10-26-2016 09:34 AM - edited 03-08-2019 07:56 AM
Hello friends,
I'm having an issue that just manifested on one of my VLANs.
All of a sudden only half the hosts are able to communicate with/via the connected SVI. Same goes when these hosts are trying to reach external networks, seeing as their gateway is the Catalyst switch (VLAN 100).
Strangely, I can see all the IP addresses via the ARP table on that particular interface, however half of those hosts cannot ping their default gateway and I cannot ping them. (VLAN 100)
Stranger still, is when I issue a ping from source VLAN 100 towards a host that doesn't work, sometimes it will magically start working temporarily... until it doesn't anymore.
I have tried clearing the arp, and the tables populates correctly. I have validated that the mac addresses learned are indeed those found on the NIC on the host.
The topology is simple, I have an unmanaged switch downstream connected to an access port (gig2/0/12). Note that the switch has already been changed and the problem is still there.
Might be worth mentionning that these hosts all have static IP addresses.
interface Vlan100
ip address 10.0.1.15 255.255.255.0
no ip redirects
end
interface GigabitEthernet2/0/12
switchport access vlan 100
end
show ip arp vlan 100
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.1.15 - c067.af06.8bc5 ARPA Vlan100
Internet 10.0.1.73 41 503d.e57c.d770 ARPA Vlan100
Internet 10.0.1.74 41 503d.e530.06fd ARPA Vlan100
Internet 10.0.1.21 0 6400.6a12.8b31 ARPA Vlan100
Internet 10.0.1.33 41 6400.6a4b.5875 ARPA Vlan100
Internet 10.0.1.24 41 6400.6a07.4714 ARPA Vlan100
Internet 10.0.1.75 41 503d.e57c.d47f ARPA Vlan100
Internet 10.0.1.70 41 503d.e57c.d1a2 ARPA Vlan100
Internet 10.0.1.32 41 b083.fe94.e331 ARPA Vlan100
Internet 10.0.1.30 41 6400.6a07.4958 ARPA Vlan100
Internet 10.0.1.39 0 6400.6a07.49ec ARPA Vlan100
Internet 10.0.1.71 41 503d.e530.07c3 ARPA Vlan100
Internet 10.0.1.18 41 547f.54a3.fe13 ARPA Vlan100
Internet 10.0.1.17 1 547f.54a5.4059 ARPA Vlan100
Internet 10.0.1.72 40 503d.e57c.d3ab ARPA Vlan100
Internet 10.0.1.204 38 0021.b7ae.589b ARPA Vlan100
Internet 10.0.1.22 32 6400.6a40.77b3 ARPA Vlan100
Internet 10.0.1.199 17 30cd.a71f.e41f ARPA Vlan100
Internet 10.0.1.20 20 0000.481d.b11b ARPA Vlan100
Any ideas? Starting to panic, I'm afraid this issue manifests itself on the other production networks.
Thanks in advance for any ideas,
Martin
10-26-2016 10:43 AM
Can you try adding
spanning-tree portfast
to interface g2/0/12?
Also, are all the hosts using static IP or you have a mix of static and dynamic (DHCP)?
Can you post "sh run" from the switch?
HTH
10-26-2016 12:47 PM
All hosts are static, no DHCP server on that segment, nor am I using a DHCP helper for that segment.
I think this is a software bug issue. I have reloaded the switch and the problem has dissapeared. Currently using 15.2.1E1! Which is the first iteration of the 15.2 software. Almost had 2 years uptime before we reloaded.
I will be doing a software update tonight.
Is there a reason you want to add <spanning-tree portfast>? I don't see a correlation.
Also, here's an interesting tidbit that could have been the cause of the issue. 2 weeks ago, the master switch in the stack was powered off inadvertently by maintenance crew and the standby switch became master. This now master has almost 2 years uptime and the now standby has 2 weeks. Maybe the issue manifested itself at that moment.
12-13-2016 08:03 AM
Not sure if this is related to yours, but I was having Similar Issues with some Hosts/VMs working and some not. They could all hit each other on the Host they were on, but not outside the host. They All worked fine with the Crappy SG300 Switch, though not at all on the C3850 unit. The C3850 is running: 03.06.05E
My initial config for the ports was:
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 20,200
switchport mode trunk
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
switchport port-security
macro description cisco-desktop
no vtp
spanning-tree portfast
spanning-tree bpduguard enable
That partly came from the Cisco Network Assistant app. I should of known to use use the CLI only. )-:
I ended up with:
interface range GigabitEthernet1/0/1-6
switchport trunk allowed vlan 20,200
switchport mode trunk
no vtp
spanning-tree portfast trunk
The switchport port-security statements that the CNA put in were limiting the MAC Addresses on the ports so only some MACs would get through.
12-13-2016 07:15 PM
Hello
s there a reason you want to add <spanning-tree portfast>? I don't see a correlation.
The reason being its good practice on access ports to enable it, As you don't really want each port going through the stp process and the switch logging multiple stp tcn's each time it goes up and down.
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide