Solved: unable to ping management port from switch

yogpatil · ‎04-19-2017

I have a CAT3850. Configured management port with internal LAN routable IP (so that i can access it from outside lab but still on intranet).

Switch is reachable from outside the lab, but when pinged from switch itself, ping doesn't work.

However, I also have a loopback interface configured for some reason. Could it be because of loopback and management both are configured ?

Loopback

interface Loopback0

ip address 5.5.5.5 255.255.255.255

Management port

switch#show ip interface b

GigabitEthernet0/0 172.19.XX.XXX YES NVRAM up up

switch#ping 172.19.XX.XXX

Sending 5, 100-byte ICMP Echos to 172.19.XX.XXX, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

When pinged from outside:

mac-laptop:$ ping 172.19.XX.XXX

PING 172.19.XX.XXX(172.19.XX.XXX): 56 data bytes

64 bytes from 172.19.XX.XXX: icmp_seq=0 ttl=246 time=8.514 ms

64 bytes from 172.19.XX.XXX: icmp_seq=1 ttl=246 time=3.800 ms

64 bytes from 172.19.XX.XXX: icmp_seq=2 ttl=246 time=4.686 ms

^C

--- 172.19.XX.XXX ping statistics ---

3 packets transmitted, 3 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 3.800/5.667/8.514/2.046 ms

Mark Malone · ‎04-19-2017

Hi

the mgmt. port is not in a vrf is it just a thought ?

Loopback should have nothing to do with it , if its in vrf you need to ping vrf

interface GigabitEthernet0/0
description ** Network Managment Interface **
vrf forwarding Mgmt-vrf
ip address 172.21.222.75 255.255.254.0
negotiation auto

#ping vrf Mgmt-vrf 172.21.222.75
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.21.222.75, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

View solution in original post

Mark Malone · ‎04-19-2017

Hi

the mgmt. port is not in a vrf is it just a thought ?

Loopback should have nothing to do with it , if its in vrf you need to ping vrf

interface GigabitEthernet0/0
description ** Network Managment Interface **
vrf forwarding Mgmt-vrf
ip address 172.21.222.75 255.255.254.0
negotiation auto

#ping vrf Mgmt-vrf 172.21.222.75
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.21.222.75, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

yogpatil · ‎04-19-2017

It worked for me. Thank you !!

I have a follow up question through. When I have to copy some new image file from remote FTP server (on 172 network), will it by default choose gig 0/0 interface ?

Mark Malone · ‎04-19-2017

There is a feature called MPP but it's not fully operational yet in ios-xe even though the syntax is available ,it may work for ftp but I've had issues with ssh and TAC said it's not fully released yet ,I have a feature request raised but they can take months

The other option is to apply acls in and out to force traffic over that interface,MPP is a lot cleaner though only few lines syntax if it works for you

Off my head I think the cli command was control-plane host

It's really an ios-xr command