cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1681
Views
0
Helpful
14
Replies

VLAN routing, am I missing something?

sharkerty
Level 1
Level 1

Hi,

I recently asked a question here about vlan routing and what to do about moving a single switch (3550). Here is the link for the curious:

https://supportforums.cisco.com/discussion/12922461/vlan-routing-help-requested

I have since looked more into the configuration and am even more perplexed because it looks to me as if there actually is no VLAN routing going on...Or maybe I just can't tell from this config. 

Can someone please have a look at this config and let me know what would happen if I turn off this switch? (there is nothing plugged into it except the uplink on port 43).

Thanks in advance.

Paul

14 Replies 14

Philip D'Ath
VIP Alumni
VIP Alumni

Port 0/43 is a trick.  While it says "switchport access vlan 1001" this config will do nothing, as it is a trunk port "switchport mode trunk".

As a result, any of the configured VLANs could be in use.  Perhaps try something like "show arp" to see how many MAC addresses there are.

Why not try switching off the unit when things are quiet, and see if any riots break out?

We are a 24x7 operation...There is no good time to test this (although I'm tempted too anyway). I'm just trying to understand what would happen if I unplug port 43 while I move that switch. 

AFAIK only vlans 50,51, and 152 are in use...At least any of the new systems I have configured use those. 

Perhaps try shutting down one VLAN at a time then.

ohassairi
Level 5
Level 5

did you create the vlans?

can you make show vlan ?

I inherited the VLANs.  Here is the output of show vlan. Just to repeat...the only port currently active on this switch is port 43 (the uplink). 

Fabric-Master#show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/22, Gi0/2
2 VLAN-2 active
3 ProdLAN active
4 ProdWAN active
5 ProdDMZ active
6 MailDMZ active
7 VLAN-7 active
8 VLAN-8 active
9 VLAN-9 active
10 EV1-Trunk-old active Fa0/45, Fa0/47, Gi0/1
25 EV1-Routable-Production active
26 EV1-Routable-Email active
27 EV1->SH1-Routable-Office active
28 EV1-Routable-VPN active Fa0/27, Fa0/28, Fa0/29
29 EV1-Routable-ELP active
30 VLAN0030 active
31 VLAN0031 active
50 EV1-Border-DMZ active Fa0/2, Fa0/4, Fa0/5, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/17
Fa0/20, Fa0/26, Fa0/30
51 EV1-Border-LAN active Fa0/7, Fa0/13, Fa0/14, Fa0/15

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
Fa0/18, Fa0/19, Fa0/21, Fa0/23
Fa0/32, Fa0/35, Fa0/36, Fa0/38
Fa0/39, Fa0/41, Fa0/42, Fa0/46
Fa0/48
52 EV1-Internal-LAN active Fa0/6
53 EV1-ACG active
54 VLAN-54 active
55 VLAN-55 active
75 EV1-CC-DMZ-banks active
76 EV1-CC-LAN-auth active
80 VLAN0080 active Fa0/12, Fa0/33
90 gfs-vlan active
100 EV1-Email-Border-DMZ active Fa0/3, Fa0/25
101 EV1-Email-Border-LAN active
110 VLAN0110 active
125 EV1-Microsoft-MSDL-DMZ active
126 EV1-Microsoft-MSDL-LAN active
150 EV1-DevBorder-DMZ active
151 EV1-DevBorder-LAN active
152 EV1-DevInternal-LAN active Fa0/16, Fa0/24
153 EV1-DevInternal-DMZ active
154 VLAN-154 active
155 VLAN-155 active
156 EV1-DevCC-DMZ-banks active
157 EV1-DevCC-LAN-auth active
1001 no-op_vlan active Fa0/31, Fa0/34, Fa0/37, Fa0/40, Fa0/44
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
8 enet 100008 1500 - - - - - 0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
9 enet 100009 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
25 enet 100025 1500 - - - - - 0 0
26 enet 100026 1500 - - - - - 0 0
27 enet 100027 1500 - - - - - 0 0
28 enet 100028 1500 - - - - - 0 0
29 enet 100029 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
31 enet 100031 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
51 enet 100051 1500 - - - - - 0 0
52 enet 100052 1500 - - - - - 0 0
53 enet 100053 1500 - - - - - 0 0
54 enet 100054 1500 - - - - - 0 0
55 enet 100055 1500 - - - - - 0 0
75 enet 100075 1500 - - - - - 0 0
76 enet 100076 1500 - - - - - 0 0
80 enet 100080 1500 - - - - - 0 0
90 enet 100090 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
101 enet 100101 1500 - - - - - 0 0
110 enet 100110 1500 - - - - - 0 0
125 enet 100125 1500 - - - - - 0 0
126 enet 100126 1500 - - - - - 0 0
150 enet 100150 1500 - - - - - 0 0
151 enet 100151 1500 - - - - - 0 0
152 enet 100152 1500 - - - - - 0 0
153 enet 100153 1500 - - - - - 0 0
154 enet 100154 1500 - - - - - 0 0
155 enet 100155 1500 - - - - - 0 0
156 enet 100156 1500 - - - - - 0 0
157 enet 100157 1500 - - - - - 0 0
1001 enet 101001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0


VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------


VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

The output of "show arp" is more important ...

Should I reset anything first? Here is the current output

Fabric-Master#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.20.30.6 - 000d.ed51.1c00 ARPA Vlan80
Internet 10.20.30.10 2 8071.1fba.1846 ARPA Vlan80
Internet 192.168.0.40 0 0025.9061.3761 ARPA Vlan50
Internet 192.168.1.41 65 0014.5115.af54 ARPA Vlan51
Internet 192.168.1.40 222 0016.cba3.c44b ARPA Vlan51
Internet 192.168.1.43 102 001f.f346.c922 ARPA Vlan51
Internet 192.168.1.42 57 000d.937a.f21c ARPA Vlan51
Internet 192.168.1.45 2 685b.35d3.36e5 ARPA Vlan51
Internet 192.168.1.33 2 0014.8526.e8da ARPA Vlan51
Internet 10.189.1.254 - 000d.ed51.1c00 ARPA Vlan31
Internet 192.168.1.32 0 0030.488e.c87c ARPA Vlan51
Internet 10.189.0.254 - 000d.ed51.1c00 ARPA Vlan30
Internet 192.168.1.35 151 0014.5115.8d2e ARPA Vlan51
Internet 192.168.1.34 57 000d.9360.76c8 ARPA Vlan51
Internet 192.168.1.37 56 000d.9374.6554 ARPA Vlan51
Internet 192.168.1.39 100 0011.246e.a70a ARPA Vlan51
Internet 192.168.1.60 87 549f.3504.d27a ARPA Vlan51
Internet 192.168.0.51 175 f8bc.124b.7d64 ARPA Vlan50
Internet 192.168.1.55 41 0025.9061.3900 ARPA Vlan51
Internet 67.134.12.150 - 000d.ed51.1c00 ARPA Vlan25
Internet 192.168.0.8 3 6451.060d.238c ARPA Vlan50
Internet 192.168.1.9 177 a8b1.d4a9.76c1 ARPA Vlan51
Internet 192.168.0.11 52 0003.93ab.97c0 ARPA Vlan50
Internet 192.168.1.10 182 a8b1.d4a9.8841 ARPA Vlan51
Internet 192.168.1.13 0 0030.4883.a6d6 ARPA Vlan51
Internet 192.168.1.12 14 0030.48f9.cc56 ARPA Vlan51
Internet 192.168.1.15 183 a8b1.d45d.7ec1 ARPA Vlan51
Internet 192.168.0.15 0 6451.060d.1828 ARPA Vlan50
Internet 192.168.1.14 177 a8b1.d4a9.6e41 ARPA Vlan51
Internet 192.168.1.3 0 0010.dbff.1001 ARPA Vlan51
Internet 192.168.0.3 0 0010.dbff.1002 ARPA Vlan50
Internet 192.168.0.4 2 f8bc.124b.7d64 ARPA Vlan50
Internet 192.168.1.5 1 0003.93a6.9468 ARPA Vlan51
Internet 192.168.1.4 3 0030.48f9.cc56 ARPA Vlan51
Internet 192.168.1.7 3 000c.29e9.36b5 ARPA Vlan51
Internet 192.168.1.6 1 000c.292c.3078 ARPA Vlan51
Internet 192.168.0.24 10 000c.298c.45b8 ARPA Vlan50
Internet 192.168.1.24 181 04c5.a46b.c641 ARPA Vlan51
Internet 192.168.0.29 3 0050.56a2.9733 ARPA Vlan50
Internet 192.168.1.31 22 0050.56a2.21a1 ARPA Vlan51
Internet 192.168.0.31 222 6451.060d.238c ARPA Vlan50
Internet 192.168.1.30 3 0030.4856.666c ARPA Vlan51
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.0.16 0 0003.47fc.7d5a ARPA Vlan50
Internet 192.168.1.17 175 04c5.a461.b441 ARPA Vlan51
Internet 192.168.0.17 18 f8bc.124b.8808 ARPA Vlan50
Internet 192.168.1.19 201 04c5.a47a.df41 ARPA Vlan51
Internet 192.168.19.1 - 000d.ed51.1c00 ARPA Vlan1
Internet 192.168.1.18 - 000d.ed51.1c00 ARPA Vlan51
Internet 192.168.0.20 163 6451.060d.238c ARPA Vlan50
Internet 192.168.1.20 41 0003.93bb.0a56 ARPA Vlan51
Internet 192.168.0.22 4 000c.29a5.b4d0 ARPA Vlan50
Internet 192.168.0.23 5 000c.2914.6fc2 ARPA Vlan50
Internet 192.168.0.235 0 0050.56a2.cb21 ARPA Vlan50
Internet 192.168.0.236 3 0050.56a2.ddbb ARPA Vlan50
Internet 192.168.0.237 5 0050.56a2.45ec ARPA Vlan50
Internet 192.168.1.249 2 0030.4872.1748 ARPA Vlan51
Internet 192.168.1.251 53 f8bc.1255.f726 ARPA Vlan51
Internet 192.168.0.253 4 0030.184b.61ee ARPA Vlan50
Internet 192.168.0.254 - 000d.ed51.1c00 ARPA Vlan50
Internet 192.168.1.254 60 f8c2.889e.ef48 ARPA Vlan51
Internet 192.168.1.201 207 0011.2474.7dd2 ARPA Vlan51
Internet 192.168.1.195 44 0025.9061.3760 ARPA Vlan51
Internet 192.168.1.197 1 000c.29ae.34ec ARPA Vlan51
Internet 192.168.1.199 2 0003.471f.2d71 ARPA Vlan51
Internet 192.168.1.198 15 000c.291b.5ec9 ARPA Vlan51
Internet 192.168.1.136 2 0030.48c0.33ca ARPA Vlan51
Internet 192.168.1.140 42 0050.564c.fb84 ARPA Vlan51
Internet 67.131.251.221 - 000d.ed51.1c00 ARPA Vlan10
Internet 192.168.1.130 10 0010.dbff.1000 ARPA Vlan51
Internet 192.168.1.133 29 000d.937a.f460 ARPA Vlan51
Internet 192.168.1.135 1 0030.485a.5dd8 ARPA Vlan51
Internet 192.168.1.153 66 000a.9c52.1be1 ARPA Vlan51
Internet 192.168.1.152 66 000a.9c52.1be0 ARPA Vlan51
Internet 192.168.1.155 66 000a.9c52.1be2 ARPA Vlan51
Internet 192.168.1.154 66 000a.9c52.1bdf ARPA Vlan51
Internet 192.168.1.157 66 000a.9c52.1bf1 ARPA Vlan51
Internet 192.168.1.156 67 000a.9c52.1be8 ARPA Vlan51
Internet 198.207.242.2 - 000d.ed51.1c00 ARPA Vlan10
Internet 192.168.1.151 66 000a.9c52.1bf2 ARPA Vlan51
Internet 192.168.1.150 130 000a.9c52.1bef ARPA Vlan51

That is a bad sign.  There are lots of ARP entries from many different VLANs.  I would say this device is being actively used.

You can try identify some of the devices above and logging into them and check their routing and IP configuration to determine how they are using this device.

wessm
Cisco Employee
Cisco Employee

Hi Paul,

I gather that you're worried about moving the switch because you think that you might lose inter-VLAN routing capabilities in your network. You want to know what will happen to your downstream network if you unplug the only cable which is plugged into the switch, port Fa0/43, and whether you will be able to get things up and running afterward.

I see from the config you posted that the interface is being used as a trunk link, which would indicate that the switch is being used as a Router-On-A-Stick (ROAS). Can you post the output produced by the show interfaces trunk command?

-Wes

Yes. This is what I am worried about, and trying to work around.

Fabric-Master#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Fa0/43 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/43 1-4094

Port Vlans allowed and active in management domain
Fa0/43 1-10,25-31,50-55,75-76,80,90,100-101,110,125-126,150-157,1001

Port Vlans in spanning tree forwarding state and not pruned
Fa0/43 1-10,25-31,50-55,75-76,80,90,100-101,110,125-126,150-157,1001

Here it the interface config (the command didnt' work):

interface FastEthernet0/43
description Trunk to Cab C4.05
switchport access vlan 1001
switchport trunk encapsulation dot1q
switchport mode trunk

Thanks again,

Paul

It certainly looks like this switch is being used for inter-VLAN routing. Can you post a show ip route as well? What other network device(s) are connected to the other end?

This switch (3550) is connected via that uplink port 43 to a 2960 running ios 12.2(44)SE6.

Here is the ip route:

Fabric-Master#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets
S 172.16.35.0 [1/0] via 192.168.1.3
67.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
C 67.134.12.0/24 is directly connected, Vlan25
S 67.131.251.240/28 [1/0] via 67.131.251.220
C 67.131.251.216/29 is directly connected, Vlan10
C 198.207.242.0/24 is directly connected, Vlan10
10.0.0.0/24 is subnetted, 4 subnets
C 10.20.30.0 is directly connected, Vlan80
S 10.31.61.0 [1/0] via 192.168.0.253
C 10.189.1.0 is directly connected, Vlan31
C 10.189.0.0 is directly connected, Vlan30
S 192.168.255.0/24 [1/0] via 192.168.1.130
C 192.168.0.0/24 is directly connected, Vlan50
C 192.168.1.0/24 is directly connected, Vlan51
C 192.168.19.0/24 is directly connected, Vlan1

This switch is definitely performing inter-VLAN routing. The proof is not necessarily in the config, but rather in the runtime show commands that myself and others have had you perform. Here's how you know:

  • The show arp command displays a long list of active table entries spanning multiple VLANs. This tells you that this switch is has open layer 3 connections with hosts on different VLANs, and thus, different subnets, and is essentially performing the functions of a router.
  • The routing table is populated with connected routes to different subnets on VLAN interfaces. 

To answer your question, when you disconnect this switch, you can expect to lose host-to-host connectivity between VLANs. Hosts on different subnets will not be able to communicate during the move.

Without making any guarantees, I would say that after you reconnect the switch, the connected routes should repopulate and inter-VLAN routing will be restored.

Hope this helps!

-Wes

Thank you for your explanation, that is what I was afraid of, but wanted confirmation. 

Thanks,

Paul

Review Cisco Networking for a $25 gift card