Switch L3 not routing properly

eltote1982 · ‎04-25-2013

Hi all,

I am having some routing issues with a L3 switch.

Firstly, I am following this document in order to complete my configuration, but it is working quite odd...

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

Well, I have attached a diagram to help with my explanation.

I have a Router to connect "out-of-site LAN" networks and 2 L3 switches to manage Users vlans. Everything seems to be working fine, I can ping to the switches from any host in the network (including other sites) with the default route to the router, but I cannot connect through ssh to the switches unless I add the route in bold I copied below, which it is quite strange, since it should be included in the default one. I want to "delegate" all routing process to the router.

NOTE: I hace in place 3 different HSRP groups:

128: This group manages the internal GW IP which it is the router by default. In case the router goes down, one switch will became the internal GW and I will need to change the routes manually to be able to access to other Internal Networks (through vlan 248)

129: This group is the GW to Users vlan. Basically, the router will forward to the switches that traffic.

248: This HSRP is to connect with other internal sites. The router will be the default one, but in case it goes down a switch will became active (same as 128 group)

Here I also copy the "interesting" configuration of the devices (ask me if you need something more)

SWITCH (the other switch is simillar just changing IPs and HSRP priority)

ip routing

interface GigabitEthernet0/9

description ** Router LAN Conection **

switchport trunk encapsulation dot1q

switchport mode trunk

speed 1000

duplex full

no cdp enable

interface GigabitEthernet0/23

description ** Lanlink **

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 248

speed 100

duplex full

no cdp enable

interface Vlan128

description ** VLAN 128: DR LAN MNG **

ip address 10.105.128.8 255.255.255.0

no ip redirects

standby 128 ip 192.168.128.1 --> HSRP switches and router

standby 128 priority 130

standby 129 ip 192.168.128.10 --> HSRP between switches

standby 129 priority 150

interface Vlan248

description ** VLAN INTERNAL LINK **

ip address 192.168.248.52 255.255.255.0

no ip redirects

standby 248 ip 10.105.92.50 --> HSRP switches and router

standby 248 priority 130

ip route 0.0.0.0 0.0.0.0 192.168.128.1

ip route 192.168.12.0 255.255.252.0 192.168.128.1 name IT_USERS

ROUTER

interface GigabitEthernet0/0

no ip address

no ip route-cache

duplex full

speed 1000

!

interface GigabitEthernet0/0.128

description ** VLAN HQM LAN MANAGEMENT **

encapsulation dot1Q 128

ip address 192.168.128.5 255.255.255.0

no ip redirects

ip virtual-reassembly in

no ip route-cache

standby 128 ip 192.168.128.1

standby 128 priority 150

no cdp enable

!

interface GigabitEthernet0/0.248

description ** VLAN INTERNAL LINK **

encapsulation dot1Q 248

ip address 192.168.248.51 255.255.255.0

no ip redirects

ip virtual-reassembly in

no ip route-cache

standby 192 ip 192.168.248.50

standby 192 priority 150

no cdp enable

ip route 0.0.0.0 0.0.0.0 <GW>

ip route 192.168.0.0 255.255.128.0 10.105.92.1

ip route 192.168.160.0 255.255.240.0 192.168.128.10 name USERS

Does anyone have an idea what I am doing wrong? For me it doesn have any sense but obviously I must be wrong

Thanks in advance,

Jose

eltote1982 · ‎04-25-2013

Hi again,

I just configured the syslog to be saved in a server on 192.168.10.0/24 network and it is working perfectly :$ seems like it is not working with TCP traffic only (https server doesn work either)

Regards,

Jose

Rolf Fischer · ‎04-25-2013

Hi Jose,

there seem to be some misconfiguations, for example in VLAN 128, the VIP doesn't match the SVI's IP-Address network.

#show ip interface brief vlan128

Interface IP-Address OK? Method Status Protocol

Vlan128 10.105.128.8 YES manual up up

#show standby vlan 128

Vlan128 - Group 128

State is Init (virtual IP in wrong subnet)

Virtual IP address is 192.168.128.1 (wrong subnet for this interface)

Active virtual MAC address is 0000.0c07.ac80

Local virtual MAC address is 0000.0c07.ac80 (v1 default)

Hello time 3 sec, hold time 10 sec

Preemption disabled

Active router is 192.168.128.5, priority 150 (expires in 7.116 sec)

Standby router is unknown

Priority 130 (configured 130)

Group name is "hsrp-Vl128-128" (default)

With that configuration, the Next-Hop-IP of your static routes won't be reachable:

#show ip route 192.168.128.1

% Network not in table

By the way: The standby groups in VLAN 248 (248) and Gi0/0.248 (192) do not match, so both will declare themselves as active.

Hope that helps

Best regards

Rolf

eltote1982 · ‎04-25-2013

Hi Rolf,

First of all, thanks for your answer and sorry for the mistake, I copied from my text config file, but it is ok in the running configuration:

SWSB-HQM-LAN01#sh ip interface brief vlan128

Interface IP-Address OK? Method Status Protocol

Vlan128 192.168.128.8 YES NVRAM up up

SWSB-HQM-LAN01#sh standby vlan128

Vlan128 - Group 128

State is Standby

1 state change, last state change 05:58:03

Virtual IP address is 192.168.128.1

Active virtual MAC address is 0000.0c07.ac80

Local virtual MAC address is 0000.0c07.ac80 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 1.008 secs

Authentication MD5, key-string

Preemption enabled

Active router is 192.168.128.5, priority 150 (expires in 11.328 sec)

Standby router is local

Priority 130 (configured 130)

Group name is "hsrp-Vl128-128" (default)

Vlan128 - Group 129

State is Active

2 state changes, last state change 05:58:03

Virtual IP address is 192.168.128.10

Active virtual MAC address is 0000.0c07.ac81

Local virtual MAC address is 0000.0c07.ac81 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.992 secs

Authentication MD5, key-string

Preemption enabled

Active router is local

Standby router is unknown --> (the other switch is not installed yet)

Priority 150 (configured 150)

Group name is "hsrp-Vl128-129" (default)

SWSB-HQM-LAN01#sh standby vlan248

Vlan248 - Group 192

State is Standby

1 state change, last state change 05:58:55

Virtual IP address is 192.168.248.50

Active virtual MAC address is 0000.0c07.acc0

Local virtual MAC address is 0000.0c07.acc0 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 2.464 secs

Authentication MD5, key-string

Preemption enabled

Active router is 192.168.248.51, priority 150 (expires in 9.952 sec)

Standby router is local

Priority 130 (configured 130)

Group name is "hsrp-Vl248-192" (default)

NOTE: I use authentication MD5 for HSRP, but I didn copy that part of the configuration.

SWSB-HQM-LAN01#sh ip route 192.168.128.1

Routing entry for 192.168.128.0/24

Known via "connected", distance 0, metric 0 (connected, via interface)

Routing Descriptor Blocks:

* directly connected, via Vlan128

Route metric is 0, traffic share count is 1

Thanks,

Jose

eltote1982 · ‎04-26-2013

Hi,

Sorry, I have found the problem, the problem was not on the switch nor on the router, it was a routing problem on the rest of the network devices on the internal network...

Thanks for your help and sorry again...

Jose