Solved: Unable to ping nei switch - Page 2

mahesh18 · ‎10-09-2011

Hi,

I have enabled DHCP snopping on my layer 3 and layer 2 switch.

But his message comes on my layer 3 switch.

Oct 9 09:28:00.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/1, vlan 10.([0009.e8a2.0080/192.168.10.2/0000.0000.0000/136.159.2.2/09:27:59 MST Sun Oct 9 2011])

Oct 9 09:28:02.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 10.([000b.bece.bbc0/192.168.10.5/0000.0000.0000/192.168.10.3/09:28:01 MST Sun Oct 9 2011])

Oct 9 09:28:02.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/1, vlan 10.([0009.e8a2.0080/192.168.10.2/0000.0000.0000/136.159.2.2/09:28:01 MST Sun Oct 9 201

Oct 9 09:28:00.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/1, vlan 10.([0009.e8a2.0080/192.168.10.2/0000.0000.0000/136.159.2.2/09:27:59 MST Sun Oct 9 2011])
Oct 9 09:28:02.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 10.([000b.bece.bbc0/192.168.10.5/0000.0000.0000/192.168.10.3/09:28:01 MST Sun Oct 9 2011])
Oct 9 09:28:02.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/1, vlan 10.([0009.e8a2.0080/192.168.10.2/0000.0000.0000/136.159.2.2/09:28:01 MST Sun Oct 9 201

Also i checked the nei switch as this switch goes to layer 2 and layer 3 switch

3550SMIA# sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID        Local Intrfce     Holdtme    Capability Platform Port ID
3550SMIB         Gig 0/1           138           S I      WS-C3550- Gig 0/1
3550SMIB         Gig 0/2           138           S I      WS-C3550- Gig 0/2
2950T            Fas 0/8           142           S I      WS-C2950T Fas 0/8

From 3550 A switch i can not ping IP of 2950 and 3550B switch.

Interface is up up vlans are up.

i rebooted the switch still same thing?

Please let me know how can i fix this?

Thanks

Mahesh

mahesh18 · ‎10-09-2011

not from 29050t

2950T#ping 192.168.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
2950T#

3550SMIA# ping 192.168.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

thanks

mahesh18 · ‎10-09-2011

Hi Reza,

After config those 2 commands log on 3550A

Oct 9 17:57:36.432 MST: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/8 (1), with 2950T FastEthernet0/8 (10).

Reza Sharifi · ‎10-09-2011

Ok, by adding these 2 commands

switchport access vlan 10

switchport mode access

You made the 2950 port fa0/8 an access port

can you also make the 3550 port 0/8 an access port and try again

change below interface config

interface FastEthernet0/8

description Dynamic Desirable Trunk connection to Switch 2950T

switchport trunk encapsulation dot1q

switchport mode dynamic desirable

speed 100

duplex full

spanning-tree guard root

to

switchport access vlan 10

switchport mode access

0/8 2950-----------access port------------3550 0/8

and try ping the physical interface of vlan 10 on the 3550

mahesh18 · ‎10-09-2011

Hi Reza,

Thanks

for the reply

I did as you said still no luck

3550SMIA# ping 192.168.10.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Reza Sharifi · ‎10-09-2011

Mahesh,

Where is 192.168.10.5?

the ip for the 3550s are

192.168.10.1 and 2

the virtual is 3

how come you are pinging .5

mahesh18 · ‎10-09-2011

Hi Reza,

.5 IP is of 2950 T switch.

also i ping the GW

2950T#ping 192.168.10.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
2950T#

still same thing.

should i reboot 3550a switch?

thanks for the help

Reza Sharifi · ‎10-09-2011

on 2950, is vlan 10 in up and up mode?

sh ip int bri vlan 10

also

sh ip int br int fa0/8

mahesh18 · ‎10-09-2011

Hi Reza,

i rebooted 3550a switch still same thing.

here is info you requetsed.

2950T#sh ip int bri vlan 10
Interface IP-Address OK? Method Status Prot
ocol
Vlan10 192.168.10.5 YES NVRAM up up

2950T#sh ip int brief
Interface IP-Address OK? Method Status Prot
ocol
Vlan1 unassigned YES NVRAM administratively down down

Vlan10 192.168.10.5 YES NVRAM up up

FastEthernet0/1 unassigned YES unset administratively down down

FastEthernet0/2 unassigned YES unset administratively down down

FastEthernet0/3 unassigned YES unset down down

FastEthernet0/4 unassigned YES unset down down

FastEthernet0/5 unassigned YES unset down down

FastEthernet0/6 unassigned YES unset down down

FastEthernet0/7 unassigned YES unset administratively down down

FastEthernet0/8 unassigned YES unset up up

thanks

mahesh

Reza Sharifi · ‎10-09-2011

from the 2950 can you post?

sh vlan bri

sh run int fa0/8

sh run int vlan 10

mahesh18 · ‎10-09-2011

her eis required info

2950T#sh vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/9, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
10   VLAN0010                         active    Fa0/3, Fa0/8, Fa0/10, Fa0/18
                                                Fa0/19, Fa0/21
20   VLAN0020                         active
30   VLAN0030                         active
40   VLAN0040                         active    Fa0/3
1002 fddi-default                     act/unsup
1003 trcrf-default                    act/unsup
1004 fddinet-default                  act/unsup
1005 trbrf-default                    act/unsup
2950T#

2950T#sh run int fa0/8
Building configuration...

Current configuration : 199 bytes
!
interface FastEthernet0/8
description Dynamic desirable Trunk connection to Switch 3550SMIA
switchport access vlan 10
switchport mode access
speed 100
duplex full
ip dhcp snooping trust
end

2950T#s run int vlan 10
Building configuration...

Current configuration : 82 bytes
!
interface Vlan10
ip address 192.168.10.5 255.255.255.0
no ip route-cache
end

2950T#

Thanks

mahesh18 · ‎10-10-2011

Hi Reza,

i removed ip arp inspection,dhcp snopping still unable to ping the directly connected nei switch.?

thanks

Reza Sharifi · ‎10-10-2011

Hi Mahesh,

from the 3550 can you post?

sh vlan bri

sh run int fa0/8 (this should be the interface that connects to the 2950 right)?

sh run int vlan 10

Are you still having problem pinging 192.168.10.5 while you are connected to the 2950?

Thanks.

mahesh18 · ‎10-10-2011

hi Reza,

I removed the DHCP snooping then i did

sh run on 2950 and saw that

int vlan 10 was

shutdown

i did no shut and i was able to ping the GW as below

2950T#ping 192.168.10.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Seems issue was caused by ip arp inspection and may be dhcp snooping .

i remove their config from all the switches.

Thanks for your help so much help Reza.

You answered so many of my questions

thanks

Reza Sharifi · ‎10-10-2011

Mahesh,

Glad to help. Remember when things like this happens, go back and undo what you have deployed recently (DHCP Snooping)

Reza

Ivan Krimmel · ‎10-10-2011

Mahesh,

both DHCP snooping and DAI can coexist and often are being deployed together. So now when you have basic connectivity you might go further and finalize what you initially was trying to implement.

Cheers,

Ivan.