4900M can't access default gateway

Unanswered Question
Sep 6th, 2010
User Badges:

Hi All,


I am having trouble getting my newly installed 4900M(s) to access their default gateway. The 4900's are running IOS 12.2.53.SG2 and the default gateway, an ASA 5510 is running 8.3(1)1. I have connected a 2960 layer 2 switch to the ASA and it is able to ping the gateway address no problem so I'm confident it's not the firewall. However when I connect the 4900 to the firewall with the same default-gateway address configured, nothing. The 4900 is connecting to the ASA through a WS-X4908-10GE 8 port module using a TwinGig SFP adapter. The strange thing is the 4900 can ping other switches connected to it, but it just wont talk to the ASA. I have used ficticious IP's in the config extract below.


Here's what I believe to be the relevent config on the 4900;


4900-01#sh run
Building configuration...
!
hw-module module 3 port-group 4 select gigabitethernet
!
ip vrf mgmtVrf
!
vtp mode transparent
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 2254 priority 24576
!
vlan internal allocation policy ascending
!
vlan 2254
name Management_Vlan
!
interface FastEthernet1
ip vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
!
interface GigabitEthernet3/23
description to ASA5510 - E0/1
switchport trunk native vlan 2254
switchport mode trunk
!
interface Vlan2254
ip address 10.10.10.252 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.10.10.254
!

4900-01#


Any suggestions gratefully received.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Reza Sharifi Mon, 09/06/2010 - 13:16
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hi,




When you ping local IP or the remote IP, are you using mgmtVrf in your ping command?

ping vrf mgmtVrf 10.10.10.252


HTH

Reza

Reza Sharifi Mon, 09/06/2010 - 13:18
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

never mind, you are not using the mgmt interface (sorry)


Reza

Reza Sharifi Mon, 09/06/2010 - 13:21
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

what happens if you change the port from truk to access port?.

rdbaker31 Mon, 09/06/2010 - 15:10
User Badges:

Hi Reza,


Thanks for the prompt response. Changing to an access port is not really an option I'm afraid. We want to run other subnets across the link hence using a trunk link.


Regards

R

Reza Sharifi Mon, 09/06/2010 - 15:19
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hi R,


So, are you running 802.1q trunk with sub-interfaces on the firewall?


Reza

glen.grant Mon, 09/06/2010 - 18:12
User Badges:
  • Purple, 4500 points or more

   Are you sure you have ip routing turned on ??   To use a default static route like your config ip routing must be turned on otherwise use the ip default-gateway command for boxes with routing turned off.

rdbaker31 Tue, 09/07/2010 - 00:43
User Badges:

Hi All,


Thanks for your responses. I have found the issue!


I needed to issue the 'switchport' command on interface Gi3/23


!

interface GigabitEthernet3/23
description to ASA5510 - E0/1

switchport                                    <=======
switchport trunk native vlan 2254
switchport mode trunk
!

Thanks again for you help.


Regards

R

Actions

This Discussion