Solved: CBS350 VLAN not working

DvN-EPPCA · ‎02-21-2023

Hi Folks

Reaching out to experts in the community to see if anybody has any ideas or, has perhaps come across this issue and knows of a quick fix. Technically, I've spent hours researching this, and tried a bunch of things, but nada so at this point, I am stumped ... maybe it's right in front of me, I just don't see it

Currently in process of replacing EOL switches with new CBS350 platform. Tried setting on installed firmware 3.0.0.69 and latest 3.2.0.84, same issue

Basic vlan 98 that routes to a 10.10.98.0/24 subnet, default gw 10.10.98.1

Single device connected to gi1/0/3 with IP address 10.10.98.11

From CBS350 unit, can ping default gateway on core subnet, can ping other 10.10.98.xxx devices, cannot ping local device attached to gi1/0/3 or ping from it, anywhere

Tried resetting switch a few times, using "vlan 98" and "int vlan 98" for VLAN settings, no luck. Funny thing is, all of our older switches with same settings are working just fine ... I can plug this device into a port there, and bingo, it all works

Any suggestions at this point, are greatly appreciated (sure hope somebody has come across this issue before :-))

DvN-EPPCA · ‎02-22-2023

Wow! karma hits back ... after adding the VLAN 98 ip address as suggested, I thought I would try to ping the device one more time before removing that configuration suggestion. The 10.10.98.11 device attached to the VLAN 98 enabled port now responds ...

So, this issue appears to work ONLY if you assign a valid IP# to a VLAN in trunk mode. I can work with this by reserving a standard IP# on each VLAN and adding that to our IT network policy - no issues in doing that

Thanks guys, for staying with it and suggesting different options - I've been muddling with this since SAT, so pleased it is resolved!

View solution in original post

marce1000 · ‎02-21-2023

- For starters , the gi1/0/3 port is configured as a trunk , 'client ports' , connecting a single host must have mode access with portfast (the latter advised) , combined in a single configuration command : switchport mode host (or switchport host) , check what works, but clear all other settings first too, with default int gi1/0/3 (if available). Then also put the port in the correct vlan as in switchport access vlan 98

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

DvN-EPPCA · ‎02-21-2023

Thanks Marc,

No luck - reset switch (so back to factory defaults), set port up as suggested, still no connectivity

Any other ideas?

interface GigabitEthernet1/0/3
description "VLAN 98"
switchport access vlan 98
!

balaji.bandi · ‎02-21-2023

interface GigabitEthernet1/0/3
description "VLAN 98"
switchport access vlan 98

spanning-tree portfast <-- add this line

what is the device connected to this port ? (if windows post ipconfig /all output here ), check any Firewall in the PC

from switch can you check is the MAC addrress table on the ports ?

if this switch acting as layer 2, on the uplink device where layer3, can you post show ip arp (or check is the PC IP can see arp ?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

DvN-EPPCA · ‎02-21-2023

Thanks for response,

I originally had a Meraki AP which is configured for IP 10.10.98.11 but not seeing the network

I dropped a laptop on 10.10.98.11 IP instead, ipconfig/all shows

Physical Address: A0-CE-C8-60-13-2E

IPv4 Address: 10.10.98.11

Subnet Mask: 255.255.255.0

Default Gateway: 10.10.98.1

*no* Windows firewall active

I tried the switch port gi1/0/3 (ge3) with access mode in both Layer2 and Layer 3 mode

Verified the switch can see the laptop

EPPMLN-CORE4#show mac address-table | include gi1/0/3

98 a0:ce:c8:60:13:2e gi1/0/3 dynamic

I did add “spanning-tree portfast” as well

EPPMLN-CORE4#show ip arp inspection

IP ARP inspection is Disabled

IP ARP inspection is configured on following VLANs:

Verification of packet header is Disabled

IP ARP inspection logging interval is: 5 seconds

Interface Trusted

----------- -----------

balaji.bandi · ‎02-21-2023

where is 10.10.98.1 configured another switch ?

simple test on CBS350 create vlan interface on switch

interface vlan 98
ip address 10.10.98.XX 255.255.255.0 (any free IP in the subnet)

no shutdown

from switch ping to 10.10.98.1 - is this works?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

DvN-EPPCA · ‎02-22-2023

This got me going to a solution. 10.10.98.1 is defined on the default gateway switch (SG500), so always able to ping that IP# if the local switch has the default-gateway set. Assigning VLAN 98 to a unique IP enabled that VLAN to respond to devices on this CBS350 switch. Great suggestion, and glad it worked out!

DvN-EPPCA · ‎02-21-2023

Thanks for response,
I originally had a Meraki AP which is configured for IP 10.10.98.11 but not seeing the network
I dropped a laptop on 10.10.98.11 IP instead, ipconfig/all shows
Physical Address: A0-CE-C8-60-13-2E
IPv4 Address: 10.10.98.11
Subnet Mask: 255.255.255.0
Default Gateway: 10.10.98.1
*no* Windows firewall active
I tried the switch port gi1/0/3 (ge3) with access mode in both Layer2 and Layer 3 mode
Verified the switch can see the laptop
EPPMLN-CORE4#show mac address-table | include gi1/0/3
98 a0:ce:c8:60:13:2e gi1/0/3 dynamic

marce1000 · ‎02-21-2023

>....No luck - reset switch (so back to factory defaults), set port up as suggested, still no connectivity
- Disable the auto smartport 'feature' according to : https://www.cisco.com/c/en/us/support/docs/smb/switches/Cisco-Business-Switching/kmgmt-2797-smartport-best-practices-CBS.html , then configure the ports again as described in my first reply, check if that can help ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

DvN-EPPCA · ‎02-22-2023

Yes, local vlan 98 with IP works

I disabled smartport on ALL ports and globally, and I was now able to bring the VLAN 98 up on a port, but still unable to ping a 10.10.98.11 device attached to that port. I know it's a valid device because I can take it to a SG350 switch, plug it into a trunk/vlan 98 port and it responds. I've convinced myself that it's something to do with the CBS350 firmware and currently trying to downgrade to earlier releases in steps to see which one actively supports the trunk vlan mode

EPPMLN-CORE4#config t
EPPMLN-CORE4(config)#int vlan 98
EPPMLN-CORE4(config-if)#ip address 10.10.98.130 255.255.255.0
EPPMLN-CORE4(config-if)#no shut
EPPMLN-CORE4(config-if)#end
EPPMLN-CORE4#ping 10.10.98.130
Pinging 10.10.98.130 with 18 bytes of data:

18 bytes from 10.10.98.130: icmp_seq=1. time=0 ms
18 bytes from 10.10.98.130: icmp_seq=2. time=0 ms
18 bytes from 10.10.98.130: icmp_seq=3. time=0 ms
18 bytes from 10.10.98.130: icmp_seq=4. time=0 ms

----10.10.98.130 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0

DvN-EPPCA · ‎02-22-2023

Wow! karma hits back ... after adding the VLAN 98 ip address as suggested, I thought I would try to ping the device one more time before removing that configuration suggestion. The 10.10.98.11 device attached to the VLAN 98 enabled port now responds ...

So, this issue appears to work ONLY if you assign a valid IP# to a VLAN in trunk mode. I can work with this by reserving a standard IP# on each VLAN and adding that to our IT network policy - no issues in doing that

Thanks guys, for staying with it and suggesting different options - I've been muddling with this since SAT, so pleased it is resolved!