Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17234
Views
40
Helpful
26
Replies

Switch can't ping directly connected Router

Go to solution
CiscoBrownBelt
Level 6
Level 6

‎04-19-2018 06:43 PM - edited ‎03-08-2019 02:43 PM

See attached packet tracer diagram.

Not quite sure what is going on here go 3 issues.

 

1. So the Interconnect Sw Primary is not able to ping the directly connected InterRt Primary.

2. Access Sw 1 can't ping any other sub intefaces on directly connected router, but can ping designated mgmt sub interface which is the 0.0.0.0 route. 

3. What is best summary statement to put on router for static route to ALL 192.168.X  ?

See configs below - left no applicable configs out as configs pretty basic excluding HSRP.

 

InterConSw_Prim#

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

description Trunk2_InterRt_Prim

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan251

mac-address 000c.cf26.8702

ip address 192.168.251.7 255.255.255.0

!

interface Vlan252

mac-address 000c.cf26.8701

ip address 192.168.252.7 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.251.10

=====================================================

InterRt_Prim#

interface GigabitEthernet0/0/0

description Link2_Sw0

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0/0.10

encapsulation dot1Q 10

ip address 10.10.10.1 255.255.255.0

!

interface GigabitEthernet0/0/0.12

encapsulation dot1Q 12

ip address 10.10.12.1 255.255.255.0

!

interface GigabitEthernet0/0/0.14

encapsulation dot1Q 14

ip address 10.10.14.1 255.255.255.0

!

interface GigabitEthernet0/0/0.252

description NE_Mgmt

encapsulation dot1Q 252

ip address 192.168.252.2 255.255.255.0

standby 1 ip 192.168.252.1

standby preempt

standby 0 track GigabitEthernet0/0/1

!

interface GigabitEthernet0/0/1

description Link2_FW

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0/1.251

encapsulation dot1Q 251

ip address 192.168.251.2 255.255.255.0

standby 2 ip 192.168.251.1

standby 2 preempt

standby 0 track GigabitEthernet0/0/1

!

interface GigabitEthernet0/0/1.252

encapsulation dot1Q 252

no ip address

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 192.168.250.0 255.255.255.0 192.168.252.5

ip route 192.168.180.0 255.255.255.0 192.168.252.5

ip route 0.0.0.0 0.0.0.0 192.168.252.7

!

ip flow-export version 9

 

 

===================================================

 

 

ServerAccSw#

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

description Link2_Rt0

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/2

description Link2_Sw1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Vlan1

no ip address

shutdown

!

interface Vlan180

mac-address 0001.c9cc.0e04

ip address 192.168.180.1 255.255.255.0

!

interface Vlan200

mac-address 0001.c9cc.0e03

ip address 192.168.200.1 255.255.255.0

!

interface Vlan250

mac-address 0001.c9cc.0e02

ip address 192.168.250.1 255.255.255.0

!

interface Vlan252

description NEMgmt

mac-address 0001.c9cc.0e01

ip address 192.168.252.5 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.252.1

!

ip flow-export version 9

!

!

!

Labels:
Preview file
204 KB
0 Helpful
26 Replies 26

Go to solution
andrewswanson
Level 7
Level 7
In response to CiscoBrownBelt

‎04-21-2018 01:47 PM

According to Cisco's Feature Navigator "VLANs over IP Unnumbered Sub-interfaces" is supported on the ISR 4000s running IOS XE. Check your model here:

http://cfn.cloudapps.cisco.com/ITDIT/CFN/jsp/by-feature-technology.jsp

Can you add an ip address to Gi0/0.1.252 to confirm this is the issue?

hth
Andy

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to andrewswanson

‎04-22-2018 05:59 AM

Yes I will have to try it on a real ISR. Packet tracer won;t support this command.

0 Helpful

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to andrewswanson

‎04-22-2018 06:40 AM

OK I put debug ip packet on the the Interconnec Sw and his is what I get trying to ping from there to the 192.168.252.1 g0/0/0.252 on the Intercon Rt. I believed ping worked for a bit now it stopped. 

On the InterConRt I just entered a 

ip route 192.168.252.7 255.255.255.255 192.168.251.7

now it pings the InterconSw but as stated, InterconSw can't ping the 192.168.252.1

See debug below. I am getting encapsulation failed:

 

InterConSw_Prim#ping

IP: s=192.168.251.2 (Vlan251), d=224.0.0.2 len 29, rcvd 2

192.168.252.

IP: s=192.168.251.2 (Vlan251), d=224.0.0.2 len 29, rcvd 2

1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.252.1, timeout is 2 seconds:

 

IP: tableid=0, s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), routed via RIB

 

IP: s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), len 128, sending

 

IP: s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), len 128, encapsulation failed

.

