Catalyst 9200L Routing Issues (Hub and Spoke)

Pripyat1583 · ‎06-15-2020

Dear all,

I am encountering a problem that has me stumped.

I have a 48 port Cisco Catalyst 9200L that I intend to deploy at a new location, integrating it into a Hub & Spoke setup that I inherited. The DMVPN connection to the Hub is supported via nhrp, and the routing information is transmitted from the Hub via eigrp. The location has an internal address reservation of 10.207.56.64/28 for use by clients, who are on VLAN80, and has an internal IP of 172.31.11.36 from the DMVPN tunnel. The supplier's router (Cisco 803) supplying the initial connection to the Hub has an IP address of 10.10.131.1, which points to our router at 172.31.11.1, acting as the Hub.

L3 routing from the switch itself seems to work - it is reachable by everyone, and can also ping any client on our internal network, as well as the internet. If VLAN80 is set as the source interface for pinging, this succeeds as well.

Unfortunately I cannot say the same about the clients who are physically connected, who can see other devices that are connected to the switch and of course the gateway, but nothing else. The connected devices however DO show up in DHCP as having leased an IP address.

I ran some tests using a packet tracer in order to determine whether perhaps the ICMP requests go out, but fail to be routed back - however, this isn't the case it seems. Only pings from the gateway itself are registered.

Does anyone have any advice / guidance on what could be the problem?

Equipment	IP Address	Behaviour
L3 Catalyst 9200L Switch	172.31.11.36 - Tunnel11 10.207.56.65 - VLAN80	Can ping both at L2 and L3 without any problems.
A server that is physically connected to the 9200L	10.207.56.66	Can ping everyone within the same subnet (/28) and the gateway itself. traceroutes that require L3 routing terminate after the gateway.
Other clients within the network	10.207.55.121 (Example)	Can ping the gateway at 10.207.56.65. Clients connected to the switch however are not pingable in any way.

sh int brief

Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  unassigned      YES TFTP   up                    up      
Vlan20                 172.20.36.1     YES NVRAM  down                  down    
Vlan50                 192.168.45.1    YES NVRAM  up                    down    
Vlan80                 10.207.56.65    YES NVRAM  up                    up      
Vlan202                172.28.15.1     YES NVRAM  down                  down    
Vlan999                unassigned      YES unset  down                  down    
GigabitEthernet0/0     10.10.131.50    YES NVRAM  administratively down down    
GigabitEthernet1/0/1   unassigned      YES unset  down                  down    
GigabitEthernet1/0/2   unassigned      YES unset  up                    up      
GigabitEthernet1/0/3   unassigned      YES unset  down                  down    
GigabitEthernet1/0/4   unassigned      YES unset  up                    up      
GigabitEthernet1/0/5   unassigned      YES unset  down                  down    
GigabitEthernet1/0/6   unassigned      YES unset  up                    up      
GigabitEthernet1/0/7   unassigned      YES unset  down                  down    
GigabitEthernet1/0/8   unassigned      YES unset  down                  down    
GigabitEthernet1/0/9   unassigned      YES unset  up                    up      
GigabitEthernet1/0/10  unassigned      YES unset  up                    up      
GigabitEthernet1/0/11  unassigned      YES unset  down                  down    
GigabitEthernet1/0/12  unassigned      YES unset  down                  down    
GigabitEthernet1/0/13  unassigned      YES unset  down                  down    
GigabitEthernet1/0/14  unassigned      YES unset  up                    up      
GigabitEthernet1/0/15  unassigned      YES unset  down                  down    
GigabitEthernet1/0/16  unassigned      YES unset  up                    up      
GigabitEthernet1/0/17  unassigned      YES unset  down                  down    
GigabitEthernet1/0/18  unassigned      YES unset  up                    up      
GigabitEthernet1/0/19  unassigned      YES unset  down                  down    
GigabitEthernet1/0/20  unassigned      YES unset  up                    up      
GigabitEthernet1/0/21  unassigned      YES unset  down                  down    
GigabitEthernet1/0/22  unassigned      YES unset  down                  down    
GigabitEthernet1/0/23  unassigned      YES unset  down                  down    
GigabitEthernet1/0/24  unassigned      YES unset  up                    up      
GigabitEthernet1/0/25  unassigned      YES unset  down                  down    
GigabitEthernet1/0/26  unassigned      YES unset  up                    up      
GigabitEthernet1/0/27  unassigned      YES unset  down                  down    
GigabitEthernet1/0/28  unassigned      YES unset  up                    up      
GigabitEthernet1/0/29  unassigned      YES unset  down                  down    
GigabitEthernet1/0/30  unassigned      YES unset  down                  down    
GigabitEthernet1/0/31  unassigned      YES unset  down                  down    
GigabitEthernet1/0/32  unassigned      YES unset  down                  down    
GigabitEthernet1/0/33  unassigned      YES unset  down                  down    
GigabitEthernet1/0/34  unassigned      YES unset  down                  down    
GigabitEthernet1/0/35  unassigned      YES unset  down                  down    
GigabitEthernet1/0/36  unassigned      YES unset  down                  down    
GigabitEthernet1/0/37  unassigned      YES unset  down                  down    
GigabitEthernet1/0/38  unassigned      YES unset  down                  down    
GigabitEthernet1/0/39  unassigned      YES unset  down                  down    
GigabitEthernet1/0/40  unassigned      YES unset  down                  down    
GigabitEthernet1/0/41  unassigned      YES unset  down                  down    
GigabitEthernet1/0/42  unassigned      YES unset  down                  down    
GigabitEthernet1/0/43  unassigned      YES unset  down                  down    
GigabitEthernet1/0/44  unassigned      YES unset  up                    up      
GigabitEthernet1/0/45  unassigned      YES unset  down                  down    
GigabitEthernet1/0/46  unassigned      YES unset  up                    up      
GigabitEthernet1/0/47  unassigned      YES unset  up                    up      
GigabitEthernet1/0/48  10.10.131.2     YES manual up                    up      
Te1/1/1                unassigned      YES unset  down                  down    
Te1/1/2                unassigned      YES unset  down                  down    
Te1/1/3                unassigned      YES unset  down                  down    
Te1/1/4                unassigned      YES unset  down                  down    
Loopback0              172.31.202.36   YES NVRAM  up                    up      
Loopback100            172.31.203.36   YES NVRAM  up                    up      
Tunnel11               172.31.11.36    YES NVRAM  up                    up      
Tunnel12               172.31.12.36    YES NVRAM  up                    up

