Question: WS-C6506-E 'ip routing' command

GatLMCO · ‎08-26-2024

I was trying to send the following command to WS-C6506-E as follows,

>config t

>ip routing

The Switch responded with:

>Incomplete command

so,

>ip routing ?

Protocol Purge Route

>ip routing protocol ?

Purge Route

Would you please explain what all that means? What is the impact of those commands.

Thanks

MHM Cisco World · ‎08-26-2024

MHM

GatLMCO · ‎08-26-2024

Please my original post
Thanks

marce1000 · ‎08-26-2024

- FYI : https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/command/iri-cr-book/iri-cr-a1.html#wp7831141160
+ Consider How to Ask The Community for Help

Often these are topics that can 'easily answered' by search engines (e.g.)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

GatLMCO · ‎08-26-2024

Thanks for your response, Your point is understood. I am working on an operational ' Primary VTP Core router ' and I have not found similar issues.

For instance on the following router instructions

Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# no ip routing protocol purge interface
Router(config)# end

The 'no ip routing protocol purge interface' what is this command instructing the router to perform?
Thanks

Joseph W. Doherty · ‎08-26-2024

On a 6500 (depending on sup), "ip routing", alone, may not be an option (as always on), so additional parameters may not be optional. As to what those two parameters mean, should be documented. An example is shown by @marce1000 's reference.

GatLMCO · ‎08-26-2024

Thanks for the helpful response. As I found out sending the 'ip routing' command in global executive is not enough. More is required otherwise the response is incomplete. So my biggest problem is now knowing what will the protocol 'purge' or 'route' will do to my main core router routing table.
Thanks again

GatLMCO · ‎08-26-2024

Thanks for the helpful response. As I found out sending the ‘ip routing’ command in global executive is not enough. More is required otherwise the response is incomplete. So my biggest problem is now knowing what will the protocol ‘purge’ or ‘route’ will do to my main core router routing table.

Thanks again

MHM Cisco World · ‎08-26-2024

show module
you need MSFC to run routing command as I know

MHM

GatLMCO · ‎08-26-2024

Ok, can you elaborate on how to run the MSFC as that is part of supervisor engine and we believe that is running.
The problem is a vlan tagging issue between the core-switch and FW. Packet captures at FW indicate ip's source and destination is fine. But the vlan tag is getting swapped with incorrect vlan. We think the 'ip routing' command will fix the issue.

MHM Cisco World · ‎08-26-2024

If MSFC module is available that good.

For FW and Core-SW (6800)

You use subinterface or vlan in FW?

MHM

GatLMCO · ‎08-26-2024

Yes, subinterfaces as shown in example below.

NGFW Version 7.0.1
!
Interface Ethernet1/2
Propagate sgt preserve-untag
Policy static sgt disabled trusted
Security-level 0
no Ip address
!
Interface Ethernet1/2.20
Vlan 20
nameif vlan20
cts manual
Propagate sgt preserve-untag
Policy static sgt disabled trusted
Security-level 0
Ip address 10.10.10.1 255.255,255.128
!
Interface Ethernet1/2.30
Vlan 30
nameif vlan30
cts manual
Propagate sgt preserve-untag
Policy static sgt disabled trusted
Security-level 0
Ip address 10.10.10.130 255.255,255.128

Thanks

MHM Cisco World · ‎08-26-2024

Vlan 20 and vlan 30 add into core SW ?

So which traffic it vlan tag swap?

Is it mgmt traffic for SW?

MHM

GatLMCO · ‎08-26-2024

Good question.
While looking at InterVLAN connectivity issues between the Core-router and Firepower, showed based on Firepower Trace Matching ICMP Packet Captures when a static route is added to pass traffic from a specific Subnet all other traffic on second VLAN starts to drop. See example,
Good vlan tag:
Show capture cap1
1: 19:00:13.025557 192.168.30.10 > 10.10.10.3 icmp: echo request
2: 19:00:13.025999 802.1Q vlan#20 P0 192.168.30.10 >10.10.10.3 icmp: echo request
3: 19:00:13.026732 802.1Q vlan#20 P0 10.10.10.3 > 192.168.30.10 icmp: echo reply
4: 19:00:13.026869 192.168.30.10 > 10.10.10.3 icmp: echo request
5: 19:00:13.028089 802.1Q vlan#20 P0 192.168.30.10 >10.10.10.3 icmp: echo request
3: 19:00:13.028525 802.1Q vlan#20 P0 10.10.10.3 > 192.168.30.10 icmp: echo reply

Bad vlan tag
Show capture cap1
1: 19:29:55.622495 192.168.30.10 > 10.10.10.130 icmp: echo request
2: 19:29:55.623426 802.1Q vlan#30 P0 192.168.30.10 >10.10.10.130 icmp: echo request
3: 19:29:55.623869 802.1Q vlan#20 P0 10.10.10.130 > 192.168.30.10 icmp: echo reply
4: 19:29:57.578079 192.168.30.10 > 10.10.10.130 icmp: echo request
5: 19:00:13.578278 802.1Q vlan#30 P0 192.168.30.10 > 10.10.10.130 icmp: echo request
6: 19:00:13.578751 802.1Q vlan#20 P0 10.10.10.130 > 192.168.30.10 icmp: echo reply