encapulsation faild - Page 2

Mustapha Bassim · ‎07-02-2022

Hello Dears

I have an issue when i trying to reach a server on my network with ping it's reachable but when i make traffic for radius (authenticated the device using radius) it's gave me on encapsulation fail

Best Regards

MHM Cisco World · ‎07-03-2022

as I know the 9000 is now and there are many bug and I think this is bug.
but

workaround can solve your issue
config static arp entry in your SW.

Mustapha Bassim · ‎07-03-2022

I try to add ARP but the same issue

MHM Cisco World · ‎07-03-2022

static arp add for next hop of route toward ISE not the ISE ip address.

MHM Cisco World · ‎07-04-2022

final review

9200-ISE
*1*
9200 global "no VRF config"
ISE <<- reachable via global 9200
both ping and radius is success
**2**
9200 vrf config
ISE <<- reachable via global 9200

here is misunderstand
ping success radius is failed !!

ping <ISE ip >
success because the ping use nearest IP to destination as source of Ping, so here the management interface will not use as source of ping

to check
ping vrf mangement <ISE IP> source <management interface>
this must be success.

radius is failed why?
because we specify the source ip of radius packet and management VRF is not reachable to ISE "because ISE is reachable via global"

after all what is solution

ip route vrf management <ISE subent> <interface global>

Mustapha Bassim · ‎07-04-2022

hello dear

ping <ISE ip >
success because the ping use nearest IP to destination as source of Ping, so here the management interface will not use as source of ping

about this point , the ping is fail because there is no IP on the switch it's just a layer 2 switch with some of VLANs and Trunk configuration just had one IP on Management interface

MHM Cisco World · ‎07-05-2022

I am so sure that I see same issue one months ago but couldn't find it.

the solution was config L2 Sw to L3 SW with add ip routing

then config ip route instead of use default gateway.

why this solution ? because VRF need L3 to work.