yes, i sure do. below is the config. the only different b/wn the 2 routers config is the vlan inteface ip address (.1 vs. .2):

interface FastEthernet0/1/0

switchport access vlan 200

!

interface Vlan200

ip address 10.10.10.1 255.255.255.252

!

---------------------------------------

Some show command output:

RouterA#sh vlan-switch

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1/1, Fa0/1/2, Fa0/1/3

2 iBGP_link active

10 VLAN0010 active

20 VLAN0020 active

200 VLAN0200 active Fa0/1/0

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 1002 1003

2 enet 100002 1500 - - - - - 0 0

10 enet 100010 1500 - - - - - 0 0

20 enet 100020 1500 - - - - - 0 0

200 enet 100200 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 1 1003

1003 tr 101003 1500 1005 0 - - srb 1 1002

1004 fdnet 101004 1500 - - 1 ibm - 0 0

1005 trnet 101005 1500 - - 1 ibm - 0 0

SDRouterA#

VLAN DATABASE "SHOW":

VLAN ISL Id: 200

Name: VLAN0200

Media Type: Ethernet

VLAN 802.10 Id: 100200

State: Operational

MTU: 1500

any other thoughts? anyone?

"show int fa0/1/0" and "show int fa0/1/0 switchport" please ?

here's the requested command output as well as some other possible helpful outputs:

SDRouterB#sh int fa0/1/0

FastEthernet0/1/0 is up, line protocol is up

Hardware is Fast Ethernet, address is 0019.e7cb.dc96 (bia 0019.e7cb.dc96)

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:52, output never, output hang never

Last clearing of "show interface" counters 00:01:36

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

6 packets input, 679 bytes, 0 no buffer

Received 5 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 input packets with dribble condition detected

51 packets output, 3884 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

SDRouterB#sh int fa0/1/0 swi

SDRouterB#sh int fa0/1/0 switchport

Name: Fa0/1/0

Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: native

Negotiation of Trunking: Disabled

Access Mode VLAN: 200 (VLAN0200)

Trunking Native Mode VLAN: 1 (default)

Trunking VLANs Enabled: ALL

Trunking VLANs Active: 200

Priority for untagged frames: 0

Override vlan tag priority: FALSE

Voice VLAN: none

Appliance trust: none

SDRouterB# sh cdp nei det

-------------------------

Device ID: SDRouterA

Entry address(es):

IP address: 10.10.10.1

Platform: Cisco 2821, Capabilities: Router Switch IGMP

Interface: FastEthernet0/1/0, Port ID (outgoing port): FastEthernet0/1/0

Holdtime : 163 sec

Version :

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(3g), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Mon 06-Nov-06 02:36 by alnguyen

advertisement version: 2

VTP Management Domain: ''

Duplex: full

SDRouterB#ping 10.10.10.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

SDRouterB#sh vlan-switch id 200

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

200 VLAN0200 active Fa0/1/0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

200 enet 100200 1500 - - - - - 0 0

SDRouterB#

Please keep in mind, that the config is identical on both routers except that the IP's are different(.1 vs. .2).

Thanks for your help!!!

Hello,

I can not see any reason why this is not working.

It seems like routerB is either not getting, or not replying arp from routerA, and probably vice-versa.

Would you please do "show mac-address-table" on routerA. You should see the MAC for vlan200 of routerB, on the correct port. Then do the same on routerB and you should see the opposite.

Are the other ports/vlan working ok ?

This vlan 200 is the only vlan i have configured. I'm at a loss for why this is not working either. I figured creating a vlan in the database, creating the vlan interface, then assigning the vlan to the actual port should work w/ no problem. obviously thats not the case....

Below is the info you requested.

SDRouterA#sh mac-address-table

Destination Address Address Type VLAN Destination Port

------------------- ------------ ---- --------------------

001a.6c46.0880 Self 1 Vlan1

0019.e7cb.dc96 Dynamic 200 FastEthernet0/1/0

001a.6c46.0880 Self 200 Vlan200

SDRouterA#sh ip int bri

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 unassigned YES manual up down

GigabitEthernet0/1 x.x.x.x YES manual up up

FastEthernet0/1/0 unassigned YES unset up up

FastEthernet0/1/1 unassigned YES unset up down

FastEthernet0/1/2 unassigned YES unset up down

FastEthernet0/1/3 unassigned YES unset up down

Serial0/0/0:1 unassigned YES manual up up

Serial0/0/1:1 unassigned YES manual up up

Vlan1 unassigned YES NVRAM up down

Vlan200 10.10.10.1 YES manual up up

Multilink1 xx.xxx.xxx.xxx YES manual up up

SDRouterA#

Can you check the IP address on both devices and the subnet mask.

HTH

Sundar

OK, look at this:

0019.e7cb.dc96 Dynamic 200 FastEthernet0/1/0

Now if you go on router B, you will find this is the address for the physical port, not the VLAN interface. The router should source all arp and ip packets, with the VLAN MAC address, not the physical port address. But, this MAC is never seen by the other router.

There is another mysterious case with the very same symptoms, that we are discussing and involves a 1801. The 1801 has embedded an 8-port ESW module with architecture similar to the one you are using.

I think once I can get to grips with the 1801 case (of which I have at lease 1 unit), the same will apply to your case. So, stay tuned, but if it is possible for you to do so, go ahead and open a TAC case.

So you seem to think this might be a bug w/ the ESM modules??

Honestly, both cases are so strange that I don't have much of a clue right now. Let's just do our due diligence for now and when solved we can pontificate. If anyone from cisco is reading this, any "insight" would be much appreciated!

PS: have you tried doing something else with the module? EG connect a PC in vlan 1.

So this is interesting....I had someone plug their PC into the Fa0/1/0 and give themself an IP of .1 or .2 (depending which router they were plugged into) and they were able to ping the Vlan interface ip's. So if this works w/ a PC plugged into the ports, why is it not working when the 2 routers are plugged back to back to each other?? interesting!!!!

Plot thickens.

On the PC when working, what do you see with "show arp" ?

Going back to router-to-router, can you check "show spanning-tree vlan 200" and "show spanning-tree interface fa0/1/0" ?

These two may not reveal much but the only difference between a PC and a router ESW module is that the latter is a bridge too.

"Now if you go on router B, you will find this is the address for the physical port, not the VLAN interface. The router should source all arp and ip packets, with the VLAN MAC address, not the physical port address. But, this MAC is never seen by the other router."

Paolo, are you sure about this? I would think the source MAC address of the ethernet frames leaving the interface would be actualy the physical interace MAC address and not the MAC of the vlan interface. I can see what you are saying would be true if the physical int is part of an etherchannel group where the source MAC would be that of the port-channel interface.

HTH

Sundar

Yes, positive.

Routers with an etherswitch module, or a layer-three switch, will source BPDUs with MAC as the physical port, and ARP and IP from the VLAN's MAC. So, the all systems connected will have the same MAC for router's IP.

See following session, a 3560 is connected to a router:

L3Core#sh arp | inc 192.168.4.254

Internet 192.168.4.254 - 0005.ddc2.df00 ARPA Vlan4

L3Core#sh int vlan 4

Vlan4 is up, line protocol is up

Hardware is EtherSVI, address is 0005.ddc2.df00 (bia 0005.ddc2.df00)

Description: rete telefonica

Internet address is 192.168.4.254/24

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:00, output 00:00:00, output hang never

...

[and on the router...]

ccme#sh arp 192.168.4.254

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.4.254 132 0005.ddc2.df00 ARPA FastEthernet0/0.4