1. yes, they can see each other. With sh cdp neigh detail, I can see the relative transport vlan ip addresses too. It seems it's ok.

2. the transport vlan is listed but the tengigabit ports are in trunk mode, so the sh vlan command doesn't report what you said (or maybe I'm not understanding your point).

3. yes they do

4. both interfaces are up (link up and protocol up). Full duplex, 1000mb/s. It looks it's all ok and there are no crc or errors

5. the transport vlan subnet is in the sh ip route list. It results connected and local (L, C) on both core switches

6. ...and that's the point. Show ip arp shows only a single IP. I mean, show ip arp on CS1 reports only the ip address related to CS1. I have no entry for the CS2 transpor vlan ip address. As far as i know I should see the CS2 mac address in the arp list of CS1, isn't it?

1) That is good.

2) The important thing is that the vlan is in the list. Since the interface is trunking it would not show the interface in the list.

3) That is good.

4) Seems good.

5) Probably good. Want to make sure that the subnet, mask, etc match up between the switches.

6) This appears to be where we hit the problem. We would expect to see both IP addresses and both mac addresses in the ARP output. If there is only one then we need to figure out why it is one and not both.

Can you post the configuration of both interfaces?

It might be helpful to turn on debug for arp (or for ip arp depending on platform). Then try to ping from the other switch and look to see if the arp request shows up in the output.

HTH

Rick

Hi Richard

here below the configuration of the 2 interfaces

CS1

interface TenGigabitEthernet1/2/5
switchport trunk native vlan 117
switchport trunk allowed vlan 117
switchport mode trunk

CS2

interface TenGigabitEthernet1/1/15
switchport trunk native vlan 117
switchport trunk allowed vlan 117
switchport mode trunk

If I ping CS2 from CS1, in the arp list I see an "incomplete" related to the CS1 transport vlan ip address. And viceversa of course.

Thank you for the additional information. The configuration of the interfaces seems ok. But I wonder if you are allowing only a single vlan on the trunk and make that vlan the native vlan then why are you setting it up as a trunk? Why not just make it an access port in vlan 117?

Would you post the configuration of interface vlan 117 from both switches?

HTH

Rick

Unfortunately I already tried with an access configuration but it didn't worked :-(

I allowed one single vlan just to make sure the link is working but you can suggest me the right way to do so.

The idea is two Core Switches that have their own different VLAN, interconnected by fiber and static routing applied.

Just an example

On CS1:

ip route 12.0.0.0 255.255.255.0 *CS2_transportvlan_ipaddress"

Anyway here's the configuration of vlans

interface Vlan117
description ***on CS1***
ip address 10.0.0.1 255.255.255.248

interface Vlan117
description ***on CS2***
ip address 10.0.0.2 255.255.255.248

Thank you for providing the configuration of the vlan interfaces. These configs also appear to be ok. But something is preventing the ARP requests from working and that is preventing IP connectivity. So we need to continue looking. Would you post the output of show cdp neighbor? Also perhaps posting the complete switch configuration might show some aspect that is impacting this connectivity.

HTH

Rick

Hello Richard,

before doing so, I was looking the configuration. Since the two CS are configured in VSS, could it be a mac access-list limitation?

I found these lines on configurations:

mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-MGMT
permit host 0a4b.a41a.f895 any
permit any host 0a4b.a41a.f895
permit host aeee.9070.3338 any
permit any host aeee.9070.3338
permit host a265.37b5.f588 any
permit any host a265.37b5.f588
permit host 22c6.8764.057f any
permit any host 22c6.8764.057f
permit host c255.0111.e2ba any
permit any host c255.0111.e2ba
permit host 9a3a.740f.0c5d any
permit any host 9a3a.740f.0c5d
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd

Those acls are for the VSL.

Couple of things -

1) does each VSS use a different domain ID ?

2) if you do not want to extend vlans between the switches why not use L3 routed ports ie. assign the IPs directly to the physical interfaces.

Not saying it will fix the issue but it would make more sense in my opinion.

Jon

Hi Jon,

1) yes, they have the same domain number

2) and that's exactly what I wanted to do, since I want to use this fiber link for a straight limited routing between the two CS. Unfortunately it didn't work :-( but maybe it was my fault. Could you tell me how should I configure the ports to make this possibile?

anyway it seems it's related to CS configuration, since I tried connecting one single switch to one CS with that fiber link and it worked like a charm. 

Using the same domain ID may be an issue.

Do you have "mac-address use-virtual" in your configuration because if you do then the domain ID is used to help calculate the mac addresses.

Not saying that is the problem but it could be.

As for L3 routed ports it should just be "no switchport" under the interface and then you can assign an IP address but perhaps not possible.

Jon

yes, "mac-address use-virtual" is present on both CS.

I already did a test using no switch port and setting an ip address on both physical interfaces, with no result :-( I don't know if in this case it should be used an arp static entry...

Here below the sh int command

Vlan117 is up, line protocol is up
Hardware is Ethernet SVI, address is 0008.e3ff.fd90 (bia 0008.e3ff.fd90)
Description: ***Link TA-TA2***
Internet address is 10.0.0.1/29
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 4d14h, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
IPv6 L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
IPv6 L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
97 packets output, 4462 bytes, 0 underruns
0 output errors, 1 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

Can you just clarify.

Are you connecting a pair of VSS switches to another pair of VSS switches ?

I ask because if it is just two switches and they are running VSS why do you need to connect them with another link ?

If it is a pair of VSS to another VSS pair then could you post the "sh int vlan 117" from both pairs.

Jon

Yes, I'm connecting a pair of switches configured in VSS mode to another pair of switches configured in VSS mode.

I need to establish connection between these switches for routing purpose.

Just to clarify, on CS1 I need to reach vlans of CS2 and viceversa.

The idea is interconnecting the two CS and use routing to make so, adding static route.

Example

On CS1 (ip 10.0.0.1):

ip route 12.0.0.0 255.255.255.0 10.0.0.2

On CS2 (ip 10.0.0.2):

ip route 13.0.0.0 255.255.255.0 10.0.0.1