[All About Switches] The IP Address of the Management Interface Cannot Ping the Gateway IP Address

Created: Mar 8, 2018 11:10:44Latest reply: Mar 9, 2018 08:39:02 1340 1 0 0

Involved Products and Versions

All products and versions

Networking

As shown in Figure 1-1, the management interface Meth is connected to the interface GE0/0/46 on the switch. The uplink interfaces GE0/0/47 and GE0/0/48 on the switch are bound to Eth-Trunk12 and connected to the gateway SwitchA through Eth-Trunk12. The IPSG function is configured on the switch.

Figure 1-1 Networking diagram for the failure to ping the gateway IP address from the IP address of the management interface

20180308111040881001.png

 

Fault Symptom

The IP address 51.5.17.253/24 of the management interface cannot ping the IP address of the gateway SwitchA.

Troubleshooting Procedure

                          Step 1     Run the display mac-address command on the switch to check the MAC address entries, and then check the IPSG configuration on the switch.

<Switch> display mac-address
-------------------------------------------------------------------------------
MAC Address    VLAN/VSI                          Learned-From        Type      
-------------------------------------------------------------------------------
0024-ac11-2670 2017/-                            Eth-Trunk12         dynamic   
745a-aadf-7f00 2017/-                            GE0/0/46            dynamic   
 
-------------------------------------------------------------------------------
Total items displayed = 2

#
user-bind static ip-address 51.5.17.253 mac-address 745a-aadf-7f00 interface GigabitEthernet0/0/46
user-bind static mac-address 0024-ac11-2670 interface Eth-Trunk12
#
interface MEth0/0/1
 ip address 51.5.17.253 255.255.255.0
#
interface Eth-Trunk12
 port link-type trunk
 port trunk allow-pass vlan 2017
 arp anti-attack check user-bind enable
 ip source check user-bind enable
#
interface GigabitEthernet0/0/46
 port default vlan 2017
 arp anti-attack check user-bind enable
 ip source check user-bind enable

                          Step 2     The arp anti-attack check user-bind enable command is configured on the switch. If the gateway SwitchA triggers ARP learning first and sends ARP broadcast packets, the ARP broadcast packets can reach the interface GE0/0/46 on the switch. The switch then learns the address from the management interface, and the ping operation is successful. If the switch triggers ARP learning first, the ARP unicast packets sent from the gateway cannot reach the management interface. As a result, ARP entries cannot be learned, and the ping operation fails.

It is recommended that you do not use the management interface of the switch to perform the test but use the device connected to the switch to perform the test. If you need to use the management interface to perform the test, first delete the ARP entries of the switch on the gateway.

----End

  • x
  • convention:

gululu     Created Mar 9, 2018 08:39:02 Helpful(0) Helpful(0)

thanks for your sharing!
  • x
  • convention:

Come on!

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top