06-15-2020 04:28 AM - edited 06-15-2020 10:34 PM
Dear all,
I am encountering a problem that has me stumped.
I have a 48 port Cisco Catalyst 9200L that I intend to deploy at a new location, integrating it into a Hub & Spoke setup that I inherited. The DMVPN connection to the Hub is supported via nhrp, and the routing information is transmitted from the Hub via eigrp. The location has an internal address reservation of 10.207.56.64/28 for use by clients, who are on VLAN80, and has an internal IP of 172.31.11.36 from the DMVPN tunnel. The supplier's router (Cisco 803) supplying the initial connection to the Hub has an IP address of 10.10.131.1, which points to our router at 172.31.11.1, acting as the Hub.
L3 routing from the switch itself seems to work - it is reachable by everyone, and can also ping any client on our internal network, as well as the internet. If VLAN80 is set as the source interface for pinging, this succeeds as well.
Unfortunately I cannot say the same about the clients who are physically connected, who can see other devices that are connected to the switch and of course the gateway, but nothing else. The connected devices however DO show up in DHCP as having leased an IP address.
I ran some tests using a packet tracer in order to determine whether perhaps the ICMP requests go out, but fail to be routed back - however, this isn't the case it seems. Only pings from the gateway itself are registered.
Does anyone have any advice / guidance on what could be the problem?
Equipment | IP Address | Behaviour |
L3 Catalyst 9200L Switch | 172.31.11.36 - Tunnel11 10.207.56.65 - VLAN80 | Can ping both at L2 and L3 without any problems. |
A server that is physically connected to the 9200L | 10.207.56.66 | Can ping everyone within the same subnet (/28) and the gateway itself. traceroutes that require L3 routing terminate after the gateway. |
Other clients within the network | 10.207.55.121 (Example) | Can ping the gateway at 10.207.56.65. Clients connected to the switch however are not pingable in any way. |
sh int brief
Interface IP-Address OK? Method Status Protocol Vlan1 unassigned YES TFTP up up Vlan20 172.20.36.1 YES NVRAM down down Vlan50 192.168.45.1 YES NVRAM up down Vlan80 10.207.56.65 YES NVRAM up up Vlan202 172.28.15.1 YES NVRAM down down Vlan999 unassigned YES unset down down GigabitEthernet0/0 10.10.131.50 YES NVRAM administratively down down GigabitEthernet1/0/1 unassigned YES unset down down GigabitEthernet1/0/2 unassigned YES unset up up GigabitEthernet1/0/3 unassigned YES unset down down GigabitEthernet1/0/4 unassigned YES unset up up GigabitEthernet1/0/5 unassigned YES unset down down GigabitEthernet1/0/6 unassigned YES unset up up GigabitEthernet1/0/7 unassigned YES unset down down GigabitEthernet1/0/8 unassigned YES unset down down GigabitEthernet1/0/9 unassigned YES unset up up GigabitEthernet1/0/10 unassigned YES unset up up GigabitEthernet1/0/11 unassigned YES unset down down GigabitEthernet1/0/12 unassigned YES unset down down GigabitEthernet1/0/13 unassigned YES unset down down GigabitEthernet1/0/14 unassigned YES unset up up GigabitEthernet1/0/15 unassigned YES unset down down GigabitEthernet1/0/16 unassigned YES unset up up GigabitEthernet1/0/17 unassigned YES unset down down GigabitEthernet1/0/18 unassigned YES unset up up GigabitEthernet1/0/19 unassigned YES unset down down GigabitEthernet1/0/20 unassigned YES unset up up GigabitEthernet1/0/21 unassigned YES unset down down GigabitEthernet1/0/22 unassigned YES unset down down GigabitEthernet1/0/23 unassigned YES unset down down GigabitEthernet1/0/24 unassigned YES unset up up GigabitEthernet1/0/25 unassigned YES unset down down GigabitEthernet1/0/26 unassigned YES unset up up GigabitEthernet1/0/27 unassigned YES unset down down GigabitEthernet1/0/28 unassigned YES unset up up GigabitEthernet1/0/29 unassigned YES unset down down GigabitEthernet1/0/30 unassigned YES unset down down GigabitEthernet1/0/31 unassigned YES unset down down GigabitEthernet1/0/32 unassigned YES unset down down GigabitEthernet1/0/33 unassigned YES unset down down GigabitEthernet1/0/34 unassigned YES unset down down GigabitEthernet1/0/35 unassigned YES unset down down GigabitEthernet1/0/36 unassigned YES unset down down GigabitEthernet1/0/37 unassigned YES unset down down GigabitEthernet1/0/38 unassigned YES unset down down GigabitEthernet1/0/39 unassigned YES unset down down GigabitEthernet1/0/40 unassigned YES unset down down GigabitEthernet1/0/41 unassigned YES unset down down GigabitEthernet1/0/42 unassigned YES unset down down GigabitEthernet1/0/43 unassigned YES unset down down GigabitEthernet1/0/44 unassigned YES unset up up GigabitEthernet1/0/45 unassigned YES unset down down GigabitEthernet1/0/46 unassigned YES unset up up GigabitEthernet1/0/47 unassigned YES unset up up GigabitEthernet1/0/48 10.10.131.2 YES manual up up Te1/1/1 unassigned YES unset down down Te1/1/2 unassigned YES unset down down Te1/1/3 unassigned YES unset down down Te1/1/4 unassigned YES unset down down Loopback0 172.31.202.36 YES NVRAM up up Loopback100 172.31.203.36 YES NVRAM up up Tunnel11 172.31.11.36 YES NVRAM up up Tunnel12 172.31.12.36 YES NVRAM up up
sh ip route
Gateway of last resort is 172.31.11.1 to network 0.0.0.0 D* 0.0.0.0/0 [90/1530112] via 172.31.11.1, 16:13:42, Tunnel11 10.0.0.0/8 is variably subnetted, 13 subnets, 4 masks S 10.10.128.0/23 [1/0] via 10.10.131.1 S 10.10.130.0/23 [1/0] via 10.10.131.1 C 10.10.131.0/30 is directly connected, GigabitEthernet1/0/48 L 10.10.131.2/32 is directly connected, GigabitEthernet1/0/48 S 10.10.132.0/23 [1/0] via 10.10.131.1 S 10.10.134.0/23 [1/0] via 10.10.131.1 S 10.10.136.0/23 [1/0] via 10.10.131.1 S 10.10.138.0/23 [1/0] via 10.10.131.1 S 10.10.140.0/23 [1/0] via 10.10.131.1 S 10.10.142.0/23 [1/0] via 10.10.131.1 S 10.10.144.0/23 [1/0] via 10.10.131.1 C 10.207.56.64/28 is directly connected, Vlan80 L 10.207.56.65/32 is directly connected, Vlan80 172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.30.22.0/24 is directly connected, Vlan80 L 172.30.22.1/32 is directly connected, Vlan80 172.31.0.0/16 is variably subnetted, 6 subnets, 2 masks C 172.31.11.0/24 is directly connected, Tunnel11 L 172.31.11.36/32 is directly connected, Tunnel11 C 172.31.12.0/24 is directly connected, Tunnel12 L 172.31.12.36/32 is directly connected, Tunnel12 C 172.31.202.36/32 is directly connected, Loopback0 C 172.31.203.36/32 is directly connected, Loopback100
VLAN80
interface Vlan80 description Standard LAN interface ip address 172.30.22.1 255.255.255.0 secondary ip address 10.207.56.65 255.255.255.240 ip helper-address 10.207.35.11 ip helper-address 10.207.72.11 no ip proxy-arp ip tcp adjust-mss 1452
Port Configuration
interface GigabitEthernet1/0/15 source template REG_IF spanning-tree portfast
REG_IF Port Configuration Template
template REG_IF spanning-tree portfast switchport access vlan 80 switchport mode access switchport voice vlan 20 switchport port-security maximum 20 switchport port-security violation restrict switchport port-security aging time 60 switchport port-security description Basic Interface Config
06-17-2020 07:48 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide