Solved: Taking the wrong route out.

Michael Durham · ‎01-15-2013

I have two 3550 layer 3 switches setup and the other day the were rworking just fine. Somewhere I changed somehting (don't remember what) and now one switch goes out the correct ISP provider and the ohter one does not.

I am using IP SLA to choose which provider to use shoudl one go down. When ISP 1 us up both switchses should only use that route (192.168.10.2) to get to the Internet. The switch named Office_Switch does go out 192.168.10.2 as it should. However, the switch named Server_Switch wants to still use the backip ISP even though the IP SLA STAT says both routes are okay.

Server_Switch#sh ip sla stat

Round Trip Time (RTT) for Index 1

Latest RTT: 1 ms

Latest operation start time: 16:54:05.225 Eastern Tue Jan 15 2013

Latest operation return code: OK

Number of successes: 846

Number of failures: 0

Operation time to live: Forever

Round Trip Time (RTT) for Index 2

Latest RTT: 3 ms

Latest operation start time: 16:54:05.225 Eastern Tue Jan 15 2013

Latest operation return code: OK

Number of successes: 846

Number of failures: 0

Operation time to live: Forever

Server_Switch#traceroute 4.2.2.2

Type escape sequence to abort.

Tracing the route to 4.2.2.2

1 192.168.69.1 8 msec

10.0.1.1 0 msec

192.168.69.1 4 msec

2 10.0.0.1 4 msec * 4 msec

3 *

192.168.0.1 4 msec *

Server_Switch#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.10.1 to network 0.0.0.0

192.168.42.0/32 is subnetted, 1 subnets

S 192.168.42.129 [1/0] via 192.168.10.1

192.168.43.0/32 is subnetted, 1 subnets

S 192.168.43.1 [1/0] via 10.0.1.1

192.168.10.0/29 is subnetted, 1 subnets

D 192.168.10.0 [90/3072] via 192.168.69.1, 02:15:04, Vlan69

192.168.125.0/29 is subnetted, 1 subnets

C 192.168.125.0 is directly connected, Vlan125

172.16.0.0/30 is subnetted, 1 subnets

C 172.16.2.0 is directly connected, FastEthernet0/19

C 192.168.200.0/24 is directly connected, Vlan200

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

S 10.0.0.0/24 [1/0] via 10.0.1.1

C 10.0.1.0/24 is directly connected, Vlan900

C 10.93.5.0/30 is directly connected, FastEthernet0/7

C 10.115.0.0/24 is directly connected, Vlan115

192.168.0.0/32 is subnetted, 1 subnets

S 192.168.0.1 [1/0] via 10.0.1.1

192.168.50.0/29 is subnetted, 1 subnets

C 192.168.50.0 is directly connected, Vlan50

C 192.168.69.0/24 is directly connected, Vlan69

192.168.70.0/30 is subnetted, 1 subnets

D 192.168.70.0 [90/28416] via 192.168.69.1, 02:15:04, Vlan69

192.168.100.0/24 is variably subnetted, 5 subnets, 2 masks

C 192.168.100.0/24 is directly connected, Vlan100

D 192.168.100.106/32 [90/156416] via 192.168.69.1, 02:15:04, Vlan69

S 192.168.100.107/32 [1/0] via 10.93.5.2

D 192.168.100.102/32 [90/130816] via 192.168.69.1, 02:15:04, Vlan69

D 192.168.100.103/32

[90/156160] via 172.16.2.2, 02:15:35, FastEthernet0/19

S* 0.0.0.0/0 [1/0] via 192.168.10.1

[1/0] via 10.0.1.1

sh run

Current configuration : 10033 bytes

!

! Last configuration change at 16:45:59 Eastern Tue Jan 15 2013 by mdurham

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Server_Switch

!

enable secret 5

!

username mdurham privilege 15 password 7

aaa new-model

!

aaa session-id common

clock timezone Eastern -5

clock summer-time est recurring

!

track 10 rtr 1 reachability

delay down 1 up 1

!

track 20 rtr 2 reachability

delay down 1 up 1

ip subnet-zero

ip routing

no ip domain-lookup

ip domain-name mtd.home

!

ip sla responder

ip sla responder udp-echo ipaddress 192.168.42.129 port 5000

ip sla responder udp-echo ipaddress 192.168.0.1 port 5000

ip sla 1

icmp-echo 192.168.42.129 source-ip 192.168.69.2

timeout 500

frequency 1

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo 192.168.0.1 source-ip 192.168.69.2

timeout 500

frequency 1

ip sla schedule 2 life forever start-time now

!

shutdown vlan 99

!

password encryption aes

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

description BLUE - Switch - Office_Switch 192.168.100.102 port fa0/21

switchport trunk encapsulation dot1q

switchport trunk native vlan 100

switchport trunk allowed vlan 1,69,100,115,125,200,900

switchport mode trunk

spanning-tree portfast

!

interface FastEthernet0/2

description GRAY - Access Point - South_AP 192.168.100.105 port Ethernet 0

switchport trunk encapsulation dot1q

switchport trunk native vlan 100

switchport trunk allowed vlan 1,69,100,200,1002-1005

switchport mode trunk

shutdown

spanning-tree portfast

!

interface FastEthernet0/3

description YELLOW - Not used

switchport access vlan 999

switchport mode access

switchport nonegotiate

switchport port-security violation protect

switchport port-security mac-address sticky

shutdown

spanning-tree portfast

!

interface FastEthernet0/4

description ORANGE - Direct TV 192.168.125.2

switchport access vlan 125

switchport mode access

switchport nonegotiate

switchport port-security violation protect

switchport port-security mac-address sticky

spanning-tree portfast

!

interface FastEthernet0/5

description RED - PC or VoIP phone in living room

switchport access vlan 999

switchport mode access

switchport nonegotiate

switchport voice vlan 115

switchport port-security violation protect

switchport port-security mac-address sticky

spanning-tree portfast

!

interface FastEthernet0/6

switchport access vlan 900

switchport mode access

switchport nonegotiate

switchport port-security violation protect

switchport port-security mac-address sticky

spanning-tree portfast

!

interface FastEthernet0/7

no switchport

ip address 10.93.5.1 255.255.255.252

spanning-tree portfast

!

interface FastEthernet0/8-18

switchport access vlan 999

switchport mode access

switchport nonegotiate

switchport port-security violation protect

switchport port-security mac-address sticky

shutdown

spanning-tree portfast

!

interface FastEthernet0/19

description Router - DHCP_Server 172.16.2.2

no switchport

ip address 172.16.2.1 255.255.255.252

spanning-tree portfast

!

interface FastEthernet0/20

description Router - Call Manager Express router 10.110.0.1

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

spanning-tree portfast

!

interface FastEthernet0/21

description Server - G4 port 1 - Cisco Unified Communications Server 10.115.0.2 connection & DLNA Media Server 192.168.125.4

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 100,125

switchport mode trunk

switchport nonegotiate

spanning-tree portfast

!

interface FastEthernet0/22

description Server - G4 port 1 - Cisco Unified Communications Server 10.115.0.2 connection

switchport trunk encapsulation dot1q

switchport trunk native vlan 100

switchport trunk allowed vlan 115

switchport mode trunk

switchport nonegotiate

spanning-tree portfast

!

interface FastEthernet0/23

description Server - G5 port 0 - Management 192.168.100.5 & Media server 192.168.125.5 connection

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 100

switchport mode trunk

switchport nonegotiate

spanning-tree portfast

!

interface FastEthernet0/24

description Server - G5 port 1 - 2008 Ent Server (Main Server) 192.168.50.5 connection

switchport trunk encapsulation dot1q

switchport trunk native vlan 100

switchport trunk allowed vlan 50

switchport mode trunk

switchport nonegotiate

spanning-tree portfast

!

interface Vlan1

description - Not used

no ip address

no ip route-cache cef

no ip route-cache

shutdown

!

interface Vlan50

description - Server Vlan

ip address 192.168.50.1 255.255.255.248

no ip route-cache cef

no ip route-cache

!

interface Vlan69

description - User Vlan

ip address 192.168.69.2 255.255.255.0

ip helper-address 172.16.2.2

no ip route-cache cef

no ip route-cache

!

interface Vlan100

description - Management Vlan

ip address 192.168.100.101 255.255.255.0

no ip route-cache cef

no ip route-cache

ntp broadcast client

!

interface Vlan115

ip address 10.115.0.2 255.255.255.0

ip helper-address 172.16.2.2

!

interface Vlan125

description - Media Vlan

ip address 192.168.125.1 255.255.255.248

no ip route-cache cef

no ip route-cache

!

interface Vlan200

description - Guests Vlan

ip address 192.168.200.1 255.255.255.0

ip access-group 100 in

ip helper-address 172.16.2.2

no ip route-cache cef

no ip route-cache

!

interface Vlan900

ip address 10.0.1.2 255.255.255.0

no ip route-cache cef

no ip route-cache

!

interface Vlan999

description - Unused_Ports Vlan

no ip address

no ip route-cache cef

no ip route-cache

shutdown

!

router eigrp 1577

no auto-summary

network 10.0.1.0 0.0.0.255

network 10.93.5.0 0.0.0.3

network 172.16.2.0 0.0.0.3

network 192.168.43.0

network 192.168.50.0 0.0.0.7

network 192.168.69.0

network 192.168.100.0

network 192.168.125.0 0.0.0.7

network 192.168.200.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.10.1 track 10

ip route 0.0.0.0 0.0.0.0 10.0.1.1 track 20

ip route 10.0.0.0 255.255.255.0 10.0.1.1

ip route 10.115.0.0 255.255.255.0 10.115.0.1

ip route 192.168.0.1 255.255.255.255 10.0.1.1

ip route 192.168.42.129 255.255.255.255 192.168.10.1

ip route 192.168.43.1 255.255.255.255 10.0.1.1

ip route 192.168.100.107 255.255.255.255 10.93.5.2

ip http server

!

access-list 100 permit ip any 192.168.42.0 0.0.0.255

access-list 100 permit ip any host 192.168.69.99

access-list 100 permit ip any 192.168.125.0 0.0.0.7

access-list 100 deny ip any 192.168.0.0 0.0.255.255

access-list 100 permit ip any any

!

control-plane

!

banner login ^CCCC

** W A R N I N G **

Unauthorized access prohibited. All access is

monitored, and trespassers shall be prosecuted

to the fullest extent of the law.

^C

!

line con 0

exec-timeout 0 0

password 7

logging synchronous

line vty 0 4

exec-timeout 0 0

privilege level 15

password 7

logging synchronous

line vty 5 15

exec-timeout 0 0

privilege level 15

password 7

!

ntp clock-period 17180289

ntp server 64.90.182.55

ntp server 96.47.67.105

ntp server 72.14.177.132

end

From what I see, this switch and the hosts connected to is should all use 192.168.10.1 to access the Internet but hey don't. If I shut down port fa0/6 then all traffic to the Internet DOES use 192.168.10.1 as it should. I ha e tried several differnet IP addresses with the 0.0.0.0 0.0.0.0 route but getthe same results.

AGAIN, this did work a few days ago before I screwed somehting up.

cadet alain · ‎01-16-2013

Hi,

So if ISP1(192.168.10.1) is UP you want to use this route and if it is down then you want to use the other ISP ?

Then why don't you just use tracking for the primary route(ISP1) and make the ISP2 as secondary by making this route a floating route ?

I would do something like this:

no ip route 0.0.0.0 0.0.0.0 10.0.1.1 track 20

ip route 0.0.0.0 0.0.0.0 10.0.1.1 20

no ip sla schedule 2 life forever start-time now

no track 20 rtr 2

no ip sla 2

Also you should do no spanning-tree portfast on the trunk links except if they go to a router or server and in this case you should use spanning-tree portfast trunk instead.

Why did you disable CEF on the VLAN interfaces ?

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎01-16-2013

Hi,

So if ISP1(192.168.10.1) is UP you want to use this route and if it is down then you want to use the other ISP ?

Then why don't you just use tracking for the primary route(ISP1) and make the ISP2 as secondary by making this route a floating route ?

I would do something like this:

no ip route 0.0.0.0 0.0.0.0 10.0.1.1 track 20

ip route 0.0.0.0 0.0.0.0 10.0.1.1 20

no ip sla schedule 2 life forever start-time now

no track 20 rtr 2

no ip sla 2

Also you should do no spanning-tree portfast on the trunk links except if they go to a router or server and in this case you should use spanning-tree portfast trunk instead.

Why did you disable CEF on the VLAN interfaces ?

Regards.

Alain

Don't forget to rate helpful posts.

Michael Durham · ‎01-16-2013

That is exactly what I did and it works great. The only question is, if I add a third access point to the Internet (and thah just might happen); what would I do then?