02-21-2013 09:00 AM - edited 03-07-2019 11:51 AM
Hey guy! I need some help for my network LAN.
I have configurated some switch ( catalyst 3560 )access with the Fastethernet in access for Vlan 360. This Device is trunked with a Core ( caltalyst 6509) layer, trunked itself with another distribution layer for the server farm ( caltalyst 6513). the VLan is native on the Cat 6513 who is its root spanning tree and it is forwarded trough the entire lan to the access switch. The client gets the IP address but it can't ping its gateway and it is totally out of the network.This Vlan is a Management Vlan and also the server have the same subnet. All the servers are ok and totally reachable by any another vlans. Btw if i put a client directly both on the core or the distribution layer it works perfectly.
Any suggestion ?
Solved! Go to Solution.
02-27-2013 02:03 AM
Hello David,
thanks for your feedback on this case.
It was an OSI layer2 issue, nothing related to the presence or absence of an SVI in vlan360 at cat6509 level of devices.
What have you done to fix? the classic shut/no shut to trigger new negotiations and protocol exchanges on the affected port channel?
Best Regards
Giuseppe
02-21-2013 09:59 AM
This is a confusingly-worded question. You need to provide more information. Are you running PVST, Rapid PVST, MST? Please paste the output of "show run | i spanning-tree" from the 6513.
Matt
02-21-2013 12:01 PM
Hello,
So in summary this 3560 is trunked to the core switch and any clients attached it cannot ping the default-gateway - is this correct?
Can you check if this switch has ip routing enabled and if so disable it , Also add a default-gateway address pointing to the core
conf t
no ip routing
ip default-gateway x.x.x.x.x
Also could you post the running config of this switch.
res
Paul
Please don't forget to rate this post if it has been helpful.
02-21-2013 12:10 PM
it is very confusing! now I do not have the sh run but the catalyst works with the rapid and root for vlan with another 6513 which is the backup
02-21-2013 12:12 PM
no !!! the access switch(3560) work only L2.. 6509 routed the vlan to 6513
02-21-2013 12:23 PM
Hello david,
It is a bit difficult to establish exactly what is occurring with the information provided,
1) Regarding your stp setup
Are you saying the 3560 is the stp root and the core switch 6513 is acting as the secondary stp root?
2) Regarding you switch configuration
Are you saying any clients attached to this 3560 cannot ping their default-gateway?
res
Paul
Please don't forget to rate this post if it has been helpful.
02-21-2013 02:00 PM
ok ! i do a design for more understanding !
the Cat 3560 Ip default gateway x.x.x.x (only MNG) have two uplink (trunk) to core (one blocked)
The CAT6909-1
spanning-tree mode rapid-pvst
spanning-tree vlan 100,900 priority 8192
!
interface Vlan100
ip address 172.21.0.x 255.255.255.0
standby 1 ip 172.21.0.1
standby 1 priority 110
!
interface Vlan900
ip address 10.10.0.x 255.255.255.0
standby 2 ip 10.10.1.1
standby 2 priority 110
ip route to Vlan 360 nex hop 10.10.1.254
The CAT6913-1
spanning-tree mode rapid-pvst
spanning-tree vlan 360 priority 8192
!
interface Vlan360
ip address 172.21.36.x 255.255.255.0
standby 1 ip 172.21.36.1
standby 1 priority 110
!
interface Vlan900
ip address 10.10.0.x 255.255.255.0
standby 1 ip 10.10.1.254
standby 1 priority 110
!
ip route to Vlan 100 nex hop 10.10.1.1
the other CORE ( 6509-6513 ) it's a bck with the spanning tree work fine
This is a brief summary of the architecture, is much more complex
02-21-2013 02:37 PM
Hello David,
On the 3560 -
Sh ip route
show vlan brief
sh spanning-tree blockedports
sh span summary
sh int trunk
res
Paul
Please don't forget to rate this post if it has been helpful.
02-21-2013 03:30 PM
sh ip ro
Default gateway is 172.21.0.1
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
SW#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 VLAN1 active Gi0/2, Gi0/3
2 VLAN2 active Fa0/29
101 VLAN101 active
225 VLAN225 active Fa0/30, Fa0/47
231 VLAN231 active
253 VLAN253 active Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10,Fa0/11, Fa0/12, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24,Fa0/25, Fa0/26, Fa0/27, Fa0/28, Fa0/29, Fa0/30, Fa0/31
Fa0/32, Fa0/33, Fa0/34, Fa0/35, Fa0/37,Fa0/38, Fa0/39, Fa0/40, Fa0/41, Fa0/42, Fa0/45, Fa0/47
Fa0/48
332 VLAN0332 active Fa0/14
333 VLAN0333 active Fa0/6, Fa0/7, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Fa0/25, Fa0/27, Fa0/28, Fa0/31, Fa0/32, Fa0/33, Fa0/34, Fa0/37, Fa0/38
Fa0/39, Fa0/40, Fa0/41, Fa0/42, Fa0/44, Fa0/48
334 VLAN0334 active Fa0/13
348 VLAN0348 active Fa0/8
360 VLAN0360 active Fa0/26, Fa0/35, Fa0/36
368 active Fa0/43
476 VLAN0476 active
492 VLAN0492 active
729 active Fa0/5, Fa0/45, Fa0/46
900 VLAN900 active
901 VLAN901 active
902 TEST_SRST_NOC active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1005 trbrf-default act/unsup
#sh spanning-tree blockedports
Name Blocked Interfaces List
-------------------- ------------------------------------
VLAN0231 Gi0/4
VLAN0253 Gi0/4
VLAN0334 Gi0/4
VLAN0348 Gi0/4
VLAN0368 Gi0/4
VLAN0476 Gi0/4
VLAN0492 Gi0/4
Number of blocked ports (segments) in the system : 7
#sh spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: none
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is enabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 1 1
VLAN0002 0 0 0 4 4
VLAN0101 0 0 0 3 3
VLAN0225 0 0 0 4 4
VLAN0227 0 0 0 1 1
VLAN0231 1 0 0 1 2
VLAN0253 1 0 0 18 19
VLAN0332 0 0 0 4 4
VLAN0333 0 0 0 14 14
VLAN0334 1 0 0 2 3
VLAN0348 1 0 0 2 3
VLAN0360 0 0 0 4 4
VLAN0368 1 0 0 1 2
VLAN0476 1 0 0 2 3
VLAN0492 1 0 0 2 3
VLAN0729 0 0 0 4 4
VLAN0900 0 0 0 1 1
VLAN0901 0 0 0 1 1
VLAN0902 0 0 0 3 3
sh int trunk
Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Gi0/4 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/1 2,101,225,253,332-335,337,345,348,360,368,371,468,476,492,729,902
Gi0/4 1-4094
Port Vlans allowed and active in management domain
Gi0/1 2,101,225,231,252-253,332-335,337,345,348,360,368,371,468,476,492,729,902
Gi0/4 1-2,8-9,11,18,22,26,30,44-45,50,90,101,200,222-223,225,227,231,234,250-263,268-270,301-352,358-360,363-364,368,371-374,389-390,468,476,492,499-500,554-559,729,900-902
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 2,101,225,231,252-253,332-335,337,345,348,360,368,371,476,492,729,902
Gi0/4 1,332
02-21-2013 03:46 PM
Hello David,
You have a default-gateway of 172.21.0.1 which puts this switch in vlan 100
I dont see layer 2 vlan 100 on this switch or allowed on the trunk
try this on the 3560:
conf t
vlan 100
exit
int gig0/1
Switchport trunk allowed vlan add 100
Also can you check the cores for vlan 100:
sh vlan brief
sh int trunk
res
Paul
Please don't forget to rate this post if it has been helpful.
02-21-2013 04:02 PM
the vlan 100 don't work in my network... the DG refer to vlan 101
02-21-2013 04:07 PM
the picture above is a example only your explication it's no real the tag of vlan 100 don't work in my network
02-22-2013 04:06 AM
Hello David,
If i correctly understand, your issue was.
clients(vlan 360) on switch 3560 not able to access or ping default gateway which is on server firm switch and server on firm switch which is on same vlan.
We are use trunk link between switches insted on access link to carry traffic from all vlans over single link with vlan tagging information so each receving switch must identify for which vlan a frame belongs to.Vlan tag information append by first switch the network and remove by last switch in the network where packet send over edge port .In your network you are trying to ping from vlan 360 to gateway which is on firm switch (6513).As frames leaves switch 3560 it append vlan tagg 360and as soon as frame receive on the core switch it drops because vlan 360 is not defind on core switch.
Please configure following way.
The CAT6909-1
spanning-tree mode rapid-pvst
spanning-tree vlan 100,360,900 priority 8192
!
interface Vlan100
ip address 172.21.0.x 255.255.255.0
standby 1 ip 172.21.0.1
standby 1 priority 110
!
interface Vlan900
ip address 10.10.0.x 255.255.255.0
standby 2 ip 10.10.1.1
standby 2 priority 110
interface Vlan 360
ip address 172.21.36.x 255.255.255.0
standby 1 ip 172.21.36.1--------------------------------gateway for vlan 360
standby 1 priority 110
The CAT6913-1
remove all config from The CAT6913-1and configure switch port as access vlan 360 on which server is connected.
Do not forget to create all vlans on this firm switch also but do not configure int mode for them.
02-22-2013 08:55 AM
Ok It' s a possible solution but it isn't applicable because the server lan is native on this 6513. Otherwise i think it can't help propagating this vlan to the switch access.
From my troubleshooting information, I suppose that the problem is regarding the L3/L2 between the 6513s and the 6509s.
02-22-2013 12:37 PM
Hello david,
You say you can ping from the distribution and core, but not from this switch?
can you post the running config of that switch, also
sh standby brief
sh spanning-tree blocked ports
sh spanning-tree vlan 360
sh int trunk
sh vlan brief
res
Paul
Please don't forget to rate this post if it has been helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide