Solved: New switches and VTP headaches - Page 2

jayu · ‎08-26-2022

Got in some new C9300L units, one L3 the other L2. Setup VTP server on the L3 and all four VLAN's are showing up fine in the L2. However, the L2 can't ping anything or be pinged by anything but the L3 switch it's directly connected to. Both switches see each other in CDP/LLDP Neighbors. I feel like I'm missing something super simple but my first discipline is not in Cisco so I'm grasping at straws.

jayu · ‎08-26-2022

Looks like GigEth 1/0/24 (the trunk) is the port connected (on all the VLAN's) and spanning-tree is in forward mode (also on all connections except VLAN1)

These results are on the L3 (having issues with 101).

===================================================================================
#show vlan id 101
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
101 101 active Gi1/0/24
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
101 enet 100101 1500 - - - - - 0 0
Remote SPAN VLAN
----------------
Disabled
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/24 Desg FWD 20000 128.24 P2p
VLAN0101
Spanning tree enabled protocol rstp
Root ID Priority 32869
Address f8e9.4f54.8500
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32869 (priority 32768 sys-id-ext 101)
Address f8e9.4f54.8500
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

MHM Cisco World · ‎08-26-2022

Trunk between the L2-L3 SW
Trunk is allow VLAN 101, 172 and 100
all work good except VLAN 101,
can you more elaborate what you face?

jayu · ‎08-29-2022

Correct. So, I have the L3 switch hooked directly into the network and it's pulling packets from all the networks referenced, putting them back out where they belong and as far as I can tell, all is well with this one. The L2, however, sees the VLAN's coming from the VTP server (the L3 switch) and can ping the L3 but nothing else seems to be working there. I can't connect to the web interface on it, I can't ping it from my desk and I can't ping any of the servers from the switch.

The only thing about the L3 that's acting strange is the 101 VLAN. It'll connect for a few minutes then crash, taking down the Web interface and making it unreachable without direct console connections. The logs don't show anything helpful during these events. I have tried changing IP addresses, thinking our documentation was outdated and I had accidentally snagged a previously used IP (set on the SVI) but that didn't help any.

MHM Cisco World · ‎08-29-2022

can you share the config for both SW
note:- hide any public IP

jayu · ‎08-29-2022

Both attached and all IP addresses changed to hide real data. Domain and host names either changed or removed. Thanks for your assistance!

jayu · ‎08-31-2022

Did you ever hear back about why that isn't working?

MHM Cisco World · ‎08-31-2022

Sorry I make you wait, all detail with Topology I will share today night.
dont worry.

jayu · ‎08-31-2022

Thank you! Looking forward to getting this knocked out and off my mind!

MHM Cisco World · ‎08-31-2022

the IP helper make SW crazy,
you config ip helper address with IP in SW,
this make one interface send to other and other return traffic to same interface,
the IP helper is point toward Server not toward SVI of SW.
also are you sure L3SW is run ip routing command??

jayu · ‎09-01-2022

Ahh, ok, that makes sense...I had gotten some advice suggesting that the helpers needed to point to the other SVI's to pass back and forth. I'll remove the default gateway statements and only leave the DHCP/DNS server address (they're both on the same DC).

As for the routing, no not yet. The old router is still in place and we're not ready to make that change just yet. Need to get the switching portion stable before we start playing with routing but if you have advice on how to make that happen, I'm all ears! On that config, VLAN 102 is the network the firewall comes in on, so that'll be my connection in soon.

jayu · ‎09-01-2022

Attaching updated config from both units to reflect the removed helper addresses