Re: Cisco 9300 cannot ping or ssh after setting an IP on port

rangerdon · ‎09-17-2020

I have a catalyst 9300 switch that I have attempted to configure identically to 11 other 9300's in an effort to perform a firmware update. On the previous 11 switches I could scp through the configured IP to obtain the firmware bin file and save it to flash: On this last switch, though, there is no communication on any port I have tried this on. I am about out of ideas on how to resolve this. Does anyone have any ideas? I can provide additional information if desired, but since I had this working on 11 other switches I *think* have the right procedure, but I suspect the switch is at fault.

I've included a diagram of the network (such as it is). I am attempting to scp the bin file from the machine not on the management port.

Richard Burts · ‎09-17-2020

There is not enough information here for us to be able to give any good advice. You have told us very little about the server - is it the device identified as 192.168.75.x? You have not told us how the switch port is configured. Identify which switch port is connecting to the server, post the configuration. Also it would be helpful if you post the output of these commands

show interface status

show arp

HTH

Rick

rangerdon · ‎09-17-2020

I Was attempting to indicate that the "server" was on the same ip subnet as the port that is not allowing the traffic through. The switch port is Gi1/0/11. I've included the running config below the port specific information. Here is more information, as requested:

co2061-9300-07#show interfaces status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi1/0/1                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/2                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/3                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/4                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/5                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/6                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/7                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/8                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/9                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/10                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/11                     connected    routed     a-full a-1000 10/100/1000BaseTX
Gi1/0/12                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/13                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/14                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/15                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/16                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/17                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/18                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/19                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/20                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/21                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/22                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/23                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/24                     notconnect   1            auto   auto 10/100/1000BaseTX


co2061-9300-07#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.75.1            -   10b3.c62e.b8d7  ARPA   GigabitEthernet1/0/11

co2061-9300-07#show running-config 
Building configuration...

Current configuration : 9260 bytes
!
! Last configuration change at 14:49:08 UTC Thu Sep 17 2020 by admin
!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname co2061-9300-07
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
aaa new-model
!
!
aaa authorization exec default local 
aaa authorization network default local 
!
!
!
!
!
!
aaa session-id common
switch 1 provision c9300-24t
!
!
!
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
  no destination transport-method email
!
!
!
!
!         
ip domain name xxx.xxxxxx.edu
!
!
!
login on-success log
!
!
!
!
!
!
!
!

!
license boot level network-advantage addon dna-advantage
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
username admin privilege 15 password 7 xxxxxxxx
!
redundancy
 mode sso
!
!
!
!
!
transceiver type all
 monitoring
!
!
class-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
  description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
  description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
  description L2 LVX control packets
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
  description High Rate Applications 
class-map match-any system-cpp-police-multicast
  description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any system-cpp-police-data
  description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
  description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
  description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
  description DHCP snooping
class-map match-any system-cpp-police-system-critical
  description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
! 
!
!
!
!
!
!
!
!
!
interface Loopback0
 no ip address
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 ip address 192.168.77.107 255.255.255.0
 negotiation auto
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
 no switchport
 ip address 192.168.75.1 255.255.255.0
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/5
!
interface TenGigabitEthernet1/1/6
!
interface TenGigabitEthernet1/1/7
!
interface TenGigabitEthernet1/1/8
!
interface FortyGigabitEthernet1/1/1
!
interface FortyGigabitEthernet1/1/2
!
interface TwentyFiveGigE1/1/1
!
interface TwentyFiveGigE1/1/2
!
interface Vlan1
 no ip address
 shutdown
!
ip default-gateway 192.168.254.254
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
!
!
!
!
control-plane
 service-policy input system-cpp-policy
!
!
line con 0
 stopbits 1
line vty 5 15
!
!
!
!
!
!
!
end

Richard Burts · ‎09-17-2020

Thanks for the information that I requested. It does show that G1/0/11 is connected and is a routed port. show arp does confirm that the switch port is operational and has the IP address that you expect. I do not see anything in the config that would explain this issue. I did wonder about enabling ip routing, but decided that it should not make a difference. I noticed that the default gateway points to something that is not connected and so would not work. But that does not impact what you are trying to do which is communicate with a directly connected device.

show arp does tell us that the switch is not seeing the PC. I wonder if that might be an issue with timing. Would you make another attempt on the switch to access the PC and then immediately do another show arp? (a simple ping should be good enough)

