Re: Cisco Configuration issue between switches and router

gnoetzel1125 · ‎03-15-2019

We have determined that there is an issue with one of our Cisco 12port switch (3560) when the port it is connected to the Router is turned on - a financial application function will fail from task to task.

There are two port on the 12port-3560 that is connected to the router and they are as follows:

P1 (Vlan1, 2,10)

P2 (Vlan1, 2, 10)

P3 (Vlan1)

P4 (n/a)

P5 (Vlan 1, 2, 10)

P6 (Vlan 1, 2, 10)

P7 (Vlan 1, 2)

P8 (Vlan 1)

P9 (Vlan 1,10)

P10 (Vlan 10)

P11 (Vlan 10)

P12 (Vlan 10)

P3 is linked to Router Port 4. Router P4 is on native Vlan1. P7 is linked to Router P14 - which is switchport access Vlan 2.

Currently P3 is shutdown, P7 to Router P14 is OPEN.

Router P6/6 (fiber link) set as Siwtchport mode trunk to the Switch on another floor (3650 - G1/1/1). Switch 3650-G1/1/1 has Switchport trunk allowed vlan 1,2,4,7,1001). Switch 3650(G1/1/4) is connected to 2960(G1/0/49) native Vlan1.

Switch 3560(G1/1/4)(switchport mode trunk) is uplinked to Switch 2960G-P1/0/49. Switch 2960G-P1/0/49 is switchport mode trunk.

On that same switch 2960G - P1/0/10 has spanning-tree portfast set on it.

I am unable to get Traffic from the first Switch 3960(P7) to the final designation Switch 2960G(P10).

Since 3560-P7 is already Vlan1 and Vlan2 - the Router (P14) is already set Vlan2 (switchport mode access vlan2), then I set the Switch(G1/1/4) to Switchport trunk allowed vlan 1,2. Then Switch 2960G-P1/0/49) to switchport trunk allowed vlan 1,2. Then finally Switch 2960G-P1/0/10 to switchport trunk allow vlan1,2 / switchport mode trunk.

Still the data is not going to the device 2960G on P1/0/10.

This is Video data from camera system.

I've been doing "trial & error" for the past 2 weeks after hours without affecting the production hours. I am at wits end and we don't have budget for outside services to scour through these configurations to fix 1 problem.

Does anyone have recommendation?

Could it be some Router issue via "access-list" configuration?

Thank you all for your help.

Gil

Sergey Lisitsin · ‎03-15-2019

gnoetzel1125,

Can you please share a topology diagram of your network with IP addressing information. Also, when you say an application will fail from task to task, what do you actually mean? What symptoms do you see and what exactly makes you think this is a network related issue?

gnoetzel1125 · ‎03-25-2019

Latest Update:

We were able to get Vlan2 running on our internet network.

Now we are unable to allow Vlan10 to access the Cable Modem for internet access. The Vlan10 needs to be configure so it can hand out DHCP IP Address to devices. The Cable Modem have static IP address and the DHCP server within the Cable Modem is turned off. Reason why it is turned off is that the DHCP scope is /24 which will only allow up to 254 clients connections. We need to have /16 scope. The vendor of the cable modem will not allow the modem to use /16 subnet.

Therefore, we need to setup the C3560 to serve IP address to all the Vlan10 traffic.

See below link for my sample topology.

Deepak Kumar · ‎03-25-2019

Hi,

Apply the PBR as below:

Ip access-list standard 100

5 deny ip host 10.10.10.1 any --->10.10.10.1 replace with Modem IP address

10 deny IP 10.10.10.0 0.0.255.255 <10.X.X.X y.y.y.y> ----> 10.x.x.x.x y.y.y.y replace with VLAN 2 Subnet

50 permit ip 10.10.10.0 0.0.255.255 any

route-map CABLE_Modem permit 10

match ip address 100

set ip next-hop 10.10.10.1 ----> 10.10.10.1 replace with Modem IP address

interface VLAN 10

ip policy route-map CABLE_Modem

If PBR will not accept then please share Switch SDM and Show version output.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

paul driver · ‎03-25-2019

Hello

@Deepak Kumar wrote:

Hi,

Apply the PBR as below:

Ip access-list standard 100

5 deny ip host 10.10.10.1 any --->10.10.10.1 replace with Modem IP address

10 deny IP 10.10.10.0 0.0.255.255 <10.X.X.X y.y.y.y> ----> 10.x.x.x.x y.y.y.y replace with VLAN 2 Subnet

50 permit ip 10.10.10.0 0.0.255.255 any

route-map CABLE_Modem permit 10

match ip address 100

set ip next-hop 10.10.10.1 ----> 10.10.10.1 replace with Modem IP address

interface VLAN 10

ip policy route-map CABLE_Modem

Just looking at your route-map and relating it to the PBR logic, it seems that the rtr may look at the route-map and will match on the deny ace entry and then cease processing and as such the rtr will route via its rib table and not PBR -

Possible suggest to use a deny route-map stanza for the prefixes you wish not to pbr and then apply a catch all permit statement so everything else is PBR'd

Ip access-list standard 100
permit ip ............

route-map CABLE_Modem deny 10
match ip address 100

route-map CABLE_Modem permit 99
set ip next-hop 10.10.10.1

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul driver · ‎03-25-2019

Hello

@gnoetzel1125 wrote:

Router P6/6 (fiber link) set as Siwtchport mode trunk to the Switch on another floor (3650 - G1/1/1). Switch 3650-G1/1/1 has Switchport trunk allowed vlan 1,2,4,7,1001). Switch 3650(G1/1/4) is connected to 2960(G1/0/49) native Vlan1.

Switch 3560(G1/1/4)(switchport mode trunk) is uplinked to Switch 2960G-P1/0/49. Switch 2960G-P1/0/49 is switchport mode trunk.

On that same switch 2960G - P1/0/10 has spanning-tree portfast set on it.

I am unable to get Traffic from the first Switch 3960(P7) to the final designation Switch 2960G(P10).

Since 3560-P7 is already Vlan1 and Vlan2 - the Router (P14) is already set Vlan2 (switchport mode access vlan2), then I set the Switch(G1/1/4) to Switchport trunk allowed vlan 1,2. Then Switch 2960G-P1/0/49) to switchport trunk allowed vlan 1,2. Then finally Switch 2960G-P1/0/10 to switchport trunk allow vlan1,2 / switchport mode trunk.

Still the data is not going to the device 2960G on P1/0/10.

Your description and posted topology is rather convoluted and doesn't really show which switch is which what port is what

Can you elaborate and maybe post some configuration of the switches and routers

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

gnoetzel1125 · ‎07-14-2023

Alas - above all information is old and I got it working. Apparently the Vlan tagging on the port was messed up by someone else. I was able to get it working where as assinging Vlan to internet traffic only and the other Vlans to proper tag to allow different data path for other lan devices.

Thank you everyone!