Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2588
Views
0
Helpful
16
Replies

New Cisco switches - routing not working properly...

netguyz08
Level 1
Level 1

‎09-18-2015 12:14 AM - edited ‎03-08-2019 01:50 AM

Replaced two old 3560's and a 2960 with a new Catalyst 3650-X and two 2960-X's. Routing seems OK for the most part, but there are some issues getting to the SAN VLAN.

There is a trunk port between the core switch (3650) and the SAN switch (2960), and the routes are below, but then I started uncovering (not my network design) hairpinning in an ASA 5510 for one of the SAN subnets (172.15.20.0/24) going to the core switch IP.

 

So in the ASA firewall (10.10.10.3) you have: route insite 172.15.20.0/24 to 10.10.10.250 (core switch)

At the core switch I have an IP default gateway defined for a 2811 router: 10.10.10.1

Then static routes are as follows:

ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 0.0.0.0 0.0.0.0 10.10.10.2 250
ip route 10.2.8.0 255.255.255.240 10.10.10.3
ip route 10.4.8.0 255.255.255.0 10.10.10.3
ip route 10.6.8.0 255.255.255.0 10.10.10.3
ip route 10.8.8.0 255.255.255.0 10.10.10.3

But also in the core switch is int vlan 2 for 172.15.20.1

Previously 172.15.20.1 could be reach from the SAN switch. But the SAN switch (again, a 2960) has no static routes, ip routing is not one, just a Trunk port back to the core, and a few VLAN 2 ports for the SAN, but an ip default gateway defined to: 10.10.10.1 (the router!)

I am thinking that needs to be fixed to point to the core switch instead, but doing so didn't totally fix it. And I am thinking maybe a static route for 172.15.20.0/24 in the core switch...?  Since pinging 172.15.20.1 from the core switch goes to the ASA and back to the core and creates a bunch of ICMP errors..

Labels:
0 Helpful
16 Replies 16

Jon Marshall
Hall of Fame
Hall of Fame
In response to netguyz08

‎09-18-2015 06:18 PM

Is the issue with the actual SAN switch pinging the core switch or with traffic through the SAN switch ?

Jon

0 Helpful

netguyz08
Level 1
Level 1

‎09-19-2015 10:56 AM

Ended up resolving this with Cisco TAC. Thanks for suggestions. I was able to focus TAC to look at VLAN 2, and we found the 3650-X had the Layer 3 setup for VLAN 2, but not the Layer 2 setup.

 

The clue was "show vlan" did not show it as a VLAN on the core switch, despite having the interface. Typing "vlan 2" into the config created it and traffic began flowing.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card