Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
706
Views
1
Helpful
8
Replies

Can't ping/ssh to some L2 switches on different VLAN

islanderzero
Level 1
Level 1

‎12-13-2023 01:09 AM

I'll try to explain the issue I'm having as detailed as possible without providing an output of the configuration as this is on a closed network. I just took over this network and it's a bit of a mess. I included a simplified network diagram of what I'm working with.

islanderzero_0-1702458164059.png

As an example, in the diagram - I'm trying to SSH to a switch that I'm directly connected to but I'm unable to unless I SSH to one of the core L3 switches first. The two L3 switches have VLAN 10 and VLAN 20 configured but they also have separate SVIs configured on them as well - 172.10.1.2/24 for Core 1 and 172.10.1.3/24 for Core 2. The previous network administrator configured HSRP with a virtual IP of 172.10.1.1/24 for this management VLAN. The L2 switches in the network are using 172.10.1.1 as their gateway. This is the same for the workstations on the network, all pointing to a Virtual IP created with HSRP.

I found this extremely strange as there is only a single uplink of each distribution and access switch to the core L3 switches. If one of the core switches goes down, its half of the network would not be able to reach the other core regardless that they are pointing to a Virtual IP gateway. OSPF was also configured but I removed it thinking that was causing the issue of why I couldn't reach half of the switches from the workstation. I don't understand why they would even configure OSPF as there is no router and there is no route to any other or outside network - Only two Layer 3 switches and a bunch of L2 switches. I literally can't reach half - doesn't seem to matter if they are the switches from Core 1 side or Core 2 side.

Any advice on how I can troubleshoot this? Is it possible HSRP is causing this issue, if not... what can cause this issue? Is there something I needed to do after removing the OSPF configuration? Any debug commands I should try or other configurations I should look out for or remove.

I'm able to ping the gateway of VLAN 10 (172.10.1.1) and I'm able to SSH to the core switches, but I can't ping the switch my workstation is on (172.20.1.50) along with half of the other random switches across the network unless I access one of the cores.

Labels:
0 Helpful
8 Replies 8

MHM Cisco World
VIP
VIP

‎12-13-2023 01:14 AM

This draw is excellent' 

Now where is L3 device that do inter vlan' 

Make sure you have l2 path to l3device.

Check vlan allow in trunk' 

Note:-when check vlan allow in trunk dont use show run 

Use show interface trunk

MHM

0 Helpful

islanderzero
Level 1
Level 1
In response to MHM Cisco World

‎12-13-2023 01:19 AM

Both L3 devices, Core 1 and Core 2 are doing inter-vlan routing (sorry, i know it's not the right multi layer switch icon). All the other switches have the VLAN configured and all the trunks between the access switches, distribution and core are allowing both vlan 10 and vlan 20 (along with others I didn't mention in my post). 

0 Helpful

MHM Cisco World
VIP
VIP
In response to islanderzero

‎12-13-2023 01:22 AM

Friend check vlan allow in trunk by 

Show interface trunk 

Not by see show running 

Also check each SW SVI of mgmt is UP or down.

MHM

0 Helpful

islanderzero
Level 1
Level 1
In response to MHM Cisco World

‎12-13-2023 01:29 AM

Show interface trunk - I did this and the VLANS are allowed on trunk, both the switch VLAN and the workstation VLAN. SVI is UP - I'm able to SSH to all the IPs of the SVI on both core switches.

0 Helpful

MHM Cisco World
VIP
VIP
In response to islanderzero

‎12-13-2023 01:35 AM

Ok' it l2 SW so you use 

Ip defualt gateway x.x.x.x

Is x.x.x.x is real core SW SVI IP or 

It HSRP VIP?

Use real SVI IP of Core VLAN mgmt BUT

For SW1 that have direct connect to Core1 use (for ip defualt gw) SVI of vlan mgmt in core1 not in core2.

Make sure the interconnect between two HSRP core SW allow  vlans (mgmt and vlan of pc use use for ping and ssh)

MHM

0 Helpful

islanderzero
Level 1
Level 1
In response to MHM Cisco World

‎12-13-2023 01:41 AM

the ip default gateway of all the layer 2 switches are configured to the HSRP Virtual IP (172.10.1.1). Are you saying that HSRP doesn't work in this design and I should specifically use one of the SVI IPs (172.10.1.2 or 172.10.1.3) of one of the core Layer 2 switches as the gateway of my other switches? Is there a reason why this doesn't work? I've never seen this configuration myself but I'm curious to why this wouldn't work.

MHM Cisco World
VIP
VIP
In response to islanderzero

‎12-13-2023 01:50 AM

Yes I think so

To be more sure 

Do traceroute from your PC to any not work access SW see where it stop

It will stop in one of Core SW

MHM

0 Helpful

islanderzero
Level 1
Level 1
In response to MHM Cisco World

‎12-13-2023 01:53 AM

I'll give it a try tomorrow at work and see... I really was thinking that HSRP is causing this issue, but I really just wanted to understand why. traceroute does not work from the PC - it can't even ping the IP of the switch it's connected to.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card