04-29-2016 04:34 AM - edited 03-08-2019 05:33 AM
I have a Cisco 4500-X switch that I'm trying to get the mgmt port working on (Fa1). I must be missing something in my config, because I cannot ping anything in the same VLAN, nor can I even see a MAC address on the access switch it is plugged into. It is plugged into a 3560E with the port configured as an access port on the correct VLAN. I've verified no MTU mismatch, no speed or duplex mismatch.
Here are some configs.
switch#sho run vrf mgmtVrf
Building configuration...
Current configuration : 310 bytes
vrf definition mgmtVrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
interface FastEthernet1
vrf forwarding mgmtVrf
ip address XX.XX.163.154 255.255.252.0
speed auto
full-duplex
!
ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 XX.XX.160.1
!
!
end
switch#sho ip route vrf mgmtVrf
Routing Table: mgmtVrf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is XX.XX.160.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via XX.XX.160.1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C XX.XX.160.0/22 is directly connected, FastEthernet1
L XX.XX.163.154/32 is directly connected, FastEthernet1
Solved! Go to Solution.
04-29-2016 07:58 AM
Yes that's sounds a bit buggy alright you should get your arp , checking mine as its out of band and there all same subnet I can see multiple arps learned through each mgmt. port for each device
You definitely should be getting an arp and mac on 3560 as well just checked mine to confirm , yes let us know how upgrade goes be interesting to see if this is another software issue on 4500x
xxxx#sh ip arp vrf Mgmt-vrf g0/0
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.xxx - ac7e.8a33.7980 ARPA GigabitEthernet0/0
Internet 172.xxx 0 0009.0f09.0008 ARPA GigabitEthernet0/0
Internet 172.xxx 166 ac7e.8a33.8480 ARPA GigabitEthernet0/0
Internet 172.xxx 252 b8be.bf30.15b7 ARPA GigabitEthernet0/0
Internet 172.xxx 112 c414.3c4d.aa37 ARPA GigabitEthernet0/0
04-29-2016 05:09 AM
Hi
your config is correct I have oob running through all my switches using mgmt. port and they go back to a mgmt. stack that's connected to our fws to process any type of mgmt. traffic like syslog,netflow,ntp etc
When you are on the 3560 give it an SVI as a test if you still cant ping the mgmt. from that as source when its directly connected its most likely the 4500x ios-xe version there are a few very buggy editions out there on that platform, this way its basically arping shouldn't need routing and if its still the same I would try another image
Is your default route pointing to a firewall ? can you even ping the mgmt. interface through its vrf if its up/up when your directly consoled on the 4500x ?
Current configuration : 339 bytes
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
interface GigabitEthernet0/0
description ** Network Managment Interface **
vrf forwarding Mgmt-vrf
ip address 172.x.x.x 255.255.254.0
negotiation auto
!
ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 172.x.x.x.
04-29-2016 06:30 AM
Thanks for the reply Mark, and thanks for verifying my config.
I'm running Version 03.05.01E
The 3560 switchport isn't evening learning the MAC address of the 4500, so I have a feeling its an ARP issue as well.
Default route is pointing to an SVI on our core switch, same VLAN as the 3560 SVI. The only thing I can ping from the 4500, is itself. Nothing else in or out of that VLAN at all.
There is already an SVI on that 3560, in the same subnet as the mgmt on the 4500, and I cannot ping the 4500 when sourcing from that SVI. Has to be an ARP issue. I'll try upgrading to the recommended version on Cisco's site, 3.06.04E, and I'll update this thread afterward.
Thanks again.
04-29-2016 07:58 AM
Yes that's sounds a bit buggy alright you should get your arp , checking mine as its out of band and there all same subnet I can see multiple arps learned through each mgmt. port for each device
You definitely should be getting an arp and mac on 3560 as well just checked mine to confirm , yes let us know how upgrade goes be interesting to see if this is another software issue on 4500x
xxxx#sh ip arp vrf Mgmt-vrf g0/0
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.xxx - ac7e.8a33.7980 ARPA GigabitEthernet0/0
Internet 172.xxx 0 0009.0f09.0008 ARPA GigabitEthernet0/0
Internet 172.xxx 166 ac7e.8a33.8480 ARPA GigabitEthernet0/0
Internet 172.xxx 252 b8be.bf30.15b7 ARPA GigabitEthernet0/0
Internet 172.xxx 112 c414.3c4d.aa37 ARPA GigabitEthernet0/0
04-29-2016 09:38 AM
Upgrading fixed my issue. I upgraded to 3.06.04E. And right when it came up, I was able to ping it.
Took me a bit because I didn't know I had to change the config-register to make the switch look at the boot statements.
Either way, I appreciate the assistance, Mark. Thanks for the suggestions.
04-30-2016 08:53 AM
Thanks for letting us know Chad at least we know the MGMT port has issues for definite now on that IOS-XE version
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: