Solved: trunk/subinterfaces not working - Page 2

bgoulet00 · ‎10-06-2020

i've configured this easily on a cat9300 connected to an isr1000 but i'm having issues getting it to work between a 2960cx and isr1841. i can ping across the native vlan but not any of the others. i'm not sure if the old 1841 needs some extra stuff setup that we take for granted in the new platforms? the 1841 is running 12.4(17)

SWITCH CONFIG

!
interface GigabitEthernet0/2

switchport trunk native vlan 62
switchport mode trunk
end

Vlan5 10.89.5.130 YES NVRAM up up

Vlan62 10.89.62.244 YES DHCP up up

ROUTER CONFIG

!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.5
encapsulation dot1Q 5
ip address 10.89.5.129 255.255.255.192
!
interface FastEthernet0/0.62
encapsulation dot1Q 62 native
ip address 10.89.62.1 255.255.255.0
ip helper-address 10.224.109.35
ip helper-address 10.224.209.25
!

Richard Burts · ‎10-07-2020

Thanks for the show interface outputs. This is quite puzzling. Am I understanding correctly that if you make vlan 5 the native vlan that it works but vlan 62 stops working. And while vlan 62 is native vlan that vlan 5 does not work?

The posted configs seem appropriate. The output of various show commands indicate that both devices treat the connection as a dot1q trunked interface with 2 vlans. And both devices see the connection as up and active. But only the native vlan works. This suggests that there is some issue about vlan tagging.

I am thinking more and more about the unknown protocol drops

461621 unknown protocol drops

And increasingly I am thinking that these are related to whatever the problem is about tagging the traffic.

At this point I am grasping at straws and have these suggestions:

- is there any possibility of opening a case with Cisco TAC about this? (I suspect that with equipment as old as this the answer is no, but need to ask the question)

- I wonder about the possibility of a bug in the software of one of the devices. Is there any chance of running a different version of code on either (or both) of the devices?

- if you save the configs and reboot both devices does the behavior change?

- if there any possibility of doing a packet capture on this traffic?

HTH

Rick

bgoulet00 · ‎10-09-2020

i'd love nothing more than to upgrade the IOS but the router is so old cisco no longer posts the images for it. also because of the age we have no support for it. i did just upgrade the switch to the current cisco recommended version and it didn't make a difference.

i have rebooted both devices with no change. i don't have any way to packet capture. i did run an ip packet debug and got this:

018404: Oct 9 17:19:03.778: IP: s=10.89.5.130 (local), d=10.89.5.129 (Vlan5), len 100, encapsulation failed

Oct 9 17:37:30.125: IP: s=10.89.5.129 (local), d=10.89.5.130 (FastEthernet0/0.5), len 100, encapsulation failed

when i googled the error i found another post from you saying that the layer2 encapsulation can fail if arp failes, which it is.

Richard Burts · ‎10-10-2020

Glad that you found that post explaining that attempting to send an IP packet when there is no arp entry for the next hop mac address will result in encapsulation failure. So the question becomes why is arp failing?

The show commands from both devices indicate that both devices see it as dot1q encapsulation. But the fact that it seems that no traffic actually goes through the tagged vlan makes me wonder if one of the devices is really having problems with it. I wonder if we might get any insight if you do this on both devices:

- make sure that the logging level is set to debug

- show cdp neighbor detail

- shut the interface

- no shut the interface

- attempt to ping the neighbor address

- post any output

HTH

Rick

bgoulet00 · ‎10-12-2020

hahaha! OMG! i figured it out. the site has an unmanage dumb switch in the path between the ISR and 2960 so dot1q tags no worky. seeing no entry in the switch logs after the shut/noshut on the router side was the give-away. no one on IT staff has ever visited this site and we got no real documentation from the company we acquired it from. thanks for all your help.

Richard Burts · ‎10-12-2020

WOW ! That is a surprise. But it sure does explain the symptoms you were experiencing. A well deserved +5 for good troubleshooting on this.

HTH

Rick

balaji.bandi · ‎10-06-2020

Seen it before - also complain to the community forum - the user is an unrelated topic and no relation to the post reply. - have posted our group.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎10-12-2020

Hi friend,
ISR-SW

in-between there is trunk
so can you clarify what issue which one is not pingable?