cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
956
Views
5
Helpful
20
Replies

encapulsation faild

Mustapha Bassim
Level 1
Level 1

Hello Dears

 

I have an issue when i trying to reach a server on my network with ping it's reachable but when i make traffic for radius (authenticated the device using radius) it's gave me on encapsulation fail 

 

Best Regards

20 Replies 20

as I know the 9000 is now and there are many bug and I think this is bug.
but 

 

workaround can solve your issue 
config static arp entry in your SW.

I try to add ARP but the same issue 

static arp add for next hop of route toward ISE not the ISE ip address.

final review 

9200-ISE 
*1*
9200 global "no VRF config"
ISE <<- reachable via global 9200 
both ping and radius is success 
**2**
9200 vrf config 
ISE <<- reachable via global 9200

here is misunderstand 
ping success radius is failed !!

ping <ISE ip > 
success because the ping use nearest IP to destination as source of Ping, so here the management interface will not use as source of ping

to check
ping vrf mangement <ISE IP> source <management interface> 
this must be success.

radius is failed why?
because we specify the source ip of radius packet and management VRF is not reachable to ISE "because ISE is reachable via global"



after all what is solution 

ip route vrf management <ISE subent> <interface global>

 

hello dear

 

ping <ISE ip >
success because the ping use nearest IP to destination as source of Ping, so here the management interface will not use as source of ping

 

about this point , the ping is fail because there is no IP on the switch it's just a layer 2 switch with some of VLANs and Trunk configuration just had one IP on Management interface  

I am so sure that I see same issue one months ago but couldn't find it.

 

the solution was config L2 Sw to L3 SW with add ip routing 

then config ip route instead of use default gateway.

 

why this solution ? because VRF need L3 to work.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco