Ok folks, this has probably been discussed a million times on here but I'm lost and could use your help.
I have an HSRP configuration between a stack of 3750's and two separate 2811 WAN routers for redundancy. I have 3 vlans configured on subinterfaces on both routers going to the stack. The HSRP configuration seems to work beautifully but when I plug into the switch I can only ping on my data vlan to the data vlan gateway IP. I cannot ping to the voice vlan ip or my mgmt ip. I have attached the full 3 configs (stack and 2 routers) as well as a topology photo for your reference. So far I have only really worked on the x.2 router and the stack so you may want to focus on the attached documents labeled Alden-WAN-GW1 and Alden-SW1.
To be clear, what I've done is configure a static on a PC in my data vlan and then pinged the data vlan gateway IP. With that same IP I cannot ping the voice gateway. If I change the PC's IP to an address in the voice vlan, I can't ping anything. I cannot ping the mgmt gateway either but I did that on purpose.
I'm thinking this has something to do with native vlans on the trunks but I tried configuring the natives on both ends and could not get this working.
Please pick me apart and teach me something!
Is there a default gateway configured correctly on the PC?
I am unsure of why the native VLAN configuration differs in the connections from the switch stack and the two routers, although I don't believe that is actually causing any issues for you.
Your configuration looks fine. You dont need a native vlan command under trunk. Also you dont need static route on the PC as long as you have the default gateway configured.
Please be aware the switch port which you are connecting the PC should have the switchport access vlan 104 configured in order to ping the other ip address including voice gateway and managment ip address.
Also verify the on the switch if all vlans are getting allowed throught the trunk with the command "sh interface trunk"
Please rate when applicable or helpful !!!
You need to verify HSRP is working fine or not.Shutdown one of the gateway and check which Active gateway is not working.
Do you face problem for voice vlan in both gateways.
Please let me know.
Praveen, I have tested and verified that HSRP is working properly and that it fails over when the connection to the active router is disabled. I do face the same problem on both gateways as I attempt pings from the host to the actual IP of the gateways themselves as well as the VIP.
I guess what really confuses me is that I can ping all of these devices from the switch itself using the ping x.x.x.x source x.x.x.x command but I do not get the same behavior with the host.
All help is greatly appreciated as I am working on this design as a new standard template for my business. I know it works but I am missing something here.
Could you please remove native vlan and trunk allowed configuration on switch
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan 104,164,192
switchport mode trunk
How your host's are configured statically or dhcp
confirm gateway is configured properly.
I am not seeing any confiuration erroin in WAN-GW1 and GigabitEthernet1/0/1 of switch.
Thanks Praveen, I think I figured it out. I was using a different native trunk vlan other than one of the 3 primary vlans (data, voice, mgmt). Since the router is set up to tag traffic on the subinterface to vlan 104, you cannot set a different vlan to native and allow other vlans to pass. Routers do not trunk the same way switches do. An excellent lesson. I changed the native vlan on both sides to 104 (data) and bang! it worked.
The new issue now is that I have applied an ACL to the mgmt subinterface on the router to block the data and voice vlans from being able to reach it. When I ping from the switch on the data vlan I cannot reach IP's in the management vlan. However, when I ping from a host in the data vlan I CAN reach IP's in the mgmt vlan. Ugh!
I love networking!
Try to put native vlan other than data or voice.I suggest you to make native vlan as MGMT vlan and test it.
It will block data and voice vlan reaching mgmt ip.
Please rate if helps you.