Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1177
Views
0
Helpful
4
Replies

networking issues between two 9200L switches, with two Sonicwalls

btkach
Level 1
Level 1

‎01-06-2022 11:52 PM

We have a network generally outlined like this:

Site 1

Sonicwall NSA2650

|

Cisco 9200L

|

|fiber connection via 10GB GBIC's.

|

| Site 2

Cisco 9200L

|

Sonicwall TZ600

 

The Two Sonicwalls are connected to their ISP's on each side.

Each is the default gateway for the devices on their side.

 

The two 9200L's are connected by 7km fiber.

The two 9200L's have SVI's on them for various VLANs.

The two 9200L's have a default route to a management IP on each relative firewall.

There are static routes setup on each switch, to direct traffic back and forth.

The two 9200L's are connected via a routed portchannel, using two ports.

In Site 2 I have a VLAN 17.  on the 9200L in that site there's an SVI connected to IP range 192.168.17.32/27.  Connectivity from VLAN1 to VLAN17 within Site 2 is fine, ping, rdp, connect, it all works.

 

Connectivity to VLAN 17 from site 1 is not great.

I have 3 devices, and the TZ600 in VLAN 17.  If I ping from a device in Site1 to a any of the devices in VLAN 17, it works. If I ping the TZ600, it does not work.  The devices in VLAN 17 try to connect back to a device in VLAN 1, but are failing, even though they are ping reachable.

 

I cannot tell if the packet loss is at the switch, or the firewalls.  I'm hoping someone with more expertise would be able to help me.  I realize it's two different vendors, which is torturous.  But I definitely am missing something.

 

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎01-07-2022 01:48 AM

Hello,

 

it is difficult to visualize your topology. Post a schematic drawing showing how everything is connected, and mark where the connectivity problems are. Also, post the running configs of both switches.

0 Helpful

btkach
Level 1
Level 1
In response to Georg Pauwen

‎01-07-2022 08:17 AM

9200L Site 1


!
! Last configuration change at 15:24:26 PST Wed Dec 22 2021 by admin
! NVRAM config last updated at 10:10:44 PST Thu Jan 6 2022 by admin
!
version 17.3
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
service call-home
service unsupported-transceiver
platform punt-keepalive disable-kernel-core
!
hostname CHSRV1AS01
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging userinfo
logging buffered 50000
no logging console

!
!
!
!
aaa new-model
!
!
aaa authentication login aaaVTY local
aaa authentication login aaaCON enable
!
!
!
!
!
!
aaa session-id common
clock timezone PST -8 0
clock summer-time PST recurring
switch 1 provision c9200l-48t-4x
!
!
!
!
vtp domain parksville
vtp mode transparent
!
!
!
!
!
ip routing
!
no ip domain lookup
ip domain name city.parksville.bc.ca
!
!
!
ip igmp snooping querier address 192.168.99.1
ip igmp snooping vlan 666 mrouter learn cgmp
ip igmp snooping vlan 666 last-member-query-count 2
ip igmp snooping vlan 666 last-member-query-interval 1000
login on-failure log every 4
login on-success log
no device-tracking logging theft
!
table-map policed-dscp
map from 0 to 8
map from 10 to 8
map from 18 to 8
map from 24 to 8
map from 46 to 8
default copy
!
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki trustpoint TP-self-signed-1622940100
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1622940100
revocation-check none
rsakeypair TP-self-signed-1622940100
!
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01 nvram:CiscoLicensi#1CA.cer
crypto pki certificate chain TP-self-signed-1622940100
certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
!
license boot level network-essentials addon dna-essentials
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
path flash:archived-config
maximum 7
write-memory
time-period 1440
memory reserve critical 2000
memory free low-watermark processor 20000
!
no errdisable detect cause gbic-invalid

!
redundancy
mode sso
!
!
transceiver type all
monitoring
!
vlan 5
name DMZ
!
vlan 10
name Wlan_Staff
!
vlan 11
name Phone
!
vlan 20
name Wlan_Guest
!
vlan 99
name Mgmt
!
vlan 100
name WLAN_Mgmt
!
vlan 131
name OPS_CITY_STAFF
!
vlan 250
name voice_Firehall
lldp run
!
!
class-map match-any system-cpp-police-ewlc-control
description EWLC Control
class-map match-any AutoQos-4.0-Output-Multimedia-Conf-Queue
match dscp af41 af42 af43
match cos 4
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any AutoQos-4.0-Output-Bulk-Data-Queue
match dscp af11 af12 af13
match cos 1
class-map match-any system-cpp-default
description EWLC data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any AutoQos-4.0-Output-Priority-Queue
match dscp cs4 cs5 ef
match cos 5
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any AutoQos-4.0-Output-Multimedia-Strm-Queue
match dscp af31 af32 af33
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any AutoQos-4.0-Voip-Data-CiscoPhone-Class
match cos 5
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description MCAST Data
class-map match-any AutoQos-4.0-Voip-Signal-CiscoPhone-Class
match cos 3
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-all AutoQoS-VoIP-RTP-Trust
match ip dscp ef
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual OOB
class-map match-all AutoQoS-VoIP-Control-Trust
match ip dscp cs3 af31
class-map match-any non-client-nrt-class
class-map match-any AutoQos-4.0-Default-Class
match access-group name AutoQos-4.0-Acl-Default
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any AutoQos-4.0-Output-Trans-Data-Queue
match dscp af21 af22 af23
match cos 2
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-ios-routing
description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
class-map match-any AutoQos-4.0-Output-Scavenger-Queue
match dscp cs1
class-map match-any system-cpp-police-ios-feature
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
class-map match-any AutoQos-4.0-Output-Control-Mgmt-Queue
match dscp cs2 cs3 cs6 cs7
match cos 3
!
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Output-Priority-Queue
priority level 1 percent 30
class AutoQos-4.0-Output-Control-Mgmt-Queue
bandwidth remaining percent 10
queue-limit dscp cs2 percent 80
queue-limit dscp cs3 percent 90
queue-limit dscp cs6 percent 100
queue-limit dscp cs7 percent 100
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Conf-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Trans-Data-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Bulk-Data-Queue
bandwidth remaining percent 4
queue-buffers ratio 10
class AutoQos-4.0-Output-Scavenger-Queue
bandwidth remaining percent 1
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Strm-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class class-default
bandwidth remaining percent 25
queue-buffers ratio 25
policy-map system-cpp-policy
policy-map AutoQoS-Police-CiscoPhone
class AutoQoS-VoIP-RTP-Trust
set dscp ef
policy-map AutoQos-4.0-CiscoPhone-Input-Policy
class AutoQos-4.0-Voip-Data-CiscoPhone-Class
set dscp ef
police cir 128000 bc 8000
conform-action transmit
exceed-action set-dscp-transmit dscp table policed-dscp
class AutoQos-4.0-Voip-Signal-CiscoPhone-Class
set dscp cs3
police cir 32000 bc 8000
conform-action transmit
exceed-action set-dscp-transmit dscp table policed-dscp
class AutoQos-4.0-Default-Class
set dscp default
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
description to HV5_SRV
switchport mode trunk
!
interface Port-channel2
description Data+Voice
!
interface Port-channel3
description HV4_SRV
switchport mode trunk
!
interface Port-channel4
description to HV6_SRV
switchport mode trunk
!
interface Port-channel5
description to HV2_SRV
switchport mode trunk
!
interface Port-channel6
description UPLINK WR2
switchport mode trunk
!
interface Port-channel9
description UPLINK HV1 OPS
switchport mode trunk
!
interface Port-channel10
description UPLINK WTP
no switchport
ip address 192.168.55.2 255.255.255.252
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
description UPLINK WR2
switchport mode trunk
channel-group 6 mode active
!
interface GigabitEthernet1/0/2
description UPLINK WR2
switchport mode trunk
channel-group 6 mode active
!
interface GigabitEthernet1/0/3
description DMZ to FW-X2
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/0/4
description SERVERS
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/0/5
description SERVERS
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/0/6
description SERVERS
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/0/7
description Data+Voice
switchport voice vlan 11
trust device cisco-phone
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/8
description Data+Voice
switchport voice vlan 11
trust device cisco-phone
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/9
description HV5_SRV
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/10
description HV5_SRV
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/11
description HV5_SRV
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/12
description HV5_SRV
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/13
description HV2_SRV
switchport mode trunk
!
interface GigabitEthernet1/0/14
description HV2_SRV
switchport mode trunk
!
interface GigabitEthernet1/0/15
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/16
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/17
description HV4_SRV
switchport mode trunk
channel-group 3 mode active
!
interface GigabitEthernet1/0/18
description HV4_SRV
switchport mode trunk
channel-group 3 mode active
!
interface GigabitEthernet1/0/19
description HV4_SRV
switchport mode trunk
channel-group 3 mode active
!
interface GigabitEthernet1/0/20
description HV4_SRV
switchport mode trunk
channel-group 3 mode active
!
interface GigabitEthernet1/0/21
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/22
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/23
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/24
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/25
description HV6_SRV
switchport mode trunk
channel-group 4 mode active
!
interface GigabitEthernet1/0/26
description HV6_SRV
switchport mode trunk
channel-group 4 mode active
!
interface GigabitEthernet1/0/27
description HV6_SRV
switchport mode trunk
channel-group 4 mode active
!
interface GigabitEthernet1/0/28
description HV6_SRV
switchport mode trunk
channel-group 4 mode active
!
interface GigabitEthernet1/0/29
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/30
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/31
description Data+Voice
channel-group 2 mode active
spanning-tree portfast
!
interface GigabitEthernet1/0/32
description Data+Voice
channel-group 2 mode active
spanning-tree portfast
!
interface GigabitEthernet1/0/33
description HV2_SRV
switchport mode trunk
channel-group 5 mode active
!
interface GigabitEthernet1/0/34
description HV2_SRV
switchport mode trunk
channel-group 5 mode active
!
interface GigabitEthernet1/0/35
description HV2_SRV
switchport mode trunk
channel-group 5 mode active
!
interface GigabitEthernet1/0/36
description HV2_SRV
switchport mode trunk
channel-group 5 mode active
!
interface GigabitEthernet1/0/37
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/38
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/39
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/40
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/41
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/42
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/43
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/44
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/45
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/46
description Data+Voice
switchport voice vlan 11
spanning-tree portfast
!
interface GigabitEthernet1/0/47
description *** UCS CIMC MANAGEMENT ***
switchport access vlan 11
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet1/0/48
description *** UCS ***
switchport access vlan 11
switchport mode access
switchport nonegotiate
!
interface TenGigabitEthernet1/1/1
description UPLINK to WTP
no switchport
no ip address
channel-group 10 mode active
!
interface TenGigabitEthernet1/1/2
description UPLINK to WTP
no switchport
no ip address
channel-group 10 mode active
!
interface TenGigabitEthernet1/1/3
description TRUNK HV1 OPS
switchport mode trunk
channel-group 9 mode active
!
interface TenGigabitEthernet1/1/4
description TRUNK HV1 OPS
switchport mode trunk
channel-group 9 mode active
!
interface Vlan1
ip address 192.168.2.10 255.255.255.0
!
interface Vlan11
description Phones
ip address 192.168.11.5 255.255.255.0
!
interface Vlan99
description Management
ip address 192.168.99.6 255.255.255.0
!
ip default-gateway 192.168.99.1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.99.1
ip route 192.168.5.0 255.255.255.0 Port-channel10
ip route 192.168.17.32 255.255.255.224 Port-channel10
ip route 192.168.98.0 255.255.255.0 192.168.55.1
ip route 192.168.111.0 255.255.255.0 Port-channel10
ip route 192.168.131.0 255.255.255.0 Port-channel10
ip route 192.168.132.0 255.255.255.0 Port-channel10
!
!
ip access-list extended AutoQos-4.0-Acl-Default
10 permit ip any any
ip access-list extended TAC
10 permit ip host 192.168.2.139 any
20 permit ip any host 192.168.2.139
!
!
!
!
control-plane
service-policy input system-cpp-policy
!
banner exec -----------------------------------------------------------------------

