cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

9200 unable so Smart License due IPv6 name resolution??

soportefibratel
Beginner
Beginner

Hello everyone,

 

I'm having an issue with the Smart License registration on a 9200 Stack running Version 16.09.04. Altough in both the Core Switch (an old 4500) and the access switch I'm trying to register (9200) I have configured the same name servers, on the 9200 it's resolving the IPv6 address for Cisco, and thus, is unable to ping to it.

 

Below you can see how the core switch (rigth side) resolves IPv4 addresses, but the 9200 is resolving Cisco or Facebook with IPv6. I can ping all the IPv4 addresses from the 9200, but I'm unable to ping to the names if they are resolved with IPv6

Cisco Forum.png

 

I've disabled "ipv6 unicast-routing" and also entered "ip host cisco.com 72.163.4.185" on the 9200 but still no luck.

 

Any ideas would be welcomed

 

Thanks in advance

 

 

29 REPLIES 29

Hi  soportefibratel,

 

Did you manage to find a solution for this or did TAC answered you?

 

It seems that I have the same issue with more Catalyst 9200 switches that have smart license, they are not communicating with tools.cisco.com. 

 

When I ping the hostname it resolves it to IPv4 address, but when I telnet it on 443 it resolves it with IPv6 and then get an error.

 

SW#ping tools.cisco.com
...
Sending 5, 100-byte ICMP Echos to 173.37.145.8, timeout is 2 seconds:
!!!!!

SW#telnet tools.cisco.com 443
Trying 2001:420:1201:5::A, 443 ...
% Destination unreachable; gateway or host down

 

I tried to ping from the switch other hosts/domains (microsoft.com, fortigate.com) and they are all resolved with IPv4 address, but when I telnet them on let's say 443 some of them are resolved with IPv4 and then shows me the port is open, but for others it resolves with IPv6 and I got the same error like above, so I guess it is something related to this IPv6 DNS name resolution.

 

SW#telnet vmware.com 443
Trying 2A02:E980:B5::B7, 443 ...
% Destination unreachable; gateway or host down

 

SW#telnet fortigate.com 443
Trying fortigate.com (96.45.36.230, 443)... Open

Thanks,

 

Hi Alexvil,

 

So it seems you have the exact same problem. I opened a case, and couldn't find the issue. The customer's Firewall is managed by another company and we were thinking the problem is there, but now that I see that someone else has the same issue I doubt if there is something else.

 

Anyway, I'm having trouble to have an answer from the customer and their partner for the firewall so I'm stuck with no solution so far.

 

Regards

Hi  soportefibratel,

 

For what is worth, in our case the smart license communication was blocked by our Fortigate firewalls.

 

After our colleagues from Security made the change on firewall, the 9200 Catalyst switches reestablished communication with tools.cisco.com.

 

Thx,

Alex

So, I'm not sure what you've done or not (it's a long thread), I just figured I'd post this while you wait for your ticket and see if it helps.

 

I run a highly secured infrastructure (we're actually moving to full air gap which is another issue with reservations and blah, blah, blah), and I found that nothing works with Smart unless the following configuration exists:

 

ip host tools.cisco.com 72.163.4.38
ip http client source-interface {INTERFACE - VLAN1 if you desire}
license smart transport callhome
ip domain lookup source-interface {INTERFACE - VLAN1 if you desire}
 
I know you've tried a few things, this could be one of them, but figured it was worth a gander while you wait for support.