Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1651
Views
5
Helpful
5
Replies

Switch not Sending packets

jerendon74
Level 1
Level 1

‎11-11-2021 12:27 PM

Switch in question is 3850-24S

Network is a 10.8.0.0/22

In summary packets are being received from a firewall directly connected to Gig1/0/6. Packets should be egressing Gig1/0/5 to switch downstream and eventually to a server but isn't from what I can see.

 

Data flow:

Firewall -> Switch -> Switch -> Switch -> Server

The first switch is the switch I am troubleshooting.

 

Firewall is a Palo Alto 3220 using eth1/3.812 and is tagged as such, IP is 10.8.0.1. In the subinterface I configured it to use a static arp with the IP and MAC of the server I am trying to reach.

 

In the switch Vlan 812 is configured with x.x.0.2 as its IP address. Vlan 812 is assigned to Gig1/0/6 and configured as an access port.

Gig1/0/5 is configured as a trunk and has other VLANs assigned to it as well.

 

I can ping from the switch to the server successfully. When I try to ping from the firewall to the server, its unsuccessful and  packets are only received at Gig1/0/6. In the detail view of the packet capture I verified source IP & MAC were correct as well as destination IP & MAC.  I'd expect to see packets egress Gig1/0/5 but theres nothing showing that in the packet capture. 

When doing a packet capture on Gig1/0/6 it states x amount of packets received and x amount of packets transmitted. I am not seeing where those are being received. Is there a way to see in the packet capture where those are sent?

 

In regards to the mac address table, I statically input the mac address with this command in config

mac address-table static x.x.x vlan 812 int gig1/0/5

The same happened when trying to ping. No packets were egressed out of 1/0/5

Labels:
0 Helpful
5 Replies 5

Georg Pauwen
VIP
VIP

‎11-11-2021 01:03 PM

Hello,

 

post the full running configuration of the switch...

0 Helpful

jerendon74
Level 1
Level 1
In response to Georg Pauwen

‎11-11-2021 04:06 PM

Unfortunately I cannot upload the config file. The system is a closed environment so I am unable to take anything off. 
I am willing to hand jam sections of the config that you'd be interested in seeing.

0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee

‎11-11-2021 08:32 PM

Hi @jerendon74 ,

 

Firewall is a Palo Alto 3220 using eth1/3.812 and is tagged as such

Vlan 812 is assigned to Gig1/0/6 and configured as an access port

 

This is a misconfiguration. The FW is configured for trunking and the switch interface (gi1/0/6) is configured for access. You need to fix this.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

jerendon74
Level 1
Level 1
In response to Harold Ritter

‎11-16-2021 06:46 AM

Sorry for the late response.

I made the change and am not getting past the switch still. 

0 Helpful

jerendon74
Level 1
Level 1
In response to jerendon74

‎11-16-2021 07:45 AM

There were some other issues as well in my switch config, which included the IP address in the VLAN and some STP settings on the interface connected to the firewall. Thank you for your feedback!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card