Solved: That is because they are L2

Mokhalil82 · ‎01-16-2015

Hi

Please see attached diagram, I have a primary and backup site. The primary site is where all my vlan interfaces are and all access switches are connected. We use the primary gateway for traffic out.

The secondary site has 3 switches connected to it and has its own wan connection. II have recently installed the core switch at site 2, before it was all L2 switches with default gateway to my core switch at site one.

Issue im having is i cannot ping the new L3 core switch at site 2 from a host on site one, or any host shall i say. but the same hosts can ping other switches that are connected to core switch 2.

But on this new core switch at site 2, when i disable ip routing and insert the ip default gateway statement to point to core switch one, then i can ping to it.

Im sort of confused because all the switches are in management vlan 1. I can get to its neighbouring switches but not this one when ip routing is enabled

Jon Marshall · ‎01-16-2015

There are a couple of alternatives -

1) if you have an IP subnet split between the sites you could run HSRP or even GLBP between your core switches which would mean each L3 switch had an interface in that subnet.

So then you wouldn't need to add routes for these subnets because both L3 switches have interfaces in those subnets.

You would still need routes for the subnets that only existed in site 1.

It depends on how many subnets you are splitting between sites.

2) you could just add routes to site 2 L3 switch pointing to the L3 switch in site 1 although this would mean sending traffic from site 2 to site 1 and then back to site 2 again.

Usually what you would have is separate subnets per site and then each L3 switch simply routes for it's own subnets and exchanges routes with the other L3 switch.

Is there any reason you need the same subnet at both sites ?

You may need to for servers but you may not.

Edit - personally if you don't need the same subnet in each site I would have separate subnets per site and have each L3 switch responsible for it's own vlans/IP subnets in terms of routing and then run a dynamic routing protocol between the switches to exchange routes.

Jon

View solution in original post

Jon Marshall · ‎01-16-2015

I think this comes back to what we were discussing yesterday.

You can ping when you use the default-gateway because that is pointing back to the core switch at site 1.

But if the switch is L3 it will use it's default route which means it will send traffic for a remote subnet (ie. a subnet not configured on the switch) to the firewall.

The solution is to add routes to the core switch in site 2 for the subnets in site 1 and it will all work.

You can either use static routes or you can run a dynamic routing protocol between the two L3 switches to exchange routes.

Jon

Mokhalil82 · ‎01-16-2015

Thanks Jon

But what confused me is I can get to the layer 2 switches on the other side on their management ip but just not this layer 3 switch from the same host that is on a different subnet.

Jon Marshall · ‎01-16-2015

That is because they are L2 switches so they will have their default gateway set to core switch 1.

Because they are L2 switches they do not route so they act as a host would. ie. for any IP subnet they do not know about, which is every IP subnet other than the one they have an IP address from, they simply send traffic to their default gateway.

The L3 switch can't do this because it is routing so if it needs to send a packet to a subnet that it does not have an interface configured in it must use it's routing table.

And at the moment you only have a default route for it to use.

So you need to add routes so it knows how to get to the internal subnets.

Jon

Mokhalil82 · ‎01-16-2015

Hi Jon

So am I adding routes just to the core switch 2 so it knows its way back or on both cores.

What if the subnets are spread across the 2 sites, for example a /24 subnet, so IPs are assigned to hosts at site 1 and some at site 2. how would it work with that?

Jon Marshall · ‎01-16-2015