Re: Connect Carrier i-Vu XT Router XT-RB to a Cisco 9300 switch

Rick001 · ‎05-22-2024

We have a Carrier i-Vu XT Router XT-RB for HVAC control that was connected to a PC in the HVAC room. They want to move the PC to another building. I tried connecting the Ethernet cable to our Cisco 9300 switch using a HVAC VLAN. The IP for the router according to the PC is 192.68.24.8. The PCs IP is 192.68.24.7. I cannot ping the router from the switch. The PC cannot ping the router even though they are all on the same VLAN.

The switch port description is the following:

Code:

interface GigabitEthernet1/0/15
 description  HVAC
 switchport access vlan 202
 switchport mode access
 switchport nonegotiate
 switchport block unicast
 spanning-tree portfast
 spanning-tree bpduguard enable
end

Code:

#sh  int g1/0/15        
GigabitEthernet1/0/15 is up, line protocol is up (connected) 
  Hardware is Gigabit Ethernet, **bleep** is 8024.0000.0000 (bia 8024.0000.0000)
  Description: HVAC
  MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  **ll-duplex, 10Mb/s, media type is 10/100/1000BaseTX
  input flow-control is on, output flow-control is unsupported 
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters 00:02:03
  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles 
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     81 packets output, 11306 bytes, 0 underruns
     Output 0 broadcasts (69 multicasts)
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

Sometimes the Mac **bleep** shows other like now, it does not.

Code:

# sh mac add int g1/0/15
          Mac **bleep** Table
-------------------------------------------

Vlan    Mac **bleep**       Type        Ports
----    -----------       --------    -----

The TDR cable diagnostics checks out

Code:

#test cable-diagnostics tdr int g1/0/15
Link state may be affected during TDR test
TDR test started on interface Gi1/0/15
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.

Code:

#sh cable-diagnostics tdr int g1/0/15  
TDR test last run on: May 22 11:19:15

Interface   Speed Local pair Pair length        Remote pair Pair status
---------   ----- ---------- ------------------ ----------- --------------------
Gi1/0/15    auto  Pair A     0    +/- 1  meters Pair B      Normal              
                  Pair B     0    +/- 1  meters Pair A      Normal              
                  Pair C     0    +/- 1  meters N/A         Normal              
                  Pair D     0    +/- 1  meters N/A         Normal

Has anyone tried this setup? Any suggestions?

Reza Sharifi · ‎05-22-2024

Any difference if you remove these commands?

switchport nonegotiate
 switchport block unicast

Rick001 · ‎05-22-2024

@Reza Sharifi wrote:
Any difference if you remove these commands?
switchport nonegotiate
 switchport block unicast

Removed it on both switches, but don't really see any difference. The PC side is not showing me the MAC **bleep**, but the router side is, but can't ping it.

Georg Pauwen · ‎05-22-2024

Hello,

is the Carrier i-Vu XT Router XT-RB connected to that same switch ?

Rick001 · ‎05-22-2024

@Georg Pauwen wrote:
Hello,
is the Carrier i-Vu XT Router XT-RB connected to that same switch ?

Upon further inspection the port info I provided originally is the switch that the PC connects to in the other building.

The switch where the router is connected to has the following config:

#sh run int g2/0/3
Building configuration...

Current configuration : 271 bytes
!
interface GigabitEthernet2/0/3
description HVAC
switchport access vlan 202
switchport mode access
switchport nonegotiate
switchport block unicast
storm-control action shutdown
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
end

#sh mac **bleep**-table int g2/0/3
Mac **bleep** Table
-------------------------------------------

Vlan Mac **bleep** Type Ports
---- ----------- -------- -----
202 00e0.0000.0000 DYNAMIC Gi2/0/3

sh ip arp 00e0.0000.0000 doesn't output anything. Still can't ping the HVAC router. Checked the logs, but don't see anything.

