Hi Rick

Thanks for the info. My switch is a 3500 layer 2 switch. Here's the config for my switch:

Current configuration:

!

! Last configuration change at 16:04:28 GMT Wed Mar 15 2006

! NVRAM config last updated at 09:49:35 GMT Wed Apr 27 2005

!

version 12.0

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname switch1

!

enable secret 5 ttttttttttt

!

!

!

!

!

clock timezone GMT 1

!

ip subnet-zero

ip name-server 10.11.10.2

ip name-server 10.11.10.1

cluster enable l3 0

cluster member 1 mac-address 0007.ebc9.9380

cluster member 2 mac-address 0007.ebc9.94c0

cluster member 3 mac-address 0007.853f.6d00

!

!

!

interface FastEthernet0/1

switchport access vlan 102

!

interface FastEthernet0/2

duplex full

speed 100

port monitor FastEthernet0/8

switchport access vlan 110

!

interface FastEthernet0/3

switchport access vlan 102

!

interface FastEthernet0/4

switchport access vlan 102

!

interface FastEthernet0/5

port monitor FastEthernet0/19

port monitor FastEthernet0/22

switchport access vlan 100

!

interface FastEthernet0/6

switchport access vlan 101

!

interface FastEthernet0/7

duplex full

speed 100

switchport access vlan 102

!

interface FastEthernet0/8

duplex full

speed 100

switchport access vlan 110

!

interface FastEthernet0/9

duplex full

speed 100

switchport access vlan 102

!

interface FastEthernet0/10

duplex full

speed 100

switchport access vlan 102

!

interface FastEthernet0/11

duplex full

speed 100

switchport access vlan 102

!

interface FastEthernet0/12

switchport access vlan 101

!

interface FastEthernet0/13

switchport access vlan 102

!

interface FastEthernet0/14

duplex full

speed 100

port monitor FastEthernet0/23

switchport access vlan 102

!

interface FastEthernet0/15

duplex full

speed 100

switchport access vlan 102

!

interface FastEthernet0/16

duplex full

speed 100

switchport access vlan 108

!

interface FastEthernet0/17

duplex full

speed 100

switchport access vlan 108

!

interface FastEthernet0/18

duplex full

speed 100

switchport access vlan 102

!

interface FastEthernet0/19

duplex full

speed 100

switchport access vlan 100

!

interface FastEthernet0/20

duplex full

speed 100

switchport access vlan 108

switchport trunk encapsulation dot1q

switchport trunk native vlan 108

switchport mode trunk

!

interface FastEthernet0/21

duplex full

speed 100

port monitor FastEthernet0/7

switchport access vlan 102

!

interface FastEthernet0/22

switchport access vlan 100

!

interface FastEthernet0/23

duplex full

speed 100

switchport access vlan 102

no cdp enable

!

interface FastEthernet0/24

switchport access vlan 102

!

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport trunk native vlan 102

switchport mode trunk

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport trunk native vlan 102

switchport mode trunk

!

interface VLAN1

no ip address

no ip directed-broadcast

ip nat outside

shutdown

!

interface VLAN102

ip address 10.11.8.21 255.255.248.0

no ip directed-broadcast

ip nat outside

!

ip nat inside source list 199 interface VLAN102 overload

logging facility local6

logging 10.11.9.21

logging 10.24.21.1

access-list 199 dynamic Cluster-NAT permit ip any any

banner motd ^C

Switch 1

^C

!

line con 0

password 7 xxxxxxxx

transport input none

stopbits 1

line vty 0 4

exec-timeout 35000 0

password 7 xxxxxxxx

login

line vty 5 15

password 7 xxxxxxxx

login

!

ntp clock-period 11259714

ntp server 10.11.9.21

end

I haven't got a default gateway, any idea how its finding its route?

Thanks again

Dan

It's just broadcast arp-ing for any host it needs to reach. The local router(s) are responding with a Proxy ARP and handling all communications from there upstream.

However, the switch itself doesn't generally communicate to other devices or hosts. the hosts attached to the switch similarly broadcast their ARPs or direct them to their respective default gateway(s) via Layer 2.

Hope this helps, please rate helpful posts.

Dan

Can you clarify when you were testing and were taking different paths, were you connected to the switch console, were you telnetted to the switch, or were you on a workstation connected to a port on the switch.

My guess at this point is that the behavior that you see is related to the fact that the switch is in a cluster and we may be seeing something that is being provided by some other member of the cluster.

HTH

Rick

Hi

Thanks everyone for your replies they were very helpful.

My dillema is this. Basically I have one router which is physically the shortest route to my destination ip. Recently we had an MPLS connection installed and that comes with a router. For a certain set of ip blocks the default route is set to the MPLS router. When I traceroute from the switch instead of going through the old router (router 1) it defaults out to the MPLS network router, but I haven't configured the switch to do that.So how is figuring out that the preferred direction is the MPLS network router?

Rick, in response to your question.

I'm telnetting onto the switch from my office workstation to our datacentre through a les line connected into an internal router. which inturn is connected on to the switch to which I am telnetting to.

Any further ideas?

Thanks again

Dan

Dan

So you are telnetting to the address 10.11.8.21 and doing the traceroute from that address? Perhaps it would be helpful if you could give us a bit more information about addresses where the behavior is as you expect and addresses where the behavior is not what you expect.

As I and others have said if this is a layer 2 switch then it is not making any routing decisions itself. I continue to wonder if some other member of the switch cluster is configured as a layer 3 switch and could be making decisions like that.

HTH

Rick

Hi

Sorry for the late reply, I've been away.

Thanks for your patience with this.

Ok here is a traceroute from a switch not in the cluster:

switch5#traceroute yyy.yyy.17.7

Type escape sequence to abort.

Tracing the route to 7.0-31.17.yyy.yyy.in-addr.arpa (yyy.yyy.17.7)

1 green.example.com (10.11.8.2) 3 msec 0 msec 3 msec

2 * *

It seems to timeout but thats a separate problem, the route at least is correct, as that is where I would expect the first hop to be. BTW the above is the internal router.

From a switch in the cluster I get:

traceroute yyy.yyy.17.7

Type escape sequence to abort.

Tracing the route to 7.0-31.17.yyy.yyy.in-addr.arpa (yyy.yyy.17.7)

1 mpls-gw.example.com (10.11.8.18) 1006 msec 0 msec 2 msec

2 10.1.example.com (10.1.54.253) 3 msec 5 msec 13 msec

3 kkk.kkk.5.131 47 msec 50 msec 50 msec

4 kkk.kkk.0.14 63 msec 53 msec 44 msec

I've attached the switch configs for all those switches in the cluster:

BTW: These switches are cisco 3500xl series, so they are fully layer 2 and not layer 3.

If you need any more info please ask.

Thanks again

Dan

Dan

Thanks for posting the additional information. I have looked at it and have a couple things to discuss.

First at the beginning of the file is configuration of BGP and some static routes. Given the way you have obscured addresses in what you post it is difficult to tell whether this impacts the traceroute or not. It is also unclear what device this config comes from. Perhaps you could clarify?

I am puzzled about the layer 2/layer 3 functionality. The switch configs that you have posted do not have a default gateway configured. If they were pure layer 2 switches and did not have a default gateway configured then they would not be able to access any remote address.

I note that the swithes have their management addresses in VLAN 102. Do you know what device(s) connect to VLAN 102 that do have layer 3 functionality? I assume that there is something connected via trunk to these switches.

I also note that switch 1 configures VLAN 102 with ip nat outside while switch 2 and 3 do not. I am not clear why it is this way or what impact it might have. I also wonder how this could be if the switch were a pure layer 2 implementation.

HTH

Rick

Hi Rick

The bgp listing at the top of the config was put in there by mistake, apologies for the confusion. Basically if you scroll down a little you'll see where the real config is meant to start.

To be honest I inherited this infrastructure, and the person who built it has gone. So I'm trying to make sense of whats happening with it.

When you say that the switches do not have a default gateway, is it always necessary, if so shall I add one and if I do will it affect current traffic?

Connected to switch1 is a layer 3 router (cisco 3600 series). It is in VLAN 102. Is this the key to the solution?

Could you please highlight what the problem could be in terms of nat you mentioned.

Also could you recommend improvemts to the design, I am all open to ideas.

Once again I appreciate your help and patience. I've been doing a lot of reading and I hope to grasp this soon.

Thanks again.

Dan

Hi

Anymore suggestons about this, I'm baffeled!!

Thanks

Dan

Hi Dan,

The switch actually has nothing to do with finding the route for a given packet. All it will do when making a forwarding decision is to look at the destination MAC address in the ethernet header.

If it is known, it will send the frame out the port listed in the mac-address table. If it is unknown, it will flood the frame on every port in the VLAN.

This switch has trunks configured, probably to other switches or perhaps to a router. If it is connected to another layer 2 switch, the other switch will behave the same way. Eventually the packet will reach a layer 3 switch or a router, which will then forward the packet based on the destination subnet, which it should have in its routing table.

Does that make more sense now?

HTH,

Bobby

*Pleae rate helpful posts