L3 interface disrupted upgrading to 2.5.9.13

LorisAlbanese · ‎07-12-2022

Hi everyone,
recently upgraded my SG350 to 2.5.9.13 firmware, and have a L3 interface functionality disrupted.

previous config was (simple L3 interface):

interface GigabitEthernet27
description "MidRange-IP-L3 "
ip address 10.1.2.3 255.255.255.248
no switchport
!

and ip was available from any other vlan on network. (running with every firmware up to 2.5.8.15).

Upgrading to latest firmware I had to change the configuration to

interface GigabitEthernet27
description "MidRange-IP-L3 - breaked"
switchport mode trunk
switchport trunk native vlan 202
switchport trunk allowed vlan 202

interface vlan 202
name MidRange
ip address 10.1.2.3 255.255.255.248
!

...

Has this happened to anyone else? does anyone have any information about it?
how can i report the problem if it is not possible to open tac?
thank you in advance.

Loris

Jitendra Kumar · ‎07-13-2022

CSCva97603

Symptom
: If the last physical interface in a VLAN is set to L3 mode and then back
to L2 mode, the VLAN status stays down.
Workaround
Perform a shutdown/no shutdown on the physical interface.
Note This bug is resolved in software version 2.4.0.91.

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350xseries/2_5_9/Release-note/b_tesla-release-2_5_9_13.pdf

Thanks,
Jitendra

LorisAlbanese · ‎07-13-2022

hi, this workaround does not work on 2.5.9.13.
now, i downgraded and running on 2.5.8.15.

(i tried on first step to shut/no shut interface)

When switch boot with 2.5.9.13, ther's no way to turn on L3 interface.

shut/noshut does not work.

Cleaning up interface (delete from gui also) and reconfigured-it simply as:

interface GigabitEthernet27
description "MidRange-IP-L3 PfSense igb3 LAN"
ip address 192.168.2.3 255.255.255.248
no switchport

does not work as well, even using shut/no shut task, with some second of delay.

Everything i do , with "no switchport" option enabled, interface L£ does not change from status
UP/Down to UP/UP , as showed running
" sh ip int " command.

while, running on previous version, "sh ip int " show, correctly, L3 interface as UP/UP
(I/F Status admin/oper column)

(image attached)

thank you for your suggestion ... but cannot work as expected.

Loris

Jitendra Kumar · ‎07-13-2022

Can you please check with the below command to change the switch to router mode?

set system mode router

Thanks,
Jitendra

LorisAlbanese · ‎07-13-2022

thank you for suggestion.
sure, i will try between today and tomorrow and give you feedback, but since switch was born router mode was always activated.
L3 neighbor is a firewall (asa 5505 until eol ) since network is born.

LorisAlbanese · ‎07-14-2022

i'm sorry but your command did not work on SG350.

issue follow interface.

configure another port (supposing issue is caused by SFP port ). it was the same:

network is unreacheable using "no switchport" feature. put in shut/no shut interface did not solve problem.

running release 2.5.9.13 is not possible with L3 interface active.

Jitendra Kumar · ‎07-14-2022

You should have to add this interface to the VLANs. Add and check

Thanks,
Jitendra

LorisAlbanese · ‎07-14-2022

that is the workaround found to have a L3 interface work ... but is not a L3 interface.

putting no switchport into a new vlan and assigning ip address, used as default gateway work like a charm.

but ...why? what's happened in 2.5.9.13 that this simple config does not work anymore:

interface GigabitEthernet27
description "MidRange-IP-L3 "
ip address 10.1.2.3 255.255.255.248
no switchport

no mention in release note, nope in documentation ... that's absolutely a strange thing and a side effect very very bad.

Btw i can confirm that this solution works (the first post say that already :'( ), but, for me ... is not a solution, not a workaround ... it's a porkaround :

interface GigabitEthernet27
description "MidRange-IP-L3 - breaked"
switchport mode trunk
switchport trunk native vlan 202
switchport trunk allowed vlan 202

interface vlan 202
name MidRange
ip address 10.1.2.3 255.255.255.248
!

i wish Cisco write few note on this behavior on a release note, if it is not a bug. thank you.

PS:
"no switchport" does not apply (and cannot be used) when is in use a "switch porte mode" .(to work with a vlan , L2)
so add a vlan cannot be the solution. Las L3 feature disrupted?

cyberconsultants · ‎08-02-2022

i've also encountered this issue on an SG350X attempting an upgrade to 2.5.9.13. the L3 interface never comes up following reload.

core#sh running-config interface TenGigabitEthernet1/0/1
interface TenGigabitEthernet1/0/1
 description edge.transit
 ip address 192.168.255.253 255.255.255.252
 ipv6 address fc00::2/126
 no switchport
!

as expected, no L2 parameters are configurable from the GUI when an interface is set to L3 'Switchport Mode':

rolling back to 2.5.8.15 without any configuration change restores expected functionality.

Loris Albanese · ‎08-02-2022

Hi, currently ther's a TAC opened for this issue. in the last update (saturday) i was asked to perform a traffic dump, after reload. I'm waiting for news.I typically get news on the weekend. I hope they can identify the anomaly and fix the behavior in a new release.
Solution, atthe moment, are these two:

- rollback to previous version (as you have already identified)
- migrate L3 interface to a svi in a new vlan (!!)

Loris

Loris Albanese · ‎09-28-2022

Bug was confirmed by eng team in opened TAC: CSCwc68418 SG350/550 - ARP issue in Rapid PVST mode

avoid to install 2.5.9.13 if you are using L3 native feature.

The next release will solve this bug.

Loris Albanese · ‎10-19-2022

issue fixed in new available release downloadable here:

https://software.cisco.com/download/home/286282333/type/282463181/release/2.5.9.15
bug CSCwa68418 solve issue described in this thread.

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350xseries/2_5_9/Release-note/b_tesla-release-2_5_9_15.pdf

thank you Cisco.