Router to Router Vlan via ESM Module

Unanswered Question
Jun 20th, 2007

I'm trying to configure a connection b/wn 2 2821's via a ESM module. Thus far, i've configured the vlan in the vlan database as well as an interface vlan 200 with an ip of and .2 respectively. I'm not able to ping .1 or .2(depending on which router i'm pinging from). What am i missing here?? any help would be greatly appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Paolo Bevilacqua Wed, 06/20/2007 - 11:39


do you have "switchport access vlan 200" on the ports that are connecting the routers ?

atxparrothead Wed, 06/20/2007 - 11:45

yes, i sure do. below is the config. the only different b/wn the 2 routers config is the vlan inteface ip address (.1 vs. .2):

interface FastEthernet0/1/0

switchport access vlan 200


interface Vlan200

ip address



Some show command output:

RouterA#sh vlan-switch

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1/1, Fa0/1/2, Fa0/1/3

2 iBGP_link active

10 VLAN0010 active

20 VLAN0020 active

200 VLAN0200 active Fa0/1/0

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 1002 1003

2 enet 100002 1500 - - - - - 0 0

10 enet 100010 1500 - - - - - 0 0

20 enet 100020 1500 - - - - - 0 0

200 enet 100200 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 1 1003

1003 tr 101003 1500 1005 0 - - srb 1 1002

1004 fdnet 101004 1500 - - 1 ibm - 0 0

1005 trnet 101005 1500 - - 1 ibm - 0 0



VLAN ISL Id: 200

Name: VLAN0200

Media Type: Ethernet

VLAN 802.10 Id: 100200

State: Operational

MTU: 1500

any other thoughts? anyone?

atxparrothead Wed, 06/20/2007 - 14:36

here's the requested command output as well as some other possible helpful outputs:

SDRouterB#sh int fa0/1/0

FastEthernet0/1/0 is up, line protocol is up

Hardware is Fast Ethernet, address is 0019.e7cb.dc96 (bia 0019.e7cb.dc96)

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:52, output never, output hang never

Last clearing of "show interface" counters 00:01:36

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

6 packets input, 679 bytes, 0 no buffer

Received 5 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 input packets with dribble condition detected

51 packets output, 3884 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

SDRouterB#sh int fa0/1/0 swi

SDRouterB#sh int fa0/1/0 switchport

Name: Fa0/1/0

Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: native

Negotiation of Trunking: Disabled

Access Mode VLAN: 200 (VLAN0200)

Trunking Native Mode VLAN: 1 (default)

Trunking VLANs Enabled: ALL

Trunking VLANs Active: 200

Priority for untagged frames: 0

Override vlan tag priority: FALSE

Voice VLAN: none

Appliance trust: none

SDRouterB# sh cdp nei det


Device ID: SDRouterA

Entry address(es):

IP address:

Platform: Cisco 2821, Capabilities: Router Switch IGMP

Interface: FastEthernet0/1/0, Port ID (outgoing port): FastEthernet0/1/0

Holdtime : 163 sec

Version :

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(3g), RELEASE SOFTWARE (fc2)

Technical Support:

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Mon 06-Nov-06 02:36 by alnguyen

advertisement version: 2

VTP Management Domain: ''

Duplex: full


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:


Success rate is 0 percent (0/5)

SDRouterB#sh vlan-switch id 200

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

200 VLAN0200 active Fa0/1/0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

200 enet 100200 1500 - - - - - 0 0


Please keep in mind, that the config is identical on both routers except that the IP's are different(.1 vs. .2).

Thanks for your help!!!

Paolo Bevilacqua Wed, 06/20/2007 - 15:05


I can not see any reason why this is not working.

It seems like routerB is either not getting, or not replying arp from routerA, and probably vice-versa.

Would you please do "show mac-address-table" on routerA. You should see the MAC for vlan200 of routerB, on the correct port. Then do the same on routerB and you should see the opposite.

Are the other ports/vlan working ok ?

atxparrothead Thu, 06/21/2007 - 07:48

This vlan 200 is the only vlan i have configured. I'm at a loss for why this is not working either. I figured creating a vlan in the database, creating the vlan interface, then assigning the vlan to the actual port should work w/ no problem. obviously thats not the case....

Below is the info you requested.

SDRouterA#sh mac-address-table

Destination Address Address Type VLAN Destination Port

------------------- ------------ ---- --------------------

001a.6c46.0880 Self 1 Vlan1

0019.e7cb.dc96 Dynamic 200 FastEthernet0/1/0

001a.6c46.0880 Self 200 Vlan200

SDRouterA#sh ip int bri

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 unassigned YES manual up down

GigabitEthernet0/1 x.x.x.x YES manual up up

FastEthernet0/1/0 unassigned YES unset up up

FastEthernet0/1/1 unassigned YES unset up down

FastEthernet0/1/2 unassigned YES unset up down

FastEthernet0/1/3 unassigned YES unset up down

Serial0/0/0:1 unassigned YES manual up up

Serial0/0/1:1 unassigned YES manual up up

Vlan1 unassigned YES NVRAM up down

Vlan200 YES manual up up

Multilink1 YES manual up up


Paolo Bevilacqua Thu, 06/21/2007 - 08:01

OK, look at this:

0019.e7cb.dc96 Dynamic 200 FastEthernet0/1/0

Now if you go on router B, you will find this is the address for the physical port, not the VLAN interface. The router should source all arp and ip packets, with the VLAN MAC address, not the physical port address. But, this MAC is never seen by the other router.

