ASR 1004 configuration problem

Unanswered Question
Sep 19th, 2010
User Badges:

Hi guys,


I am facing problems to configure an ASR 1004 router, when I  finish the basic configurations then I try to ping the router's interface (Interfaces are located in SPA module) itself  but i couldn't; since the interface is up (Line and protocol both). but management interface (its in its own vrf) I can able to ping, I am wondering I have created a loopback interface, that also I can't able to ping. Please help me to sortout this problem. I am running on IOS  asr1000rp2-ipbasek9.02.06.02.122-33.XNF2.bin more than ios i didn't install any packages.



Regards

Indrajit

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
marikakis Sun, 09/19/2010 - 10:50
User Badges:
  • Gold, 750 points or more

Hi Indrajit,


Which command are you using to ping the router's interfaces? From what I see from the documentation
(http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/Management_Ethernet.html#wp1059026)
pinging other interfaces using the Management Ethernet interface is done through the VRF (using "ping vrf Mgmt-intf " command).


Also, if you have another device directly connected to the ASR via a physical interface (same subnet), can you ping the ASR's physical interface IP address from there?


Kind Regards,
Maria

n.indrajit Mon, 09/20/2010 - 00:56
User Badges:

Hi Maria,


Thank you for the reply.please check the following output


In this setup ASR's interface GigabitEthernet1/0/0 and L3 Switch's interface GigabitEthernet0/27 both are directly connected and under same subnet



ASRGW#sho ip int br

Interface                    IP-Address      OK? Method Status                Protocol

GigabitEthernet1/0/0   192.168.11.1    YES NVRAM  up                    up

GigabitEthernet1/0/1   unassigned      YES NVRAM  down                down

GigabitEthernet1/0/2   unassigned      YES NVRAM  administratively down down

GigabitEthernet1/0/3   unassigned      YES NVRAM  administratively down down

GigabitEthernet1/0/4   unassigned      YES NVRAM  administratively down down

GigabitEthernet0         xx.xx.xx.xx     YES NVRAM  up                    up                 <-------Management Int

Loopback0                 1.1.1.1             YES NVRAM  up                    up


ASR Side config


!
ip vrf green
rd 500:1


!
interface GigabitEthernet1/0/0
ip vrf forwarding green
ip address 192.168.11.1 255.255.255.0
negotiation auto
cdp enable
!


L3 Switch Side


!
ip vrf green
rd 500:1
!

interface GigabitEthernet0/27
no switchport
ip vrf forwarding green
ip address 192.168.11.2 255.255.255.0
speed 1000
duplex full
!


ASR side output


ASRGW#ping vrf green 192.168.11.2  <--------------------------------------------------Switch side interface


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)


Even its own vrf green interface unable to ping


SRGW#sho ip route  vrf green


Routing Table: green
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP
       + - replicated route, % - next hop override


Gateway of last resort is not set


      192.168.11.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.11.0/24 is directly connected, GigabitEthernet1/0/0
L        192.168.11.1/32 is directly connected, GigabitEthernet1/0/0
ASRGW#
ASRGW#
ASRGW#ping vrf green 192.168.11.1


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)



L3 Switch side output


Switch#   ping vrf green 192.168.11.2      <--------------------------------------------------here its own interface can able to ping


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#
Switch#
Switch#   ping vrf green 192.168.11.1    <-------------------------------------------------- ASR interface can't ping


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#



Please try to find some solution  because until i get connected I can't configure further more.  I am also trying my best.


Regards

Indrajit.

marikakis Mon, 09/20/2010 - 02:37
User Badges:
  • Gold, 750 points or more

Hi Indrajit,


We might be having multiple issues here. My understanding is that this is a new router. In such a case I would do the following:

1. Remove the vrf associated configuration under the interfaces on both sides of the link (i.e. no ip vrf forwarding green)

2. Reconfigure the IP addresses on the 2 interfaces (router and switch, as those are also expected to be automatically removed)

3. Try to ping ASR's gi1/0/0 from ASR using exact command: ping vrf Mgmt-intf 192.168.11.1

4. Ping ASR's gi1/0/0 from switch using: ping 192.168.11.1

5. Ping switch's IP 192.168.11.2 from ASR (use extended ping command with source address 192.168.11.1 or via Mgmt-intf, whatever works)


Also, consider the following:

1.  Issue a "show cdp neigh" on both sides of the link

2.  Hardcode interface speed/duplex settings on the ASR

3.  Issue a shut/no shut to the interfaces and/or remove re-insert cables (those are optics, right?)


If you get the interfaces to work without VRF's, then add the VRF config (and the IP addresses again) and see what happens.


BTW: Can you post output of "sh ip cef"?


In any case, I have been logged into an ASR 1000 only once and didn't do much, so I really hope I'm not your only chance of getting an answer to your issue.


Kind Regards,

Maria

dvangyzeghem Mon, 09/20/2010 - 04:36
User Badges:

hi Indrajit,


Maybe its nothing but can you try fixing the speed and duplex on both side or use auto negotiation on both sides.

i know mixing these can cause some problems.


Br

Dimitri

n.indrajit Mon, 09/20/2010 - 10:52
User Badges:

Hi Dimitri,


Please check the following out puts


ASRGW#sho int GigabitEthernet1/0/0
GigabitEthernet1/0/0 is up, line protocol is up
  Hardware is SPA-5X1GE-V2, address is 68ef.bdca.4e40 (bia 68ef.bdca.4e40)
  Internet address is 192.168.11.1/24
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported
  Full Duplex, 1000Mbps, link type is auto, media type is T
  output flow-control is on, input flow-control is on
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:28, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     4963 packets input, 1145272 bytes, 0 no buffer
     Received 27 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 4936 multicast, 0 pause input
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 4 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
ASRGW#



Switch#sho int GigabitEthernet0/27
GigabitEthernet0/27 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0015.62a2.3443 (bia 0015.62a2.3443)
  Internet address is 192.168.11.2/24
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX SFP
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 04:25:53, output 00:00:03, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     30 packets input, 4566 bytes, 0 no buffer
     Received 20 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 3 multicast, 0 pause input
     0 input packets with dribble condition detected
     28388 packets output, 3984306 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
Switch#



ASRGW#ping 192.168.11.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ASRGW#



ASRGW#ping vrf Mgmt-intf 192.168.11.2


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ASRGW#



Switch#ping 192.168.11.1


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#



Regards

Indrajit

marikakis Mon, 09/20/2010 - 22:11
User Badges:
  • Gold, 750 points or more

Hi Indrajit,


We need to fix any potential basic connectivity issues before we are able to ping successfully. In the CDP output you posted I can't see the router and switch detecting each other over the link. Do you have CDP enabled on the switch interface? If not, please enable it temporarily so we can see what's going on (related commands: sh cdp interface, sh cdp, cdp run, cdp enable).


Also clear the counters on both sides of the link (clear counter interface gi x/y/z).


Shut the interfaces on both sides of the link (shutdown command).


On ASR gigabit interface enter:

    no negotiation auto

    duplex full

    speed 1000

    no shut

(This basically hardcodes the speed/duplex settings I was talking about in my previous post and is also one of Dimitri's suggestions.)


On switch: no shut


Issue "sh cpd neigh" on both sides of the link. Wait a little bit for the devices. If you can see both devices detecting each other, then ping the router from the switch using normal ping.


Kind Regards,

Maria

n.indrajit Tue, 09/21/2010 - 09:03
User Badges:

Maria,


I have enabled the cdp on both devices but more than this i have checked the arp table from both side they are not learning other side mac address.


ASR side interface  i did "no negotiation auto" and manully configured duplex and speed but nothing improved. Both side "sh cpd neigh" also not gave the statistics about other device.


Regards

Indrajit

marikakis Tue, 09/21/2010 - 15:26
User Badges:
  • Gold, 750 points or more

Hi Indrajit,


CDP doesn't seem to work,  ARP doesn't seem to work, looks we don't have good news from layer 2 so far. You still can't ping the loopback interface on the ASR from the ASR (via vrf Mgmt-intf)?


Another thing that worried me earlier was the show interface output you had posted in response to Dimitri. That is: on ASR side a counter says there are 0 packets output, while on the switch side I see both input and output. Do you still see the same thing? Are you sure the ASR is physically connected to that switch port and not some other?


You probably need to open a TAC case and have a cisco engineer examine if there is something the ASR specifically needs to function properly or we might be hitting a bug of some sort. One last thing you could do before that is make sure all you physical connections are stable, your cards/modules are properly seated, etc.


Kind Regards,

Maria

n.indrajit Wed, 09/22/2010 - 00:32
User Badges:

Hi Maria,


We have consult with Cisco Engineers they have told our ASR is missing with a hw module "Embedded Services Processors (ESPs)" . Please check the following


ASR 1000 SPA and Optics Support /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

The Cisco ASR 1000 Series ESPs are responsible for the data-plane processing tasks, and all network traffic flows through them. The modules perform all baseline packet routing operations, including MAC classification, Layer 2 and Layer 3 forwarding, quality-of-service (QoS) classification, policing and shaping, security access control lists (ACLs), VPNs, load balancing, and NetFlow. They are also responsible for features such as firewalls, intrusion prevention, Network Based Application Recognition (NBAR), Network Address Translation (NAT), and Cisco IOS Flexible Pattern Matching.


http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-450070_ps2797_Products_Data_Sheet.html


Still we are analizing this issue becaue apart from physical connectivity even we are unable to ping ASR's loopback interfaces. so may be this ESP module cause this problem but not yet finalized.


Regards

Indrajit

marikakis Wed, 09/22/2010 - 02:40
User Badges:
  • Gold, 750 points or more

Hi Indrajit,


First of all, thank you very much for your feedback. Members of the forum are always curious about what happened in the end of a case and the information may help others in the future.


You really don't have an ESP?  Since the engineers have already spotted a necessary hardware component missing, you need to address this issue first. Maybe when you have the ESP in place, you will also be able to ping the loopback. I'm speculating this because I've seen hardware where write's destined to the processor's local scratchpad memory still have to traverse the system's internal switch (packets looped over the internal network). Maybe traffic destined to the RP (such as ping loopback traffic) still has to traverse the active ESP (while traffic such as telnet to the management port is an exception). You could ask the engineers if such a thing is possible in this platform.


Kind Regards,

Maria

n.indrajit Mon, 09/20/2010 - 10:44
User Badges:

Hi maria,


Now i have removed vrf, please check the following out puts that u requested



ASRGW#ping vrf Mgmt-intf 192.168.11.1


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)



ASRGW#ping vrf Mgmt-intf 192.168.11.2 source GigabitEthernet1/0/0


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.11.1
.....
Success rate is 0 percent (0/5)



ASRGW#sho cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone


Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
OFFICE           Gig 0             105            R       xxxx 
Switch           Gig 0             137           S I       xxxx Gig 6




ASRGW#sho ip cef
Prefix               Next Hop             Interface
0.0.0.0/0            no route
0.0.0.0/8            drop
0.0.0.0/32           receive             
127.0.0.0/8          drop
192.168.11.0/24      attached             GigabitEthernet1/0/0
192.168.11.0/32      receive              GigabitEthernet1/0/0
192.168.11.1/32      receive              GigabitEthernet1/0/0
192.168.11.255/32    receive              GigabitEthernet1/0/0
224.0.0.0/4          drop
224.0.0.0/24         receive             
240.0.0.0/4          drop
255.255.255.255/32   receive             
ASRGW#




Switch#sho cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone


Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Switch#


Switch#ping 192.168.11.1


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#



Regards

Indrajit

Actions

This Discussion