Solved: Re: Can't ping IP of new 9200L but can ping same-subnet IP on test dev

athomas1 · ‎06-19-2023

I'm in the process of commissioning some new 9200L switches on our network. I've created a new VLAN/ subnet for them which is working and I have L3 connectivity. However, when connected to the existing site network- currently as a spur but will eventually form a ring connection once all devices installed, I cannot ping the IP allocated to the 9200L from either same subnet or different subnet. The I only get a reply from ping test doing it from the L3 switch or when directly connected to the new 9200L switch from a laptop on LAN.

I know the 9200L is able to respond to ping as per latter point above, but because of this I am unable to test connectivity OR more importantly gain SSH connection from elsewhere on network. I'm out of ideas and could use a fresh perspective- hopefully I'm missing something silly!!

Grateful for any suggesstions.

L3 device is a 9300 with direct connection via fiber to 9200L.

mr.richardb · ‎06-21-2023

Might or might not help but "ip default-gateway IP" and "ip route 0.0.0.0 0.0.0.0 IP" are not the same.
ip default-gateway is used when the switch is L2 only. (ip routing disabled)
ip route 0.0.0.0 ... is used mainly when the switch is L3 (ip routing enabled)

More info here: https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/16448-default.html

Richard

View solution in original post

MHM Cisco World · ‎06-19-2023

Mgmt vlan must allow in trunk between 9200 and 9300

athomas1 · ‎06-19-2023

trunk between 9200 and 9300l already set to allow all vlans due to design of network in this are

MHM Cisco World · ‎06-19-2023

check my below post for solution

MHM Cisco World · ‎06-19-2023

Sw 9200 have mgmt vlanx

Sw 9300 l3sw have vlanx svi

Points to check:-

The sw 9200 l2sw have defualt getaway toward vlanx svi in 9300 l3sw

The vlanx is allow in trunk along the path between sw9200 and sw9300

The vlanx svi is UP in sw9300 l3sw

That it

Thanks

MHM

Flavio Miranda · ‎06-19-2023

Hi

Would be helpful if you could share the show running config but if you can ping from the L3 switch, which a believe must be the gateway, but can not ping remotelly, I wonder if you have default-gateway setup. I would try to add a default route pointing to L3 switch instead the command ip default-gateway.

athomas1 · ‎06-19-2023

It is setup the same way as other switches i have elsewhere and they can communicate fine. DG is setup on VLAN/ subnet also. I can ping other IPs located on the VLAN in question from my pc (differnet vlan/subnet) or L3 switch, but not the two that are currently assigned to the two 9200L switches being commissioned. It's behaving like the fact it's assigned to that switch is what's causing it to not reply.

Flavio Miranda · ‎06-19-2023

Can you share the show run from one of those 9200, just to make sure you are not missing something and someone here can see?

But, the way you put it, I start to think about a bug. If you have DG properly and you can ping from L3 sw, a bug could be an explanation..

athomas1 · ‎06-19-2023

I can arrange a copy of the show run later, not physically able to now.

They currently have the same ios version as they were shipped with. Do you know if the latest version is clear of any bugs? Problems with the firmware the switches are currently running is granted not something i had thought of...!

Flavio Miranda · ‎06-19-2023

One thing I no is that no version is clear of bugs. But, if they have the same version then is less likely to be a bug

mr.richardb · ‎06-19-2023

Hi,

You should enable "ip routing" as (I had the same issue on c9300 a week ago) these devices are switches by default and routing is not enabled. Tricky, as it accepts all L3 commands but just working.

Richard

athomas1 · ‎06-19-2023

Can you please elaborate on this- where would this be enabled and how? The 9300 is able to route traffic between all other VLANs already, it appears to be specifically routing to the two IPs currently assigned to the two 9200L that are exhibiting the problem. Hope this makes sense.

mr.richardb · ‎06-19-2023

Hi,
There is a command "ip routing" in config mode which enable unicast routing.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/17-4/configuration_guide/rtng/b_174_rtng_9200_cg/configuring_ip_unicast_routing.html#topic_lhc_vwx_kgb

Section "Configuration Guidelines for IP routing" :
By default, IP routing is disabled on the device, and you must enable it before routing can take place.

Richard

athomas1 · ‎06-20-2023

So, I have now enabled ip routing on the 9200L AND created a new port-channel for the connection between the 9200L and 9300 so that LACP will work on the 9200L. Needed to do this anyway, so this gave me a cause to.

Either way it's still not working.

I have checked the firmware and they are somewhat out of date so I need to install the latest recommended version (just downloaded from cisco)

MHM Cisco World · ‎06-20-2023

Sw 9200 have mgmt vlan x svi

Sw 9300 l3sw have vlan x svi

Points to check:-

The sw 9200 l2sw have defualt getaway toward vlan x svi in 9300 l3sw (9200 must l2sw)

The vlan x is allow in trunk along the path between sw9200 and sw9300 <<- this so important

The vlan x svi is UP in sw9300 l3sw

That it

Thanks

MHM

Can't ping IP of new 9200L but can ping same-subnet IP on test device