cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
435
Views
0
Helpful
3
Replies

Router and switch problem with vlans

kekarlsen
Level 1
Level 1

Dear Sirs,

I'm trouble-shooting a network with a Cisco 1712 router and a HP ProCurve 2524 switch. The router and the switch are both configured and set up by two network consultants working for two different companies.

First, I'm sorry but I don't have any access to the configuration of the router nor the switch right now. So I hope someone could just help me to pin-point me to what I could do to solve this issue.

I try to explain the problem as short and simple as I can get it, here we go. The router is at an office and is used to route traffic to the company's main office, the office has two departments which should be seperated.

The problem is that the router has two vlans on the outside and is untagged on two different interfaces on the inside, port1 (department 1) and port2 (department2). These two untagged vlans has the same mac-address on both interfaces with the current router configuration.

The switch is also divided into two departments by vlans, port 1 through 12 is untagged and used for department 1 and port 13 through 24 is untagged used to department 2. The switch, as far as I know, has only one mac-address table were it stores his learned hardware/mac-addresses. When I connect both departments to the switch, let us say I connect department 1 from the router on port 1 to the switch on port 1 and department 2 from the router on port 2 to the switch on port 13, the switch learns that the mac-address on port 1 is for example 00-0A-12-34-56-78 and the mac-address on port 13 is also 00-0A-12-34-56-78.

So when the computers on department 1 or 2 tries to contact the router the switch doesn't know were to send the packets, the switch takes a changes and sends the packets to either port 1 or 13. This results into that the computers will then experience to loose the connection to the router very often. If I for example ping the router's internal address with 100 echos on one of the vlans, the results would be for example 50% loss (50 out of 100 packets recieved).

Who's fault is this, is it the router or is it the switch? Is it the configuration/setup of the router that produces this problem or is it that the switch only has one mac-address table for all of it's ports/vlans? I have heard that some swhiches has separate mac-address tables per vlan, is this correct and will this solve my problem? Does anyone have a solution or a tip on howto solve this problem with the current hardware?

By the way are there any others that have had the same issue/problem? Anyway, I'm very thankful for all the help I can get!

With kind regards,

Kurt-Erik Karlsen

Norway

3 Replies 3

leonvd79
Level 4
Level 4

Hi Kurt-Erik

Let's review your network configuration.

You have a router with two FastEthernet ports connected to a 24 port HP switch.

FastEthernet 0/0 is connected to switchport 1 and routes for ports 2 through 12 (e.g. VLAN 10). FastEthernet 0/1 is connected to switchport 13 and routes for ports 14 through 24 (e.g. VLAN 20).

A (Cisco) switch keeps one mac-address-table. It's highly unlikely that both router interfaces have the same BIA MAC address. But it is possible to configure an alternate MAC address.

If you have truly two separated LAN's (hence VLAN) it should not matter if the MAC addresses are identical. The ARP request broadcasts CANNOT reach both interfaces of the router since they are on a different VLAN.

You should use network analyzer software to see PVI tags in the frames send accross your switch. I'd say it's not set up properly and get in touch with your consultants!

Hello,

thank you very much for your quick reply. Since I have limited access to the router it is very problematic for me to trouble-shoot this network, but this is what I got after an hour of packet sniffing.

I used a network analyzer to analyze the arp request from the router and it seems to answer with the same mac-address on both vlans. If my theory is correct, it uses it´s outside interface mac-address on it´s vlans, and since the router is configureed with vlans on two inside intefaces connected to the same switch, it will cause problems...

I will come back with some more details after I have tested some more..

Thank you very much for your help!

With kind regards,

Kurt-Erik Karlsen

Norway

I believe the problem to be a leaking switch, due to misconfiguration.

To test, use a packet sniffer on one host in VLAN 10 and get another host on VLAN20 to ping an unknown address. Watch the output of the sniffer on VLAN10 to see if you can find anything created on VLAN20.

You can test this without even having any connection to the router at all. Eg. one computer connected to port 1 and one computer connected to port 13.

Hope this helps. I havent used the HP switch before, but the other brands i have used arent as good as ciscos in that you can easily provision leaky switches.

Cheers

martin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco