Jon

Thank you for the reply

As it is now, I have a L3 switch where the vlans are created at each site.

The L3 switch connects to a 29xx router which advertises those subnet across my private cloud so all my other sites have visability.

Are you stating I can create a routeed interface on each L3 switch using any ip address not currently used on my network and then add static on each L3 switch pointing to the other sides Vlans across the new ip?

"ip route (other side vlan(s) via new routed int"

JD

I have a very similar setup, however, I do need the same IP's on both switches (Layer 2).

Here is my setup on each 3750 catalyst

You say the above, but then say there is no overlap with IP subnets and your diagram shows the same. So which is it ?

If both switches are L2 where do you route the vlans on these switches ? You must have a L3 switch in each building that routes the vlans if these are not doing it.

Can you post "sh ip route" from both switches ?

Jon

Sorry, I should've clarified. As it stands now, each site has there own vlan and subnet. However, after I have my 200MB ptp up and working, I want to be able to migrate machines back and forward. For example, I'd like to move server X with ip address of 192.168.40.7 from Atlanta to Houston, and have it come online in Houston with the same IP and still able to access all the services in Atlanta.

It was my thought that when we create the trunk between the two switches, It would be no different than if the Houston switch was here in Atlanta. Especially since my trunk is set to allow all vlans. The switches are catalyst 3750, which are Layer 3 switches. They run our ACL's for each site. We don't want to have to create a static route for each vlan, which is why we re-vlaned Houston last week.

Do I need to setup the IPsec VPN tunnel again between the routers for this to work? We had the tunnel in the past, but I took it down thinking we would no longer need it, now that we have the PTP fiber from 3750 to 3750. The tunnel was from ASA (router) to ASA. (hope this makes sense).

Atlanta

garfield#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.1.254 to network 0.0.0.0

C    192.168.40.0/24 is directly connected, Vlan192

     172.16.0.0/24 is subnetted, 1 subnets

C       172.16.1.0 is directly connected, Vlan172

     10.0.0.0/24 is subnetted, 3 subnets

C       10.11.1.0 is directly connected, Vlan10

C       10.3.3.0 is directly connected, Vlan310

S       10.7.2.0 [1/0] via 10.11.1.57

S*   0.0.0.0/0 [1/0] via 172.16.1.254

garfield#

Houston

calvin#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.2.254 to network 0.0.0.0

     172.16.0.0/24 is subnetted, 1 subnets

C       172.16.2.0 is directly connected, Vlan722

C    192.168.41.0/24 is directly connected, Vlan41

     10.0.0.0/24 is subnetted, 1 subnets

C       10.11.2.0 is directly connected, Vlan112

S*   0.0.0.0/0 [1/0] via 172.16.2.254

C    192.168.130.0/23 is directly connected, Vlan5

calvin#

JD

Okay, so you have renumbered the vlans so there is no need for routing between vlans.. Each vlan should exist on both switches and the trunk should allow them all which it does so there is no need to route.

So what exactly isn't working ie. from what device are you trying to connect (device and IP address) and what device are you trying to connect to (device and IP address) ?

Can you also post from each switch -

1) sh vlan brief

2) sh vtp status

3) sh vtp mode

Note also that 2) and 3) are important because when you joined the 2 switches together if they had been in the same domain one could have overwritten the others database so we need to be careful here.

Jon

Many thanks, Jon. You are correct, I had not mentioned my intent to move servers around, originally.

What is not working, is that I cannot ping Houston from Atlanta and viceversa. For example, If I am logged into the ATL switch, I try to ping the HOU switch, but get no reply. In this example, Let's say that ATL switch is 10.11.1.2.. If I try to ping 10.11.2.2 (HOU) nothing. 10.11.1.x traffic should be tagged as vlan 10 in ATL, and 10.11.2.x should be NOW tagged as vlan 112 in HOU.

ATL

garfield#sh vlan brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi1/0/49, Gi1/0/50, Gi1/0/51

                                                Gi1/0/52, Gi2/0/49, Gi2/0/50

                                                Gi2/0/52

5    VLAN0005                         active

10   VLAN0010                         active    Gi1/0/20, Gi1/0/29, Gi1/0/30

                                                Gi1/0/31, Gi1/0/32, Gi1/0/33

                                                Gi1/0/34, Gi1/0/35, Gi1/0/36

                                                Gi1/0/37, Gi1/0/38, Gi1/0/39

                                                Gi1/0/40, Gi1/0/41, Gi1/0/42

                                                Gi1/0/43, Gi1/0/44, Gi1/0/45

                                                Gi1/0/46, Gi1/0/47, Gi1/0/48

                                                Gi2/0/20, Gi2/0/29, Gi2/0/30

                                                Gi2/0/31, Gi2/0/32, Gi2/0/33

                                                Gi2/0/34, Gi2/0/35, Gi2/0/36

                                                Gi2/0/37, Gi2/0/38, Gi2/0/39

                                                Gi2/0/40, Gi2/0/41, Gi2/0/42

                                                Gi2/0/43, Gi2/0/44, Gi2/0/45

                                                Gi2/0/46, Gi2/0/47, Gi2/0/48

41   VLAN0041                         active

70   VLAN0070                         active

72   VLAN0072                         active    Gi1/0/1, Gi1/0/2, Gi2/0/1

                                                Gi2/0/2

110  VLAN0110                         active

112  VLAN0112                         active    Gi2/0/27

172  VLAN0172                         active    Gi1/0/5, Gi1/0/6, Gi1/0/7

                                                Gi1/0/8, Gi2/0/5, Gi2/0/6

                                                Gi2/0/7, Gi2/0/8

192  VLAN0192                         active    Gi1/0/3, Gi1/0/4, Gi1/0/9

                                                Gi1/0/10, Gi1/0/11, Gi1/0/12

                                                Gi1/0/13, Gi1/0/14, Gi1/0/15

                                                Gi1/0/16, Gi1/0/17, Gi1/0/18

                                                Gi1/0/19, Gi1/0/21, Gi1/0/22

                                                Gi1/0/23, Gi1/0/24, Gi1/0/25

                                                Gi1/0/26, Gi1/0/27, Gi2/0/3

                                                Gi2/0/4, Gi2/0/9, Gi2/0/10

                                                Gi2/0/11, Gi2/0/12, Gi2/0/13

                                                Gi2/0/14, Gi2/0/15, Gi2/0/16

                                                Gi2/0/17, Gi2/0/18, Gi2/0/19

                                                Gi2/0/21, Gi2/0/22, Gi2/0/23

                                                Gi2/0/24, Gi2/0/25, Gi2/0/26

                                                Gi2/0/28

222  VLAN0222                         active

310  VLAN0310                         active

722  VLAN0722                         active

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

999  VLAN0999                         active

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default                    act/unsup

garfield#

garfield#sh vtp status

VTP Version                     : running VTP1 (VTP2 capable)

Configuration Revision          : 16

Maximum VLANs supported locally : 1005

Number of existing VLANs        : 18

VTP Operating Mode              : Server

VTP Domain Name                 : SU4

VTP Pruning Mode                : Disabled

VTP V2 Mode                     : Disabled

VTP Traps Generation            : Disabled

MD5 digest                      : 0xD3 0x52 0x2B 0xBC 0x96 0x08 0xB9 0x31

Configuration last modified by 0.0.0.0 at 9-2-95 06:58:04

Local updater ID is 10.11.1.2 on interface Vl10 (lowest numbered VLAN interface

found)

garfield#

garfield#sh vtp ?

  counters  VTP statistics

  password  VTP password

  status    VTP domain status

garfield#sh vtp counters

VTP statistics:

Summary advertisements received    : 709

Subset advertisements received     : 3

Request advertisements received    : 0

Summary advertisements transmitted : 2076

Subset advertisements transmitted  : 16

Request advertisements transmitted : 0

Number of config revision errors   : 0

Number of config digest errors     : 0

Number of V1 summary errors        : 0

VTP pruning statistics:

Trunk            Join Transmitted Join Received    Summary advts received from

                                                   non-pruning-capable device

---------------- ---------------- ---------------- ---------------------------

Gi1/0/28            1                1                0

Gi2/0/51            0                0                0

HOU

calvin#sh vlan brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi1/0/49, Gi1/0/50, Gi1/0/51

                                                Gi1/0/52, Gi2/0/49, Gi2/0/50

                                                Gi2/0/52

5    VLAN0005                         active    Gi1/0/33, Gi1/0/34, Gi1/0/35

                                                Gi1/0/36, Gi1/0/37, Gi1/0/38

                                                Gi1/0/42, Gi1/0/43, Gi1/0/44

                                                Gi1/0/45, Gi1/0/46, Gi1/0/47

                                                Gi1/0/48, Gi2/0/33, Gi2/0/34

                                                Gi2/0/35, Gi2/0/36, Gi2/0/37

                                                Gi2/0/38, Gi2/0/42, Gi2/0/43

                                                Gi2/0/44, Gi2/0/45, Gi2/0/46

                                                Gi2/0/47, Gi2/0/48, Po11, Po12

                                                Po13

10   VLAN0010                         active

41   VLAN0041                         active    Gi1/0/11, Gi1/0/12, Gi1/0/13

                                                Gi1/0/14, Gi1/0/15, Gi1/0/16

                                                Gi1/0/20, Gi2/0/11, Gi2/0/12

                                                Gi2/0/13, Gi2/0/14, Gi2/0/15

                                                Gi2/0/16, Gi2/0/20

70   VLAN0070                         active    Gi1/0/1, Gi1/0/2, Gi1/0/3

                                                Gi1/0/4, Gi2/0/1, Gi2/0/2

                                                Gi2/0/3, Gi2/0/4

72   VLAN0072                         active

110  VLAN0110                         active

112  VLAN0112                         active    Gi1/0/21, Gi1/0/22, Gi1/0/23

                                                Gi1/0/24, Gi1/0/25, Gi1/0/26

                                                Gi1/0/27, Gi1/0/28, Gi1/0/29

                                                Gi1/0/30, Gi1/0/31, Gi1/0/32

                                                Gi2/0/21, Gi2/0/22, Gi2/0/23

                                                Gi2/0/24, Gi2/0/25, Gi2/0/26

                                                Gi2/0/27, Gi2/0/28, Gi2/0/29

                                                Gi2/0/30, Gi2/0/31, Gi2/0/32

172  VLAN0172                         active

192  VLAN0192                         active

222  VLAN0222                         active

310  VLAN0310                         active

722  VLAN0722                         active    Gi1/0/5, Gi1/0/6, Gi1/0/7

                                                Gi1/0/8, Gi1/0/9, Gi1/0/10

                                                Gi2/0/5, Gi2/0/6, Gi2/0/7

                                                Gi2/0/8, Gi2/0/9, Gi2/0/10

999  VLAN0999                         active

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default                    act/unsup

calvin#

calvin#sh vtp status

VTP Version capable             : 1 to 3

VTP version running             : 1

VTP Domain Name                 :

VTP Pruning Mode                : Disabled

VTP Traps Generation            : Enabled

Device ID                       : 0015.c6fb.2000

Configuration last modified by 192.168.130.2 at 0-0-00 00:00:00

Feature VLAN:

--------------

VTP Operating Mode                : Transparent

Maximum VLANs supported locally   : 1005

Number of existing VLANs          : 18

Configuration Revision            : 0

MD5 digest                        : 0x80 0x93 0xE1 0x4B 0xCE 0xB2 0xB5 0xD5

                                    0xC6 0x9B 0x12 0xD7 0x03 0xBE 0xFF 0xBD

calvin#

calvin#sh vtp int gi 2/0/51

Interface               VTP Status

------------------------------------

GigabitEthernet2/0/51    enabled

calvin#sh vtp counters

VTP statistics:

Summary advertisements received    : 0

Subset advertisements received     : 0

Request advertisements received    : 0

Summary advertisements transmitted : 0

Subset advertisements transmitted  : 0

Request advertisements transmitted : 0

Number of config revision errors   : 0

Number of config digest errors     : 0

Number of V1 summary errors        : 0

VTP pruning statistics:

Trunk            Join Transmitted Join Received    Summary advts received from

                                                   non-pruning-capable device

---------------- ---------------- ---------------- ---------------------------

Gi2/0/51            0                0                0

Po1                 0                0                0

Po2                 0                0                0

Po3                 0                0                0

calvin#

Thanks.

JD

The issue is your routing tables. You are pinging from one IP subnet to another and so you need a route for it but the Atlanta switch has no route to 10.11.2.0/24 so it will actually send the packet to it's default gateway.

When i said there was no need to route i meant for the same vlan ie. if you moved a server from Houston to Atlanta it would go into the same vlan ie. same IP subnet, and it would be able to talk to the other servers in that vlan/IP subnet in either building.

But for the vlans with different IP subnets you have to route, you can't L2 switch because they are not in the same vlan/IP subnet.

So you need routes on each switch for the other buildings vlans/IP subnets.. You don't have to use static routes you could use a dynamic routing protocol instead. You would need a common L3 vlan interface on both switches for the peering.

Jon

That sounds it could be exactly what the problem is. Could I ask you for an example on how I would create one of these routes and\or how I would setup a routing proticol? Do I do this on both switches?

Thank you!

JD

Can you have a read of the last post i sent and see which way you want to go.

A lot depends on how many servers you are going to be moving. If there are a lot then that means you need pretty much all the vlans in both sites in which case the routed option is less attractive.

If on the other hand you only need perhaps one or two vlans to be in both buildings then routing between buildings is probably a better option.

Jon

There could be a lot. Potentially, all of my Atlanta servers could at one point move to HOU, since HOU is my Business continuity site. We intend to use to vmware SRM (not sure if you are familiar with it)... SRM creates mirrors of the servers from Atlanta in Houston. it sends replications updates to these mirrors every so often (15m to 24h, depending on config). In the event of a disaster in Atlanta and Houston's SRM cannot longer see Atlanta one or more of the Atlanta server hosts, we will be able to activate the mirrors in HOU, and keep going. The clinch is that while web servers may be down in Atlanta, applications servers may still be online tehre, so we will need to be able to pass traffic between them, as if they were all still in the same datacenter \ rack. 

I can redo any config on the HOU switch, but ATL is my production environment. I guess my misunderstanding was that the PTP line (trunk), would operate the same as the IPSec VPN tunnel we had, only with more bandwidth. I was told it would be a very simple setup... something along the lines of "just create a dot1q trunk on each interface, and you are ready to go." It has obviously proven anything but.

Would the L3 interface you're talking about be the same where the fiber handoff from my ISP is plugged into? The SP was very clear when they said they would only support a dot1q trunk, nonegotiate. Anything oter than that would leave us out of SLA coverage. 

Am being naive in my understanding that a trunk with native vlan1 and allowed vlans "all" between two interfaces directly connected by my ISP's fiber should be act as if I sinply uplinked a new switch? Perhaps I'm being oversimplistic.

I hope this answeres your questions. I really appreciate your help.

JD

If the IP subnets were the same in both sites then you would have no issues. It's not so much the vlans as the IP subnets. You have to route between IP subnets and that is what your IPSEC tunnels were in effect doing. A trunk link does not route, it L2 switches so a trunk was never going to replace your IPSEC setup in the same way.

When you setup a trunk with same vlans on both sides but different IP subnets then you are joining together 2 IP subnets and to do this you could use secondary addressing on the L3 vlan interface but that is not usually the way to do it with L3 switches.

If you are looking at having all the vlans/IP subnets available in both sites then the routed option makes no sense. With the routed option your trunk would allow the routing vlan (a new vlan) and only those vlans needed in both sites ie. the ones where you have servers in the same IP subnet in both buildings. If there were just a few then that would be okay.

But if you think you may want the flexibility of having all vlans/IP subnets available in both buildings so any server in an vlan/IP subnet can be in either building then a L2 trunk allowing all vlans together with HSRP on the switches is probably best.

I can help you out with either config but obviously the config is quite different depending on what you choose. Note also that if you choose to go with HSRP then you will need at least 2 spare IP addresses in each subnet.

Jon

Thanks, Jon.

Seems that an L2 trunk allowing all vlans together with HSRP is what I need. I can find an extra two IP on each vlan. If I can't, we have bigger issues

So, how do I go about that?