-----------------------------------------------------------------------
banner login 
-------
WARNING
-------
THIS IS A PRIVATE COMPUTING SYSTEM.
Unauthorized access to this system is forbidden and will be prosecuted
under applicable Computer Fraud and Abuse regulations. By accessing this
system, you agree that your actions may be monitored if unauthorized
usage is suspected.
---------------------------------------------------------------------------
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
session-timeout 30
exec-timeout 30 0
privilege level 15

logging synchronous
login authentication aaaVTY
transport input ssh
line vty 5 15
session-timeout 30
exec-timeout 30 0
privilege level 15

logging synchronous
login authentication aaaVTY
transport input ssh
!
ntp source Vlan99
ntp server 192.168.2.33
ntp server 192.168.5.15
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
end

 

9200L Site2

 


!
! Last configuration change at 17:00:24 PST Wed Jan 5 2022 by admin
! NVRAM config last updated at 10:08:48 PST Thu Jan 6 2022 by admin
!
version 17.3
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
service call-home
service unsupported-transceiver
platform punt-keepalive disable-kernel-core
!
hostname OPSWTPSRVAS01
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging userinfo
logging buffered 50000
logging console emergencies

!
!
!
!
aaa new-model
!
!
aaa authentication login aaaVTY local
aaa authentication login aaaCON enable
!
!
!
!
!
!
aaa session-id common
clock timezone PST -8 0
clock summer-time PST recurring
switch 1 provision c9200l-24t-4x
!
!
!
!
vtp domain parksville
vtp mode transparent
!
!
!
!
!
ip routing
!
no ip domain lookup
ip domain name city.parksville.bc.ca
!
!
!
login on-success log
no device-tracking logging theft
!
table-map policed-dscp
map from 0 to 8
map from 10 to 8
map from 18 to 8
map from 24 to 8
map from 46 to 8
default copy
!
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki trustpoint TP-self-signed-3622628040
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3622628040
revocation-check none
rsakeypair TP-self-signed-3622628040
!
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01 nvram:CiscoLicensi#1CA.cer
crypto pki certificate chain TP-self-signed-3622628040
certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
!
license boot level network-essentials addon dna-essentials
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
path flash:archived-config
maximum 7
write-memory
time-period 1440
memory reserve critical 2000
memory free low-watermark processor 10055
!
no errdisable detect cause gbic-invalid

!
redundancy
mode sso
!
!
transceiver type all
monitoring
!
vlan 8
!
vlan 17
name SECURITY
!
vlan 80
name SHAW
!
vlan 98
name Mgmt
!
vlan 99
name MGMT
!
vlan 111
name VOICE
!
vlan 131
name WLAN_CityStaff
!
vlan 132
name WLAN_CityGuest
lldp run
!
!
class-map match-any system-cpp-police-ewlc-control
description EWLC Control
class-map match-any AutoQos-4.0-Output-Multimedia-Conf-Queue
match dscp af41 af42 af43
match cos 4
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any AutoQos-4.0-Output-Bulk-Data-Queue
match dscp af11 af12 af13
match cos 1
class-map match-any system-cpp-default
description EWLC data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any AutoQos-4.0-Output-Priority-Queue
match dscp cs4 cs5 ef
match cos 5
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any AutoQos-4.0-Output-Multimedia-Strm-Queue
match dscp af31 af32 af33
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any AutoQos-4.0-Voip-Data-CiscoPhone-Class
match cos 5
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description MCAST Data
class-map match-any AutoQos-4.0-Voip-Signal-CiscoPhone-Class
match cos 3
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-all AutoQoS-VoIP-RTP-Trust
match ip dscp ef
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual OOB
class-map match-all AutoQoS-VoIP-Control-Trust
match ip dscp cs3 af31
class-map match-any non-client-nrt-class
class-map match-any AutoQos-4.0-Default-Class
match access-group name AutoQos-4.0-Acl-Default
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any AutoQos-4.0-Output-Trans-Data-Queue
match dscp af21 af22 af23
match cos 2
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-ios-routing
description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
class-map match-any AutoQos-4.0-Output-Scavenger-Queue
match dscp cs1
class-map match-any system-cpp-police-ios-feature
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
class-map match-any AutoQos-4.0-Output-Control-Mgmt-Queue
match dscp cs2 cs3 cs6 cs7
match cos 3
!
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Output-Control-Mgmt-Queue
bandwidth remaining percent 10
queue-limit dscp cs2 percent 80
queue-limit dscp cs3 percent 90
queue-limit dscp cs6 percent 100
queue-limit dscp cs7 percent 100
queue-buffers ratio 10
class AutoQos-4.0-Output-Priority-Queue
priority level 1 percent 30
class AutoQos-4.0-Output-Multimedia-Conf-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Trans-Data-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Bulk-Data-Queue
bandwidth remaining percent 4
queue-buffers ratio 10
class AutoQos-4.0-Output-Scavenger-Queue
bandwidth remaining percent 1
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Strm-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class class-default
bandwidth remaining percent 25
queue-buffers ratio 25
policy-map system-cpp-policy
policy-map AutoQoS-Police-CiscoPhone
class AutoQoS-VoIP-RTP-Trust
set dscp ef
policy-map AutoQos-4.0-CiscoPhone-Input-Policy
class AutoQos-4.0-Voip-Data-CiscoPhone-Class
set dscp ef
police cir 128000 bc 8000
conform-action transmit
exceed-action set-dscp-transmit dscp table policed-dscp
class AutoQos-4.0-Voip-Signal-CiscoPhone-Class
set dscp cs3
police cir 32000 bc 8000
conform-action transmit
exceed-action set-dscp-transmit dscp table policed-dscp
class AutoQos-4.0-Default-Class
set dscp default
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
description HV1-OPS
switchport mode trunk
!
interface Port-channel10
description UPLINK to PCTCSRVRM
no switchport
ip address 192.168.55.1 255.255.255.252
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/2
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/3
description Data+Voice
switchport access vlan 17
spanning-tree portfast
!
interface GigabitEthernet1/0/4
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/5
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/6
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/7
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/8
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/9
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/10
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/11
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/12
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/13
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/14
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/15
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/16
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/17
description HV1_OPS
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/18
description HV1_OPS
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/19
description HV1_OPS
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/20
description HV1_OPS
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/21
description Data+Voice
switchport access vlan 17
spanning-tree portfast
!
interface GigabitEthernet1/0/22
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/23
description Data+Voice
switchport voice vlan 111
spanning-tree portfast
!
interface GigabitEthernet1/0/24
description UPLINK to 20BNS01(OPS)
switchport trunk native vlan 100
switchport trunk allowed vlan 98
switchport mode trunk
shutdown
!
interface TenGigabitEthernet1/1/1
description UPLINK to PCTC
no switchport
no ip address
channel-group 10 mode active
!
interface TenGigabitEthernet1/1/2
description UPLINK to PCTC
no switchport
no ip address
channel-group 10 mode active
!
interface TenGigabitEthernet1/1/3
switchport mode trunk
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
ip address 192.168.5.5 255.255.255.0
!
interface Vlan17
description SECURITY
ip address 192.168.17.62 255.255.255.224
!
interface Vlan98
description Management
ip address 192.168.98.12 255.255.255.0
!
interface Vlan111
ip address 192.168.111.25 255.255.255.0
!
interface Vlan131
description WIFICityStaff
ip address 192.168.131.3 255.255.255.0
!
interface Vlan132
description WIFICityGuest
ip address 192.168.132.3 255.255.255.0
!
ip default-gateway 192.168.98.1
ip forward-protocol nd
ip http server
ip http banner
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.98.1
ip route 192.168.2.0 255.255.255.0 Port-channel10
ip route 192.168.6.0 255.255.255.0 Port-channel10
ip route 192.168.11.0 255.255.255.0 Port-channel10
ip route 192.168.99.0 255.255.255.0 192.168.55.2
!
!
ip access-list extended AutoQos-4.0-Acl-Default
10 permit ip any any
!
!
!
!
control-plane
service-policy input system-cpp-policy
!
banner exec 
-----------------------------------------------------------------------

-----------------------------------------------------------------------
banner login 
-------
WARNING
-------
THIS IS A PRIVATE COMPUTING SYSTEM
Unauthorized access to this system is forbidden and will be prosecuted
under applicable Computer Fraud and Abuse regulations. By accessing this
system, you agree that your actions may be monitored if unauthorized
usage is suspected.
--------------------------------------------------------------------------

!
line con 0
session-timeout 30
exec-timeout 30 0
logging synchronous
login authentication aaaCON
stopbits 1
line aux 0
stopbits 1
line vty 0 4
session-timeout 30
exec-timeout 30 0
privilege level 15

logging synchronous
login authentication aaaVTY
transport input ssh
line vty 5 15
session-timeout 30
exec-timeout 30 0
privilege level 15

logging synchronous
login authentication aaaVTY
transport input ssh
!
ntp server 192.168.2.33
ntp server 192.168.5.15
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
endClipboard01.jpg

 

0 Helpful

paul driver
VIP
VIP

‎01-07-2022 03:03 AM - edited ‎01-07-2022 03:05 AM

Hello

If i am understanding your topology:

Each site has a default path to their related ISPs via the sonic fws
There is also an additional p2p L3 pc LES connection between the 9200s (site1-2) via static routing

Vlan 1 - site 1
vlan 17 -site 2

 

Your experiencing intermittent connection loss between site 1-site 2 vlans
Can you the post route tables from each site please?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

btkach
Level 1
Level 1
In response to paul driver

‎01-07-2022 08:20 AM

Hi, here they are but if you can see the post from Georg above, then there is more information.

 

Thanks

 

SITE 1 9200L

 

ip route 0.0.0.0 0.0.0.0 192.168.98.1
ip route 192.168.2.0 255.255.255.0 Port-channel10
ip route 192.168.6.0 255.255.255.0 Port-channel10
ip route 192.168.11.0 255.255.255.0 Port-channel10
ip route 192.168.99.0 255.255.255.0 192.168.55.2

 

 

SITE 2 9200L

 

ip route 0.0.0.0 0.0.0.0 192.168.99.1
ip route 192.168.5.0 255.255.255.0 Port-channel10
ip route 192.168.17.32 255.255.255.224 Port-channel10
ip route 192.168.98.0 255.255.255.0 192.168.55.1
ip route 192.168.111.0 255.255.255.0 Port-channel10
ip route 192.168.131.0 255.255.255.0 Port-channel10
ip route 192.168.132.0 255.255.255.0 Port-channel10

0 Helpful
Customers Also Viewed These Support Documents