02-04-2021 08:58 AM
Hi,
We have a pair of 6800 switches in our core (VSS) and lots of edge switches hanging off them. We have a management vlan on each edge switch which works fine on two other sites (6509E in the core), but the site with 6800s doesn't always work.
Some edge switches, the SVI will be UP/UP but you can't ping out from the console, or SSH into it (data and voice vlans work fine though). However, if you add another SVI it will then work.
Edge switches are typically 3750's but it happened today on a stack of 9200Ls as well. Edge switches are linked on etherchannels to the core.
The management vlan is trunked out on all uplinks, and CDP neighbours works fine.
Has anyone seen this behaviour before?
Thanks
02-04-2021 09:08 AM - edited 02-04-2021 09:09 AM
Hi,
So, the management is in-band, by using a separate vlan across all switches trunked to the 6800 core? Can you provide a sample config from an edge switch, the trunk, and also the SVI on the core switches?
HTH
02-04-2021 09:16 AM
make small diagram and post the config will have addition for us to help.
02-04-2021 11:48 AM
I've attached some sanitised config from the edge and core.
In the edge switch there is the second SVI (VL40) I added, but normally we do not need that. We have a handful of switch stacks with this problem, other stacks on the same site work fine. The core switch had lots of vlans with SVI's, and these are the default gateways for the edge switches.
e.g. Core: vlan 40 = 10.172.40.1
edge: default GW = 10.172.40.1
6800 ver is: s6t64-ipservicesk9-mz.SPA.155-1.SY1
02-04-2021 12:01 PM
The config for the management vlan/subnet looks fine. Question, why do you have helper addresses on the management vlan?
ip helper-address 10.172.x.x
ip helper-address 10.172.x.x
HTH
02-04-2021 12:39 PM
The helper is to our DHCP servers, and/or to our PXE boot server.
To add a bit more info. If I shut down vlan 40 on the edge switch, then I lose the connection.
02-04-2021 01:23 PM - edited 02-04-2021 01:30 PM
When you say "If I shut down vlan 40 on the edge switch, then I lose the connection" Can you explain what you mean?
Obviously, if you are connected to an edge switch using the management IP and if you delete VLAN 40, then you would lose your connection as that is the only vlan/ip configured on that edge switch.
Vlan 40 should only be used for management and not data or voice traffic. Vlan 40 SVI should not need any helper-address as it is not a voice or data vlan.
HTH
02-04-2021 01:59 PM
02-04-2021 06:58 PM
The issue is that you have vlan 2 (subnet 10.172.51.192/26) configured on the access switch as the management vlan but the gateway from that same switch is pointing for vlan 40 gateway which is 10.172.40.1
So, in order to fix this issue, you need to change the gateway on the edge switches to the ip address of the management subnet which is 10.172.51.193.
Once you make this change on the edge switches, the problem should be fixed. After that, just deleted vlan 40 IP address and SVI from all the
access switches.
no ip default-gateway 10.172.40.1
ip default-gateway 10.172.51.193
You would need to make this change from a console port.
HTH
02-05-2021 12:18 AM
Thanks, I'll make this change tomorrow, but on our other two sites (with 6509e) we have the same set up, and it works fine. Maybe it's working by luck!
02-04-2021 12:39 PM - edited 02-04-2021 12:40 PM
Hello
Check your control plane policing, and remove the specified acls from your vty lines as they don't exist.
show policy-map control-plane
show control-plane host open-ports
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide