Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
230
Views
0
Helpful
0
Replies

Cisco IOX application networking does not work on IE3400

Dor-G
Level 1
Level 1

‎10-18-2023 03:33 AM

Hello, 

I have an IOX application running on an IE3400, IOS-XE version 17.6.

The application was set through the UI but it is unable to communicate with the outside world with devices connected to the switch, nor can they connect to it.

Specifically, if I connect to the application shell I get "No route to host" on connection attempts, regardless of target machine. When I capture packets on one of the target machines, I can see ARP packets from the switch application IP & MAC asking for the target machine, which then answers - but the ARPs are repeated (so I guess the applications did not receive the replies).

I have a near-identical set-up in a similar network which works perfectly.

The set-up is as follows:

IE3400 (IP 192.168.0.2) has an application (interface 192.168.0.77) connected to a router, a laptop and a target machine (all in the same subnet). The app is unable to access either the target machine or the laptop, nor to other machines connected to the router.

This is a truncated config of the switch:

!
interface GigabitEthernet1/1
 switchport mode access
 storm-control broadcast level 3.00 1.00
 macro description cisco-ethernetip
 spanning-tree portfast
 service-policy input CIP-PTP-Traffic
 service-policy output PTP-Event-Priority
!
........
!
interface GigabitEthernet1/10
 switchport mode access
 storm-control broadcast level 3.00 1.00
 macro description cisco-ethernetip
 spanning-tree portfast
 service-policy input CIP-PTP-Traffic
 service-policy output PTP-Event-Priority
!
interface AppGigabitEthernet1/1
 description description
 switchport trunk allowed vlan 1,2
 switchport mode trunk
!
interface Vlan1
 ip address 192.168.0.2 255.255.255.0
!
interface Vlan2
 no ip address
!
iox
ip default-gateway 192.168.0.1
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
ip access-list extended 101
 10 permit udp any eq 2222 any dscp 55
ip access-list extended 102
 10 permit udp any eq 2222 any dscp 47
ip access-list extended 103
 10 permit udp any eq 2222 any dscp 43
ip access-list extended 104
 10 permit udp any eq 2222 any
ip access-list extended 105
 10 permit udp any eq 44818 any
 20 permit tcp any eq 44818 any
ip access-list extended 106
 10 permit udp any eq 319 any
ip access-list extended 107
 10 permit udp any eq 320 any
!
!
monitor session 1 source interface Gi1/3 - 5
monitor session 1 destination remote vlan 2

The application config was done via the UI and doesn't appear in the config.

It includes one interface, eth0, 192.168.0.77 / 255.255.255.0 gateway 192.168.0.1, on VLAN 1. It also includes one eth1 interface on vlan2 for capture purposes.

This seemed to be somewhat similar to the issue here: https://community.cisco.com/t5/edge-computing-infrastructure/iox-docker-networking-half-works/td-p/4000185 which appeared to be solved by using VirtualPortGroup, which isn't an option here (and I wouldn't want to use it either).

Any help would be appreciated,

Dor.

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents