IS this a secondary IP issue???

chuckholley · ‎06-09-2017

Hi,

We created "new" SVI interfaces on the core switch, all static routing no dynamic routing. Switches are all Layer 2 between core and MPLS router.

CORE ---> Trunk ---> L2 Switch--->Trunk--->L2 Switch---Router

Trunks on all switches have new vlans active and forwarding on all and vlans are active in each switch.

However, we cannot ping from any of the switches in the patch to the secondary router interface IP, only the primary IP. I also cannot ping anything on the MPLS cloud from the new vlans (so nothing behind the MPLS router either). I can from the old IP addressing.

router interface:

interface GigabitEthernet0/0
description LAN CLIENTE MASTER
ip address 10.209.0.10 255.255.224.0 secondary
ip address 10.0.0.248 255.255.248.0

Static routes on router:

ip route 0.0.0.0 0.0.0.0 10.0.7.254
ip route 10.0.0.0 255.255.248.0 10.0.7.254
ip route 10.0.8.0 255.255.255.0 10.0.7.254

New SVI VLAN on CORE switch:

Interface Vlan110

ip address 10.209.7.1 255.255.255.0

PLEASE HELP!!!

Thanks

Jon Marshall · ‎06-09-2017

It's not clear what the old IP addressing is and you say new vlans but only show vlan 110 ?

Also the routes on the router, why have the last two entries when they point the same way as the default route ?

Perhaps a quick schematic showing addressing etc, would help.

Jon

Richard Burts · ‎06-10-2017

I agree with Jon that we need to know more about this environment to be able to identify the issue. In reading the original post I find several things that need some explanation.

- There is a static route

ip route 10.0.0.0 255.255.248.0 10.0.7.254

which matches the subnet of the router interface

ip address 10.0.0.248 255.255.248.0

why is this?

- there is a mismatch between the subnet mask used for the router interface and the mask used for he vlan interface

ip address 10.209.0.10 255.255.224.0 secondary

ip address 10.209.7.1 255.255.255.0

is this intentional?

HTH

Rick

HTH

Rick

Richard Burts · ‎06-10-2017

After making my first response I read the original post again and had a realization. The original post describes it as Core connected to layer 2 switches with trunks connecting to router. If the connection to the router is using trunks then I would expect that the address for vlan 10 would be on a subinterface rather than as a secondary address. So we need to know more about the connection of the layer 2 switch to the router and whether it is trunking.

HTH

Rick

HTH

Rick

chuckholley · ‎06-12-2017

it is not a trunk to the router, it is a access port on vlan1 which is the 10.0.0.0/13 subnet.

chuckholley · ‎06-12-2017

ip address 10.209.0.10 255.255.224.0 secondary - this encompasses the entire block we are using...

ip address 10.209.7.1 255.255.255.0 - this is only vlan110 which i was using to test from

chuckholley · ‎06-12-2017

the old IP addressing is 10.0.0.0/13 with the DG SVI being 10.0.7.254 on the Core switch.

The new vlans are all 10.209.x.x/24 subnets. (10.209.0.0/19)

Richard Burts · ‎06-13-2017

If the new vlan exists on the core switch and if the connection from the layer 2 switch to the router is an access port in vlan 1 then configuring the subnet as a secondary address on the router is a mistake. You do not want the router to see 10.209.0.0 as a connected subnet. You want the router to see those addresses as routed remote subnets. You just need a static route on the router pointing to the core switch as the next hop.

HTH

Rick

HTH

Rick

chrihussey · ‎06-12-2017

You have an IP mask conflict.

The secondary IP on the router is "10.209.0.10 255.255.224.0" which encompasses 10.209.0.0 - 10.209.31.255.

On the core switch the VLAN 110 interface is a subset of the router's with 10.209.7.1 255.255.255.0 which is 10.209.0.0 - 10.209.7.255.

Either they need to be the same and share the same L2 domain or one of them needs to be corrected.