sh ip route

Gateway of last resort is 172.31.11.1 to network 0.0.0.0

D*    0.0.0.0/0 [90/1530112] via 172.31.11.1, 16:13:42, Tunnel11
      10.0.0.0/8 is variably subnetted, 13 subnets, 4 masks
S        10.10.128.0/23 [1/0] via 10.10.131.1
S        10.10.130.0/23 [1/0] via 10.10.131.1
C        10.10.131.0/30 is directly connected, GigabitEthernet1/0/48
L        10.10.131.2/32 is directly connected, GigabitEthernet1/0/48
S        10.10.132.0/23 [1/0] via 10.10.131.1
S        10.10.134.0/23 [1/0] via 10.10.131.1
S        10.10.136.0/23 [1/0] via 10.10.131.1
S        10.10.138.0/23 [1/0] via 10.10.131.1
S        10.10.140.0/23 [1/0] via 10.10.131.1
S        10.10.142.0/23 [1/0] via 10.10.131.1
S        10.10.144.0/23 [1/0] via 10.10.131.1
C        10.207.56.64/28 is directly connected, Vlan80
L        10.207.56.65/32 is directly connected, Vlan80
      172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.30.22.0/24 is directly connected, Vlan80
L        172.30.22.1/32 is directly connected, Vlan80
      172.31.0.0/16 is variably subnetted, 6 subnets, 2 masks
C        172.31.11.0/24 is directly connected, Tunnel11
L        172.31.11.36/32 is directly connected, Tunnel11
C        172.31.12.0/24 is directly connected, Tunnel12
L        172.31.12.36/32 is directly connected, Tunnel12
C        172.31.202.36/32 is directly connected, Loopback0
C        172.31.203.36/32 is directly connected, Loopback100

VLAN80

interface Vlan80
 description Standard LAN interface
 ip address 172.30.22.1 255.255.255.0 secondary
 ip address 10.207.56.65 255.255.255.240
 ip helper-address 10.207.35.11
 ip helper-address 10.207.72.11
 no ip proxy-arp
 ip tcp adjust-mss 1452

Port Configuration

interface GigabitEthernet1/0/15
 source template REG_IF
 spanning-tree portfast

REG_IF Port Configuration Template

template REG_IF
 spanning-tree portfast
 switchport access vlan 80
 switchport mode access
 switchport voice vlan 20
 switchport port-security maximum 20
 switchport port-security violation restrict
 switchport port-security aging time 60
 switchport port-security
 description Basic Interface Config

chrysa · ‎06-17-2020

Hello Pripyat1583,

Kindly share the show ip arp , show interface switchport of cat9200L.

Please review the net topology that i have attached to check if I understood correctly the topology.

Kind regards,

Chrysa