Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2834
Views
85
Helpful
34
Replies

Vlan Routing Issue

Mokhalil82
Level 4
Level 4

‎02-16-2015 04:10 PM - edited ‎03-07-2019 10:41 PM

Hi Guys

Please see attached simple diagram. I am in the process of replacing a 6500 switch with a 6800.I need to do this migration in stages so I have connected the new switch to the old via a trunk. Next I want to move some links across but not the svi's, so i moved the port-channel for one of the areas over which had data and voice vlans (Green switch), when connected to the new switch the devices could ping the voice and data svi's that currently sit on the old core but cannot get further than that. I cannot ping other vlans either. 

Is routing required between the old and new core? I was planning to have the new core as a L2 extension to the old during the migration but cannot turn off routing on the 6800.

 

Thanks

 

 

Labels:
Preview file
13 KB
0 Helpful
34 Replies 34

Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎02-17-2015 09:01 AM

I'm sure this is the case but can I just clarify.

The default gateway for the client is the SVI IP address on the 6500 ie. there are no local SVIs on the access layer switch for the data and voice vlans ?

If there aren't I cannot see what the issue is.

If you can ping to the 6500 SVI then the 6500 has all the other SVIs as well so I can't see why you cannot ping them.

It sounds like an issue with the VSS setup on the 6800s but at the moment I can't see what it would be.

Can you just confirm about the access layer switch and local SVIs ?

Jon

 

Mokhalil82
Level 4
Level 4
In response to Jon Marshall

‎02-17-2015 09:14 AM

I have attached an updated diagram if that helps.

The only svi on the access switch is the one for the uplink /30 subnet. No nother SVIs exist on there.

Preview file
38 KB
0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎02-17-2015 09:24 AM

Can you confirm that the trunk link from the access switch is allowing the data and voice vlans across it ?

And that it is configured to do this on both ends ie. the access switch and the 6800s ?

I'm assuming it must be or you wouldn't be able to ping your default gateway but just wanted to check.

Jon

Mokhalil82
Level 4
Level 4
In response to Jon Marshall

‎02-17-2015 09:42 AM

Yes its configured to allow both voice and data vlans as it was on the old core with vlan 900 as the native vlan. I haven't moved the uplink svis from the old core to the new, not sure if that will matter.

@Reza, the uplinks are trunks with SVI's either end, and the voice and data SVIs are definitely on the core 6500.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎02-17-2015 09:47 AM

Can you -

1) post a "sh ip route" from the access switch, the 6800s and the 6500

2) confirm the IP subnets for the data and voice vlans on the migrated access switch

Jon

0 Helpful

Mokhalil82
Level 4
Level 4
In response to Jon Marshall

‎02-17-2015 09:57 AM

Im not currently near the devices so can do that tomorrow, but from when I last checked, the access switches has a route for each of the data and voice networks with the next hop of the uplink svi which is on the core. 

The core had connected and some static routes pointing back to the access layer switches.

Can't remember about the 6800 core, il check them tomorrow

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎02-17-2015 10:10 AM

The access switches should not use any routes if the data and voice vlans are allowed on the trunk link.

Same thing for the 6500 ie, it does not need routes back to the data and voice vlans on the migrated switch.

Are you absolutely sure that the data and voice vlans on the migrated switch are allowed on the trunk links all the way to the 6500 ?

Jon

Mokhalil82
Level 4
Level 4
In response to Jon Marshall

‎02-17-2015 10:37 AM

Hi

Yes im sure, some vlans are pruned on the uplinks excluding the data voice etc and the trunk between the cores is a all vlan trunk.

You're right the access switches should not have routes to the svi but they do and have a default route pointing to the core. This is why I was thinking il need to throw in a few routes temporarily during the migration which i can remove after the core has been migrated

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎02-17-2015 10:51 AM

You're right the access switches should not have routes to the svi but they do and have a default route pointing to the core. This is why I was thinking il need to throw in a few routes temporarily during the migration which i can remove after the core has been migrated

Any routes on the access switches and the 6500 should not be used as long as there is L2 connectivity from the access switch to the 6500 for the data and voice vlans.

They are not going to affect anything although personally I would decide which way you want to go and then tidy up the configuration.

With a 6800 VSS pair I suspect you will want to do L2 from the access layer and leave all the routing to the 6800s.

Jon

Mokhalil82
Level 4
Level 4
In response to Jon Marshall

‎02-17-2015 12:10 PM

Yes the plan is to do L2 from the access layer and leave the routing for the core. I check everything again tomorrow but I was just expecting this to work, it usually does. 

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎02-17-2015 01:55 PM

If the switches are in production, moving them from one core to another will cause outage for your end devices/users even if the switches are racked next to one another.  I recommend, you do some testing ahead of time before moving your users.  You really need a good plan for doing this, if not you will have your mangers and users screening at you when things are not working. Interested in looking at your configs, because I am still not sure what are all the /30 subnet/vlan (10, 20, 30, 40) are for.


 

0 Helpful

Mokhalil82
Level 4
Level 4
In response to Reza Sharifi

‎02-18-2015 01:52 AM

Hi 

I have attached the access switch config file

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎02-18-2015 01:52 AM

Just happened to have logged on.

Your trunk link allows the data and voice vlans as you said so it is all L2 to the 6500 as far as I can see.

There is nothing that I can see that would be L3 switched in terms of user vlans on the access switch.

On a switch connected to the 6500 ie. not a migrated switch can you pick a client and do a traceroute to a client in the data vlan on the migrated switch.

I just want to see what the 6500 thinks is happening.

I'm a bit busy for the next half hour or so but i'll pick this up after that.

Jon

Mokhalil82
Level 4
Level 4
In response to Jon Marshall

‎02-18-2015 05:41 AM

Ok I just went back to basics to try something. The new core is currently sitting alone. So i connected a 2960x switch to it with a all vlan trunk between them. I configured 2 vlan SVIs on the 6800. I connected my laptop to the 2960x and can ping my gateway which is one of the Svi but cannot ping the other svi.

So not sure whats going on here, can it be the vss

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎02-18-2015 09:37 AM

Ok so for the 2960X the SVI should be on the old 6500 and not the new 6800.

You just need a layer-2 trunk between the 6800 and 6500 (no IP).

So for the same 2 vlans above, configure the link between the 2960X and the new 6800 as trunk (layer-2) only.  Also add the same vlans to the trunk between the 6800 and 6500 and add the SVIs to the 6500.

Now, you should be able to plug a laptop to the 2960X, give it an IP in one of the vlans and ping the SVI on the 6500.  You should also be able to ping all the other SVIs on the 6500 from the laptop.  Can you try this and update?

HTH

Customers Also Viewed These Support Documents