cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3329
Views
0
Helpful
34
Replies

Management Vlan Routing issue.

venturas05
Level 1
Level 1

We currently have 1 6509 and 3 4507's setup as layer 3 switches with trunks between them. I am working to create layer 3 connections between them to cut down on broadcast traffic. I have configured new management vlans on each one because the management vlan is the only vlan that spanned the entire network. I have created 4 mgmt vlans 400-403 with IP's 10.254.0.0/20 10.254.16.0/20 10.254.32.0/20 and 10.254.48.0/20. I can get all the switches moved to the .0, .32, and .48 networks but have been unsuccessful with the .16 subnet. The Vlan interface is 10.254.17.1 which is also the default gateway I am using. The first switches I made changes too I couldn't ping anything within the network. I was using 10.254.20.1 and 10.254.19.1 on seperate buildings. I can ping 10.254.17.1 from other LAN's within the network however, even with the old mgmt vlan still functioning I cannot ping the 10.254.17.1 from the switches connected to the 4507 with this interface configured. I have not asked for assistance of this magnitude on here before so please let me know the read outs you would require to assist me or if I need to clearify anything. The routing protocol is eigrp and in the routing table I see that vlan 401 network 10.254.16.0/20 is directly connected.

34 Replies 34

Hello
First of all do all your switches have the correct iOS feature set to run full routing within eigrp.

Can you post run config of the core switch and an l3 switch that isn't working

Sh run
Sh ip route
Sh ip eigrp neighbour
Sh ip protocols


Res
Paul


Sent from Cisco Technical Support iPad App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I think this is all the information you asked for plus I showed the interfaces connecting the two buildings together on the L3 4507 and L2 3750. I am just trying to move the mgmt vlan from 1 to 401 with an ip of 10.254.20.1 and cannot ping the vlan 401 interface on the 4507 which is 10.254.17.1.

Thank you for any assitance,

Anthony

hello
apologies i dont have access to your readouts at present

in the mean time cannot you make sure. yout eigrp congfig is correct

disable auto-summerisation and specify the svi interface in the eigrp process and passive interface any other interafces that dont need to run eigrp.

Eg
router eigrp 10
no auto-summary
passive interface default
no passive interface vlan 401
network 10.254.17.1 0.0.0.0

res
paul

Sent from Cisco Technical Support Android App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello, I think this is the switch that is in question RGS-MDF-3750-1-1 which is in another building:

**************** Sh Run L2 Switch not able to ping MGMT Vlan 401 ********************

RGS-MDF-3750-1-1#sh run

Building configuration...

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname RGS-MDF-3750-1-1

!

vtp mode transparent

ip subnet-zero

no ip domain-lookup

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 401

name RCD_MGMT

!

interface GigabitEthernet1/0/12

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

queue-set 2

mls qos trust cos

auto qos voip trust

spanning-tree link-type point-to-point

!

interface Vlan1

ip address 10.139.17.1 255.255.0.0

!

interface Vlan401

ip address 10.254.20.1 255.255.240.0

!

ip default-gateway 10.139.1.1

====================================================================

Please NOTE: 3550's were successful in the ping - the 3750 failed!

Instead of ip default-gateway command, can you add the ip route 0.0.0.0 0.0.0.0 10.139.1.1 command before you take out the ip default-gateway 10.139.1.1.

If no one is at the site, BEFORE you make any changes please issue a 'reload in 10' command just in case we lose connectivity. This will reload automatically in 10mins just in case we lock ourselves out. Gives us 10 minutes to do this:

conf t

!

ip route 0.0.0.0 0.0.0.0 10.139.1.1

no ip default-gateway 10.139.1.1

If you still have connectivity at this stage, you can do 'reload cancel' and then save the configurations.

Then test pings.

Its really confusing and im not able to make out the exact topology, and would be nice to get a better understanding of this before we give an exact answer/suggestion. You haven't enabled EIGRP here, is this correct?

I just wanted to point out something else too 10.139.1.1 Im assuming as a router of some sort where all your WAN and LAN have their default route set to. This should be able to route your traffic and have reachability pretty much anywhere in your network.

If you have a remote switch which has a direct trunk to your main site, you can run EIGRP over the management VLAN. But it seems that this is not the case with this 3750 in particular. And probably your other sites - you have no EIGRP neighbors on vlan 401!

If you wanted to enable EIGRP on the 3750 switch, do this:

conf t

!

router eigrp 1

no auto-summary

network 10.0.0.0

passive interface default

no passive interface vlan 401

As PAUL suggested :-)

This should enable your eigrp and the neighborship should come 'up' with the 4500

Then you should start seeing your routing table being populated with EIGRP routes for 10 networks which are advertised by the 4500.

If this is what you wanted to accomplish you will have to do the same for your 3550's and all other L2/L3 switches.

Hope this helps

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

I understand the requirements a bit differently and hope that Anthony can provide some clarification about which is correct.

The suggestion to change default-gateway to ip route 0.0.0.0 would be a good suggestion if the 3750 has ip routing enabled. I thought that the description given was that the 3750 is operating as a layer 2 switch. And in that case it needs default-gateway and not ip route 0.0.0.0. Also the suggestions about using EIGRP would be good if it were acting as a layer 3 switch but not if it is layer 2.

I believe that there is also an issue about the gateway address to use. 10.139.1.1 is the address used as the gateway when the switch was using vlan 1 as its management vlan. The objective now is to try to make vlan 401 into the management vlan. This means that the gateway address shold be something in the subnet configured on vlan 401 interface. Probably 10.254.17.1 is the address to use if I read the original post correctly.

I would appreciate it if Anthony would post the output of show ip interface brief or of show interface status from the 3750.  A lot of my experience is that a layer 2 switch wants to have only one active layer 3 interface. If the version of code running on the 3750 has this behavior we want to know which vlan interface is up and which is down.

HTH

Rick

HTH

Rick

Yes you're right Rick, I must have missed the content of the 2nd post by Anthony somehow.

If its purely layer 2, I assume EIGRP was enabled to advertise the management network to the other EIGRP neighbors.

I must have misunderstood. I thought EIGRP was to be enabled on the management network.

Question might be then, how would you change that management interface and default gateway without losing connectivity to the device? Would it just be a case of overwriting the default gateway command?

So the reason why the ping fails to the switch itself is because ip routing is not enabled.

And for another reason, because of that one SVI that is active (the old management one)

However, I still think you should be able to ping 10.254.17.1 before any changes.... The gateway is reachable for this switch in particular, so the SVI doesn't live on the connected 4500.

As i understand, we have [3750]--------[4500]--------[10.139.1.1]

The 3750 can reach 10.139.1.1 because of VLAN 1 (Assuming there is connectivity). But if I cannot ping 10.254.17.1 (4500) from the 3750 switch, it means sending my ICMP request to my default G/W which is 10.139.1.1 (destination of 10.254.17.1), and then doesn't come back? So it goes missing somewhere along the way.

If EIGRP is fully converged, i believe that the flow of a ping from the 3570 to the new management SVI should be this:

10.139.17.1 (3750) ----- 10.139.1.1 ----- 10.254.17.1 (4500) -----10.139.17.1 (3750)

So instead of being routed back to the 10.139.1.1, the 4500 routes it straight back to the 3750 because it knows the route to get to vlan 1 (connected). Is this correct?

Anthony suggests that it works in another building with a 3550. On same vlan and different vlan.

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

venturas05
Level 1
Level 1

Let me know if this clears anything up.

