ā12-13-2023 01:09 AM
I'll try to explain the issue I'm having as detailed as possible without providing an output of the configuration as this is on a closed network. I just took over this network and it's a bit of a mess. I included a simplified network diagram of what I'm working with.
As an example, in the diagram - I'm trying to SSH to a switch that I'm directly connected to but I'm unable to unless I SSH to one of the core L3 switches first. The two L3 switches have VLAN 10 and VLAN 20 configured but they also have separate SVIs configured on them as well - 172.10.1.2/24 for Core 1 and 172.10.1.3/24 for Core 2. The previous network administrator configured HSRP with a virtual IP of 172.10.1.1/24 for this management VLAN. The L2 switches in the network are using 172.10.1.1 as their gateway. This is the same for the workstations on the network, all pointing to a Virtual IP created with HSRP.
I found this extremely strange as there is only a single uplink of each distribution and access switch to the core L3 switches. If one of the core switches goes down, its half of the network would not be able to reach the other core regardless that they are pointing to a Virtual IP gateway. OSPF was also configured but I removed it thinking that was causing the issue of why I couldn't reach half of the switches from the workstation. I don't understand why they would even configure OSPF as there is no router and there is no route to any other or outside network - Only two Layer 3 switches and a bunch of L2 switches. I literally can't reach half - doesn't seem to matter if they are the switches from Core 1 side or Core 2 side.
Any advice on how I can troubleshoot this? Is it possible HSRP is causing this issue, if not... what can cause this issue? Is there something I needed to do after removing the OSPF configuration? Any debug commands I should try or other configurations I should look out for or remove.
I'm able to ping the gateway of VLAN 10 (172.10.1.1) and I'm able to SSH to the core switches, but I can't ping the switch my workstation is on (172.20.1.50) along with half of the other random switches across the network unless I access one of the cores.
ā12-13-2023 01:14 AM
This draw is excellent'
Now where is L3 device that do inter vlan'
Make sure you have l2 path to l3device.
Check vlan allow in trunk'
Note:-when check vlan allow in trunk dont use show run
Use show interface trunk
MHM
ā12-13-2023 01:19 AM
Both L3 devices, Core 1 and Core 2 are doing inter-vlan routing (sorry, i know it's not the right multi layer switch icon). All the other switches have the VLAN configured and all the trunks between the access switches, distribution and core are allowing both vlan 10 and vlan 20 (along with others I didn't mention in my post).
ā12-13-2023 01:22 AM
Friend check vlan allow in trunk by
Show interface trunk
Not by see show running
Also check each SW SVI of mgmt is UP or down.
MHM
ā12-13-2023 01:29 AM
Show interface trunk - I did this and the VLANS are allowed on trunk, both the switch VLAN and the workstation VLAN. SVI is UP - I'm able to SSH to all the IPs of the SVI on both core switches.
ā12-13-2023 01:35 AM
Ok' it l2 SW so you use
Ip defualt gateway x.x.x.x
Is x.x.x.x is real core SW SVI IP or
It HSRP VIP?
Use real SVI IP of Core VLAN mgmt BUT
For SW1 that have direct connect to Core1 use (for ip defualt gw) SVI of vlan mgmt in core1 not in core2.
Make sure the interconnect between two HSRP core SW allow vlans (mgmt and vlan of pc use use for ping and ssh)
MHM
ā12-13-2023 01:41 AM
the ip default gateway of all the layer 2 switches are configured to the HSRP Virtual IP (172.10.1.1). Are you saying that HSRP doesn't work in this design and I should specifically use one of the SVI IPs (172.10.1.2 or 172.10.1.3) of one of the core Layer 2 switches as the gateway of my other switches? Is there a reason why this doesn't work? I've never seen this configuration myself but I'm curious to why this wouldn't work.
ā12-13-2023 01:50 AM
Yes I think so
To be more sure
Do traceroute from your PC to any not work access SW see where it stop
It will stop in one of Core SW
MHM
ā12-13-2023 01:53 AM
I'll give it a try tomorrow at work and see... I really was thinking that HSRP is causing this issue, but I really just wanted to understand why. traceroute does not work from the PC - it can't even ping the IP of the switch it's connected to.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide