cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1143
Views
0
Helpful
5
Replies

Cannot establish layer 2 communication

bradleycollins
Level 1
Level 1

I am attempting to communicate with a Modicon PLC CRP module (CRP 31200 for Ethernet Remote IO) via our cisco network.  I have found that when the PLC module is connected to my 2960-X it will not allow the arp broadcasts to pass.  If the PLC module is connected to the laptop directly or have pretty much any other brand of switch connected (Dlink, netgear, etc) there is no problem with passing the traffic.  The only traffic the 2960 is allowing to pass is a SNAP packet that I am unable to identify.  My initial thought was ARP was being send via SNAP instead of ARPA but that does not seem to be the case since when directly connected to a laptop ARP is sent in an Ethernet II frame.  

 

Also, one thing that stands out on the Cisco over other brands of switches is the MAC address table does not learn the MAC address this module is communicating on.  00:00:54:1A:67:97 is the PLC module mac address the 2960 learns while all other switches and computers learn the correct MAC address 00:00:54:1A:67:94 and communicate properly. 

 

At this point I am out of ideas and would greatly appreciate some insight as to what might be going on. :)

 

Things I have tried

1. Enabled ARP debugging and have observed no error messages when attempting to communicate with the PLC module

2. Enabled ip arp gratuitous

3. ARP SNAP and NO ARP ARPA on the switchport connected to the PLC module

4. Enabled ARP inspection and set it as a trusted interface.

5. Manually setting the mac address table static entry of 00:00:54:1A:67:94 to the interface

6. Manually set an arp entry of 00:00:54:1A:67:94 to 192.168.101.100 (static IP of the PLC module)

 

For my test, I have a standalone 2960-X with only the PLC module and a laptop connected.  I have attached 2 PCAPs:

1. Laptop-CRP-direct - This is the CRP connected directly to the laptop and a test ping was successful.  Capture was taken on laptop

2. Laptop-CRP-viaCisco - This is the CRP and laptop connected the to 2960.  Capture was taken on laptop.

 

On the first PCAP you can see the ARP for 67:94 was successful at packet 68 and the ping was successful.  The second PCAP the only broadcast the laptop is receiving is the LLC/SNAP from 67:97.  This is best visualized with the following filter: (!(eth.src == e0:ac:f1:aa:fa:01)) && !(eth.src == 54:ee:75:29:40:22)

e0:ac:f1:aa:fa:01 = cisco switch vlan 1

54:ee:75:29:40:22 = laptop

 

 

Any thoughts are welcome and appreciated! :)

5 Replies 5

aharentimken
Level 1
Level 1

I have this exact same issue.  Did you happen to find a resolution?  Thank you.

 

Andy

Yes.... The problem is the internal interface (00:00:54:1A:67:94 for me) is actually tagged with VLAN1.  The physical interface traffic is untagged. Since Cisco automatically assumes that VLAN 1 is untagged only that traffic ends up going nowhere since the Cisco is not expecting VLAN 1 to be tagged.

If you set a cisco interface as a trunk port and set the native vlan to be any other VLAN (VLAN 2 for example) then it will work....  However, this was not a good solution for me since I am actually using VLAN 1 for management/STP/etc traffic and I do not want ERIO on there.  My solution was to get a DIN-rail mounted managed switch that I put in the ERIO panel and am using it to 'cross vlans' (so I can force Tagged VLAN 1 traffic onto an untagged port).  That untagged port is then connected into the Cisco backbone on an access port of the VLAN I want to use (100).

 

So my architecture looks like this

CRP (tagged vlan 1)------DIN-RAIL SW PORT 1(tagged vlan 1)-----DIN-RAIL SW PORT 2 (untagged vlan 1)-----Cisco SW Port (Untagged vlan 100)

 

Ive asked Schenider if the VLAN ID can be changed on the CRP/CRAs but they won't allow it.

 

Hope this helps!

Awesome!!  Let me give that a try.  Thank you.

This did work.  Although I am kind of in the same boat as you and want these to be on another VLAN other than 1.  I really want to have central network cabinet for this area out on the shop floor instead of having multiple "mini-switches".  Oh well I will figure something out.  Thank you very much for your help.

Yeah... the 'mini switches' are not ideal.  But it worked out from me because i have them in almost every PLC panel anyway for other reasons.

However, all of my drops are over 300 feet away from eachother.  If yours are all centrally located to the network cabinet then you could get away with one 'conversion' switch.

I would just get a set of Cisco 2960s (stacked) and dedicate them to just ERIO.  Flexlink works great for the dual CRP/CRA port redundancy over RSTP. Im forcing RSTP to work since my mini-switches are not cisco, but its not ideal. I would have dedicated Cisco switches to all of my remote drops but temperature and spacing was an issue that ruled out the cisco switches.

 

Good luck!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: