03-05-2012 12:38 PM - edited 03-07-2019 05:21 AM
Hello all once again!
I am hoping to gain some valuable troubleshooting assistance again from this forum. I've been able to lend a hand to others, but I need a hand again because I'm stumped. So, follow along, I'll try and make this easy to follow.
A= Access Switch
D=Distro Switch
C=Core Switch
P= PC
We have a typical A-D-C Cisco layout. Access switches are segmented vlan, connected to the Distro swtich. MLS layer 3 routing occurrs in the Distro switch.
So, in my segment, I have the following:
Mgmt Vlan 10.70.51.1 Mgmt Vlan 10.70.51.3
P----------------------------A------------------------------------C------------------------------------------D-------------------------------A---------------------------------------P
my pc access Core Local Distro Mac Table Far end PC.
10.70.4.210 10.70.3.233/30 10.70.3.234/30 1234 Vlan 10 10.70..48.85
Vlan 4 ARP 10.70.48.85:1234 Vlan 10
MAC 1234
So, here's what I have:
In the local segment distro switch, you'll see that it's trunk link is 10.70.3.234/30. The uplink is the 10.70.3.233/30, which is the core switch.
The Distro switch has my problem child's MAC address resolved in the ARP table to it's IP. THat's the IP that DHCP gave out to the device. It is in the correct VLAN DHCP scope.
The problem PC's MAC address is resolved in the Access switche's mac address table. It's on the correct port, which is configured for port-security mac sticky. It's configured for the correct data vlan, vlan 10.
However, you cannot ping the problem PC. So, I did a traceroute from my PC, which is connected to an access switch, then goes into the core. The tracert goes
10.70.4.194
10.70.3.234
stops
So, 10.70.4.194 is the IP address for VLAN 4 on the Core switch. It then gets routed to the next hop, which is the far end link connection in the distro switch, 10.70.3.234. The trace stops there.
I did a reverse traceroute from the access switch that the problem PC is connected to. As I said, the PC's mac address is configured correctly on it's port. Doing a traceroute from that access switch:
10.70.51.1
10.70.3.233
10.70.4.210
This is successful. It hits the distro switch which has Mgmt Vlan address of 10.70.51.1. It's then routed to the next hop, the 10.70.3.233 of the core switch trunk link. Then, it gets thru the access switch and hits my PC successfully.
The thing that is throwing me off is the ARP table on the distro switch. Why am I not getting connectivity here? I looked at the routing table; the routing table is correct. Other devices in the same VLAN are having connectivity just fine. Could it be a bad port that is showing connectivity but not letting data thru? I'm stumped. I would think if it was a routing issue, other devices would have no connectivity. But they do. Just like I can traceroute and ping from the access switch without an issue.
To rehash..when I'm on the PC's access switch, I do a sho mac-address table | i 1234. It gives me:
10 xxxx.xxxx.xxxx.1234 static g2/0/3
Go into the distro, do a sho mac-address table | i 1234. Gives me:
10 xxxx.xxxx.xxxx.1234 dynamic g1/0/2 (which is the correct port for the uplink)
Distro sho arp | i 1234:
Internet 10.70.48,85 81 xxxx.xxxx.xxxx.1234 ARPA VLAN 10
But again, trying to ping from the core switch, I get Success rate is 0 percent (0/5). Also cannot ping from my PC.
Any suggestions would be GREATLY appreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide