Solved: Router-on-a-Stick VLAN not passing traffic

joshua.parrish@esc9.net · ‎03-10-2018

I'm having an issue getting traffic across a trunk link to a router-on-a-stick. I have a Cisco Catalyst 4500 switching VLAN traffic to a Cisco ASR 1000 router. Catalyst links to ASR between int Gi2/11 (Cata) and Gi0/0/3 (ASR). Another device attaches to the Catalyst on port Gi2/15 (and tags the VLAN).

All relevant interfaces show status up up. I can ping from the attached device (10.30.0.3) to the Catalyst VLAN 30 interface (10.30.0.2), but cannot get any response from the ASR interface. I can ping the 10.30.0.1 internally on the ASR, but cannot reach other IPs. Everything to my eye seems correct. Am I missing something??

Catalyst switch has the following relevant configuration:

vlan 30

interface GigabitEthernet2/11

description uplink to ASR

switchport trunk allowed vlan 30

switchport mode trunk

interface GigabitEthernet2/15

description uplink to ASR

switchport trunk allowed vlan 30

switchport mode trunk

interface Vlan30

description test int vlan30

ip address 10.30.0.2 255.255.255.0

ASR has the following relevant config:

interface GigabitEthernet0/0/3

description uplink to Catalyst

no ip address

negotiation auto

interface GigabitEthernet0/0/3.30

encapsulation dot1q 30

ip address 10.30.0.1 255.255.255.0

Richard Burts · ‎03-12-2018

Thanks for the information. The output of show interface trunk does confirm that the switch is carrying vlan 30 on the trunk. The output of show ip interface brief does confirm correct addressing and that interfaces are up. The interesting and more important outputs are the fact that there is no arp information indicates that the devices are not communicating at layer 2, and that show cdp neighbor does not indicate that the devices are seeing each other on this connection. Both these things seem to indicate some problem in the connection. I would suggest that you check the connections carefully (trace cables, disconnect a cable and see if both devices react to that. etc)

HTH

Rick

HTH

Rick

View solution in original post

Reza Sharifi · ‎03-10-2018

Do you have a default route on the 4500 pointing to the ip address of the ASR?

ip route 0.0.0.0 0.0.0.0 10.30.0.1

joshua.parrish@esc9.net · ‎03-10-2018

I actually have a default route on the catalyst to another interface on the
ASR. But, that shouldnt matter, should it? Since these two interfaces are
in the same subnet, they should be reachable at the link layer.

I ultimately hope to use this VLAN with a VRF interface on the ASR to
create an isolated internal-use subnet. But I can’t start with VRF until I
can get this VLAN link issue resolved.

Reza Sharifi · ‎03-10-2018

For test purpose, can you make a change at a time and test?

remove the ip address from the svi on the 4500 or just delete it and see if you can reach the ASR from the laptop.

If that does not help and if this is not in production, can try removing the default route that is pointing to the other interface temporarily and test.

HTH

Julio E. Moisa · ‎03-10-2018

Hi

Are you able to make ping from the Catalyst?

ping 10.30.0.1 source vlan 30

do you see up up the interfaces?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

joshua.parrish@esc9.net · ‎03-10-2018

I do see up up on the ASR interface and subinterface, and Catalyst switch interface and VLAN interface. I cannot ping from either side, which is the source off my confusion. I’ve double checked syntax and have tried specifying a source IP (or VLAN). Not sure why they would not be reachable? I can pinging from the attached device on Catalyst int 2/15 to the Catalyst VLAN 30 interface and back.

Richard Burts · ‎03-11-2018

Could you post the output from these commands

show interface trunk on the switch

show ip interface brief on both switch and ASR

show cdp neighbor on both switch and ASR

show arp on the ASR

HTH

Rick

HTH

Rick

joshua.parrish@esc9.net · ‎03-12-2018

Catalyst switch:

show int trunk

Port Mode Encapsulation Status Native vlan

Gi2/11 on 802.1q trunking 1

Gi2/15 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi2/11 30

Gi2/15 30,40

Port Vlans allowed and active in management domain

Gi2/11 30

Gi2/15 30,40

Port Vlans in spanning tree forwarding state and not pruned

Gi2/11 30

Gi2/15 30,40

show ip int br

Interface IP-Address OK? Method Status Protocol

GigabitEthernet2/11 unassigned YES unset up up

GigabitEthernet2/15 unassigned YES unset up up

Vlan30 10.30.0.2 YES manual up up

show cdp neighbor

No info on relevant interfaces

ASR Router:

show ip int br

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0/3 unassigned YES manual up up

Gi0/0/3.30 10.30.0.1 YES manual up up

show cdp neighbors

No info on relevant interfaces

show arp Gi0/0/3.30

Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.30.0.1 - b0aa.779a.0c05 ARPA GigabitEthernet0/0/3.30

Richard Burts · ‎03-12-2018

Thanks for the information. The output of show interface trunk does confirm that the switch is carrying vlan 30 on the trunk. The output of show ip interface brief does confirm correct addressing and that interfaces are up. The interesting and more important outputs are the fact that there is no arp information indicates that the devices are not communicating at layer 2, and that show cdp neighbor does not indicate that the devices are seeing each other on this connection. Both these things seem to indicate some problem in the connection. I would suggest that you check the connections carefully (trace cables, disconnect a cable and see if both devices react to that. etc)

HTH

Rick

HTH

Rick

joshua.parrish@esc9.net · ‎03-12-2018

You were right. I just swapped out the SFP modules on both the catalyst and ASR. After replacement, both sides of the link are now reachable using ICMP. I do have the Catalyst's VLAN352 interface MAC in the ARP table of the ASR now. It appears that it was some physical layer issue, even though both interfaces showed up up.

Thanks everyone for your time and insight.

Richard Burts · ‎03-12-2018

I am glad to know that you have been able to solve this problem and that my suggestion pointed you in the right direction. It is an interesting aspect of this discussion that the interfaces showed as being up even though they were not passing traffic. When we are facing a problem we tend to start by looking for configuration issues. A lesson that some readers of the forum may take away from this discussion is that we also need to be open to the possibility that the problem might be a physical one.

HTH

Rick

HTH

Rick