11-03-2017 12:42 PM - edited 03-21-2019 11:17 AM
Dear Cisco,
I'm encountering an issue with a SG500X-24poe switch on a specific vlan.
Firmware 1.4.8.6
Boot 1.4.0.02
I'm logged with ssh directly into my switch and got a device(ip camera) configured in 172.20.230.101 connected onto a access port (vlan 2253)
My switch has an IP in that VLAN and can ping itself
When I try to ping the camera, it fails.
But the ARP shows the correct ip, port and vlan...
When I switch to another VLAN, the device is pinging normally.
Moreover I have a mirror setup with sames switch (same config) and device thats working fine.
I got no specific rules like ACL or else.
See the console output below
let me know if you require any other information
Any clue to help me solve this mystery ?
a92-sw-stk-s12-poe#clear arp-cache a92-sw-stk-s12-poe#show arp Total number of entries: 1 VLAN Interface IP address HW address status --------------------- --------------- ------------------- --------------- vlan 2251 te1/1/1 172.20.0.3 e0:d1:73:fb:e3:74 dynamic a92-sw-stk-s12-poe#ping 172.20.230.101 Pinging 172.20.230.101 with 18 bytes of data: PING: no reply from 172.20.230.101 PING: timeout PING: no reply from 172.20.230.101 PING: timeout PING: no reply from 172.20.230.101 PING: timeout PING: no reply from 172.20.230.101 PING: timeout ----172.20.230.101 PING Statistics---- 4 packets transmitted, 0 packets received, 100% packet loss a92-sw-stk-s12-poe#show arp Total number of entries: 2 VLAN Interface IP address HW address status --------------------- --------------- ------------------- --------------- vlan 2251 te1/1/1 172.20.0.3 e0:d1:73:fb:e3:74 dynamic vlan 2253 gi1/1/19 172.20.230.101 00:1b:a2:00:a2:b5 dynamic
11-13-2017 02:04 PM
Hi again.
Sorry my last message contained a small mistake the switch is a SG500X-24Poe not an SG200.
Any case, the ACL system and more generally the CLI in that switch is very different from what you propose.
So far I configured some ACE this way.
ip access-list extended 110 permit ip 172.20.230.199 0.0.0.0 172.20.230.101 0.0.0.0 log-input permit ip 172.20.230.101 0.0.0.0 172.20.230.199 0.0.0.0 log-input permit ip 172.20.0.101 0.0.0.0 172.20.230.101 0.0.0.0 log-input permit ip 172.20.230.101 0.0.0.0 172.20.0.101 0.0.0.0 log-input interface ge1/1/19 service-acl input 110
You can see that I enabled logging but after several ping I cannot see anything popping into the log (I activated debug level in the log)
is there some equivalent for this switch to "debug ip packet 110 detail" ?
for now, after several pings "show access-list 110"commands only outputs :
a92-sw-stk-s12-poe#show access-lists 110 Extended IP access list 110 permit ip host 172.20.230.199 host 172.20.230.101 ace-priority 20 log-input permit ip host 172.20.230.101 host 172.20.230.199 ace-priority 40 log-input permit ip host 172.20.0.101 host 172.20.230.101 ace-priority 60 log-input permit ip host 172.20.230.101 host 172.20.0.101 ace-priority 80 log-input
I must be doing wrong....
11-13-2017 02:48 PM
The debug needs to be typed in priveleged mode ( #) not config mode.
Type these in and let me know what you get
a92-sw-stk-s12-poe#debug ip packet ?
a92-sw-stk-s12-poe#debug ip ?
11-13-2017 03:04 PM - edited 11-13-2017 03:20 PM
Also, do this in config mode and then try pinging again
ip routing
Ip route 0.0.0.0 0.0.0.0 172.20.0.3
no ip default-gateway 172.20.0.3
11-14-2017 06:01 AM
11-14-2017 01:48 AM
none of this command gives autocomplete
debug ?
gives the command
debug-mode
when I enter debug mode and type
menu
I get some commands options
debug exit help lcli logout mcli
then
>debug ip Enter DEBUG Password:
I'm stuck here. Some posts explains that this mode is intended for Cisco engineers only...
11-14-2017 02:47 PM - edited 11-14-2017 02:48 PM
Find or get another host on that switch and ensure they're on 2253.find out it's ip address and ping it from the switch. We want to see if you can ping other hosts on 2253. Would be good if you had a pc so you can snap verify it's IP and gateway
11-15-2017 07:56 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide