Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3255
Views
20
Helpful
19
Replies

SVI unreachable through vPC Port-Channel

Go to solution
TheAlteredMG
Level 1
Level 1

‎03-11-2021 03:46 AM - edited ‎03-11-2021 04:03 AM

Dear Cisco community

 

Recently I set up a vPC Cluster with two Nexus 5548P both incl. the L3 Daughter Card.

I have 3 SVI's (VLAN's 10-13) setup on the Nexus with IP-Addresses configured and on which the Nexus is reachable from my Laptop with both ssh and ping. Both Nexus have inter-VLAN Routing enabled and I tested that I can reach all SVI's from any particular SVI on the Nexus.

 

Attached through Port-Channel I have installed a C3560 Switch running two two SVI's (VLAN's 10-11) with IP's. These VLAN's are allowed on the trunk of the Port-Channel.

 

Now, I can ping the SVI's on the same SVI from the Nexus but not from any other SVI on the Nexus. Also, I can't ping the C3560 SVI's from my Laptop. The weird thing is, that when I attach another laptop on the C3560 on any of the VLAN's, then I can ping anything incl. my other Laptop connected to the Nexus. It seems to me as if the Switches SVI's are missing a Default GW but so far I've never encountered connecting a switch with a Trunk to a Router on a stick and reachability of SVI's.

 

The below problems I was able to already rule out and I don't believe they are the issue:

  • STP - All stats are on 'FWD'
  • vPC consistency seems to be fine
  • All VLANs are in 'up/up' on Nexus and C3560

 

Thank you in advance. Please let me know if you need more information.

2 Accepted Solutions

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to TheAlteredMG

‎03-15-2021 08:57 AM

Hello @TheAlteredMG ,

 

>> except traffic destined to any VLAN interface on the C3560 with a source other than the same VLAN (e.g. Srv02 can ping Srv01 but Srv02 cannot ping the C3560 VLAN 11 

 

what you see is correct and expected because :

a) ip routing is disabled on the C3560

b) no ip default-gateway is set on the C3560 according to your previous post.

 

In these conditions the C3560 cannot answer to a ping coming from another subnet even if it is connected to it ( ip routing disabled = no inter vlan routing is possible).

 

So either you set an ip default-gateway or you enable ip routing and you configure a default static route.

 

Having two SVIs defined on the switch with no ip routing and no ipf default-gateway set makes the device unable to answer.

 

Hope to help

Giuseppe

 

View solution in original post

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎03-15-2021 11:44 AM

I believe that the major point in this issue is having multiple SVI on the switch. I question the logic for having multiple SVI on a layer 2 switch like this. In a previous post you tell us " I'd like to have a VLAN int for all the VLAN's in order to work with IP-helper and Management Traffic." But having multiple SVI on the switch will not help with helper-address. helper-address needs to be configured on the device that is doing routing for that subnet. If you do have helper-address configured on the switch SVI it would not be able to forward DHCP requests to the DHCP server which is on a remote subnet. And multiple SVI would not help with Management Traffic. Management traffic on the switch needs only a single SVI and it absolutely needs a default gateway configured or needs ip routing enabled.

 

I am puzzled about another aspect of this. In the earlier response that contained the output of show ip interface brief I would have expected to see the vlan interfaces. But the only thing that it shows is the port channel.

 

If this is going to operate as a layer 2 switch I suggest that you remove the extra SVIs and configure ip default-gateway for the switch.

 

HTH

Rick

View solution in original post

19 Replies 19

Go to solution
MHM Cisco World
VIP
VIP

‎03-11-2021 05:07 AM - edited ‎03-14-2021 01:28 PM

...

0 Helpful

Go to solution
TheAlteredMG
Level 1
Level 1
In response to MHM Cisco World

‎03-12-2021 05:50 AM

Hi MHM

 

Thanks for your reply. I don't completely understand your proposed solution.

All the VLAN's I am trying to reach are allowed on the peer Link and how would a L3 link solve the issue?

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎03-14-2021 04:06 PM

just to clear what you can ping and what is not ?

0 Helpful

Go to solution
paul driver
VIP
VIP

‎03-14-2021 04:19 PM

Hello

As the nk5 are running the core inter vlan- routing you don’t require the 3650 to have multiple SVIs or have ip routing enabled-suggest remove all SVIs off the 3650 and disable ip routing and test again.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
TheAlteredMG
Level 1
Level 1
In response to paul driver

‎03-15-2021 01:49 AM

Hi Paul

 

I'm not doing any routing on the C3560 (Please see illustration below). Also I'd like to have a VLAN int for all the VLAN's in order to work with IP-helper and Management Traffic.

 

Best regards,

Marlon

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎03-14-2021 05:01 PM

gfkjgfkjgkj.png

This is what happened with vPC SVI in both Nexus SW.
I want to clear some point, 
you config the PO in catalyst to both Nexus ?
are all port in PO of Catalyst is work ?
what you can ping and what is you can not ping ?

0 Helpful

Go to solution
TheAlteredMG
Level 1
Level 1
In response to MHM Cisco World

‎03-15-2021 01:46 AM

Hi MHM/Paul

 

Thank you for your responses. I'll try to clear things up with an illustration of my current situation:

CiscoTroubleshooting (1).png

 

Please notice that the only thing that isn't working in my network is the inter-VLAN traffic (e.g. VLAN 10 to VLAN 12, etc.). The routing on my Nexus works perfectly fine, as demonstrated by the fact that the two servers can speak to eachother. Futhermore, I see no issue in regards to STP, vPC PO's VRRP, etc. Teh  VRRP Address of the VLAN ints is always the int address of the NX1.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to TheAlteredMG

‎03-15-2021 04:30 PM

according to your config, 
you ping from SVI in C3650 to any SVI nexus need default-GW config in SW IF 
no ip routing config in C3650 

you ping from SVI in C3650 to any SVI nexus need Static router toward the virtual IP of HSRP IF

ip routing config in C3650

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎03-16-2021 02:30 AM

Marlon

 

This has been an extensive and interesting discussion. I am glad that our explanations have been helpful. The relationship of multiple SVI vs single SVI and ip routing enabled vs default-gateway and L3 switch vs L2 switch are perhaps subtle but are inter related and are important. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎03-15-2021 01:51 AM

how is the 3560 connected? by access port? by trunk? by routed port?

would you post the output of show interface status on 3560?

would you post the output of show ip interface brief on 3560 when you have not attach another laptop on the C3560

 

HTH

Rick
0 Helpful

Go to solution
TheAlteredMG
Level 1
Level 1
In response to Richard Burts

‎03-15-2021 02:17 AM - edited ‎03-15-2021 05:06 AM

Hi Rick

 

The 3560 is connected via PortChannel (Po2 configured on C3560, Po500 configured on NX). On that Po and any other physical interface associated to it its a trunk allowing VLAN's 10-12.

 

show interface status:

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/1                        notconnect   1          auto   auto 10/100/1000BaseTX
Gi0/2                        notconnect   1          auto   auto 10/100/1000BaseTX
Gi0/3                        notconnect   1          auto   auto 10/100/1000BaseTX
Gi0/4                        notconnect   1          auto   auto 10/100/1000BaseTX
Gi0/5     Srv01              connected    11        a-full a-1000 10/100/1000BaseTX
Gi0/6                        notconnect   1          auto   auto 10/100/1000BaseTX
Gi0/7                        notconnect   1          auto   auto 10/100/1000BaseTX
Gi0/8                        notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/9                        notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/10                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/11                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/12                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/13                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/14                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/15                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/16                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/17                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/18                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/19                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/20                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/21                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/22                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/23                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/24                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/1                        notconnect   1            auto   auto Not Present
Gi1/2                        notconnect   1            auto   auto Not Present
Gi1/3                        notconnect   1            auto   auto Not Present
Gi1/4                        notconnect   1            auto   auto Not Present
Te1/1     **po1 to NX1**     connected    trunk        full    10G SFP-10GBase-SR
Te1/2     **po1 to NX22**    connected    trunk        full    10G SFP-10GBase-SR
Po2       **po to CORE**     connected    trunk      a-full    10G
Fa0                          disabled     routed       auto   auto 10/100BaseTX

show ip interface brief:

Interface              IP-Address      OK? Method Status                Protocol
Port-channel2          unassigned      YES unset  up                    up

Show ru interface po1:

interface Port-channel2
 description **po to NX**
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10-12
 switchport mode trunk
end
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to TheAlteredMG

‎03-15-2021 04:44 AM

can you share the output of the following 
show ether channel summary 

0 Helpful

Go to solution
TheAlteredMG
Level 1
Level 1
In response to MHM Cisco World

‎03-15-2021 05:05 AM - edited ‎03-15-2021 05:07 AM

Here you go:

Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port


Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po2(SU)         LACP      Te1/1(P)    Te1/2(P)
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to TheAlteredMG

‎03-15-2021 06:18 AM

Would you post the output of the command show ip route on 3560

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card