We have eigrp setup between the four layer 3 switches in seperate buildings. Right now 10.139.1.1 is the mgmt ip of our main layer 3 switch. Every other switch all 350+ are currently using vlan 1 all gateways are programmed to 10.139.1.1. I am trying to seperate the mgmt networks with a \20 subnet to setup layer 3 links between the layer 3 switches instead of the truncks currently configured. The other 3 switches have mgmt vlans setup and working fine. The one 4507r-e with dual sup 6e's running ios 12.2 (54) I have setup vlan 401 with 10.254.17.1\20 to be the mgmt vlan for the six buildings connecting to it. I can ping 10.254.17.1 from all other layer 3 switching telling me eigrp is working correctly. However when I program a switch connected to the 4507 for vlan 401 10.254.20.1 or .19.1 with ip default gateway of 10.254.17.1 I cannot communicate with the switch. When I set it back to vlan 1 with 10.139.20.1 and gateway 10.139.1.1 I can ping everything but 10.254.17.1. For some reason the 4507 wont let any layer 2 switches directly connected too it talk with the svi 401. I have made sure no pruning was being done on the trunks to the layer 3 switch. I have had no problems with this configuration on the other 3 layer 3 switches which are 1 6509 wih sup 720b's and 2 4507r's with sup 4s.

Let me know if this added confusion or clearified anything. I will test the ip route and see if it works once im on site again. Thank you all for your help.


Sent from Cisco Technical Support Android App

Hello

" However when I program a switch connected to the 4507 for vlan 401 10.254.20.1 or .19.1 with ip default gateway of 10.254.17.1 I cannot communicate with the switch."

This 3750 switch connecting to the 4507 -You want this to connect via L3? , then it requires =  L3 Mgmt address+  connected by access-port + eigrp process or static addressing.

If not then it requires just the basic L2 connectivity =   Mgmt address+ D/G connected by trunk interface.

"When I set it back to vlan 1 with 10.139.20.1 and gateway 10.139.1.1 I can ping everything but 10.254.17.1"

I assume this will be because of the switching already in place.

"For some reason the 4507 wont let any layer 2 switches directly connected too it talk with the svi 401"

The connection between the 4706 and the core should not be trunked, this should be an access port in svi 401 vlan.

and on the 6509, its svi's need to be advertised in eigrp

6509

interface xxx

description link to 4706

switchport access vlan 401

switchport mode access

interface Vlan401

description new mgmt vlan

ip address 10.254.17.2 255.255.?.?

Other svi's ( made up addreess just fot show)

interface Vlan10

ip address 10.10.10.1 255.255.255.0

interface Vlan20

ip address 20.20.20.1 255.255.255.0

interface Vlan30

ip address 30.30.30.1 255.255.255.0

router eigrp xxx

no auto-summary

network 10.254.17.2 0.0.0.0

network 10.10.10.1 0.0.0.0

network 20.20.20.1 0.0.0.0

network 30.30.30.1 0.0.0.0

4706

interface xxx

description link to core
switchport access vlan 401

switchport mode access
spanning-tree portfast

interface xxx

description trunk to L2 switch
switchport trunk encapsulation dot1q
switchport mode trunk

interface Vlan401

description new mgmt vlan

ip address 10.254.17.1 255.255.?.?

router eigrp xxx

no auto-summary

network 10.254.17.1 0.0.0.0

L2 switch
interface xxx
description link to 4706

switchport trunk encapsulation dot1q

switchport mode trunk

interface Vlan401

description new mgmt vlan

ip address 10.254.17.3 255.255.?.?

ip default-gateway 10.254.17.1

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I do understand what you are saying here. However, this is a production network with 69 vlans and I have to get the management vlans broken up before I can setup the layer 3 links between L3 switches. I have 3 of the 4 areas already moved to the new management vlan. With that said I am having issues with the last one. I have configured the 4507 and l2 switch as you indicated minus the access port connection to the 6509. The issue is any of the switches directly connected to the 4507 cannot ping the 10.254.17.1 interface on the 4507. I programmed the l2 switches with management interfaces of 10.254.18.1, 10.254.19.1/20, 10.254.20.1/20 and 10.254.21.1/20 on Vlan 401 with default gateway of 10.254.17.1. When doing this I cannot get to the switches or ping the switches from the 4507 or anywhere else in the network.

I have not had a chance to try out the ip route on the 3750 l2 switch yet. I will post my findings as I try it in a few hours.

Thank you again for any assitance.

RGS-MDF-3750-1-1>ping 10.254.17.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.254.17.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

RGS-MDF-3750-1-1#show run int vlan 1

!

interface Vlan1

ip address 10.139.17.1 255.255.0.0

end

RGS-MDF-3750-1-1#show run | in ip de

ip default-gateway 10.139.1.1

RGS-MDF-3750-1-1#show cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID

RCD-MDF-4507.wylieisd.net

                    Gig 1/0/12            122           R S I     WS-C4507R-Gig 1/6

RGS-MDF-3750-1-1#show run int gi1/0/5

!

interface GigabitEthernet1/0/5

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

queue-set 2

mls qos trust cos

auto qos voip trust

spanning-tree link-type point-to-point

end

****************4507******************

RCD-MDF-4507#show run int vlan 401

!

interface Vlan401

ip address 10.254.17.1 255.255.240.0

no ip redirects

end

RCD-MDF-4507#show run int vlan 1

!

interface Vlan1

ip address 10.139.4.1 255.255.0.0

no ip redirects

end

RCD-MDF-4507#show run | be eigrp

router eigrp 1

network 10.0.0.0

no eigrp log-neighbor-changes

!

ip default-gateway 10.139.1.1

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

ip route 0.0.0.0 0.0.0.0 10.139.1.1

ip route 0.0.0.0 0.0.0.0 10.140.2.50

RCD-MDF-4507#sh run int gi1/6

!

interface GigabitEthernet1/6

description ####Smith####                                    

switchport mode trunk

auto qos voip trust

service-policy input AutoQos-VoIP-Input-Cos-Policy

service-policy output AutoQos-VoIP-Output-Policy

end

I know these network is not configured optimally but I am working on it. Once I solve this problem I will be able to shrink my routing tables and expand L3 to each building versus just the 4 areas. So any help with this problem is very much appreciated.

I also tried the settings indicated above with taking out the default gateway and setting ip route 0.0.0.0 0.0.0.0 10.254.17.1 but I was still unable to ping 10.254.17.1 or connect to the switch 10.254.20.1.

Anthony

Have you done the show ip interface brief or the show interface status on the 3750 that I asked for?

HTH

Rick

[edit] and while I am thinking about it I think it might be helpful to get the output of show ip route from the 3750. And perhaps similar outputs from the 4500.

HTH

Rick

RGS-MDF-3750-1-1#show ip route

Default gateway is 10.139.1.1

Host               Gateway           Last Use    Total Uses  Interface

ICMP redirect cache is empty

RGS-MDF-3750-1-1#show ip interface brief

Interface              IP-Address      OK? Method Status                Protocol

Vlan1                  10.139.17.1     YES manual up                    up

Vlan401                10.254.20.1     YES NVRAM  administratively down down

GigabitEthernet1/0/1   unassigned      YES unset  up                    up

GigabitEthernet1/0/2   unassigned      YES unset  up                    up

GigabitEthernet1/0/3   unassigned      YES unset  up                    up

GigabitEthernet1/0/4   unassigned      YES unset  up                    up

GigabitEthernet1/0/5   unassigned      YES unset  up                    up

GigabitEthernet1/0/6   unassigned      YES unset  up                    up

GigabitEthernet1/0/7   unassigned      YES unset  up                    up

GigabitEthernet1/0/8   unassigned      YES unset  up                    up

GigabitEthernet1/0/9   unassigned      YES unset  down                  down

GigabitEthernet1/0/10  unassigned      YES unset  down                  down

GigabitEthernet1/0/11  unassigned      YES unset  down                  down

GigabitEthernet1/0/12  unassigned      YES unset  up                    up

RGS-MDF-3750-1-1#show interfaces status

Port      Name               Status       Vlan       Duplex  Speed Type

Gi1/0/1                      connected    trunk      a-full a-1000 1000BaseSX SFP