There is another mysterious case with the very same symptoms, that we are discussing and involves a 1801. The 1801 has embedded an 8-port ESW module with architecture similar to the one you are using.

I think once I can get to grips with the 1801 case (of which I have at lease 1 unit), the same will apply to your case. So, stay tuned, but if it is possible for you to do so, go ahead and open a TAC case.

Paolo Bevilacqua Thu, 06/21/2007 - 08:57

Honestly, both cases are so strange that I don't have much of a clue right now. Let's just do our due diligence for now and when solved we can pontificate. If anyone from cisco is reading this, any "insight" would be much appreciated!

PS: have you tried doing something else with the module? EG connect a PC in vlan 1.

atxparrothead Thu, 06/21/2007 - 09:57

So this is interesting....I had someone plug their PC into the Fa0/1/0 and give themself an IP of .1 or .2 (depending which router they were plugged into) and they were able to ping the Vlan interface ip's. So if this works w/ a PC plugged into the ports, why is it not working when the 2 routers are plugged back to back to each other?? interesting!!!!

Paolo Bevilacqua Thu, 06/21/2007 - 10:21

Plot thickens.

On the PC when working, what do you see with "show arp" ?

Going back to router-to-router, can you check "show spanning-tree vlan 200" and "show spanning-tree interface fa0/1/0" ?

These two may not reveal much but the only difference between a PC and a router ESW module is that the latter is a bridge too.

sundar.palaniappan Thu, 06/21/2007 - 11:12

"Now if you go on router B, you will find this is the address for the physical port, not the VLAN interface. The router should source all arp and ip packets, with the VLAN MAC address, not the physical port address. But, this MAC is never seen by the other router."

Paolo, are you sure about this? I would think the source MAC address of the ethernet frames leaving the interface would be actualy the physical interace MAC address and not the MAC of the vlan interface. I can see what you are saying would be true if the physical int is part of an etherchannel group where the source MAC would be that of the port-channel interface.



Paolo Bevilacqua Thu, 06/21/2007 - 11:40

Yes, positive.

Routers with an etherswitch module, or a layer-three switch, will source BPDUs with MAC as the physical port, and ARP and IP from the VLAN's MAC. So, the all systems connected will have the same MAC for router's IP.

See following session, a 3560 is connected to a router:

L3Core#sh arp | inc

Internet - 0005.ddc2.df00 ARPA Vlan4

L3Core#sh int vlan 4

Vlan4 is up, line protocol is up

Hardware is EtherSVI, address is 0005.ddc2.df00 (bia 0005.ddc2.df00)

Description: rete telefonica

Internet address is

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:00, output 00:00:00, output hang never


[and on the router...]

ccme#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 132 0005.ddc2.df00 ARPA FastEthernet0/0.4

atxparrothead Mon, 06/25/2007 - 06:04

So has anyone come up w/ any solution or possible work around for this?

any other help would be much appreciated!!!


lgontarsk Mon, 06/25/2007 - 09:19

Who is this swtich/router talking to and what is the config of the other router/switch? The mask being .252 wasn't expected here, so a look-see at the other end of this link would be helpful.

thanks lisa

atxparrothead Mon, 06/25/2007 - 11:00

so I bit the bullet and opened a TAC case, and luckily i Did b/c i got my issue resolved. It had nothing to do w/ my config(assummed i had everything right). So, in 1 of the 2821's, they had 2 ESM's installed. I guess come to find out, if you have 2 ESM's installed, you have to install/configure them a certain way inorder for them to work correctly. I ended up actually just talking the 2nd ESM(unused) out and have the router had a bit of a hiccup and was rebooted, I was able to now ping across my /30 network that i configured b/wn the 2 ESM router ports.

I appreciate everyones help on this. Here is some additional info i got from the TAC Engineer:

Restrictions for EtherSwitch HWICs :-

1. No more than two Ethernet Switch HWICs or network modules may be installed in a host router.

2. Multiple Ethernet Switch HWICs or network modules installed in a host router will not act independently of each other. They must be stacked, as they will not work at all otherwise.

Paolo Bevilacqua Mon, 06/25/2007 - 11:24

Good info, thanks for letting us know.

The way I understand it, only one module will work with the VLAN interface and the others must be connected with an external cable.


This Discussion