Could you post the output of these commands (or other appropriate commands if it is not a Windows PC) after having the PC attempt to ping the switch address

ipconfig

arp -a

HTH

Rick

rangerdon · ‎09-17-2020

First, information from the switch:

co2061-9300-07#ping 192.168.75.14
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.75.14, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
co2061-9300-07#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.75.1

Next from the pc I am trying to reach (192.168.75.14) -- please note the pertinent interface is p1p1:

[root@co2061-14 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 50:9a:4c:47:66:3c brd ff:ff:ff:ff:ff:ff
    inet 192.168.254.14/24 brd 192.168.254.255 scope global noprefixroute dynamic enp0s31f6
       valid_lft 14477sec preferred_lft 14477sec
3: p1p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 68:05:ca:47:c6:90 brd ff:ff:ff:ff:ff:ff
    inet 192.168.75.14/24 brd 192.168.75.255 scope global noprefixroute p1p1
       valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:05:58:ea brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:05:58:ea brd ff:ff:ff:ff:ff:ff


[root@co2061-14 ~]# ping 192.168.75.1
PING 192.168.75.1 (192.168.75.1) 56(84) bytes of data.
From 192.168.75.14 icmp_seq=10 Destination Host Unreachable
From 192.168.75.14 icmp_seq=11 Destination Host Unreachable
From 192.168.75.14 icmp_seq=12 Destination Host Unreachable
From 192.168.75.14 icmp_seq=13 Destination Host Unreachable
^C
--- 192.168.75.1 ping statistics ---
14 packets transmitted, 0 received, +4 errors, 100% packet loss, time 13001ms
pipe 4
         
[root@co2061-14 ~]# arp -a
gateway (192.168.254.254) at 00:1b:21:42:a3:57 [ether] on enp0s31f6
? (192.168.254.13) at 50:9a:4c:47:64:51 [ether] on enp0s31f6
? (192.168.254.30) at 68:05:ca:89:77:75 [ether] on enp0s31f6
co2048-nat.ece.iastate.edu (10.24.87.86) at 00:1b:21:42:a3:57 [ether] on enp0s31f6
? (192.168.254.1) at 18:66:da:19:c6:79 [ether] on enp0s31f6
? (192.168.75.1) at <incomplete> on p1p1

balaji.bandi · ‎09-17-2020

Couple of observation, what is the PC IP address ?

as per ARP i can only see Device IP in the ARP, i do not see PC or Laptop address in the ARP table, are you able to ping each other ?

you network is 192.168.75.X and your default gateway ?

ip default-gateway 192.168.254.254

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

rangerdon · ‎09-17-2020

The management port allows connectivity to the switch from one machine. Once inside the switch I cannot ping through the port with the assigned IP. I am following the same procedure I used to configure the previous switches and while it worked on 11 other switches it is not working here. Switches had identical configurations except for the IP of the management port. Steps takes to configure the IP are below:

configure terminal
interface gigabitEthernet 1/0/1
no switchport
ip address 192.168.75.1 255.255.255.0
end

Once this is done on the switch and port in question I can then ping from within the management session to the IP of the client machine.:

Here is a snippet from an identical switch:

show running-config
.
.
.

interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 ip address 192.168.77.106 255.255.255.0
 negotiation auto
!
interface GigabitEthernet1/0/1
 no switchport
 ip address 192.168.75.1 255.255.255.0
.
.
.
co2061-9300-06#ping 192.168.75.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.75.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms



co2061-9300-06#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.75.1            -   10b3.c632.64e4  ARPA   GigabitEthernet1/0/1
Internet  192.168.75.12           0   6805.ca4a.9376  ARPA   GigabitEthernet1/0/1

Reza Sharifi · ‎09-17-2020

Hi,

Can you enable "ip routing" on the switch and try again?

Also, no need for this as there is no IP on the switch in this segment.

ip default-gateway 192.168.254.254

HTH

rangerdon · ‎09-17-2020

I enabled it and it didn't seem to make a difference.

kapydan88 · ‎09-17-2020

Hello.

Do you use routing protocol, like ospf, eigrp etc?

rangerdon · ‎09-17-2020

No... nothing fancy like that. These switches are just used to teach basic ios commands to students, allow them to configure a vlan, setup a small dhcp server, capture and analyze network traffic, etc. Each switch is connected to one linux pc by a management port and to another linux pc via one of the 24 ports available on the switch.

While I am by no means proficient in ios the fact this worked on 11 other switches, but not this one seems to point to a hardware issue in my mind, especially since the configs are consistent across switches.