Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3814
Views
20
Helpful
19
Replies

SVI unreachable through vPC Port-Channel

Go to solution
TheAlteredMG
Level 1
Level 1

‎03-11-2021 03:46 AM - edited ‎03-11-2021 04:03 AM

Dear Cisco community

 

Recently I set up a vPC Cluster with two Nexus 5548P both incl. the L3 Daughter Card.

I have 3 SVI's (VLAN's 10-13) setup on the Nexus with IP-Addresses configured and on which the Nexus is reachable from my Laptop with both ssh and ping. Both Nexus have inter-VLAN Routing enabled and I tested that I can reach all SVI's from any particular SVI on the Nexus.

 

Attached through Port-Channel I have installed a C3560 Switch running two two SVI's (VLAN's 10-11) with IP's. These VLAN's are allowed on the trunk of the Port-Channel.

 

Now, I can ping the SVI's on the same SVI from the Nexus but not from any other SVI on the Nexus. Also, I can't ping the C3560 SVI's from my Laptop. The weird thing is, that when I attach another laptop on the C3560 on any of the VLAN's, then I can ping anything incl. my other Laptop connected to the Nexus. It seems to me as if the Switches SVI's are missing a Default GW but so far I've never encountered connecting a switch with a Trunk to a Router on a stick and reachability of SVI's.

 

The below problems I was able to already rule out and I don't believe they are the issue:

  • STP - All stats are on 'FWD'
  • vPC consistency seems to be fine
  • All VLANs are in 'up/up' on Nexus and C3560

 

Thank you in advance. Please let me know if you need more information.

19 Replies 19

Go to solution
TheAlteredMG
Level 1
Level 1
In response to Richard Burts

‎03-15-2021 06:20 AM

The Route-Table is empty as I'm not doing any Routing on the C3560.

 

Default gateway is not set

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to TheAlteredMG

‎03-15-2021 06:58 AM

Thanks for the output of show ip route. It does verify that there is not any routing on the 3560. In one of the posts you mentioned something about having SVIs for helper address and I wanted to be sure that the 3560 did not have multiple SVIs.

 

I am a bit confused. You have told us "the two servers can speak to each other." The drawing shows sever 1 in vlan 11 on the 3560 and server 2 in vlan 12 on NX2. So that would seem to indicate that routing between vlans and between 3560 and NX is working (at least part of the time). Perhaps we need a better understanding of what is not working.

HTH

Rick
0 Helpful

Go to solution
TheAlteredMG
Level 1
Level 1
In response to Richard Burts

‎03-15-2021 08:22 AM

Hi Rick

 

Please excuse me if I haven't elaborated the issue clearly enough an let me rephrase.

 

Indeed nearly all communication path are working in the network except traffic destined to any VLAN interface on the C3560 with a source other than the same VLAN (e.g. Srv02 can ping Srv01 but Srv02 cannot ping the C3560 VLAN 11 interface). Please also refere to the drawing further above to see which traffic flows work and which don't.

 

I also remember that this setup (without the Port-Channels) worked perfectly fine before I implemented vPC but I can't spot any issues in the show commands or in the configuration. I have heard that vPC has some issues with L3 dynamic Routing protocol relationships but as I am not doing any of that, I still fail to see what the problem is.

 

I appreciate your help and hope that the issue is more clear now but please don't hesitate to ask if still unclear.

 

Marlon

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to TheAlteredMG

‎03-15-2021 08:57 AM

Hello @TheAlteredMG ,

 

>> except traffic destined to any VLAN interface on the C3560 with a source other than the same VLAN (e.g. Srv02 can ping Srv01 but Srv02 cannot ping the C3560 VLAN 11 

 

what you see is correct and expected because :

a) ip routing is disabled on the C3560

b) no ip default-gateway is set on the C3560 according to your previous post.

 

In these conditions the C3560 cannot answer to a ping coming from another subnet even if it is connected to it ( ip routing disabled = no inter vlan routing is possible).

 

So either you set an ip default-gateway or you enable ip routing and you configure a default static route.

 

Having two SVIs defined on the switch with no ip routing and no ipf default-gateway set makes the device unable to answer.

 

Hope to help

Giuseppe

 

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎03-15-2021 11:44 AM

I believe that the major point in this issue is having multiple SVI on the switch. I question the logic for having multiple SVI on a layer 2 switch like this. In a previous post you tell us " I'd like to have a VLAN int for all the VLAN's in order to work with IP-helper and Management Traffic." But having multiple SVI on the switch will not help with helper-address. helper-address needs to be configured on the device that is doing routing for that subnet. If you do have helper-address configured on the switch SVI it would not be able to forward DHCP requests to the DHCP server which is on a remote subnet. And multiple SVI would not help with Management Traffic. Management traffic on the switch needs only a single SVI and it absolutely needs a default gateway configured or needs ip routing enabled.

 

I am puzzled about another aspect of this. In the earlier response that contained the output of show ip interface brief I would have expected to see the vlan interfaces. But the only thing that it shows is the port channel.

 

If this is going to operate as a layer 2 switch I suggest that you remove the extra SVIs and configure ip default-gateway for the switch.

 

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card