Involved Products and Versions

All products and versions

Networking

As shown in Figure 1-1, the management interface Meth is connected to the interface GE0/0/46 on the switch. The uplink interfaces GE0/0/47 and GE0/0/48 on the switch are bound to Eth-Trunk12 and connected to the gateway SwitchA through Eth-Trunk12. The IPSG function is configured on the switch.

Figure 1-1 Networking diagram for the failure to ping the gateway IP address from the IP address of the management interface

Fault Symptom

The IP address 51.5.17.253/24 of the management interface cannot ping the IP address of the gateway SwitchA.

Troubleshooting Procedure

                          Step 1     Run the display mac-address command on the switch to check the MAC address entries, and then check the IPSG configuration on the switch.

<Switch> display mac-address
-------------------------------------------------------------------------------
MAC Address    VLAN/VSI                          Learned-From        Type      
-------------------------------------------------------------------------------
0024-ac11-2670 2017/-                            Eth-Trunk12         dynamic   
745a-aadf-7f00 2017/-                            GE0/0/46            dynamic   
 
-------------------------------------------------------------------------------
Total items displayed = 2

#
user-bind static ip-address 51.5.17.253 mac-address 745a-aadf-7f00 interface GigabitEthernet0/0/46
user-bind static mac-address 0024-ac11-2670 interface Eth-Trunk12
#
interface MEth0/0/1
 ip address 51.5.17.253 255.255.255.0
#
interface Eth-Trunk12
 port link-type trunk
 port trunk allow-pass vlan 2017
 arp anti-attack check user-bind enable
 ip source check user-bind enable
#
interface GigabitEthernet0/0/46
 port default vlan 2017
 arp anti-attack check user-bind enable
 ip source check user-bind enable

                          Step 2     The arp anti-attack check user-bind enable command is configured on the switch. If the gateway SwitchA triggers ARP learning first and sends ARP broadcast packets, the ARP broadcast packets can reach the interface GE0/0/46 on the switch. The switch then learns the address from the management interface, and the ping operation is successful. If the switch triggers ARP learning first, the ARP unicast packets sent from the gateway cannot reach the management interface. As a result, ARP entries cannot be learned, and the ping operation fails.

It is recommended that you do not use the management interface of the switch to perform the test but use the device connected to the switch to perform the test. If you need to use the management interface to perform the test, first delete the ARP entries of the switch on the gateway.

----End