Traceroute mac IP and Traceroute mac doesn't work correctly

tanner.zaitt · ‎06-18-2021

Hello All.
I am faced with strange behavior with the C9500-40X core switch in our infrastructure.
We have two C9500-40X in a stack, they are connected between two buildings using Stackwise-virtual technology with 2 x 10G optical cables.
For MNG we used two Vlans and two MNG Ip addresses for failover I think.

CoreSW#show version
Cisco IOS XE Software, Version 16.09.03
Cisco IOS Software [Fuji], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 16.9.3, RELEASE SOFTWARE (fc2)
The issue is with core switches traceroute mac and traceroute mac IP doesn't work correctly.
CoreSW#traceroute mac 10e7.xxx.eebd xxxx.56d6.e88b
Unable to send a l2trace request to 192.168.1.15. Timed out
vlan 1 10e7.xxx.eebd 192.168.2.61 DC01
vlan 1 xxxx.56d6.e88b 192.168.2.100 Workstation
vlan 10 192.168.1.1 Core sw first IP mng address
vlan 100 192.168.100.1 Core sw second IP mng address.
I tried to do traceroute mac ip 192.168.2.61 192.168.2.100
I received this error message:
CoreSW#traceroute mac 10e7.xxxx.eebd xxxx.56d6.e88b
Unable to send a l2trace request to 192.168.1.15 Timed out
Layer2 trace aborted.
I tried also traceroute mac ip and I received this error message:

CoreSW#traceroute mac ip 192.168.2.61 192.168.2.100
Translating IP to mac .....
192.168.2.61 => xxxx.56d6.e88b
192.168.2.100 => 10e7.xxxx.eebd

Source xxxx.56d6.e88b found on CoreSW
1 CoreSW (192.168.2.254) : Te1/0/6 => Po16 (192.168.2.254 is vlan 1 GW)
2 DIST-SW (192.168.1.6) : Po1 => Po6
Unable to send a l2trace request to 192.168.1.15. Timed out
Layer2 trace aborted.
The interesting part is that the two mac addresses and IP addresses are from the same subnet and VLAN.
And I can traceroute them with mac address successfully from 192.168.1.15 access switch where the host with ip address 192.168.2.100 is connected.
I understand the limitations like:

The traceroute mac command output shows the Layer 2 path when the specified source and destination addresses belong to the same VLAN.

The traceroute mac ip command output shows the Layer 2 path when the specified source and destination IP addresses are in the same subnet.Please could you share your experience and opinion regarding the topic?
Is it a bug or something in the VLAN configuration of the Core switches?
Thank you in advance.
Best regards.

tanner.zaitt · ‎06-23-2021

I did identify the issue:

The affected switches are WS-C2960X series with the newest images c2960x-universalk9-mz.152-7.E3.bin (IOS).

The same series switches WS-C2960X with the oldest image versions are not affected.

The reason for this should be the difference in the IOS image between the Core switch and the series switches WS-C2960X with the newest version of the image.

Mac traceroute and Mac IP traceroute don't work from the Core switch to these affected switches.

The Mac traceroute from affected switches to the Core switch works.

Mac traceroute and Mac IP traceroute is okay between Core switches and all different series switches than WS-C2960X work.

The possible solutions are:

A) Upgrading the core switch to the latest recommended version.

B) Upgrading the affected switches from c2960x-universalk9-mz.152-7.E3.bin to c2960x-universalk9-mz.152-7.E4.bin

C) The temporary solution in our case is to use Nedi for the same checks.

I can open case to Cisco TAC Team, but I expect that they will not say anything different than upgrade your images to the latest version.

Our proposal is Point B) when it's possible.
For the current moment without any actions from our side is point C).
We can choose some non-critical switch from series WS-C2960X with image 152-7.E3 and we can upgrade it to 152-7.E4 and after the upgrade, we can check Mac traceroute.
In the future also point A).

Please share your opinion regarding the topic if you had the same experience with this mac traceroute feature issues.

Best regards.