Rick001 · ‎05-24-2024

So I am using another laptop and managed to connect directly to the router and ping.
I set up another port with the same vlan and interface specs and connected my laptop and tried to ping the router and it replied. So it seems to be working. I cannot ping the router from the switch itself.
I tried adding the following ACL where 10.10.0.0 is my switch IP range.

ip access-list extended HVAC-ACL
10 permit icmp 10.10.10.0 0.0.15.255 192.68.24.0 0.0.0.255 echo log
20 permit icmp 10.10.10.0 0.0.15.255 192.68.24.0 0.0.0.255 echo-reply log

I don't see anything denied in the sh log.

Reza Sharifi · ‎05-24-2024

Can you post the output of "sh run" from the switch?

Also, is there any difference if you remove the access list altogether?

HTH

Rick001 · ‎05-24-2024

The switch configuration is quite extensive and have to edit out a lot to be able to post here...

Reza Sharifi · ‎05-24-2024

Ok, does the switch have an SVI configured for vlan 202 with an IP address?

"sh run int vlan 202" should show that.

HTH

Rick001 · ‎05-24-2024

No SVI configured for that VLAN anywhere on the network.

The 9300 switch where the router is connected to connects to one of the 9606 cores which in turn connects to another 9300 in the other building where the PC is.

Reza Sharifi · ‎05-24-2024

So, to ping from that switch to the router, the switch needs to have an IP address. So, as a minimum, you need one SVI with an IP in the same range as the router.

config t

interface vlan xx

ip adress x.x.x.x 255.255.x.x

no sh

HTH

Rick001 · ‎05-28-2024

@Reza Sharifi wrote:
So, to ping from that switch to the router, the switch needs to have an IP address. So, as a minimum, you need one SVI with an IP in the same range as the router.
config t
interface vlan xx
ip adress x.x.x.x 255.255.x.x
no sh
HTH

On the core switch I edited the vlan info as the following:

interface Vlan202
no ip address
no ip proxy-arp
end

On the switch where the router is connected I set up the VLAN as follows:

interface Vlan202
ip address 192.68.24.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf 1 area 0
no autostate
end

I went back to the switch that's connected to the router and I was able ping the router from there. It also shows up in the sh ip arp table now.

I understand that I need to open up the UDP port 47808 and TCP Ports 80 and 443. On which switch would I need to add the ACL?

Rick001 · ‎05-29-2024

I noticed that even though from the switches including my PC (different subnet) I can ping the HVAC router, I cannot from the PC. It has configured the IP 192.68.24.7 and default gateway 192.68.24.1.

Rick001 · ‎05-30-2024

I did a show spanning-tree vlan 202 on both switches and the core with the following results:

Switch connected to the router:

MST0
  Spanning tree enabled protocol mstp
  Root ID    Priority    0
             Address     0000.0000.0080
             Cost        0
             Port        151 (TenGigabitEthernet2/1/3)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    8192   (priority 8192 sys-id-ext 0)
             Address     0000.0000.0010
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Te1/1/3             Altn BLK 20000     128.55   P2p   *Switch to Core 1*
Gi2/0/3             Desg FWD 20000     128.99   P2p Edge *HVAC router*
Te2/1/3             Root FWD 20000     128.151  P2p *Switch to Core 2*

Switch connected to PC:

MST0
  Spanning tree enabled protocol mstp
  Root ID    Priority    0
             Address     0000.0000.0080
             Cost        0
             Port        49 (GigabitEthernet1/1/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    53248  (priority 53248 sys-id-ext 0)
             Address     0000.0000.1b00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/15            Desg FWD 2000000   128.15   P2p Edge *PC*
Gi1/1/1             Root FWD 20000     128.49   P2p *Trunk to Switch connected to Router*

Core Router 1:

MST0
  Spanning tree enabled protocol mstp
  Root ID    Priority    0
             Address     0000.0000.0080
             Cost        0
             Port        2089 (Port-channel1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4096   (priority 4096 sys-id-ext 0)
             Address     0000.0000.0300
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Twe1/0/1            Desg FWD 20000     128.1    P2p *Trunk to HVAC Switch*
Twe2/0/7            Desg FWD 20000     128.103  P2p *Trunk to PC Switch*
Po1                 Root FWD 1000      128.2089 P2p *Trunk to Core 2*