I think I might not have my VSS configured correctly, but not sure what to look for. This is the output for "sh swi vir role":

LOCAL        1     UP      FALSE(N )   100(100)  ACTIVE   0      0
REMOTE   2     UP      FALSE(N )   100(100)  STANDBY  4514   9205

In dual-active recovery mode: No

I have two servers one that's working fine and the other that is not, both plug into switch 2 same module 1 but one is on port 43 (works) and the other one port 44 (does not work). There are no firewalls set on the servers, even if there were firewalls wouldn't I still be able to ping it from the Router/switch.

Hi,

And when you ping the VSS from the backup servers, does at least that work? Do the servers have any connectivity whatsoever?

Best regards,

Peter

Your VSS looks good.

can you also post "sh sw vir"?

My output for "sh sw vir" - I guess my confusion is why would the router be able to arp the entry but does not send the data to the server.

Switch mode                  : Virtual Switch
Virtual switch domain number : 1
Local switch number          : 1
Local switch operational role: Virtual Switch Active
Peer switch number           : 2
Peer switch operational role : Virtual Switch Standby

You VSS config is definitely good.

Can you try using another port i.e. 45, 46, etc..?

also, is port 43 configured exactly the same as 44?

What if you move both ports to the primary switch (if you have the module)?

Hello,

I don't want to impose myself but can you please, in addition to great suggestions from Reza, answer my questions? I'll repeat them here:

And when you ping the VSS from the backup servers, does at least that work? Do the servers have any connectivity whatsoever?

Best regards,

Peter

Peter, I apologize - didn't mean to not answer your question. The server can ping the VSS management IP, but can not ping the default gateway of 10.74.251.1 - see these servers have two NIC's - one is for the production network and another one is for the backup network - only the production network is configured with a default gateway; I understand that without a default gw you only devices on the same network will be able to see each other; but this isn't the case even if I try to ping from another device that is on the same back up network it will not ping. All of the servers we have are configured this way and almost all of them can be pinged from any network except these couple of devices that have come to our attention. We converted to VSS about 1 - 2 months ago.

Hello,

No problem, I'm glad you responded.

A quick drawing of your network topology would be most welcome in this case. You do not have a completely simple setup and I believe that having an overview of your network could help us understand better what is going on.

One question: You have said your servers are equipped with two NICs. How are these NICs configured with respect to the IP settings? Are both NICs on the same server configured into the same IP network, or are they in two separate IP networks? I am asking because I have seen a couple of similarly configured servers that had curious connectivity problems, until it was discovered that most operating systems including Linux and Windows have troubles communicating properly if both NICs in the same machine are configured in the same IP network.

It is intriguing to know that the servers can ping the management IP but can't ping the gateway IP. Is the gateway IP in the same IP subnet or in a different subnet? The topology sketch would be indeed helpful...

Best regards,

Peter

The servers have two NICS, one is for production network and the second is for the back up network - which are two completely ip networks.

Primary Network: 10.74.10.X/24

Backup Network: 10.74.251.X/24

The management IP of the VSS is on a 172.18.8.X/24 Network; the default gateway is just the .1 for each of the networks.

   CoreA         CoreB                                                      

       |                 |                                                                

      VSS (2 6509's)                                                           

(It is a bit more complicated than the above - but i'd take too long drawing it out here. )

Interface for vlan 10.74.251.X Sits on the VSS and most of the backup NIC's plug into the VSS as well .The Primary NIC's for these servers plug into 1 of 3 6513's which have connections to CoreA and CoreB - only one of the 6513's plug into the VSS but nothing gets routed it's only used for the management vlan.

Not sure if answered your question and/or if I made it more confusing. One thing I will be trying out tonight is that I will disable the connection from one of the core's to make sure that that isn't the problem.

Shutting down one of the links to one of the core's did not solve the issue. Something else I did notice is that when I do a sh mac-address address on the vss I get the following:

For server that works fine -

Supervisor switch 2 Module 5
*  951  78e7.d191.0728   dynamic  Yes         20   Gi2/1/43

For server that does not work -

Supervisor switch 1 Module 5
*  951  0025.b323.3e38   dynamic  Yes         40   Po5
Supervisor switch 2 Module 5
*  951  0025.b323.3e38   dynamic  Yes         90   Po5

Not sure if this helps in any way.

    What do you get for an arp entry for '0025.b323.3e38'? Have you checked your port channel for any errors? Does each interface in the port-channel match? I would assume that MAC is a virtual MAC for your server, am I right?

Regards,

Steve