Solved: partial communication across switches

eforeman@cityofpella.com · ‎04-06-2022

I want to be able to access resources on switch 3 from a computer on switch 4.

What I can do.

I can ping switch3, switch4, and the default gateway from any of the other devices using the IP address associated with vlan 4.

I can ping all of the interfaces that have IP addresses on switch4 from a computer that has IP address 192.168.40.20/24 and is directly connected to switch4.

what I can not do.

I can't ping any interface on switch3 from the a fore mentioned computer on switch4.

I feel like if I could ping switch3 then I would be able to get to the computer connected to switch3 that has IP address 192.168.30.20/254

both computers are connected to port 23 on their switches. The switches are connected by a fiber run tht is on port 24 on both switches.

Each computer has a shared folder on it that was accessible by the other computer before the on computer was moved to the new location on switch3.

These networks are about to grow significantly, so I would really like to keep the broadcast domain down by having them on separate vlans.

Configs below

SWITCH4=============================================================
Config---------------------------
Switch4#show run
Building configuration...

Current configuration : 4575 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Switch4
!
boot-start-marker
boot-end-marker
!
enable secret 5 1
enable password 7 1
!
!
!
no aaa new-model
switch 1 provision ws-c3750x-24p
system mtu routing 1500
ip routing
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
!
interface GigabitEthernet1/0/1
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/10
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/11
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/13
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/14
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/15
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/16
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/17
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/18
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/19
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/20
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/21
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/22
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/23
switchport access vlan 400
switchport mode access
switchport voice vlan 411
spanning-tree portfast
!
interface GigabitEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
no ip address
!
interface Vlan4
ip address 192.168.4.4 255.255.255.0
!
interface Vlan100
ip address 192.168.10.4 255.255.255.0
!
interface Vlan400
ip address 192.168.40.254 255.255.255.0
ip helper-address 192.168.4.10
!
interface Vlan411
ip address 192.168.41.254 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.4.1
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
!
!
line con 0
password 7 1
login
line vty 0 4
password 7 1
login
line vty 5 15
login local
!
end

VLANs--------------------------------
Switch4#show vlan br

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/1/1, Gi1/1/2, Gi1/1/3
Gi1/1/4
4 Servers active
100 Mgt active
200 Data2 active
300 Data3 active
400 Data4 active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22, Gi1/0/23
411 Voice4 active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22, Gi1/0/23
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

Other-----------------------------------------------------
Switch4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.4.1 to network 0.0.0.0

C 192.168.10.0/24 is directly connected, Vlan100
C 192.168.40.0/24 is directly connected, Vlan400
C 192.168.41.0/24 is directly connected, Vlan411
C 192.168.4.0/24 is directly connected, Vlan4
S* 0.0.0.0/0 [1/0] via 192.168.4.1
Switch4#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.40.20 19 008e.2571.073f ARPA Vlan400
Internet 192.168.4.10 80 ce44.407d.2f5a ARPA Vlan4
Internet 192.168.10.4 - d48c.b5e4.edc2 ARPA Vlan100
Internet 192.168.4.4 - d48c.b5e4.edc1 ARPA Vlan4
Internet 192.168.4.1 26 001b.2199.f786 ARPA Vlan4
Internet 192.168.4.2 15 4c4e.359e.4dc3 ARPA Vlan4
Internet 192.168.4.3 15 0817.35ca.a041 ARPA Vlan4
Internet 192.168.40.254 - d48c.b5e4.edc3 ARPA Vlan400
Internet 192.168.41.254 - d48c.b5e4.edc4 ARPA Vlan411
Switch4#

SWITCH3=======================================================
Switch3#show run
Building configuration...

Current configuration : 6264 bytes
!
! Last configuration change at 00:58:00 UTC Tue Mar 2 1993
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Switch3
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 1
enable password 7 1
!
username eforeman secret 5 $1$xJ5p$7lAf8uvnOqYWd3AlEe3OJ1
no aaa new-model
system mtu routing 1500
vtp mode off
ip routing
!
!
!
!
crypto pki trustpoint TP-self-signed-902471680
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-902471680
revocation-check none
rsakeypair TP-self-signed-902471680
!
!
crypto pki certificate chain TP-self-signed-902471680
certificate self-signed 01
3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39303234 37313638 30301E17 0D393330 33303130 30303131
345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3930 32343731
36383030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
CAB9A3D9 2042C0F4 602D7076 64E29C94 F66151DF D5814AD5 E5AA5474 704415FE
2DADD2BD 4E6588D5 B65E1F6F 365EDEA3 E64B8953 2EE496D7 DD053721 3990971A
E5C8A112 E0C1892B C068D95B B1A8A3C9 CEEF76B6 0568F152 4B032DD6 3A19DC96
0C6AB6DC 8063CCCA 1ADEFB67 4C1F9099 A5F49C2A 80DE645E 538EF273 AF289F57
02030100 01A36530 63300F06 03551D13 0101FF04 05300301 01FF3010 0603551D
11040930 07820564 6F756D61 301F0603 551D2304 18301680 14A2C95E 599C2AFB
AEB9D360 E95E6AE4 F8A965CF BB301D06 03551D0E 04160414 A2C95E59 9C2AFBAE
B9D360E9 5E6AE4F8 A965CFBB 300D0609 2A864886 F70D0101 04050003 81810055
C6A0A30C A2E069C8 B4E7ABC8 ABE2A1E8 770E1A02 3B83D424 77DD9725 6A59073F
2098ECA0 14359F62 00A75A2D 041372C5 7329934D 034EC6CF E310053C D65CF2B5
BF101071 F5BE0904 8D9AC464 98054C27 966CB5AF ABDA5ABC 01195E2C B7FC7014
726E1348 C5688DF8 A1CB632D 74008AAE 270F1583 9830F432 109C806A B8FA03
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 4
name Servers
!
vlan 100
name Mgt
!
vlan 200
name Data2
!
vlan 300
name Data3
!
vlan 311
name Voice3
!
vlan 400
name Data4
!
!
!
!
!
!
interface Port-channel1
!
interface FastEthernet0/1
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 300
switchport mode access
switchport voice vlan 311
spanning-tree portfast
!
interface FastEthernet0/24
description Engenius
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
!
interface Vlan4
ip address 192.168.4.3 255.255.255.0
!
interface Vlan100
ip address 192.168.10.3 255.255.255.0
!
interface Vlan300
ip address 192.168.30.254 255.255.255.0
ip helper-address 192.168.4.10
!
interface Vlan311
ip address 192.168.31.254 255.255.255.0
!
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.4.1
!
logging esm config
!
banner motd ^C
Warning! Unauthorized access is prohibited!^C
!
line con 0
password 7 1
login
line vty 0 4
password 7 1
login
line vty 5 15
login local
!
end

VLANs--------------------------------
Switch3#show vlan br

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/1, Gi0/2
4 Servers active
100 Mgt active
200 Data2 active
300 Data3 active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23
311 Voice3 active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23
400 Data4 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Switch3#

Other-----------------------------------------------------
Switch3#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 192.168.4.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.4.1
192.168.4.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.4.0/24 is directly connected, Vlan4
L 192.168.4.3/32 is directly connected, Vlan4
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan100
L 192.168.10.3/32 is directly connected, Vlan100
192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.30.0/24 is directly connected, Vlan300
L 192.168.30.254/32 is directly connected, Vlan300
192.168.31.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.31.0/24 is directly connected, Vlan311

Switch3#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.4.1 25 001b.2199.f786 ARPA Vlan4
Internet 192.168.4.2 228 4c4e.359e.4dc3 ARPA Vlan4
Internet 192.168.4.3 - 0817.35ca.a041 ARPA Vlan4
Internet 192.168.4.4 14 d48c.b5e4.edc1 ARPA Vlan4
Internet 192.168.4.10 79 ce44.407d.2f5a ARPA Vlan4
Internet 192.168.10.3 - 0817.35ca.a042 ARPA Vlan100
Internet 192.168.30.254 - 0817.35ca.a043 ARPA Vlan300
Internet 192.168.31.254 - 0817.35ca.a044 ARPA Vlan311
Switch3#

Jon Marshall · ‎04-07-2022

Both switches have a default route pointing to 192.168.4.1 but they don't know about each others networks ie. 192.168.30.0/24 and 192.168.40.0/24.

So it depends on whether the 192.168.4.1 device can route between them.

If you want traffic to go direct then the easiest solution is to add a static route to each switch ie.

SW3

ip route 192.168.40.0 255.255.255.0 <next hop IP> <-- the next hop IP could be 192.168.4.4 or 192.168.10.4, difficult to say without knowing more about your topology

SW4

ip route 192.168.30.0 255.255.255.0 <next hop IP> <-- either 192.168.4.3 or 192.168.10.3

If your network is going to grow significantly you may want to use a routing protocol rather than just adding static routes.

Jon

View solution in original post

Jon Marshall · ‎04-07-2022

Both switches have a default route pointing to 192.168.4.1 but they don't know about each others networks ie. 192.168.30.0/24 and 192.168.40.0/24.

So it depends on whether the 192.168.4.1 device can route between them.

If you want traffic to go direct then the easiest solution is to add a static route to each switch ie.

SW3

ip route 192.168.40.0 255.255.255.0 <next hop IP> <-- the next hop IP could be 192.168.4.4 or 192.168.10.4, difficult to say without knowing more about your topology

SW4

ip route 192.168.30.0 255.255.255.0 <next hop IP> <-- either 192.168.4.3 or 192.168.10.3

If your network is going to grow significantly you may want to use a routing protocol rather than just adding static routes.

Jon

eforeman@cityofpella.com · ‎04-07-2022

@Jon MarshallThank you for your response. I am planning on having this network grow quite a bit. I would like to try and use OSPF. Would it be best to remove the trunk status from port 24 ( the port that links the networks together) change it to no switch, give it the ip address of 192.168.10.(4/3) and configure OSPF on it?

Jon Marshall · ‎04-07-2022

Difficult to say without seeing the rest of your network but you do have vlans in common on both switches and if you change the trunk to a routed link that would break communication between the switches for those vlans.

You can run OSPF on the L3 vlan interfaces (SVIs) and keep your trunk link.

Really not sure what is best because no idea what you want to achieve at the moment.

Jon

eforeman@cityofpella.com · ‎04-07-2022

There will eventually be about 10 sites that connect to each other through a circuit provided by our ISP. The port that the circuit is connected to is going to be port 24 at each of the locations. The trunk port was working as long as they were all on the same vlan. Now that I am wanting to reduce the broadcast domains I am having an issue. I have been reading about setting up OSPF on a switch port. If you have something I could read to help me understand setting up OSPF on the layer 3 vlan I would be happy to learn about it.

I am using this document:

https://www.ciscopress.com/articles/article.asp?p=3089357&seqNum=6

I am working on setting up like displayed in section 4.3.7 in the above document.

eforeman@cityofpella.com · ‎04-07-2022

One site will have the domain controllers and DHCP server. All locations will be accessing the internet through one of the sites.

Jon Marshall · ‎04-07-2022

An SVI is just a layer 3 interface so there is pretty much no difference.

Just use the example you linked to.

Jon

eforeman@cityofpella.com · ‎04-07-2022

would it be more convenient to set up neighbors or adjacency instead of setting up each network as it shows?

Jon Marshall · ‎04-07-2022

Not clear on what you are asking.

Could you give an example ?

Jon

eforeman@cityofpella.com · ‎04-07-2022

Is there a way for me to tell ospf to get all routes from a specific neighbor. Or could I tell OSPF to give all routes to all neighbors instead of having to put in each route that I want ospf to advertise on each switch?

In the document I referenced above in example 4-21 it shows typing in each network for OSPF to advertise. I want to simplify that process. I want it to know to share all networks on that switch.

Can that be done?

Jon Marshall · ‎04-07-2022

Under your OSPF configuration you can put -

network 0.0.0.0 255.255.255.255 area <area number>

and that will include all interfaces although a lot of network admins prefer to specify the subnets as it gives more control.

But up to you as long as you understand that will cover all interfaces.

Jon