Intermittent connectivity between Switch SVI and directly connected hosts.

Martin Houde · ‎10-26-2016

Hello friends,

I'm having an issue that just manifested on one of my VLANs.

All of a sudden only half the hosts are able to communicate with/via the connected SVI. Same goes when these hosts are trying to reach external networks, seeing as their gateway is the Catalyst switch (VLAN 100).

Strangely, I can see all the IP addresses via the ARP table on that particular interface, however half of those hosts cannot ping their default gateway and I cannot ping them. (VLAN 100)

Stranger still, is when I issue a ping from source VLAN 100 towards a host that doesn't work, sometimes it will magically start working temporarily... until it doesn't anymore.

I have tried clearing the arp, and the tables populates correctly. I have validated that the mac addresses learned are indeed those found on the NIC on the host.

The topology is simple, I have an unmanaged switch downstream connected to an access port (gig2/0/12). Note that the switch has already been changed and the problem is still there.

Might be worth mentionning that these hosts all have static IP addresses.

interface Vlan100
ip address 10.0.1.15 255.255.255.0
no ip redirects
end

interface GigabitEthernet2/0/12
switchport access vlan 100
end

show ip arp vlan 100
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 10.0.1.15               -   c067.af06.8bc5 ARPA   Vlan100
Internet 10.0.1.73              41   503d.e57c.d770 ARPA   Vlan100
Internet 10.0.1.74              41   503d.e530.06fd ARPA   Vlan100
Internet 10.0.1.21               0   6400.6a12.8b31 ARPA   Vlan100
Internet 10.0.1.33              41   6400.6a4b.5875 ARPA   Vlan100
Internet 10.0.1.24              41   6400.6a07.4714 ARPA   Vlan100
Internet 10.0.1.75              41   503d.e57c.d47f ARPA   Vlan100
Internet 10.0.1.70              41   503d.e57c.d1a2 ARPA   Vlan100
Internet 10.0.1.32              41   b083.fe94.e331 ARPA   Vlan100
Internet 10.0.1.30              41   6400.6a07.4958 ARPA   Vlan100
Internet 10.0.1.39               0   6400.6a07.49ec ARPA   Vlan100
Internet 10.0.1.71              41   503d.e530.07c3 ARPA   Vlan100
Internet 10.0.1.18              41   547f.54a3.fe13 ARPA   Vlan100
Internet 10.0.1.17               1   547f.54a5.4059 ARPA   Vlan100
Internet 10.0.1.72              40   503d.e57c.d3ab ARPA   Vlan100
Internet 10.0.1.204             38   0021.b7ae.589b ARPA   Vlan100
Internet 10.0.1.22              32   6400.6a40.77b3 ARPA   Vlan100
Internet 10.0.1.199             17   30cd.a71f.e41f ARPA   Vlan100
Internet 10.0.1.20              20   0000.481d.b11b ARPA   Vlan100

Any ideas? Starting to panic, I'm afraid this issue manifests itself on the other production networks.

Thanks in advance for any ideas,

Martin

Reza Sharifi · ‎10-26-2016

Can you try adding

spanning-tree portfast

to interface g2/0/12?

Also, are all the hosts using static IP or you have a mix of static and dynamic (DHCP)?

Can you post "sh run" from the switch?

HTH

Martin Houde · ‎10-26-2016

All hosts are static, no DHCP server on that segment, nor am I using a DHCP helper for that segment.

I think this is a software bug issue. I have reloaded the switch and the problem has dissapeared. Currently using 15.2.1E1! Which is the first iteration of the 15.2 software. Almost had 2 years uptime before we reloaded.

I will be doing a software update tonight.

Is there a reason you want to add <spanning-tree portfast>? I don't see a correlation.

Also, here's an interesting tidbit that could have been the cause of the issue. 2 weeks ago, the master switch in the stack was powered off inadvertently by maintenance crew and the standby switch became master. This now master has almost 2 years uptime and the now standby has 2 weeks. Maybe the issue manifested itself at that moment.

stownsend · ‎12-13-2016

Not sure if this is related to yours, but I was having Similar Issues with some Hosts/VMs working and some not. They could all hit each other on the Host they were on, but not outside the host. They All worked fine with the Crappy SG300 Switch, though not at all on the C3850 unit. The C3850 is running: 03.06.05E

My initial config for the ports was:

interface GigabitEthernet1/0/3
 switchport trunk allowed vlan 20,200
 switchport mode trunk
 switchport port-security violation  restrict
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 switchport port-security
 macro description cisco-desktop
 no vtp
 spanning-tree portfast
 spanning-tree bpduguard enable

That partly came from the Cisco Network Assistant app. I should of known to use use the CLI only. )-:

I ended up with:

interface range GigabitEthernet1/0/1-6
 switchport trunk allowed vlan 20,200
 switchport mode trunk
 no vtp
 spanning-tree portfast trunk

The switchport port-security statements that the CNA put in were limiting the MAC Addresses on the ports so only some MACs would get through.

paul driver · ‎12-13-2016

Hello

s there a reason you want to add <spanning-tree portfast>? I don't see a correlation.

The reason being its good practice on access ports to enable it, As you don't really want each port going through the stp process and the switch logging multiple stp tcn's each time it goes up and down.

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul