Not able to trace the end host IP connected on Catalyst 6500 switch.

akgupt89 · ‎02-09-2021

I am facing issue will tracing the IP of end host directly connected on my catalyst switch. But at the same time I am able to ping the same IP from other network and CORE switch. Even I was not able to trace the VLAN (L3 interface) IP also but after enabling "ip reachable" now VLAN IP is tracing but still end host trace is getting failed.

CORE-SW#sh ip route 10.10.115.20
Routing entry for 10.10.115.0/25
Known via "connected", distance 0, metric 0 (connected, via interface)
Redistributing via ospf 10
Advertised by ospf 10 metric-type 1 subnets
Routing Descriptor Blocks:
* directly connected, via Vlan100
Route metric is 0, traffic share count is 1
CORE-SW#ping 10.10.115.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.115.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
CORE-SW#trace 10.10.115.20
Type escape sequence to abort.
Tracing the route to 10.10.115.20
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *

balaji.bandi · ‎02-09-2021

Steps to follow : (first find where this MAC Address reside) (it also show Vlan100 conencted)

show ip arp 10.10.115.20 (will give you ARP MAC address) - check where it learning from ? ( end it shows what vlan)

show mac address-table | in xxxx.xxxx.xxxx show it connected or coming from.

you are not able ping due to ACL or something which is stopping.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

akgupt89 · ‎02-09-2021

I followed the steps suggested by you, there is no ACL configured on interface. Also ping is working, facing issue only for trace. I think trace work on UDP so if you can suggest me anything from UDP blocking point of view.

balaji.bandi · ‎02-09-2021

Post the complete show run config ( we can not read what is configured there) to suggest for now.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

akgupt89 · ‎02-09-2021

Sorry Balaji, sharing whole config will not be possible because it's production CORE switch. Please let me know if you need any specific relevant configuration

Georg Pauwen · ‎02-09-2021

Hello,

--> I am facing issue will tracing the IP of end host directly connected on my catalyst switch

Does the switch have a management IP address configured ? This address will be the default source of the traceroute, so it must be reachable from the core switch.

That means, your switch needs something like the below:

interface Vlan 1

ip address 192.168.1.2 255.255.255.0

!

ip default-gateway 192.168.1.1

IP addressing is arbitrary obviously.

Actually, post the full running configuration of the Catalyst switch from which you are initiating the traceroute.

akgupt89 · ‎02-09-2021

Hello Georg,

I have VLAN110 created for management purpose and trying to trace IP of VLAN100. Also have default gateway configured.

interface Vlan100
description VMware Management
ip address 10.10.115.2 255.255.255.128
ip helper-address 10.10.100.14
no ip redirects
no ip proxy-arp
standby 100 ip 10.10.115.1
standby 100 priority 255
standby 100 preempt

interface Vlan110
description Switch Management Vlan
ip address 10.10.102.151 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
standby 110 ip 10.10.102.129
standby 110 priority 110
standby 110 preempt

CORE-SW#sh run | s gateway
ip default-gateway 10.10.102.129

Giuseppe Larosa · ‎02-09-2021

Hello @akgupt89 ,

your CORE-SW is running OSPF so it is acting as a multilayer switch as expected from a Catalyst 6500.

As a result of having ip routing enabled the configuration of the default gateway is useless and not related to your issue.

Once you have enabled the sending of ICMP unreachable on SVI vlan 110 you have done your job if the host 10.10.115.20 does not answer to traceroute it may have a SW firewall running on it that it is blocking further sending of ICMP unreachables originated by the host itself.

if the host can be pinged from another subnet its default gateway is correct and you are fine.

Contact the colleagues managing the server about the traceroute issue.

Hope to help

Giuseppe

akgupt89 · ‎02-09-2021

Hello Giuseppe,

Thanks for your observation. You are right I am running OPSF on this CORE switch. But this issue I am facing for all end host IP's belonging to same VLAN.

Georg Pauwen · ‎02-09-2021

Hello,

what if you use an extended traceroute where you can specify the source ? I don't remember the exact syntax on the 6500s, but if you type 'traceroute' and hit <ENTER> it should give you extended options. Try the physical (10.10.115.2) and the standby IP address (10.10.115.1) as sources.