Gi1/0/2                      connected    trunk      a-full a-1000 1000BaseSX SFP

Gi1/0/3                      connected    trunk      a-full a-1000 1000BaseSX SFP

Gi1/0/4                      connected    trunk      a-full a-1000 1000BaseSX SFP

Gi1/0/5                      connected    trunk      a-full a-1000 10/100/1000BaseTX SFP

Gi1/0/6                      connected    trunk      a-full a-1000 10/100/1000BaseTX SFP

Gi1/0/7                      connected    trunk      a-full a-1000 10/100/1000BaseTX SFP

Gi1/0/8                      connected    trunk      a-full a-1000 10/100/1000BaseTX SFP

Gi1/0/9                      notconnect   1            auto   auto Not Present

Gi1/0/10                     notconnect   1            auto   auto Not Present

Gi1/0/11                     notconnect   1            auto   auto Not Present

Gi1/0/12                     connected    trunk      a-full a-1000 1000BaseLX SFP

RGS-MDF-3750-1-1#

************4507*****************

RCD-MDF-4507#sh ip int br

Interface              IP-Address      OK? Method Status                Protocol

Vlan1                  10.139.4.1      YES NVRAM  up                    up

Vlan401                10.254.17.1     YES NVRAM  up                    up

FastEthernet1          unassigned      YES NVRAM  down                  down

GigabitEthernet1/1     unassigned      YES unset  up                    up

GigabitEthernet1/2     unassigned      YES unset  up                    up

GigabitEthernet1/3     unassigned      YES unset  down                  down

GigabitEthernet1/4     unassigned      YES unset  up                    up

GigabitEthernet1/5     unassigned      YES unset  up                    up

GigabitEthernet1/6     unassigned      YES unset  up                    up

GigabitEthernet1/7     unassigned      YES unset  up                    up

GigabitEthernet1/8     unassigned      YES unset  up                    up

GigabitEthernet1/9     unassigned      YES unset  down                  down

GigabitEthernet1/10    unassigned      YES unset  down                  down

GigabitEthernet1/11    unassigned      YES unset  down                  down

GigabitEthernet1/12    unassigned      YES unset  up                    up

Port      Name                         Status       Vlan       Duplex  Speed Type

Gi1/1     #### 6509 Water         connected    trunk        full   1000 1000BaseZX

Gi1/2     #### 6509 1378           connected    trunk        full   1000 1000BaseLH

Gi1/3     ####  BLDG 1             notconnect   1            full   1000 No Gbic

Gi1/4     ####BLDG2####          connected    trunk        full   1000 1000BaseLH

Gi1/5     ####BLDG3####          connected    trunk        full   1000 1000BaseLH

Gi1/6     ####BLDG4####           connected    trunk        full   1000 1000BaseLH

Gi1/7     ####BLDG5####           connected    trunk        full   1000 1000BaseLH

Gi1/8     ####BLDG6####           connected    trunk        full   1000 1000BaseLH

Gi1/9                                        notconnect   1            full   1000 No Gbic

Gi1/10                                      notconnect   1            full   1000 No Gbic

Gi1/11                                      notconnect   1            full   1000 No Gbic

Gi1/12    ####BLDG7####             connected    trunk        full   1000 1000BaseSX

Anthony

Thank you. The output is very helpful. Here is the reason why things are not working

Vlan401                10.254.20.1     YES NVRAM  administratively down down

If the vlan interface is administratively down then this is the reason why it will not ping 10.254.17.1. Do a no shut on the interface and let us know what happens.

HTH

Rick

HTH

Rick

Good find! I just quickly wanted to ask, should you not be able to ping that IP on the 4507 before bringing up this interface?

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco