cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1502
Views
15
Helpful
7
Replies

Ping fails across VLANs

1dilsarahm
Level 1
Level 1

Hi,

 

Please forgive any ignorance here as I am somewhat new to this.

 

I'm trying to build a network using collapsed-core architecture for a college project.

 

I've connected two 3650 switches as core devices with two access switches. 

 

Then I configured core switches as VTP servers and access switches as VTP clients. Then I created two VLANS and assigned ports from f0/1-22 to vlan 10 on one access switch and vlan 20 on other access switch.

 

Created trunk links between core switches and access switches as well as between two core switches.

 

Enabled ip routing, created SVIs for VLAN 10 and 20 on both core switches.

 

At first, ping was successful between two VLANS. But ping fails when the connection between two core switches is down.

 

I've made all connections redundant and one core switch as spanning-tree primary and other one as secondary.

 

What would be the best way to accomplish redundancy between switches when one core switch goes down?

2 Accepted Solutions

Accepted Solutions

Hi,

I will suggest you to make few changes:

 

1) Change the spanning-tree mode to rapid-pvst on all switches:

     spanning-tree mode rapid-pvst

 

2) Use First Hop Redundancy Protocol (eg. HSRP) to add redundancy as you can not use the same IP address on two different devices as you configured it now. Here is an example for VLAN10 and VLAN20:-

 

On CS-1:

int vlan10

 no ip add 192.168.1.1 255.255.255.0

 ip add 192.168.1.2 255.255.255.0

 standby 10 ip 192.168.1.1

 standby 10 priority 105                                 

 standby 10 preempt

 no shut

!

int vlan 20

 no ip add 192.168.2.1 255.255.255.0

 ip add 192.168.2.2 255.255.255.0

 standby 20 ip 192.168.2.1

 standby 20 preempt

 no shut

!

 

On CS-2:

int vlan10

 no ip add 192.168.1.1 255.255.255.0

 ip add 192.168.1.3 255.255.255.0

 standby 10 ip 192.168.1.1

 standby 10 preempt

 no shut

!

int vlan 20

 no ip add 192.168.2.1 255.255.255.0

 ip add 192.168.2.3 255.255.255.0

 standby 20 ip 192.168.2.1

 standby 20 priority 105

 standby 20 preempt

 no shut

!

 

 

HTH,

Meheretab

 

 

 

 

HTH,
Meheretab

View solution in original post

Meheretab has correctly identified one critical problem which is that both core switches were using the same IP addresses on their interfaces. At a minimum one of the core switches needs to change its IP addresses. The suggestion of HSRP is a good one. It solves the duplicate address issue and it takes a step toward providing redundancy. The other critical issue that I see is that each of the trunk interfaces on core 1 is shutdown. With all the trunks shutdown it is no wonder that ping fails.

 

The original poster asks a question about how to provide redundancy to protect against failure events in the network. My first suggestion would be to use more than one link connecting switches (both core to core and core to access) and to put those links into an EtherChannel.

 

HTH

 

Rick

HTH

Rick

View solution in original post

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

Can you post high level network diagram and configuraitonall the switches to review.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi,

 

***Core switch-1

 

CS-1#show run

Building configuration...

 

Current configuration : 2312 bytes

!

version 16.3.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname CS-1

!

!

!

!

!

!

!

no ip cef

ip routing

!

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree vlan 1-4,10,20,30,40 priority 24576

!

!

!

!

!

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet1/0/2

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet1/0/3

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet1/0/4

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet1/0/22

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet1/0/23

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet1/0/24

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet1/1/1

!

interface GigabitEthernet1/1/2

!

interface GigabitEthernet1/1/3

!

interface GigabitEthernet1/1/4

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

mac-address 0006.2a9c.c201

ip address 192.168.1.1 255.255.255.0

!

interface Vlan20

mac-address 0006.2a9c.c202

ip address 192.168.2.1 255.255.255.0

!

interface Vlan30

mac-address 0006.2a9c.c203

ip address 192.168.3.1 255.255.255.0

!

interface Vlan40

mac-address 0006.2a9c.c204

ip address 192.168.4.1 255.255.255.0

!

ip classless

!

ip flow-export version 9

!

!

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

!

end

***Core switch-2

CS-2#show run

Building configuration...

 

Current configuration : 3238 bytes

!

version 16.3.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname CS-2

!

!

!

!

!

!

!

no ip cef

ip routing

!

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree vlan 1-4,10,20,30,40 priority 28672

!

!

!

!

!

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/2

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/3

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/4

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/5

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/6

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/7

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/8

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/9

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/10

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/11

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/12

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/13

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/14

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/15

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/16

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/17

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/18

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/19

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/20

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/21

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet1/0/22

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet1/0/23

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet1/0/24

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/1/1

!

interface GigabitEthernet1/1/2

!

interface GigabitEthernet1/1/3

!

interface GigabitEthernet1/1/4

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

mac-address 0010.1189.8b01

ip address 192.168.1.1 255.255.255.0

!

interface Vlan20

mac-address 0010.1189.8b02

ip address 192.168.2.1 255.255.255.0

!

interface Vlan30

mac-address 0010.1189.8b03

ip address 192.168.3.1 255.255.255.0

!

interface Vlan40

mac-address 0010.1189.8b04

ip address 192.168.4.1 255.255.255.0

!

ip classless

!

ip flow-export version 9

!

!

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

!

end

***Access switch-1

A1#show run

Building configuration...

 

Current configuration : 2188 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname A1

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/21

switchport mode access

!

interface FastEthernet0/22

switchport mode access

!

interface FastEthernet0/23

switchport mode trunk

!

interface FastEthernet0/24

switchport mode trunk

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

!

!

!

line con 0

!

line vty 0 4

login

line vty 5 15

login

!

!

!

!

end

***Access switch-2

A2#show run

Building configuration...

 

Current configuration : 2140 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname A2

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface FastEthernet0/1

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

switchport mode trunk

!

interface FastEthernet0/24

switchport mode trunk

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

!

!

!

line con 0

!

line vty 0 4

login

line vty 5 15

login

!

!

!

!

end

 

I designed and tested this using packet tracer because I only have access to devices during lab hours.

2019-09-13.png

 

I deliberately shutdown the links between A1/CS-1 and CS-1/CS-2 to verify redundancy and it doesn't seem to work.

 

Hi,

I will suggest you to make few changes:

 

1) Change the spanning-tree mode to rapid-pvst on all switches:

     spanning-tree mode rapid-pvst

 

2) Use First Hop Redundancy Protocol (eg. HSRP) to add redundancy as you can not use the same IP address on two different devices as you configured it now. Here is an example for VLAN10 and VLAN20:-

 

On CS-1:

int vlan10

 no ip add 192.168.1.1 255.255.255.0

 ip add 192.168.1.2 255.255.255.0

 standby 10 ip 192.168.1.1

 standby 10 priority 105                                 

 standby 10 preempt

 no shut

!

int vlan 20

 no ip add 192.168.2.1 255.255.255.0

 ip add 192.168.2.2 255.255.255.0

 standby 20 ip 192.168.2.1

 standby 20 preempt

 no shut

!

 

On CS-2:

int vlan10

 no ip add 192.168.1.1 255.255.255.0

 ip add 192.168.1.3 255.255.255.0

 standby 10 ip 192.168.1.1

 standby 10 preempt

 no shut

!

int vlan 20

 no ip add 192.168.2.1 255.255.255.0

 ip add 192.168.2.3 255.255.255.0

 standby 20 ip 192.168.2.1

 standby 20 priority 105

 standby 20 preempt

 no shut

!

 

 

HTH,

Meheretab

 

 

 

 

HTH,
Meheretab

Meheretab has correctly identified one critical problem which is that both core switches were using the same IP addresses on their interfaces. At a minimum one of the core switches needs to change its IP addresses. The suggestion of HSRP is a good one. It solves the duplicate address issue and it takes a step toward providing redundancy. The other critical issue that I see is that each of the trunk interfaces on core 1 is shutdown. With all the trunks shutdown it is no wonder that ping fails.

 

The original poster asks a question about how to provide redundancy to protect against failure events in the network. My first suggestion would be to use more than one link connecting switches (both core to core and core to access) and to put those links into an EtherChannel.

 

HTH

 

Rick

HTH

Rick


@Richard Burts wrote:

Meheretab has correctly identified one critical problem which is that both core switches were using the same IP addresses on their interfaces. At a minimum one of the core switches needs to change its IP addresses. The suggestion of HSRP is a good one. It solves the duplicate address issue and it takes a step toward providing redundancy. The other critical issue that I see is that each of the trunk interfaces on core 1 is shutdown. With all the trunks shutdown it is no wonder that ping fails.

 

The original poster asks a question about how to provide redundancy to protect against failure events in the network. My first suggestion would be to use more than one link connecting switches (both core to core and core to access) and to put those links into an EtherChannel.

 

HTH

 

Rick


Hi Richard,

 

Thanks for your solution  :) I didn't consider creating redundant links between switches previously because I was only paying attention to device failure rather than individual link failure.

Best regards,

M

P.S - Sorry for my bad English

 

M

 

You are welcome. I appreciate that English is not your primary language, but you were able to express clearly what you had done and what issue you were encountering. I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

 

HTH

 

Rick

HTH

Rick

Hi Meheretab,

Thank you so much for the above solution :) Now VLAN10 and 20 are forwarding through CS-2 when CS-1 is down.

Best regards,

M


@Meheretab Mengistu wrote:

Hi,

I will suggest you to make few changes:

 

1) Change the spanning-tree mode to rapid-pvst on all switches:

     spanning-tree mode rapid-pvst

 

2) Use First Hop Redundancy Protocol (eg. HSRP) to add redundancy as you can not use the same IP address on two different devices as you configured it now. Here is an example for VLAN10 and VLAN20:-

 

On CS-1:

int vlan10

 no ip add 192.168.1.1 255.255.255.0

 ip add 192.168.1.2 255.255.255.0

 standby 10 ip 192.168.1.1

 standby 10 priority 105                                 

 standby 10 preempt

 no shut

!

int vlan 20

 no ip add 192.168.2.1 255.255.255.0

 ip add 192.168.2.2 255.255.255.0

 standby 20 ip 192.168.2.1

 standby 20 preempt

 no shut

!

 

On CS-2:

int vlan10

 no ip add 192.168.1.1 255.255.255.0

 ip add 192.168.1.3 255.255.255.0

 standby 10 ip 192.168.1.1

 standby 10 preempt

 no shut

!

int vlan 20

 no ip add 192.168.2.1 255.255.255.0

 ip add 192.168.2.3 255.255.255.0

 standby 20 ip 192.168.2.1

 standby 20 priority 105

 standby 20 preempt

 no shut

!

 

 

HTH,

Meheretab

 

 

 

 


 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco