03-04-2021 02:46 PM
Hello!
I have DNAC version 2.1.2.5 and SD access fabric based on two C9300-48U switches: one border&control plane node, another - edge node.
I create one VN network USERS with one IP network and try to configure routing with server out of fabric but have an issue. The border node receives routes via BGP in vrf:USERS (I can ping this server from border node through vrf USERS) but PC connected to Edge could not ping this server (PC can only ping default gateway and ahother PC in this subnet). I also can't reach server from Edge switch through VRF:USERS.
Fusion router receives route to network USERS in fabric via BGP normally.
My fabric was created with LAN automation, so I do not configure edge device myself, all config has pushed to Edge node by DNAC.
Some output from Edge device:
Switch-10-10-40-132#show ip route vrf USERS
-----//---------------------
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.52.0/23 is directly connected, Vlan1022
L 10.10.52.1/32 is directly connected, Vlan1022
Switch-10-10-40-132#show lisp locator-table vrf USERS
% Could not find matching router lisp in configuration.
Switch-10-10-40-132#
All devices is managed, in compliance.
Configuration screenshots of my DNAC in attached picture.
Maybe someone have idea what's wrong? I'm not sure but if configuration is wrong what the way to correct it? Is it normal for DNAC to manually reconfig fabric devices?
Thank you!
Solved! Go to Solution.
03-05-2021 02:09 AM
I'm assuming this SVI is a SVI in that particular VRF? This is not expected to work since these are also created on borders as loopbacks (read - https://www.theasciiconstruct.com/post/cisco-sda-part-ix-need-for-duplicate-ips-on-fabric-borders) and the border will consume it.
03-05-2021 02:37 AM
So, all issues resolves when I upgrade software on border and Edge nodes and reload it. Problem with DHCP was in DHCP server side so now endpoint receives address information successfully.
I still cannot find a way to check connectivity from edge node to shared services outside fabrci, I think more research in LISP operation will help me
Thank you so much!
03-04-2021 10:55 PM
Try from the Control plane :
#sho lisp site ( can you able to see the host IP)?
#show ip route vrf USERS
Note - do you have a policy in place (are you using ISE)?
03-05-2021 12:10 AM
Hello! Thank you for ryour reply.
There is no ISE in my lab yet. I don't have policies ("no authentication" template) and only try to configure basic connectivity.
Show lisp site from CP node: the host IP is in the table, in column EID preffix. Server's subnet also in the table.
CP&Border_node#show ip route vrf USERS
Routing Table: USERS
---//---
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 10 subnets, 5 masks
B 10.10.40.0/22 [20/0] via 10.10.59.18, 17:36:30
B 10.10.52.0/23 [200/0], 00:05:10, Null0
C 10.10.52.1/32 is directly connected, Loopback1022
l 10.10.52.6/32 [250/1], 00:05:10, Null0 <-------- Endhost IP
---//---
B 172.25.50.0 [20/0] via 10.10.59.18, 17:36:30
B 172.25.110.0 [20/0] via 10.10.59.18, 17:36:30 <-------- Server's subnet
03-05-2021 01:55 AM
Thank you for your assistance!
I update software on my switches to latest reccomended version and reload it. Now I can ping my server 172.25.110.2 from Endpoint attached to edge node (I manually configure IP and gateway on endpoint).
But I still cannot ping this server from EDGE. This server is DHCP and as edge node has DHCP-relay funcition my endpoint couldn't receive address.
Edge_node#ping vrf USERS 172.25.110.2 source vlan 1022
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.25.110.2, timeout is 2 seconds:
Packet sent with a source address of 10.10.52.1
...
Configuration of edge and border in attach
Thank you.
03-05-2021 02:09 AM
I'm assuming this SVI is a SVI in that particular VRF? This is not expected to work since these are also created on borders as loopbacks (read - https://www.theasciiconstruct.com/post/cisco-sda-part-ix-need-for-duplicate-ips-on-fabric-borders) and the border will consume it.
03-05-2021 02:37 AM
So, all issues resolves when I upgrade software on border and Edge nodes and reload it. Problem with DHCP was in DHCP server side so now endpoint receives address information successfully.
I still cannot find a way to check connectivity from edge node to shared services outside fabrci, I think more research in LISP operation will help me
Thank you so much!
04-19-2021 10:50 AM
Hello, I have the same issue. From PC can ping DHCP server, but for Edge - can`t. Do you figure out this issue?
02-09-2024 08:42 PM
Hi,
were you able to fix the issue of not being able to reach end host from another edge device? I am running into the same problem. I will appreciate a response. I have routes on the BN and I can get to hosts in different VNs from BN, but Edge node doesn’t have any route, so thats why it is not working.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide