Thanks for the reply. Below is my comments:

1) & 2) It is fine not to use EIGRP, but I find RIP is running on the sw1, so if RIP is not used, please remove the router rip command to simplofy the config.

3) Why setup virtual IP at the link between two switch, there is no host pointing to this virtual IP as GW, right ? Please remove the HSRP group of this link to simplify the config.

4) I mean most of the static routes are using /32 mask and you can use shorter mask to make the config. simplier. However, it is fine if you ensure all are correct and type the /32 mask one by one. It does not affect the result.

5) & 6) Thanks.

7) I found some subnets are configured with two static routes that make the load-sharing but it seems not actually load-sharing the traffic.

e,g.

S 2XX.XX.60.132/32 is directly connected, Vlan8

is directly connected, Vlan100

S 2XX.XX.60.220/32 is directly connected, Vlan6

is directly connected, Vlan100

The reason to simplify the config. is to isolate the question, make it easier to troubleshoot.

The problem is the static route not configured correctly, so it cause the problem. You can simulate the problem by write it on a paper that how the packet transmit and arrive each subnet, VLAN, switch then the destination. Then you will find the problem.

Please try to make it.

Hope this helps.

1) I have removed the RIP entry, I don't know why it was there.

3) I enabled HSRP in between the two HSRP to have a redundant COMMAND and STANDBY switch so one 3550 can take the COMMAND of the cluster if the other one goes down... Is that not right? (i removed it in the meantime to see if that was the problem)

4) I know I can make shorter mask, but they are like that because many customers want 1 or 2 IP's so I have no choice so I need to make those /32 and then statically route that /32 to the gateway vlan on which that customer's MAIN IP is connected to.

7) This is just because I NULL ROUTED those IP's by sending them to the Vlan100, this is probably because a customer spammed or something like that... This is not part of my usual routing, but it should not have anything to do with the problem I am currently having.

I also know the problem has to do with routing, but I just really can't figure out what I am doing wrong.

Please analyze and try to see if you can find the solution for me, please.

Thank You

The VLAN 100 between 35500s does not require HSRP due to user attach on this VLAN directly and use it as GW.

I understood the mask issue, it is fine to keep it.

Please advise is there any L3 switch or router will connect to these switches. It was because you configure the VLAN interface w/ IP address & HSRP but did not binding to any physical port, so I believe there is external L3 switch or router to provide the default GW function to the user.

Moreover, you can just change the next-hop of those testing IP & static route, e.g. 2xx.xx.70.50 to a specific IP instead of a VLAN.

The reason is the looping is the user packet forward to the VLAN by following the static route then the packet reach another 3550 then this 3550 forward this packet to another VLAN again by the DEFAULT static route. So the looping is occured, and I suggest to use IP as next-hop instead of VLAN.

If you want to troubleshoot it, simple remove the test static route in 3550 and try again, then you will find the packet will not be looped but dropped at the switch, due to no static route.

And please ensure and clarify the IP address assignment for user, GW and allocation to the 3550 interface. All of those should be matched together to make it work. If VLAN assigned IP and there is user using this subnet, you need to configure it in physical interface.

Hope this helps.

Hello,

Ok from what my admin told me (he is not certified cisco but knows a bit of routers) he said we use VLANS instead of physical interface to route our traffic. Here is how my network is done.

PROVIDER (3550) >>> ME (3550) >> LAYER 2 SWITCHES(2950T) >>>> SERVER (host).

From my understanding, it is that the default gateway to the user was FIRST (before hsrp) set by the routed VLAN IP information I put itm which ALWAYS worked and then AFTER (after implementing hsrp) by the Virtual IP I assign HSRP as the VLAN interface gateway, am I wrong to think this way?

I understand your point in routing towards gateways and not Vlans... This is the error I get when trying to do that:

mtl-sw-gw1(config)#ip route 2XX.XX.70.50 255.255.255.255 2XX.XX.60.1

%Invalid next hop address (it's this router)

mtl-sw-gw1(config)#

The .60.1 is the default GW set by HSRP for VLAN3 on which sits the server to which I want to send additional IP .70.50

So am I doing something wrong???

Also HSRP can only be set on VLANs and not physical interfaces, so how am I supposed to route to physical IP's etc.. if HSRP is set on VLANS? or perhaps I not getting the idea ?

In the meantime, can you tell me why MY setup with Vlans is not working? Or maybe something missing? I would rather leave it with Vlans as it is already all configured, if it can work properly.

Please let me know for my 4 questions above.

Thanks

I agreed to route the traffic via VLAN instead of physical interface, what I am suggesting is to bind the corresponding VLAN to correct physical interface.

In your updated diagram, the 2950T is only the L2 switch that w/o routing function.

As I mentioned before twice that the static route cause the problem, so you have to simplify the static routes and ensure that the VLAN, interface, subnet & GW are matching.

Hope you can clarify it yourself first then we can continue the troubleshooting, it was because the one who understand the design the most always is the designer.

Please provide the IP config. of the 2xx.xx.70.50 host, then we can identify where is the GW, check the GW location and configuration of the GW and match it with the static route in switch. When you implement the HSRP, it only change the GW in host to the virtual IP in HSRP and nothing changed. So, it should not impact the rouing if the static route is correct.

Hello,

Ok so here are my responses.

1) How to I BIND a Vlan to Physical Interfaces ?

2) How do I ensure that VLAN, Interface, Subnet and GW are all matching?

3) Here is the confirm for .70.50. Basically that IP is NOT in my network presently. a Customer in VLAN3 with virtual IP gw 2XX.XX.60.1 has requested an additional IP, so before hsrp I routed them like this ip route 2XX.XX.70.50 255.255.255.255 vlan3 for example, it always worked, since hsrp implemented, it loops. The GW is on VLAN3 hsrp, which is .60.1, active 3550 is .60.2, standby 3550 is .60.3

4) When implement HSRP, it changes also the IP of the active and standby vlan interface. before my VLAN 3 had IP .60.1, now with hsrp that changed to virtual IP and both my active and passive have .60.2 and .60.3 respectively.

5) Also can you please tell me why in my previous post when I tried to follow your recommendation of binding to gw's it gave me an error:

mtl-sw-gw1(config)#ip route 2XX.XX.70.50 255.255.255.255 2XX.XX.60.1

%Invalid next hop address (it's this router)

mtl-sw-gw1(config)#

Hope these 5 points will help me finally solve my issue :)

Thanks

Thanks for yuor reply.

1) I mean associate the VLAN to the physical port then I know where is the VLAN will be located at 3550 or please specify the config. in 2950T.

2) I mean to make sure the user is configure the GW that is the address of the VLAN interface, and this VLAN interface also be configured in the switch.

3) IC, the GW is 60.1. Do you mean this is the GW for 70.5 ? If yes, they are located at different subnet, how can the 70.5 traffic to route to the correct VLAN ? Please explain.

4) It mean there is no change at user side but only the real IP in VLAN. It should not affect the user.

5) It was because the next-hop should be the real IP address of the remote end. e.g. ip route 2xx.xx.70.50 255.255.255.255 2xx.xx.60.n where the 60.n is the remote end and not the local IP. The remote end mean the remote device what can route the traffic to 70.50 directly. Because 70.5 & 60.x is not located at the same subnet.

Could you please provide the pervious WORKING config. w/o HSRP for reference ? Thanks.

What I tell for the trace result is :

1) The PC is connecing at VLAN 7 at primary 3550 and ping a host w/ 2xx.xx.70.50;

2) The packet arrive the switch and find the static route to route to VLAN 3;

3) Where VLAN 3 is configured as 2xx.xx.60.2 in primary 3550, so it forward the packet to VLAN 3;

4) Then standby 3550 receive the packet at 60.3 and find there is no 70.50 specific route / static route, so it follow the default route to forward the packet to 10.0.0.2;

5) Where the 10.0.0.2 is located at primary 3550 VLAN 100, so it back to step 2 and create the routing loop.

The primary factor is to setup the correct next-hop. And let the 70.50 able to communicate to other hosts in the network.

If 70.50 is also located at VLAN3 but setup w/ 60.1 as GW, I cannot find how it can talk to the switch to other subnet. It was because the 60.1 and 70.50 are different subnets in your configuration (w/ long mask).

Therefore, what I suggest is to clarify the IP planning and assignment. I really don't know how to make the traffic can be routed to other subnet w/o setting the GW as the same subnet of its IP address in user. Unless the user use shorter mask that can inlcude both 70.50 & 60.1 in same subnet (e.g. /16), but it may create address mask mismatch between switch and user.

Hope this clarify the reason.

Hello,

what I don't understand is STEP 4, from step 3, it goes to VLAN3, then WHY does it go to standby 3550 (step 4), it is suppose to route DIRECTLY to .70.50 as there is a static route that says that .70.50 has to route to VLAN3 too...

So why is it going to Standby 3550 ???

Thanks

This is what I observed from your trace route. I mean the trace route should next hop is 60.2 and it matched w/ the VLAN3. The PC should reside on the same subnet where its gateway located, from your config., the static route is set as VLAN not a IP address, so it just forward to the VLAN 3 / interface and the same subnet of the remote side (the standby 3550) get it and forward the packet.

I really don't know why it works before, because I never tried to setup IP address like this. Sorry I cannot simulate it due to no resource.

Could you please advise what is the default gateway that you setup in 70.50 ?

Hello,

.70.50 has NO default GW of its own. I statically routed as a /32 to VLAN3, so the default GW the server uses is .60.1 which is the hsrp virtual IP and in turn the gateway.

It was working like this before, I don't see why implementing hsrp would break things....

Please I really need help to know what to do .... What do you recommend? how to fix all that?

Also if that is the case, why when I add the static routes on the BU1 standby 3550, the traffic finally gets routed to destination, why does it need to see the standby 3550 static routes to route the traffic correctly???

Normally it is not supposed to see the standby 3550 as long as active 3550 is operating...

Please let me know

Thanks

Please refer to my ans. in other post.

In this post, The host will forward the packet to virtual IP and the HSRP announce the MAC of virtual IP is active 3550, so it should forward the packet to active MAC. Please check the HSRP status w/ "sh hsrp" then you can find which is the exact active switch in each VLAN. If two switches break the connection between them, both switches will treat themselves as active, so please ensure the connectivity is work between two switches at the HSRP enabled VLAN (not the inter-link between two 3550s).

I am sorry but I am having a hard time understand what you wrote...

For number 3:

1) On my STATIC routes I said .70.50 to route to VLAN3 which has a virtual gateway of .60.1, that is how I expect it to route there, am I wrong in thinking like that? It always worked before HSRP.

For number 5:

2) When you say remote end, do you mean I needto route the .70.50 to the IP I assigned to the layer 2 switch? That can be a problem later on with when customers cancel their accounts etc... Or maybe I did not understand correctly, can you please clarify.

3) Attached you will find the config before HSRP was implemented and where all routing worked fine.

4) From the traceroute I gave you, may I please know WHY the traceroute goes to the .60.3 which is the standby router since BOTH 3550 have same VLAN interfaces and routing and the .60.2 is the active one, but the routing goes to .60.3, why is that???

Thanks

1) Do you mean the default gateway in 70.50 is set as 60.1 ? And what is the mask of 70.50 ? /24 or /16 ?

2) I alwasys setup the host IP address and default GW at same subnet. I am not asking to route to another L2 switch, I just guess if there is another switch which is connecting to the 3550 or 2950T but able to route the traffic. However, I found there is only 2950T but configure as L2 only. Can you please provide the trace route from 70.50 to one host other VLAN ?

3) I guess you forget to attach the file, please reattach it.

4) Router is communicate each other at same subnet, from that VLAN, they both located at 60.x. And you configure the next-hop is VLAN not IP address, so it just forward the packet to this VLAN, and the standby 3550 got the packet and route it that according to its routing table.

In routing, please forget the HSRP, HSRP active/standby/virtual IP is for the LAN users. Router use real IP to communicate only.

In this case, I think the issue is why it works before configure HSRP ? Will it works again if we remove the HSRP ? How 70.50 communicate to other network w/o setting the subnet in L3 switch.

I hope when we get the 70.50 setting & the pervious working config. of 3550 then we can find the ans.