Involved Products and Versions
All products and versions
Networking
As shown in Figure 1-1, the management interface Meth is connected to the interface GE0/0/46 on the switch. The uplink interfaces GE0/0/47 and GE0/0/48 on the switch are bound to Eth-Trunk12 and connected to the gateway SwitchA through Eth-Trunk12. The IPSG function is configured on the switch.
Figure 1-1 Networking diagram for the failure to ping the gateway IP address from the IP address of the management interface
Fault Symptom
The IP address 51.5.17.253/24 of the management interface cannot ping the IP address of the gateway SwitchA.
Troubleshooting Procedure
Step 1 Run the display mac-address command on the switch to check the MAC address entries, and then check the IPSG configuration on the switch.
<Switch> display mac-address
-------------------------------------------------------------------------------
MAC Address
VLAN/VSI
Learned-From Type
-------------------------------------------------------------------------------
0024-ac11-2670
2017/-
Eth-Trunk12 dynamic
745a-aadf-7f00
2017/-
GE0/0/46
dynamic
-------------------------------------------------------------------------------
Total items displayed = 2
#
user-bind static ip-address 51.5.17.253 mac-address 745a-aadf-7f00 interface
GigabitEthernet0/0/46
user-bind static mac-address 0024-ac11-2670 interface Eth-Trunk12
#
interface MEth0/0/1
ip address 51.5.17.253 255.255.255.0
#
interface Eth-Trunk12
port link-type trunk
port trunk allow-pass vlan 2017
arp anti-attack check user-bind enable
ip source check user-bind enable
#
interface GigabitEthernet0/0/46
port default vlan 2017
arp anti-attack check user-bind enable
ip source check user-bind enable
Step 2 The arp anti-attack check user-bind enable command is configured on the switch. If the gateway SwitchA triggers ARP learning first and sends ARP broadcast packets, the ARP broadcast packets can reach the interface GE0/0/46 on the switch. The switch then learns the address from the management interface, and the ping operation is successful. If the switch triggers ARP learning first, the ARP unicast packets sent from the gateway cannot reach the management interface. As a result, ARP entries cannot be learned, and the ping operation fails.
It is recommended that you do not use the management interface of the switch to perform the test but use the device connected to the switch to perform the test. If you need to use the management interface to perform the test, first delete the ARP entries of the switch on the gateway.
----End
