Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
709
Views
0
Helpful
3
Replies

Trapped device

wstemmons1984
Level 1
Level 1

‎02-18-2020 01:23 PM

Hello,
I have a situation where a device that's in vlan A isn't accessible to the network. I have a 2960x switch. Two ports are configured for vlan A. A device with a static IP address for vlan A isn't reachable outside of the switch. The only way to reach the device is to connect to the other port on the switch that is in vlan A with my laptop. I gave the laptop a static IP address for vlan A. Vlan A can't communicate to it's default gateway. I was not able to ping any devices in vlan A outside of the switch, only the device that is connected to the other vlan A port on this switch. When I remote into the switch, I can ping other devices on vlan A. I can also reach the default gateway for vlan A. Below you will find a partial switch configuration, and the switchport config. the results of traceroute.

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
!
ip dhcp snooping vlan 10,40,105,108,110,115,126,160,180,182,300,310,410
no ip dhcp snooping information option
ip dhcp snooping
no ip domain-lookup
ip domain-name xxx.int
vtp domain xxxx
vtp mode transparent
!
spanning-tree mode pvst
spanning-tree extend system-id
auto qos srnd4
!
vlan internal allocation policy ascending
!
vlan 305,310,315,320
!
!
class-map match-all AUTOQOS_VOIP_DATA_CLASS
match ip dscp ef
class-map match-all AUTOQOS_DEFAULT_CLASS
match access-group name AUTOQOS-ACL-DEFAULT
class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS
match ip dscp cs3
!
policy-map AUTOQOS-SRND4-CISCOPHONE-POLICY
class AUTOQOS_VOIP_DATA_CLASS
set dscp ef
police 128000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_VOIP_SIGNAL_CLASS
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_DEFAULT_CLASS
set dscp default
police 10000000 8000 exceed-action policed-dscp-transmit
!
interface FastEthernet0
no ip address
interface GigabitEthernet2/0/45
switchport access vlan 305
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security
ip device tracking maximum 7
srr-queue bandwidth share 1 30 35 5
priority-queue out
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/46
description HVAC Controller
switchport access vlan 305
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security
ip device tracking maximum 7
storm-control broadcast level 10.00
storm-control action shutdown
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/49
switchport mode trunk
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos trust
ip dhcp snooping trust
!
interface GigabitEthernet2/0/50
!
interface TenGigabitEthernet2/0/1
switchport mode trunk
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos trust
ip dhcp snooping trust
!
interface TenGigabitEthernet2/0/2
switchport mode trunk
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos trust
ip dhcp snooping trust

interface Vlan1
no ip address
shutdown
!
ip default-gateway 10.10.0.1
ip http server
ip http secure-server
!
!
ip access-list extended AUTOQOS-ACL-DEFAULT
permit ip any any
!
line con 0
password 7 03451A0F5646740D07
line vty 0 4
exec-timeout 0 0
password 7 054A470B71051B4850
length 0
line vty 5 15
!
ntp peer 10.10.0.1
!
end

Next is the results of traceroute to devices on vlan A
Tracroute Results
ADMN2-0216-2960-ASTACK-089#traceroute 10.11.5.22
Type escape sequence to abort.
Tracing the route to 10.11.5.22
VRF info: (vrf in name/id, vrf out name/id)
1 10.10.0.1 10 msec * 4 msec
2 10.11.5.22 3 msec 0 msec 3 msec
ADMN2-0216-2960-ASTACK-089#traceroute 10.11.5.21
Type escape sequence to abort.
Tracing the route to 10.11.5.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.10.0.1 3 msec * 3 msec
2 10.11.5.21 14 msec 4 msec 0 msec
ADMN2-0216-2960-ASTACK-089#traceroute 10.11.5.23
Type escape sequence to abort.
Tracing the route to 10.11.5.23
VRF info: (vrf in name/id, vrf out name/id)
1 10.10.0.1 0 msec * 0 msec
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
I stopped the trace after 10 attempts.
I am not sure as to what I should troubleshoot next or a possible cause.
I need help from the community to solve my issue. I need the device in vlan A to communicate outside the switch. 
Thank you Warren.

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎02-18-2020 01:57 PM - edited ‎02-18-2020 01:58 PM

What VLAN IP is this belong to - 10.11.5.23, what is the Gateway for this IP ?

 

The switch config you posted, simple Layer2, you do not have any routing configured.

 

So the Routing taking place on your Uplink Device, which is connected to this device ?

 

from PC can you post ipconfig / all screenshot, and what is the gateway for this IP 10.11.5.23 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

wstemmons1984
Level 1
Level 1
In response to balaji.bandi

‎02-19-2020 07:14 AM

vlan A has a gateway of 10.11.5.1 and 10.11.5.23 is the device on vlan A. I can ping the gateway from the switch but not from a port assigned vlan A. 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to wstemmons1984

‎02-19-2020 03:35 PM

We need more information as suggested, what is the port config? what is the switch config?

 

is the Gateway is directly connected switch or another device? Do you have a route back to switch for return traffic?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card