IP: tableid=0, s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), routed via RIB

 

IP: s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), len 128, sending

 

IP: s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), len 128, encapsulation failed

 

IP: s=192.168.251.2 (Vlan251), d=224.0.0.2 len 29, rcvd 2

.

IP: tableid=0, s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), routed via RIB

 

IP: s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), len 128, sending

 

IP: s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), len 128, encapsulation failed

 

IP: s=192.168.251.2 (Vlan251), d=224.0.0.2 len 29, rcvd 2

.

IP: tableid=0, s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), routed via RIB

 

IP: s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), len 128, sending

 

IP: s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), len 128, encapsulation failed

 

IP: s=192.168.251.2 (Vlan251), d=224.0.0.2 len 29, rcvd 2

.

IP: tableid=0, s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), routed via RIB

 

IP: s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), len 128, sending

 

IP: s=192.168.252.7 (local), d=192.168.252.1 (Vlan252), len 128, encapsulation failed

.

Success rate is 0 percent (0/5)

0 Helpful

Go to solution
andrewswanson
Level 7
Level 7
In response to CiscoBrownBelt

‎04-22-2018 01:29 PM

Hi


looks like an arp issue. I don't have packet tracer but the below works in gns 3.

 

From the documentation below:

 

https://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/17054-741-10.html

 

Move the ip addressing for vlan 252 off your router sub-interfaces onto a bridged virtual interface.

 

hth
Andy

 

bridge irb
!
bridge 1 protocol ieee
bridge 1 route ip
!
interface GigabitEthernet0/0/0.252
 encapsulation dot1Q 252
 no ip address
 bridge-group 1
!
interface GigabitEthernet0/0/1.252
 encapsulation dot1Q 252
 no ip address
 bridge-group 1
!
interface BVI1
 ip address 192.168.252.2 255.255.255.0

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to andrewswanson

‎04-23-2018 09:30 AM

So I tried the unnumbered config on the interface and it did not work.

 

 

Upon doing debug ip icmp, looks like the Intercon Sw will receive the ping and sends the packet back, but the InterRt does not receive the echo reply. Any ideas?

0 Helpful

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to andrewswanson

‎04-23-2018 09:34 AM

Ok after shutting down SVI252 on the INterconnSw now I can ping the .252 interface on the InterRt.

Any idea why? I would like to still use a .252 subnet on all devices or at least the INteronSw.

0 Helpful

Go to solution
andrewswanson
Level 7
Level 7
In response to CiscoBrownBelt

‎04-23-2018 11:01 AM

@CiscoBrownBelt wrote:

Ok after shutting down SVI252 on the INterconnSw now I can ping the .252 interface on the InterRt.

Any idea why? I would like to still use a .252 subnet on all devices or at least the INteronSw.

See below graphic - when you try and ping the Gi0/0/0 vlan 252 interface on the router from the switch, the source IP used will be the switch's vlan 252 IP Address (this will fail as you saw in your debug as you are spanning a vlan across router interfaces). When you shutdown the switch's vlan 252 interface and try the ping again it is successful because the source IP will be one of the switch's non-vlan 252 interfaces. Have a look at my previous post  on configuring bridging on the router.

 

hth

Andy

diagram1.jpg

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to andrewswanson

‎04-23-2018 11:32 AM

Ok so basically I have to use a different subnet/SVI for management preferably something that is not in on the router or internal interface and downstream on the router?

0 Helpful

Go to solution
andrewswanson
Level 7
Level 7
In response to CiscoBrownBelt

‎04-23-2018 11:41 AM

No, you can keep your vlan 252 if you configure bridging like below. Not sure if you can test this in packet tracer.

hth

Andy

 

diagram2.jpg

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to andrewswanson

‎04-24-2018 12:14 PM

Ok so basically I am trying to configure the 2 accessswitches in the same VPC domain (Nexus 3k series).

I am getting an "SVI type-2 configuration incompatible" error when doing "show vpc brief". Do you happen to know what may be the issue?

Until VPC is fully configured, am I not able to put the same SVI ip on both the access switches (overlapping error)? I know I could do HSRP but there are many SVI interfaces, would I have to create HSRP for every interface?

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎04-24-2018 12:19 PM

With vPC, you still need to create an HSRP instance per vlan and give each SVI a unique IP address.

HTH

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Reza Sharifi

‎04-24-2018 03:11 PM

Ok

RIght now each SVI shares the same IP (.1) , but the actual SVI IP is .2 (Sw1) and .3(Sw2). Looks good so far. I have another problem I will get back to you.

Sheesh :)

 

0 Helpful
Customers Also Viewed These Support Documents