Solved: nexus 9000 not forwarding L3

timbot18 · ‎08-08-2019

i've got a nexus 9000 (C93108TC-EX) that is connected to another switched network that i do not control that i am trying to forward L3 through. i've setup a vlan interface, and a sub interface on the switch port connected to the other switch, and can ping addresses from the n9k in both subnets, but i can't get anything to go from my n9k clients out the port connected to the other switch. im sure im missing some config, but i'm not sure what it is.

the setup:

n9k->other switch ->other switch ->dell switch

i can ping from the n9k to clients locally and on the dell switch

i cannot ping from clients on the n9k to the dell switch

the other switches are tagged 485, though i have access to an untagged 485 port

my relevant config:

ip route 192.168.180.0/24 Ethernet1/47.1 192.168.180.1
vlan 1-2,100-106,178,180-188,485

vrf context management
ip route 0.0.0.0/0 192.168.5.1

interface Vlan1

interface Vlan100
no shutdown
ip address 192.168.100.4/24

...

interface Ethernet1/47.1
encapsulation dot1q 485
ip address 192.168.180.60/24
no shutdown

...

IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

192.168.1.0/24, ubest/mbest: 1/0, attached
*via 192.168.1.4, Eth1/47, [0/0], 19:20:29, direct
192.168.1.4/32, ubest/mbest: 1/0, attached
*via 192.168.1.4, Eth1/47, [0/0], 19:20:29, local
192.168.100.0/24, ubest/mbest: 1/0, attached
*via 192.168.100.4, Vlan100, [0/0], 19:18:13, direct
192.168.100.4/32, ubest/mbest: 1/0, attached
*via 192.168.100.4, Vlan100, [0/0], 19:18:13, local
192.168.180.0/24, ubest/mbest: 1/0, attached
*via 192.168.180.60, Eth1/47.1, [0/0], 00:26:28, direct
192.168.180.60/32, ubest/mbest: 1/0, attached
*via 192.168.180.60, Eth1/47.1, [0/0], 00:26:28, local

on my clients i have tried setting the default gateway to a pfsense router with a static route for 192.168.180.0/24 to forward to 192.168.100.4. i've also tried setting the gateway on the clients to 100.4. neither works. if i flatten the switch by removing all vlans and routing and assigning clients to the appropriate subnets, they can access the clients on the dell switch. i've also tried with and without the static route line, which i dont think should be necessary, since the ip route shows the switch knows about that net already because of the 1/47.1 interface.

dbeattie · ‎08-09-2019

Obviously, be aware that this might not be your problem routing out to 192.168.180.0/24, but the remote system may not be able to route back to 192.168.100.0/24

Hope this helps.

Dave

View solution in original post

steven_dolan7 · ‎08-09-2019

Hi,

Can you post the configuration?

Steven

dbeattie · ‎08-09-2019

Obviously, be aware that this might not be your problem routing out to 192.168.180.0/24, but the remote system may not be able to route back to 192.168.100.0/24

Hope this helps.

Dave

timbot18 · ‎08-09-2019

this was the problem. what threw me off was a traceroute from a client on the 100 net stopped sending replies after it hit 100.4, so i assumed it wasnt making it past the cisco switch. once i added a route back from a gateway on the dell switch, i was able to ping to the clients there.

i figured it was something simple.

timbot18 · ‎08-09-2019

the relevant config is posted. the only other part that might be is the members of the 100 vlan:

interface Ethernet1/7
switchport access vlan 100

interface Ethernet1/8
switchport access vlan 100

interface Ethernet1/9
switchport access vlan 100

interface Ethernet1/10
switchport access vlan 100

everything else is unconfigured interfaces and the username stuff.