vlan2003

192.168.15.3 00:01:37 0050.5662.7993 Vlan2003

ethanalyzer local interface inband

Capturing on inband

2023-05-28 14:57:16.761676 00:00:00:00:00:00 -> 14:00:02:00:0f:00 MDS Header [Malformed Packet]

2023-05-28 14:57:16.761713 00:00:00:00:00:00 -> 14:00:02:00:0f:00 MDS Header [Malformed Packet]

2023-05-28 14:57:16.761724 00:00:00:00:00:00 -> 14:00:02:00:0f:00 MDS Header [Malformed Packet]

2023-05-28 14:57:17.511501 00:00:00:00:00:00 -> 14:00:02:00:0f:00 MDS Header [Malformed Packet]

2023-05-28 14:57:17.511540 00:00:00:00:00:00 -> 14:00:02:00:0f:00 MDS Header [Malformed Packet]

2023-05-28 14:57:18.762031 00:00:00:00:00:00 -> 14:00:02:00:0f:00 MDS Header [Malformed Packet]

2023-05-28 14:57:18.762079 00:00:00:00:00:00 -> 14:00:02:00:0f:00 MDS Header [Malformed Packet]

2023-05-28 14:57:18.762090 00:00:00:00:00:00 -> 14:00:02:00:0f:00 MDS Header [Malformed Packet]

2023-05-28 14:57:19.512170 00:00:00:00:00:00 -> 14:00:02:00:0f:00 MDS Header [Malformed Packet]

2023-05-28 14:57:19.512213 00:00:00:00:00:00 -> 14:00:02:00:0f:00 MDS Header [Malformed Packet]

10 packets captured

Ping is running from the host in the back end

MHM Cisco World · ‎05-28-2023

please ping from host in VLAN2004 and show ip arp, are the NSK add MAC of host to arp table ?

nsom · ‎05-28-2023

sh ip arp

Flags: * - Adjacencies learnt on non-active FHRP router

+ - Adjacencies synced via CFSoE

# - Adjacencies Throttled for Glean

CP - Added via L2RIB, Control plane Adjacencies

PS - Added via L2RIB, Peer Sync

RO - Re-Originated Peer Sync Entry

D - Static Adjacencies attached to down interface

IP ARP Table for context default

Total number of entries: 3

Address Age MAC Address Interface Flags

192.168.15.2 00:17:12 0050.5663.7660 Vlan2003

192.168.15.3 00:17:12 0050.5662.7993 Vlan2003

192.168.20.2 00:00:13 0050.566f.74ee Vlan2004

MHM Cisco World · ‎05-28-2023

no service-policy input copp-system-policy <<- try this and ping again, I think the CoPP drop the ping

NOTE:- for security of NSK you need to enable CoPP, we do this only for test, if the CoPP drop ping then you need to increase the rate

nsom · ‎05-28-2023

switch(config)# no service-policy input copp-system-policy

^

% Invalid command at '^' marker.

switch(config)# no service

exclude-bootconfig password-recovery unsupported-transceiver

switch(config)# no service

exclude-bootconfig password-recovery unsupported-transceiver

switch(config)# no service

switch(config)# no service-policy input copp-system-policy

^

% Invalid command at '^' marker.

switch(config)# no service

exclude-bootconfig password-recovery unsupported-transceiver

switch(config)# no service

exclude-bootconfig password-recovery unsupported-transceiver

MHM Cisco World · ‎05-28-2023

Switch(config)#control-plane
Switch(config-cp)#no service-policy in systemcpp-policy <<- only for test enable it again (want to notice you again)

nsom · ‎05-28-2023

switch(config-cp)# no service-policy input systemcpp-policy

^

% Invalid command at '^' marker.

nsom · ‎05-28-2023

% Invalid command at '^' marker.

switch(config-cp)# no service-policy input ?

...nil...(no value yet) Name of the policy (There is another command that will instantiate values for this command, run that command first)

nsom · ‎05-28-2023

show running-config copp

!Command: show running-config copp

!Running configuration last done at: Sun May 28 16:39:46 2023

!Time: Sun May 28 16:44:42 2023

version 9.3(7a) Bios:version

copp profile strict

Looks like service disablement is not an option here

nsom · ‎05-28-2023

ping 192.168.20.1

PING 192.168.20.1 (192.168.20.1): 56 data bytes

--- 192.168.20.1 ping statistics ---

3 packets transmitted, 0 packets received, 100% packet loss

Harold Ritter · ‎05-28-2023

Hi @nsom ,

- What platform (OS) are you pinging from?

- Does it have a host based FW enabled?

- If so, could you try disabling the host based FW and do the ping again?

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

nsom · ‎05-28-2023

I am trying to ping from esxi host1 (vlan2003) to vlan(2004) on switch,
Did disable the fw on the esxi host from which I am pinging, ping doesn't work still post that.
```

[root@esxi-nested-04:~] esxcli network firewall get

Default Action: DROP

Enabled: false

Loaded: true

[root@esxi-nested-04:~] ping 192.168.20.1

PING 192.168.20.1 (192.168.20.1): 56 data bytes

çççç

--- 192.168.20.1 ping statistics ---

3 packets transmitted, 0 packets received, 100% packet loss

```

MHM Cisco World · ‎05-29-2023

I checking how we change CoPP, I run lab today, I will update soon
thanks for waiting
MHM

MHM Cisco World · ‎05-29-2023

show policy-map interface control-plane

strict is default for NSK9000, but I think the rate is issue
can you share the above <<- do it twice before ping and after ping