cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
555
Views
0
Helpful
10
Replies
Will Pettit
Beginner

Strange vlan ip address issue

Hi, 

 

We have a pair of 6800 switches in our core (VSS) and lots of edge switches hanging off them. We have a management vlan on each edge switch which works fine on two other sites (6509E in the core), but the site with 6800s doesn't always work.

Some edge switches, the SVI will be UP/UP but you can't ping out from the console, or SSH into it (data and voice vlans work fine though). However, if you add another SVI it will then work.

 

Edge switches are typically 3750's but it happened today on a stack of 9200Ls as well. Edge switches are linked on etherchannels to the core.

 

The management vlan is trunked out on all uplinks, and CDP neighbours works fine.

 

Has anyone seen this behaviour before? 

 

Thanks

 

 

10 REPLIES 10
Reza Sharifi
Hall of Fame Expert

Hi,

So, the management is in-band, by using a separate vlan across all switches trunked to the 6800 core? Can you provide a sample config from an edge switch, the trunk, and also the SVI on the core switches? 

HTH

balaji.bandi
VIP Guru

make small diagram and post the config will have addition for us to help.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Will Pettit
Beginner

I've attached some sanitised config from the edge and core.

In the edge switch there is the second SVI (VL40) I added, but normally we do not need that. We have a handful of switch stacks with this problem, other stacks on the same site work fine. The core switch had lots of vlans with SVI's, and these are the default gateways for the edge switches. 

e.g. Core: vlan 40 = 10.172.40.1

edge: default GW = 10.172.40.1

 

6800 ver is: s6t64-ipservicesk9-mz.SPA.155-1.SY1

The config for the management vlan/subnet looks fine. Question, why do you have helper addresses on the management vlan?

ip helper-address 10.172.x.x
 ip helper-address 10.172.x.x

 HTH

The helper is to our DHCP servers, and/or to our PXE boot server.

To add a bit more info. If I shut down vlan 40 on the edge switch, then I lose the connection. 

When you say "If I shut down vlan 40 on the edge switch, then I lose the connection" Can you explain what you mean? 

Obviously, if you are connected to an edge switch using the management IP and if you delete VLAN 40, then you would lose your connection as that is the only vlan/ip configured on that edge switch.

Vlan 40 should only be used for management and not data or voice traffic. Vlan 40 SVI should not need any helper-address as it is not a voice or data vlan. 

HTH

Vlan 2 is the management vlan, and this is up but does not work, unless another vlan (40 in this case) is also up

The issue is that you have vlan 2 (subnet 10.172.51.192/26)  configured on the access switch as the management vlan but the gateway from that same switch is pointing for vlan 40 gateway which is 10.172.40.1

So, in order to fix this issue, you need to change the gateway on the edge switches to the ip address of the management subnet which is 10.172.51.193.

Once you make this change on the edge switches, the problem should be fixed. After that, just deleted vlan 40 IP address and SVI from all the 

access switches.


no ip default-gateway 10.172.40.1


ip default-gateway 10.172.51.193

 

You would need to make this change from a console port.

HTH

Thanks, I'll make this change tomorrow, but on our other two sites (with 6509e) we have the same set up, and it works fine. Maybe it's working by luck!



 

Hello
Check your control plane policing, and remove the specified acls from your vty lines as they don't exist.

show policy-map control-plane 
show control-plane host open-ports

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul