cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
1488
Views
0
Helpful
25
Replies
NetworkMan23
Beginner

Connecting L3 Devices through a L2 Switch

I seem to of been having issues with basic connectivity between a network-enabled PDU and a Cisco 4500-X. 

 

Please see the attached topology file for more information. 

 

I have a 4500-X with a management IP on it, connected in a port-channel to a 2960-X. An Intelligent PDU then hangs off the 2960-X and all interfaces are within VLAN 55. I have a IP on the PDU as 10.22.4.84 and its D.G. is 10.22.4.83.

 

However, I cant even ping the PDU from the 4500-X. Any help is appreciated. 

1 ACCEPTED SOLUTION

Accepted Solutions

Based on what I think I understand so far it seems that you need to keep the 10.22.4.64/26 subnet on the routed port FastEther1 in the management vrf. So you need to configure a different subnet for communication with the PDU. Assign an IP in that new subnet to interface vlan 55 and configure the PDU with an IP address in that subnet and with the switch IP as the gateway. If you want to restrict access by putting the interface/subnet into a vrf that should be possible.

 

HTH

 

Rick

HTH

Rick

View solution in original post

25 REPLIES 25
Richard Burts
Hall of Fame Guru

On the 2960 please post the output of these commands

show interface status

show vlan

show interface trunk

On the 4500 please post the output of these commands

show arp

show vlan

show interface trunk

 

 

HTH

 

Rick

HTH

Rick

4500:

 

TEST-RCN-4500-01#
TEST-RCN-4500-01#show arp
TEST-RCN-4500-01#
TEST-RCN-4500-01#show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Te1/3, Te1/4, Te1/5, Te1/6, Te1/7
Te1/8, Te1/9, Te1/10, Te1/11
Te1/12, Te1/13, Te1/14, Te1/15
Te1/16
2 OSS_TEST active
3 SAR_TEST active
55 iPDU_Access_RCN active
100 VLAN0100 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
55 enet 100055 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

TEST-RCN-4500-01#show interface trunk

Port Mode Encapsulation Status Native vlan
Po5 on 802.1q trunking 1

Port Vlans allowed on trunk
Po5 55

Port Vlans allowed and active in management domain
Po5 55

Port Vlans in spanning tree forwarding state and not pruned
Po5 55
TEST-RCN-4500-01#

 

(appears there is nothing in the ARP table?) 

 

2960:

 

TEST-RCN-2960-01#show interface status

Port Name Status Vlan Duplex Speed Type
Gi1/0/1 LINK TO RCN iPDU connected 55 a-full a-100 10/100/1000BaseTX
Gi1/0/2 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/3 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/4 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/5 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/6 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/7 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/8 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/9 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/10 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/11 notconnect 1 auto auto 10/100/1000BaseTX

Port Name Status Vlan Duplex Speed Type
Gi1/0/12 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/13 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/14 1/2 LINK TO 4500-X connected trunk a-full a-1000 10/100/1000BaseTX
Gi1/0/15 2/2 LINK TO 4500-X connected trunk a-full a-1000 10/100/1000BaseTX
Gi1/0/16 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/17 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/18 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/19 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/20 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/21 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/22 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/23 notconnect 1 auto auto 10/100/1000BaseTX

Port Name Status Vlan Duplex Speed Type
Gi1/0/24 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/25 notconnect 1 auto auto Not Present
Gi1/0/26 notconnect 1 auto auto Not Present
Gi1/0/27 notconnect 1 auto auto Not Present
Gi1/0/28 notconnect 1 auto auto Not Present
Po5 connected trunk a-full a-1000
Fa0 notconnect routed auto auto 10/100BaseTX
TEST-RCN-2960-01#show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/2, Gi1/0/3, Gi1/0/4
Gi1/0/5, Gi1/0/6, Gi1/0/7
Gi1/0/8, Gi1/0/9, Gi1/0/10
Gi1/0/11, Gi1/0/12, Gi1/0/13
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22, Gi1/0/23, Gi1/0/24
Gi1/0/25, Gi1/0/26, Gi1/0/27
Gi1/0/28
55 iPDU_VLAN active Gi1/0/1
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
55 enet 100055 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

TEST-RCN-2960-01#show interface trunk

Port Mode Encapsulation Status Native vlan
Po5 auto 802.1q trunking 1

Port Vlans allowed on trunk
Po5 1-4094

Port Vlans allowed and active in management domain
Po5 1,55

Port Vlans in spanning tree forwarding state and not pruned
Po5 1,55
TEST-RCN-2960-01#

 

Help is appreciated

 

 

 

Thank you for the additional information. Mostly it shows what we expect. The vlan is defined on both switches, the vlan is carried on the trunk for both switches, the interface on 2960 connecting to the PDU is connected and assigned to the correct vlan. But there are no entries in the arp table. So we need to look a bit further.

 

Would you post the output of the command show ip interface brief on 4500?

 

Is there any chance that the PDU is not configured with the IP that you think?

 

HTH

 

Rick 

HTH

Rick

4500:

 

TEST-RCN-4500-01#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet1 10.22.4.83 YES TFTP up up
TenGigabitEthernet1/1 unassigned YES unset up up
TenGigabitEthernet1/2 unassigned YES unset up up
TenGigabitEthernet1/3 unassigned YES unset down down
TenGigabitEthernet1/4 unassigned YES unset down down
TenGigabitEthernet1/5 unassigned YES unset down down
TenGigabitEthernet1/6 unassigned YES unset down down
TenGigabitEthernet1/7 unassigned YES unset down down
TenGigabitEthernet1/8 unassigned YES unset down down
TenGigabitEthernet1/9 unassigned YES unset down down
TenGigabitEthernet1/10 unassigned YES unset down down
TenGigabitEthernet1/11 unassigned YES unset down down
TenGigabitEthernet1/12 unassigned YES unset down down
TenGigabitEthernet1/13 unassigned YES unset down down
TenGigabitEthernet1/14 unassigned YES unset down down
TenGigabitEthernet1/15 unassigned YES unset down down
TenGigabitEthernet1/16 unassigned YES unset down down
Port-channel5 unassigned YES unset up up
Port-channel23 unassigned YES unset down down
Vlan1 unassigned YES unset down down
Vlan55 unassigned YES unset up up
Vlan101 unassigned YES unset administratively down down
TEST-RCN-4500-01#

 

The following is output from the iPDU: 

 

apc>
apc>
apc>tcpip -i
E000: Success
IPv4 Address: 10.22.4.84

apc>tcpip -g
E000: Success
Gateway: 10.22.4.83

apc>tcpip -s
E000: Success
Subnet Mask: 255.255.255.192

apc>

Thank you for this information which is quite helpful. What I see is that interface vlan 55 has no IP address and that the IP address is configured on interface FastEther1. Please post the config of that interface.

 

It is clear that the issue is that to communicate with the PDU there must be an IP address in that subnet on the interface vlan 55. It is not so clear how to resolve this, especially since you can not have the same subnet configured on a routed interface and on a vlan.. Do you need an IP address on FastEther1? Could you move the current IP from FastEther1 to vlan 55 and put a different IP on FastEther1?

 

HTH

 

Rick

HTH

Rick

TEST-RCN-4500-01#show run int fa1
Building configuration...

Current configuration : 163 bytes
!
interface FastEthernet1
description Management link into admin VRF
vrf forwarding mgmtVrf
ip address 10.22.4.83 255.255.255.192
speed auto
duplex auto
end

TEST-RCN-4500-01#

 

 

I need an IP address on the 4500 for management connectivity. However, I can change the IP address on the PDU and apply one for the vlan 55 if needed?

 

The way you have it won't work because you have applied the IP for vlan 55 on the 4500 to a routed port. 

 

If you want to keep the same switch connectivity as in your diagram you would need to either move the IP from the fa1 interface and assign it to the SVI for vlan 55 on the 4500 or use a different vlan/IP subnet for PDU management. 

 

Jon

Thank you, that seems to of worked, your help is appreciated.

 

What I had in mind is to enable connectivity to another device beyond the 4500. 

 

To do this, i thought i could put the vlan 55 SVI into a VRF and attach that VRF to the outbound ports on the 4500. Is this possible, do you see my idea? I wanted this equipment to only be accessible via a particular vpn. 

 

Thanks 

Yes it is possible. 

 

A VRF is a L3 concept so any devices you allocate into vlan 55 will be in that VRF. 

 

Jon

Based on what I think I understand so far it seems that you need to keep the 10.22.4.64/26 subnet on the routed port FastEther1 in the management vrf. So you need to configure a different subnet for communication with the PDU. Assign an IP in that new subnet to interface vlan 55 and configure the PDU with an IP address in that subnet and with the switch IP as the gateway. If you want to restrict access by putting the interface/subnet into a vrf that should be possible.

 

HTH

 

Rick

HTH

Rick

View solution in original post

NetworkMan23
Beginner

Thats great, thanks all, it was really helpful.

 

On a little side note, would it be possible to plug an Ethernet from the 2960-X Mgmt interface to a TenG interface on the 4500-X and have SSH access?

 

The issue is that I don't have a management solution to either the 4500 or 2960 and am looking at how I could achieve this. If it helps, the 4500 plugs into a Core router of the network and can be accessed through there.

 

Thanks 

If you have a working network connection between the 2960 and the 4500 then it should be possible to SSH to the 2960. But there are questions of compatibility to consider about how to make that connection. The management interface on the 2960 has limited bandwidth capability

Fa0 notconnect routed auto auto 10/100BaseTX

so connecting it to a Ten Gig interface is not going to work.

 

If the "management" interface is not going to work you can achieve your purpose by using a vlan interface on the 2960 and SSH to that address. The simple solution would be to use the IP of vlan 55 and SSH to it. If you want to separate management traffic from data traffic then you could leave vlan 55 for data traffic, create a new vlan for management traffic, configure a vlan interface for this vlan, assign an IP address to that vlan interface, and use it to SSH.

 

There is probably a similar question on the 4500. It has a management interface configured with an IP address. But where would you connect that management interface? I would suggest that you take a similar approach on the 4500 of configuring a vlan for management traffic, configure a vlan interface for that vlan, move the management IP to that vlan interface.

 

HTH

 

Rick

 

HTH

Rick

I had it working and now its not, completely unsure as to why.

Please refer to diagram. I am trying to get connectivity between the 10.22.139.8 device and the 4500 switch.

VLAN 55 is an SVI with IP address in a VRF. I cant ping the 10.22.139.8 device. Please help

 

 

If it was working and now it is not working then something changed. Can you tell us what changes have been made?

 

If you are attempting to ping the device in vlan 55 and it is in a vrf are you sure that your ping is using the vrf?

 

The diagram shows two connections between 4500 and 2960, Ten1/1 to G1/14 and Ten1/2 to G1/15. Can you clarify how these are set up? Are both trunks? Is it an Etherchannel?

 

It is not clear in the diagram whether the gateway for vlan 55 is on the 4500 (which I assume is the case) or is on the 2960. Can you clarify? Can you post the config related to vlan 55?

 

To help identify the issue can you provide these outputs:

show ip interface brief on both 4500 and 2960

show interface trunk on both 4500 and 2960

show arp on the device with the svi for vlan 55

 

HTH

 

Rick

HTH

Rick