Re: Management traffic dropping

MikeyP · ‎09-25-2017

I'm having an issue accessing the management VLAN/IPs of my network behind my 4500X which is acting as the Core/Distribution layer of my site. The issue began occurring after a network upgrade, we removed a piece of equipment that was acting as the distribution layer for the site and connected to a core, by placing a new 4500X into the mix we decided to have the 4500X become the collapsed core.

All end user traffic flows normally and is not impacted, just our management plane.

4500X Config:

spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-999 priority 4096

Interface Configs:

switchport mode trunk

switchport trunk allowed vlan all

spanning-tree guard root

logging event link-status

Management VLAN config:

IP address 192.168.x.1 255.255.255.0

no ip redirects

no ip proxy-arp

BGP is forwarding the subnet out to the internet

No ACLs preventing traffic to or from the subnet

Access Switch:

Default gateway is set to 192.168.x.1 255.255.255.0

IP addressing in the same subnet 192.168.x.y 255.255.255.0

Spanning-tree priority default 32768

Spanning-tree mode STPG (MSTP)

I've done this upgrade with a total of 30 sites and only 2/30 are having issues if anyone is familiar with any issues like this that have occurred when using mixed hardware it would be much appreciated, however it appears to that the primary cause might be with my 4500X and spanning-tree. I'm always willing to provide more info as needed.

Update: Edited title to better reflect my issue. The real problem is that my traffic for my management subnet over VLAN1 does not respond to pings and does not allow remote sessions to be initiated with the access layer switches behind my 4500X which causes my team members to see alarms populate that are false positives.

There are 0 errors or CRCs on the interface, in addition to that would it be possible to debug and what debug would I want to run to find information that might pin point why I'm having issues with ICMP traffic between devices in my subnet? The 4500X will have to periodically arp to ensure the devices are still up and running which appears to be where the problem is.

sh int status

Port Name Status Vlan Duplex Speed Type
Te1/1 AdminSWT47 connected trunk full a-1000 1000BaseSX
Te1/2 AdminSWT111 connected trunk full a-1000 1000BaseSX
Te1/3 AdminSWT21 connected trunk full a-1000 1000BaseSX
Te1/4 AdminSWT106 connected trunk full a-1000 1000BaseSX
Te1/5 AdminSWT64 connected trunk full a-1000 1000BaseSX
Te1/6 AdminSWT87 connected trunk full a-1000 1000BaseSX
Te1/7 AdminSWT123 connected trunk full a-1000 1000BaseSX
Te1/8 AdminSWT27 connected trunk full a-1000 1000BaseSX
Te1/9 AdminSWT86 connected trunk full a-1000 1000BaseSX
Te1/10 AdminSWT62 connected trunk full a-1000 1000BaseSX
Te1/11 AdminSWT28 connected trunk full a-1000 1000BaseSX
Te1/12 AdminSWT67 connected trunk full a-1000 1000BaseSX
Te1/13 AdminSWT29 connected trunk full a-1000 1000BaseSX
Te1/14 AdminSWT124 connected trunk full a-1000 1000BaseSX
Te1/15 AdminSWT108 connected trunk full a-1000 1000BaseSX
Te1/16 WAN connected routed full a-1000 1000BaseSX
Te1/17 AdminSWT191 connected trunk full a-1000 1000BaseSX
Te1/18 AdminSWT102 connected trunk full a-1000 1000BaseSX
Te1/19 AdminSWT15 connected trunk full a-1000 1000BaseSX
Te1/20 AdminSWT10 connected trunk full a-1000 1000BaseSX
Te1/21 AdminSWT110 connected trunk full a-1000 1000BaseSX
Te1/22 AdminSWT117 connected trunk full a-1000 1000BaseSX
Te1/23 OBMMGMT Switch disabled 1 full auto 1000BaseT
Te1/24 OBMMGMT Switch disabled 1 full auto 1000BaseT
Te1/25 Access Switch connected trunk full a-1000 1000BaseT
Te1/26 disabled 1 full auto No XCVR
Te1/27 disabled 1 full auto No XCVR
Te1/28 disabled 1 full auto No XCVR
Te1/29 disabled 1 full auto No XCVR
Te1/30 disabled 1 full auto No XCVR
Te1/31 disabled 1 full auto No XCVR
Te1/32 disabled 1 full auto No XCVR

Richard Burts · ‎09-25-2017

Would you post the output of show ip interface brief and of show cdp neighbor from the switch?

HTH

Rick

HTH

Rick

MikeyP · ‎09-28-2017

CDP won't be useful as none of the connected access layer switches are Cisco based, they are Nortel(for now)

Interface IP-Address OK? Method Status Protocol
FastEthernet1 unassigned YES unset down down
TenGigabitEthernet1/1 unassigned YES unset up up
TenGigabitEthernet1/2 unassigned YES unset up up
TenGigabitEthernet1/3 unassigned YES unset up up
TenGigabitEthernet1/4 unassigned YES unset up up
TenGigabitEthernet1/5 unassigned YES unset up up
TenGigabitEthernet1/6 unassigned YES unset up up
TenGigabitEthernet1/7 unassigned YES unset up up
TenGigabitEthernet1/8 unassigned YES unset up up
TenGigabitEthernet1/9 unassigned YES unset up up
TenGigabitEthernet1/10 unassigned YES unset up up
TenGigabitEthernet1/11 unassigned YES unset up up
TenGigabitEthernet1/12 unassigned YES unset up up
TenGigabitEthernet1/13 unassigned YES unset up up
TenGigabitEthernet1/14 unassigned YES unset up up
TenGigabitEthernet1/15 unassigned YES unset up up
TenGigabitEthernet1/16 (WAN interface) YES manual up up
TenGigabitEthernet1/17 unassigned YES unset up up
TenGigabitEthernet1/18 unassigned YES unset up up
TenGigabitEthernet1/19 unassigned YES unset up up
TenGigabitEthernet1/20 unassigned YES unset up up
TenGigabitEthernet1/21 unassigned YES unset up up
TenGigabitEthernet1/22 unassigned YES unset up up
TenGigabitEthernet1/23 unassigned YES unset administratively down down
TenGigabitEthernet1/24 unassigned YES unset administratively down down
TenGigabitEthernet1/25 unassigned YES unset up up
TenGigabitEthernet1/26 unassigned YES unset administratively down down
TenGigabitEthernet1/27 unassigned YES unset administratively down down
TenGigabitEthernet1/28 unassigned YES unset administratively down down
TenGigabitEthernet1/29 unassigned YES unset administratively down down
TenGigabitEthernet1/30 unassigned YES unset administratively down down
TenGigabitEthernet1/31 unassigned YES unset administratively down down
TenGigabitEthernet1/32 unassigned YES unset administratively down down
Vlan1 192.168.x.1 YES NVRAM up up

Richard Burts · ‎10-02-2017

Thanks for posting some additional information. So far we have focused on information from the 4500. If most of the switches do work and only two are having the problem perhaps we can get information from a switch having the problem and from a switch that is working and perhaps that will help us identify the issue. Perhaps we can start with show ip interface brief and show interface trunk and show ip route from the switches?

HTH

Rick

HTH

Rick

paul driver · ‎09-25-2017

Hello

Is the mgt vlan being pruned off the trunks, do you have the L2 mgt vlan created?
Is the 4500x in a vss or standalone?

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MikeyP · ‎09-26-2017

Well there doesn't need to be a L2 vlan created as VLAN1 is on by default, I'm thinking of migrating it to VLAN10 but I'll save that as a last resort. We don't use VTP so there is no prunning going on, and the 4500X is in standalone mode.

Richard Burts · ‎09-27-2017

Would you post the output of show ip interface brief and of show cdp neighbor from the switch? It also help to have the output of show interface status.

HTH

Rick

HTH

Rick

sdavis6806 · ‎01-11-2018

I believe that the issue I had is similar to yours. Here is a link where i figured it out.

https://supportforums.cisco.com/t5/small-business-switches/traffic-drops-on-management-interface-vlan/td-p/3304842

Basically, deleting the IPv6 on the management interface solved the issue. Hope it helps.