|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
hamster
Guest
|
 Posted: Thu Jun 28, 2007 4:50 am Post subject: Catalyst 3750 with 2 vlans. Only vlan1 drop packet when ping |
 |
|
Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.
I created vlan140 on the switch. There is only one port connected to
up link. I could ping the ip on vlan140 without droping package, but
when I ping to the ip on vlan1, about 10% come back with "Request
timed out."
I have checked the interface error on both side of the cable, they are
all zero.
I tried different ip addresses for vlan1 and even replace the cable,
no luck.
Could anybody suggest what else I can try?
Many thanks.
Here is the configuration which I believe is relevant:
==========================================
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
no file verify auto
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
interface Vlan1
ip address 10.0.2.247 255.255.252.0
standby 140 ip 10.0.0.117
standby 140 preempt delay minimum 60
!
interface Vlan140
ip address 10.0.140.16 255.255.252.0
standby 141 ip 10.0.140.1
standby 141 preempt delay minimum 60
!
ip default-gateway 10.0.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip http server
no ip http secure-server
===================================== |
|
| Back to top |
|
 |
|
|
Trendkill
Guest
|
| Posted: Thu Jun 28, 2007 4:50 am Post subject: Re: Catalyst 3750 with 2 vlans. Only vlan1 drop packet when |
|
|
On Jun 27, 9:00 pm, hamster <wongbe...@yahoo.com> wrote:
| Quote: | Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.
I created vlan140 on the switch. There is only one port connected to
up link. I could ping the ip on vlan140 without droping package, but
when I ping to the ip on vlan1, about 10% come back with "Request
timed out."
I have checked the interface error on both side of the cable, they are
all zero.
I tried different ip addresses for vlan1 and even replace the cable,
no luck.
Could anybody suggest what else I can try?
Many thanks.
Here is the configuration which I believe is relevant:
==========================================
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
no file verify auto
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
interface Vlan1
ip address 10.0.2.247 255.255.252.0
standby 140 ip 10.0.0.117
standby 140 preempt delay minimum 60
!
interface Vlan140
ip address 10.0.140.16 255.255.252.0
standby 141 ip 10.0.140.1
standby 141 preempt delay minimum 60
!
ip default-gateway 10.0.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip http server
no ip http secure-server
=====================================
|
You have HSRP configured....where is the other hsrp peer? Are these
VLAN's trunked? Anything in the logs about 'standby' changes? If you
just have it configured and there is no other switch/router, then this
should work fine. But I am guessing that you have another core and we
need to see that config and log as well. |
|
| Back to top |
|
|
Trendkill
Guest
|
| Posted: Mon Jul 02, 2007 2:51 pm Post subject: Re: Catalyst 3750 with 2 vlans. Only vlan1 drop packet when |
|
|
On Jul 2, 7:39 am, Trendkill <jpma...@gmail.com> wrote:
| Quote: | On Jul 2, 2:30 am, hamster <wongbe...@yahoo.com> wrote:
On Jun 29, 4:33 am, Trendkill <jpma...@gmail.com> wrote:
On Jun 28, 2:28 pm, Trendkill <jpma...@gmail.com> wrote:
On Jun 27, 9:12 pm, Trendkill <jpma...@gmail.com> wrote:
On Jun 27, 9:00 pm, hamster <wongbe...@yahoo.com> wrote:
Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.
I created vlan140 on the switch. There is only one port connected to
up link. I could ping the ip on vlan140 without droping package, but
when I ping to the ip onvlan1, about 10% come back with "Request
timed out."
I have checked the interface error on both side of the cable, they are
all zero.
I tried different ip addresses forvlan1and even replace the cable,
no luck.
Could anybody suggest what else I can try?
Many thanks.
Here is the configuration which I believe is relevant:
==========================================
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
no file verify auto
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
interfaceVlan1
ip address 10.0.2.247 255.255.252.0
standby 140 ip 10.0.0.117
standby 140 preempt delay minimum 60
!
interface Vlan140
ip address 10.0.140.16 255.255.252.0
standby 141 ip 10.0.140.1
standby 141 preempt delay minimum 60
!
ip default-gateway 10.0.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip http server
no ip http secure-server
=====================================
You have HSRP configured....where is the other hsrp peer? Are these
VLAN's trunked? Anything in the logs about 'standby' changes? If you
just have it configured and there is no other switch/router, then this
should work fine. But I am guessing that you have another core and we
need to see that config and log as well.
Do me a favor and send me the configs for both routers. You may want
to turn logging on at an informational level, in case HSRP is losing
its neighbor and your timeout is causing it to failover for a specific
time. Are you pinging the hsrp vlan 1 address, or the specific
switch's address in vlan 1? Can you ping both and see if both fail or
if it is just one? If it is just one, it tends to look like an HSRP
or connectivity issue between your two switches. If both fail, then
it sounds like we have another issue. Also, are you able to always
ping vlan 140's interface with no problems? Is 140 trunked over to
the other switch? If not, how does the other switch know how to get
back to this switch to reply to the node's ping?
In short, you can either trunk all vlans between your two cores (cores
= routers that own all vlans, usually from a layer 2 and layer 3
perspective), or you can have vlans on different switches, and have
them advertise the networks between one another. What I see here is a
hybrid model that will not work. If you want to do the second option,
you need to turn up a routing protocol or statics to let the first
switch/router know about the new vlan (140), or you need to trunk/
connect 140 directly to avoid multi hop standby (should work, just not
a good practice).- Hide quoted text -
- Show quoted text -
Hi TrendKill,
I have sent you the configurations.
I can ping the vlan 140 interface ips (all three) without dropping
packet.
I have problem pinging vlan1 interface ip (not HSRP) on 3750-06
switch. There is no packet drop on vlan1 interface ip on 3750-07
switch nor the HSRP interface.
In terms of trunking, we are not setting trunk on it because we only
want to isolate this section during broadcast and running-out-of-ip
issues. So, the layer 2 traffic is bound in this segment only.
Do you need more informaiton?
Thanks
Ok, I need to see a show interface trunk on both switches. I also
would like to see a show arp | include <ip you are having response
issues with>, and a show mac-address <mac> of the mac that results
from the show arp command. Basically, and while I don't have any
concrete to go off of, there is some kind of communication issue
between your two switches. If you can ping the closest physical
interface, and the HSRP (probably because the closest switch is the
owner of hsrp for both VLANs), I would guess that if you moved HSRP
over you would be having connectivity issues.
Perhaps the most important thing of all is, how does switch 06 know
about vlan 140 on 07? It has an interface in that vlan, but if its
not trunked over, you have the equivalent of two different vlan 140s.
When a node on switch 07 needs to talk to vlan 1, it will go to its
interface, which will route to the vlan 1 interface on switch 07, then
send you across the vlan 1 trunk to 06, but 06 will not know how to
respond since he is the default gateway for all networks. You either
need to run a core set of switches that know about all vlans and
collectively own layer 2 and layer 3 (hsrp, vlans created on both,
trunking between the two or more, etc), or you can do distributed
layer 3 which is where some switches own some vlans, while others own
others. In this case, you have to run a routing protocol for the L3
switches to exchange knowledge about the networks that they own. If
you do this architecture, switches that do not 'own' the vlan should
not have interfaces in it.
Please let me know if this helps clarify something, or if it doesn't,
please respond back with the commands requested.
|
Also, the reason I say that switch 06 will not be able to get back to
vlan 140 on switch 07, is that he will not know to route the packet
since there are no protocols, but even more basic than that, he has an
interface in that network. So when he gets a packet destined for vlan
140 on switch 07, he moves it to his own vlan 140 (since the subnet
matches), but if there is not a trunk across to switch 07 in vlan 140,
it will never make it back.
All of the above could be null and void if your show interface trunk
comes back and shows vlans 1 and 140 being trunked on both sides, but
I'm currently suspecting that is the issue with the limited knowledge
of your environment that I have. |
|
| Back to top |
|
|
Trendkill
Guest
|
| Posted: Mon Jul 02, 2007 2:51 pm Post subject: Re: Catalyst 3750 with 2 vlans. Only vlan1 drop packet when |
|
|
On Jul 2, 2:30 am, hamster <wongbe...@yahoo.com> wrote:
| Quote: | On Jun 29, 4:33 am, Trendkill <jpma...@gmail.com> wrote:
On Jun 28, 2:28 pm, Trendkill <jpma...@gmail.com> wrote:
On Jun 27, 9:12 pm, Trendkill <jpma...@gmail.com> wrote:
On Jun 27, 9:00 pm, hamster <wongbe...@yahoo.com> wrote:
Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.
I created vlan140 on the switch. There is only one port connected to
up link. I could ping the ip on vlan140 without droping package, but
when I ping to the ip onvlan1, about 10% come back with "Request
timed out."
I have checked the interface error on both side of the cable, they are
all zero.
I tried different ip addresses forvlan1and even replace the cable,
no luck.
Could anybody suggest what else I can try?
Many thanks.
Here is the configuration which I believe is relevant:
==========================================
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
no file verify auto
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
interfaceVlan1
ip address 10.0.2.247 255.255.252.0
standby 140 ip 10.0.0.117
standby 140 preempt delay minimum 60
!
interface Vlan140
ip address 10.0.140.16 255.255.252.0
standby 141 ip 10.0.140.1
standby 141 preempt delay minimum 60
!
ip default-gateway 10.0.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip http server
no ip http secure-server
=====================================
You have HSRP configured....where is the other hsrp peer? Are these
VLAN's trunked? Anything in the logs about 'standby' changes? If you
just have it configured and there is no other switch/router, then this
should work fine. But I am guessing that you have another core and we
need to see that config and log as well.
Do me a favor and send me the configs for both routers. You may want
to turn logging on at an informational level, in case HSRP is losing
its neighbor and your timeout is causing it to failover for a specific
time. Are you pinging the hsrp vlan 1 address, or the specific
switch's address in vlan 1? Can you ping both and see if both fail or
if it is just one? If it is just one, it tends to look like an HSRP
or connectivity issue between your two switches. If both fail, then
it sounds like we have another issue. Also, are you able to always
ping vlan 140's interface with no problems? Is 140 trunked over to
the other switch? If not, how does the other switch know how to get
back to this switch to reply to the node's ping?
In short, you can either trunk all vlans between your two cores (cores
= routers that own all vlans, usually from a layer 2 and layer 3
perspective), or you can have vlans on different switches, and have
them advertise the networks between one another. What I see here is a
hybrid model that will not work. If you want to do the second option,
you need to turn up a routing protocol or statics to let the first
switch/router know about the new vlan (140), or you need to trunk/
connect 140 directly to avoid multi hop standby (should work, just not
a good practice).- Hide quoted text -
- Show quoted text -
Hi TrendKill,
I have sent you the configurations.
I can ping the vlan 140 interface ips (all three) without dropping
packet.
I have problem pinging vlan1 interface ip (not HSRP) on 3750-06
switch. There is no packet drop on vlan1 interface ip on 3750-07
switch nor the HSRP interface.
In terms of trunking, we are not setting trunk on it because we only
want to isolate this section during broadcast and running-out-of-ip
issues. So, the layer 2 traffic is bound in this segment only.
Do you need more informaiton?
Thanks
|
Ok, I need to see a show interface trunk on both switches. I also
would like to see a show arp | include <ip you are having response
issues with>, and a show mac-address <mac> of the mac that results
from the show arp command. Basically, and while I don't have any
concrete to go off of, there is some kind of communication issue
between your two switches. If you can ping the closest physical
interface, and the HSRP (probably because the closest switch is the
owner of hsrp for both VLANs), I would guess that if you moved HSRP
over you would be having connectivity issues.
Perhaps the most important thing of all is, how does switch 06 know
about vlan 140 on 07? It has an interface in that vlan, but if its
not trunked over, you have the equivalent of two different vlan 140s.
When a node on switch 07 needs to talk to vlan 1, it will go to its
interface, which will route to the vlan 1 interface on switch 07, then
send you across the vlan 1 trunk to 06, but 06 will not know how to
respond since he is the default gateway for all networks. You either
need to run a core set of switches that know about all vlans and
collectively own layer 2 and layer 3 (hsrp, vlans created on both,
trunking between the two or more, etc), or you can do distributed
layer 3 which is where some switches own some vlans, while others own
others. In this case, you have to run a routing protocol for the L3
switches to exchange knowledge about the networks that they own. If
you do this architecture, switches that do not 'own' the vlan should
not have interfaces in it.
Please let me know if this helps clarify something, or if it doesn't,
please respond back with the commands requested. |
|
| Back to top |
|
|
|
|
