Re: IP Routing on 3550

ddaugherty1264 · ‎03-30-2007

Starting point: 8-3550 Switches, 1-2811 router (10.2.232.250), all on one subnet 10.2.232.0:255.255.252.0, one VLAN=1. ALL WORKS FINE.

I'm adding VLANs and I need to enable routing on the switches for Inter-VLAN routing. However, when I enable ip routing on the frist switch, the 'network' still works (stations work fine) however, in about 3 minutes, I can no longer HTTP nor ping the VLAN 1 interface. I'm guessing the 3 min delay is routing info updating. I can't even reach it on the switch itself. So, I can't manage it in Network Assistant, nor the web interface. I can still get to any other switch VLAN interface.

Here is before conf info:

no ip subnet-zero

no file verify auto

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree extend system-id

vlan internal allocation policy ascending

interface Vlan1

ip address 10.2.232.203 255.255.252.0

ip default-gateway 10.2.232.250

ip classless

ip http server

Here is after:

no ip subnet-zero

ip routing

no file verify auto

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree extend system-id

vlan internal allocation policy ascending

interface Vlan1

ip address 10.2.232.203 255.255.252.0

ip default-gateway 10.2.232.250

ip classless

ip route 0.0.0.0 0.0.0.0 10.2.232.250

ip http server

This driving me crazy and not a good experience with ip routing on the 3550. It probably comes down to me misconfiguring something, but I don't know what.

Please assist and I will be singing praises about you!

Thanks.

Richard Burts · ‎03-30-2007

Don

In looking at what you posted it looks like these are the only things that are different:

ip routing

ip route 0.0.0.0 0.0.0.0 10.2.232.250

I do not see what about these 2 additions would cause the symptoms that you describe. Is it possible that you have changed anything else?

As a check on the problem, if you remove these 2 statements does the behavior go back to what it used to be?

Also I am not clear whether PCs connected to this switch still work (it is only a problem getting to the management interface of the switch) or does everything on this switch stop working?

HTH

Rick

HTH

Rick

aravindhs · ‎03-30-2007

Hi

Why do you need the entry 'ip default-gateway 10.2.232.250 ' on the router after you have enabled routing ?

cheers

Arav

Richard Burts · ‎03-30-2007

Arav

I am not sure that you "need" the ip default-gateway when ip routing is enabled. But it does no harm and sometimes you may want to have it. In a few circumstances (most especially operating in rommon) the router is not routing and the ip route 0.0.0.0 does you no good. But the ip default-gateway does work in that situation.

So for normal operation the ip default-gateway is not used. But it is cheap and easy insurance to cover you in certain problem situations.

HTH

Rick

HTH

Rick

ddaugherty1264 · ‎03-30-2007

The only changes are these.

And if I remove them and RESTART the switch all is back to normal. If I remove and clear routes, it still is hosed.

All PCs work without a hitch. The only problem is management.

Strange, huh?

ddaugherty1264 · ‎03-30-2007

Just for grins, here is the entire configs. OOPS, there is one more change: in VLAN1 added, "no ip route-cache"

Just for more info, these changes were created by Network Assistant. I am running 12.2(35)SE-IP-BASE on all switches.

BEFORE:

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

service sequence-numbers

!

hostname ICUSwitch1.net.fleming.org

!

enable secret 5 ####

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

mls qos map cos-dscp 0 8 16 26 32 46 48 56

mls qos min-reserve 5 170

mls qos min-reserve 6 85

mls qos min-reserve 7 51

--More-- mls qos min-reserve 8 34

mls qos

no ip subnet-zero

no file verify auto

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport mode dynamic desirable

!

interface FastEthernet0/2

switchport mode dynamic desirable

!

interface FastEthernet0/3

switchport trunk encapsulation dot1q

switchport mode trunk

--More-- mls qos trust cos

macro description cisco-switch

auto qos voip trust

wrr-queue bandwidth 10 20 70 1

wrr-queue min-reserve 1 5

wrr-queue min-reserve 2 6

wrr-queue min-reserve 3 7

wrr-queue min-reserve 4 8

wrr-queue cos-map 1 0 1

wrr-queue cos-map 2 2 4

wrr-queue cos-map 3 3 6 7

wrr-queue cos-map 4 5

priority-queue out

spanning-tree link-type point-to-point

!

interface FastEthernet0/4

switchport mode dynamic desirable

!

interface FastEthernet0/5

switchport mode dynamic desirable

!

interface FastEthernet0/6

switchport mode dynamic desirable

--More-- !

interface FastEthernet0/7

switchport mode dynamic desirable

!

interface FastEthernet0/8

switchport mode dynamic desirable

!

interface FastEthernet0/9

switchport mode dynamic desirable

!

interface FastEthernet0/10

switchport mode dynamic desirable

!

interface FastEthernet0/11

switchport mode dynamic desirable

!

interface FastEthernet0/12

switchport mode dynamic desirable

!

interface FastEthernet0/13

switchport mode dynamic desirable

!

interface FastEthernet0/14

--More-- switchport mode dynamic desirable

!

interface FastEthernet0/15

switchport mode dynamic desirable

!

interface FastEthernet0/16

switchport mode dynamic desirable

!

interface FastEthernet0/17

switchport mode dynamic desirable

!

interface FastEthernet0/18

switchport mode dynamic desirable

!

interface FastEthernet0/19

switchport mode dynamic desirable

!

interface FastEthernet0/20

switchport mode dynamic desirable

!

interface FastEthernet0/21

switchport mode dynamic desirable

!

--More-- interface FastEthernet0/22

switchport mode dynamic desirable

!

interface FastEthernet0/23

switchport mode dynamic desirable

!

interface FastEthernet0/24

switchport mode dynamic desirable

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

ip address 10.2.232.203 255.255.252.0

!

ip default-gateway 10.2.232.250

ip classless

ip http server

ddaugherty1264 · ‎03-30-2007

I did remove the SNMP stuff at the bottom for posting a message space issues.

AFTER:

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

service sequence-numbers

!

hostname ICUSwitch1.net.fleming.org

!

enable secret 5 ####

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

mls qos map cos-dscp 0 8 16 26 32 46 48 56

mls qos min-reserve 5 170

mls qos min-reserve 6 85

mls qos min-reserve 7 51

--More-- mls qos min-reserve 8 34

mls qos

no ip subnet-zero

!

no file verify auto

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport mode dynamic desirable

!

interface FastEthernet0/2

switchport mode dynamic desirable

!

interface FastEthernet0/3

switchport trunk encapsulation dot1q

switchport mode trunk

--More-- mls qos trust cos

macro description cisco-switch

auto qos voip trust

wrr-queue bandwidth 10 20 70 1

wrr-queue min-reserve 1 5

wrr-queue min-reserve 2 6

wrr-queue min-reserve 3 7

wrr-queue min-reserve 4 8

wrr-queue cos-map 1 0 1

wrr-queue cos-map 2 2 4

wrr-queue cos-map 3 3 6 7

wrr-queue cos-map 4 5

priority-queue out

spanning-tree link-type point-to-point

!

interface FastEthernet0/4

switchport mode dynamic desirable

!

interface FastEthernet0/5

switchport mode dynamic desirable

!

interface FastEthernet0/6

switchport mode dynamic desirable

--More-- !

interface FastEthernet0/7

switchport mode dynamic desirable

!

interface FastEthernet0/8

switchport mode dynamic desirable

!

interface FastEthernet0/9

switchport mode dynamic desirable

!

interface FastEthernet0/10

switchport mode dynamic desirable

!

interface FastEthernet0/11

switchport mode dynamic desirable

!

interface FastEthernet0/12

switchport mode dynamic desirable

!

interface FastEthernet0/13

switchport mode dynamic desirable

!

interface FastEthernet0/14

--More-- switchport mode dynamic desirable

!

interface FastEthernet0/15

switchport mode dynamic desirable

!

interface FastEthernet0/16

switchport mode dynamic desirable

!

interface FastEthernet0/17

switchport mode dynamic desirable

!

interface FastEthernet0/18

switchport mode dynamic desirable

!

interface FastEthernet0/19

switchport mode dynamic desirable

!

interface FastEthernet0/20

switchport mode dynamic desirable

!

interface FastEthernet0/21

switchport mode dynamic desirable

!

--More-- interface FastEthernet0/22

switchport mode dynamic desirable

!

interface FastEthernet0/23

switchport mode dynamic desirable

!

interface FastEthernet0/24

switchport mode dynamic desirable

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

ip address 10.2.232.203 255.255.252.0

!

ip default-gateway 10.2.232.250

ip classless

ip http server

Richard Burts · ‎03-30-2007

Don

I do like the idea of seeing the entire config and think that it may be helpful.

Is it possible that you have posted the same config as before and as after? Unless my eyes deceive me I am not seeing any difference in the 2 configs that you posted.

And it is helpful to know that it only impacts the management address of the switch, so that all PCs continue to work as they should. Would I be correct in assuming that the PC default gateway is still configured as the router address?

Do I understand that when you make the change that you still have access to the switch for a few minutes and then you no longer have access?

HTH

Rick

HTH

Rick

ddaugherty1264 · ‎03-30-2007

Sorry about this. Yes, the PCs continue to work (forever). Yes, the PCs default g/w is the router. Yes, I do have access to the switch for about 3-4 minutes, then it goes away.

ddaugherty1264 · ‎03-30-2007

You guys are really going to think I am ate up. But this is what happens when you append logs together.

