Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
832
Views
0
Helpful
7
Replies

different from the default gateway for connecting to tools.cisco.com

kapydan88
Level 4
Level 4

‎02-04-2020 04:58 AM

Hello for everybody.

 

We have cat 9500 with ip management 192.168.100.2/24 and ip default-gateway 192.168.100.1. Unfortunately, there is no connection to external inet from this interface. Especifically for this purpose, i created another interface 192.168.101.2, which has Internet access. Is this possible to use this interface for connection to tools.cisco.com for activation dna license?

 

int vlan 2 192.168.101.2/24

 

maybe im wrong, but this should be smt like 

ip http client source-interface Vlan2

Labels:
0 Helpful
7 Replies 7

Mark Malone
VIP Alumni
VIP Alumni

‎02-04-2020 09:06 AM

Hi looks good

If communication to tools.cisco.com needs to be originated from the interface in specific VRF (e.g. Mgmt-vrf), then the following CLI needs to be configured:

(config)#ip http client source-interface <VRF_INTERFACE>



from my 95s
(config)#ip http client source-interface ?
ANI Autonomic-Networking virtual interface
AccessTunnel Access Tunnel interface
Auto-Template Auto-Template interface
BDI Bridge-Domain interface
CEM-PG Circuit Emulation interface with Protection group
FortyGigabitEthernet Forty Gigabit Ethernet
GMPLS MPLS interface
GigabitEthernet GigabitEthernet IEEE 802.3z
InternalInterface Internal Interface
LISP Locator/ID Separation Protocol Virtual Interface
Loopback Loopback interface
Null Null interface
PROTECTION_GROUP Protection-group controller
Port-channel Ethernet Channel of interfaces
SDH_ACR Virtual SDH-ACR controller
SERIAL-ACR Serial interface with ACR
TLS-VIF TLS Virtual Interface
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Tunnel-tp MPLS Transport Profile interface
VirtualPortGroup Virtual Port Group
Vlan Catalyst Vlans
nve Network virtualization endpoint interface

0 Helpful

kapydan88
Level 4
Level 4
In response to Mark Malone

‎02-04-2020 11:50 AM

from my switch

 

mps-9500-core#sh ip int br | i Vlan
Vlan1 192.168.100.2 YES NVRAM up up
Vlan2 192.168.101.2 YES manual up up
mps-9500-core#sh run | i ip default-gateway
ip default-gateway 192.168.100.1
mps-9500-core#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
mps-9500-core#ping 8.8.8.8 source vlan 2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.101.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 17/17/18 ms
mps-9500-core#

0 Helpful

kapydan88
Level 4
Level 4
In response to Mark Malone

‎02-04-2020 11:32 PM - edited ‎02-04-2020 11:38 PM

and i have question about smt like "lookup of cli". 

 

mps-9500-core#ping 8.8.8.8 source vlan 2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.101.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 19/19/20 ms
mps-9500-core#ping tools.cisco.com source vlan 2

                                                           ^
% Invalid input detected at '^' marker.

mps-9500-core#

 

 

Is this possible to fix it? Maybe i should select dns server for vlan 2 only?

If i understood correctly, its - ip name-server 4.2.2.2 8.8.8.8 for example, but for vlan 2 only...

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to kapydan88

‎02-05-2020 04:19 AM

Is this possible to fix it? Maybe i should select dns server for vlan 2 only?

i thought that was only available on NX software not catalyst on 9500, i dont see it available on my 95 cats like below 9k nexus cli output , from IOS-XE switches or routers i dont see those options , i have only licensed these by the actual mgmt port so far

another option is convert the smart license to PAK traditional and apply it that way , but depending on your image you may have to roll back or just allow access to the internet through the 192.168.100 network temporarily


ip dns source-interface ?
ethernet Ethernet IEEE 802.3z
loopback Loopback interface
mgmt Management interface
port-channel Port Channel interface
vlan Vlan interface
0 Helpful

kapydan88
Level 4
Level 4
In response to Mark Malone

‎02-05-2020 11:20 AM

this is possible commands

 

mps-9500-core#conf t
Enter configuration commands, one per line. End with CNTL/Z.
mps-9500-core(config)#ip dn?
dns

mps-9500-core(config)#ip dn
mps-9500-core(config)#ip dns s?
server spoofing

mps-9500-core(config)#ip dns ?
name-list Regular expression name-list
primary Configure primary DNS server
server Enable DNS server
spoofing Configure DNS spoofing
view Configure a DNS view
view-list Configure a DNS view-list

mps-9500-core(config)#ip dns se
mps-9500-core(config)#ip dns server ?
queue Configure queue parameters
view-group Configure a DNS view-list for global use on this system
<cr> <cr>

mps-9500-core(config)#dn
mps-9500-core(config)#dn?
% Unrecognized command
mps-9500-core(config)#na
mps-9500-core(config)#
mps-9500-core#na?
name-connection

mps-9500-core#ip dn
mps-9500-core#ip dn?
% Unrecognized command
mps-9500-core#

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to kapydan88

‎02-06-2020 01:26 AM

So there is no option to source DNS off the vlan 2 int going outbound , i checked one over test 95s and its the same , only my nx switches have that option ,you could probably force it by acls by blocking DNS out the other exit interfaces
0 Helpful

kapydan88
Level 4
Level 4
In response to Mark Malone

‎02-06-2020 12:08 PM

I can try to change default-gateway. But can this switch ping any node by name, not only by ip.

For example ping tools.cisco.com and ping 72.163.4.38.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card