The following is really, the real after:

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

service sequence-numbers

!

hostname ICUSwitch1.net.fleming.org

!

enable secret 5 ####

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

mls qos map cos-dscp 0 8 16 26 32 46 48 56

mls qos min-reserve 5 170

mls qos min-reserve 6 85

mls qos min-reserve 7 51

--More-- mls qos min-reserve 8 34

mls qos

no ip subnet-zero

ip routing

!

no file verify auto

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport mode dynamic desirable

!

interface FastEthernet0/2

switchport mode dynamic desirable

!

interface FastEthernet0/3

switchport trunk encapsulation dot1q

--More-- switchport mode trunk

mls qos trust cos

macro description cisco-switch

auto qos voip trust

wrr-queue bandwidth 10 20 70 1

wrr-queue min-reserve 1 5

wrr-queue min-reserve 2 6

wrr-queue min-reserve 3 7

wrr-queue min-reserve 4 8

wrr-queue cos-map 1 0 1

wrr-queue cos-map 2 2 4

wrr-queue cos-map 3 3 6 7

wrr-queue cos-map 4 5

priority-queue out

spanning-tree link-type point-to-point

!

interface FastEthernet0/4

switchport mode dynamic desirable

!

interface FastEthernet0/5

switchport mode dynamic desirable

!

interface FastEthernet0/6

--More-- switchport mode dynamic desirable

!

interface FastEthernet0/7

switchport mode dynamic desirable

!

interface FastEthernet0/8

switchport mode dynamic desirable

!

interface FastEthernet0/9

switchport mode dynamic desirable

!

interface FastEthernet0/10

switchport mode dynamic desirable

!

interface FastEthernet0/11

switchport mode dynamic desirable

!

interface FastEthernet0/12

switchport mode dynamic desirable

!

interface FastEthernet0/13

switchport mode dynamic desirable

!

--More-- interface FastEthernet0/14

switchport mode dynamic desirable

!

interface FastEthernet0/15

switchport mode dynamic desirable

!

interface FastEthernet0/16

switchport mode dynamic desirable

!

interface FastEthernet0/17

switchport mode dynamic desirable

!

interface FastEthernet0/18

switchport mode dynamic desirable

!

interface FastEthernet0/19

switchport mode dynamic desirable

!

interface FastEthernet0/20

switchport mode dynamic desirable

!

interface FastEthernet0/21

switchport mode dynamic desirable

--More-- !

interface FastEthernet0/22

switchport mode dynamic desirable

!

interface FastEthernet0/23

switchport mode dynamic desirable

!

interface FastEthernet0/24

switchport mode dynamic desirable

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

ip address 10.2.232.203 255.255.252.0

!

ip default-gateway 10.2.232.250

ip classless

ip route 0.0.0.0 0.0.0.0 10.2.232.250

ip http server

Richard Burts · ‎03-30-2007

Don

Thanks for posting the correct after version of the config. I have looked at it and do not see anything that seems to explain what is going on.

From the fact that after you make the change you still have access for several minutes it may be reasonable to assume that something is timing out. I wonder if you made the change and when it stopped working if you clear the ARP cache - first on the switch and then if needed on the router - if it might fix it.

If clearing the ARP does not make a difference then I would probably look into the mac address table on the switch. It might help to show mac-address-table, before the change, after the change, and after connectivity is interrupted.

HTH

Rick

HTH

Rick

Danilo Dy · ‎04-03-2007

Hi,

Check the vlan 1 interface of the switch. The line may be "up" but the protocol may be "down". If this is the case, you must have an active client connection on vlan 1 for the SVI to go to an up/up condition . Once there is a live client on the switch you will see vlan 1 up/up.

glen.grant · ‎03-31-2007

It is working correctly . When you turn on ip routing you cannot use the ip default-gateway command , you must use a static default route , not sure why you are turning on ip routing but that is another story . The reason everything else works is that is appears you are trunking to another layer 3 device which is the default gateway for your subnets , so all the clients have their default gateways pointed to that address so they would keep working as they are not pointed to anything on the problematic 3550. I think everything will normalize if you pull the ip default gatway command and add the default static route 0.0.0.0 0.0.0.0 10.2.232.250 . Is there some reason you feel you have to turn on ip routing ?

Richard Burts · ‎03-31-2007

Glen

The posted config clearly shows that a static route for 0.0.0.0 has already been configured.

Your assertion that the ip default-gateway may be causing the problem is not correct. I frequently configure layer 3 devices with ip default-gateway and it does not cause problems. You are correct that when the device is acting as a router (ip routing enabled) that the default-gateway is not used. But if the device is not routing (for example in rxboot) then the ip default-gateway would be used.

HTH

Rick

HTH

Rick

svanhandel · ‎03-31-2007

The IP default gateway command has absolutely no effect if IP routing is enabled. Once ip routein