Catalyst 3750 with 2 vlans. Only vlan1 drop packet when ping

Discussion in 'Cisco' started by hamster, Jun 28, 2007.

  1. hamster

    hamster Guest

    Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.

    I created vlan140 on the switch. There is only one port connected to
    up link. I could ping the ip on vlan140 without droping package, but
    when I ping to the ip on vlan1, about 10% come back with "Request
    timed out."

    I have checked the interface error on both side of the cable, they are
    all zero.
    I tried different ip addresses for vlan1 and even replace the cable,
    no luck.

    Could anybody suggest what else I can try?

    Many thanks.

    Here is the configuration which I believe is relevant:
    ==========================================
    no aaa new-model
    system mtu routing 1500
    ip subnet-zero
    ip routing
    !
    no file verify auto
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending

    interface Vlan1
    ip address 10.0.2.247 255.255.252.0
    standby 140 ip 10.0.0.117
    standby 140 preempt delay minimum 60
    !
    interface Vlan140
    ip address 10.0.140.16 255.255.252.0
    standby 141 ip 10.0.140.1
    standby 141 preempt delay minimum 60
    !
    ip default-gateway 10.0.0.1
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.0.0.1
    ip http server
    no ip http secure-server
    =====================================
     
    hamster, Jun 28, 2007
    #1
    1. Advertising

  2. hamster

    Trendkill Guest

    On Jun 27, 9:00 pm, hamster <> wrote:
    > Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.
    >
    > I created vlan140 on the switch. There is only one port connected to
    > up link. I could ping the ip on vlan140 without droping package, but
    > when I ping to the ip on vlan1, about 10% come back with "Request
    > timed out."
    >
    > I have checked the interface error on both side of the cable, they are
    > all zero.
    > I tried different ip addresses for vlan1 and even replace the cable,
    > no luck.
    >
    > Could anybody suggest what else I can try?
    >
    > Many thanks.
    >
    > Here is the configuration which I believe is relevant:
    > ==========================================
    > no aaa new-model
    > system mtu routing 1500
    > ip subnet-zero
    > ip routing
    > !
    > no file verify auto
    > spanning-tree mode pvst
    > no spanning-tree optimize bpdu transmission
    > spanning-tree extend system-id
    > !
    > vlan internal allocation policy ascending
    >
    > interface Vlan1
    > ip address 10.0.2.247 255.255.252.0
    > standby 140 ip 10.0.0.117
    > standby 140 preempt delay minimum 60
    > !
    > interface Vlan140
    > ip address 10.0.140.16 255.255.252.0
    > standby 141 ip 10.0.140.1
    > standby 141 preempt delay minimum 60
    > !
    > ip default-gateway 10.0.0.1
    > ip classless
    > ip route 0.0.0.0 0.0.0.0 10.0.0.1
    > ip http server
    > no ip http secure-server
    > =====================================


    You have HSRP configured....where is the other hsrp peer? Are these
    VLAN's trunked? Anything in the logs about 'standby' changes? If you
    just have it configured and there is no other switch/router, then this
    should work fine. But I am guessing that you have another core and we
    need to see that config and log as well.
     
    Trendkill, Jun 28, 2007
    #2
    1. Advertising

  3. hamster

    Trendkill Guest

    On Jun 27, 9:12 pm, Trendkill <> wrote:
    > On Jun 27, 9:00 pm, hamster <> wrote:
    >
    >
    >
    > > Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.

    >
    > > I created vlan140 on the switch. There is only one port connected to
    > > up link. I could ping the ip on vlan140 without droping package, but
    > > when I ping to the ip on vlan1, about 10% come back with "Request
    > > timed out."

    >
    > > I have checked the interface error on both side of the cable, they are
    > > all zero.
    > > I tried different ip addresses for vlan1 and even replace the cable,
    > > no luck.

    >
    > > Could anybody suggest what else I can try?

    >
    > > Many thanks.

    >
    > > Here is the configuration which I believe is relevant:
    > > ==========================================
    > > no aaa new-model
    > > system mtu routing 1500
    > > ip subnet-zero
    > > ip routing
    > > !
    > > no file verify auto
    > > spanning-tree mode pvst
    > > no spanning-tree optimize bpdu transmission
    > > spanning-tree extend system-id
    > > !
    > > vlan internal allocation policy ascending

    >
    > > interface Vlan1
    > > ip address 10.0.2.247 255.255.252.0
    > > standby 140 ip 10.0.0.117
    > > standby 140 preempt delay minimum 60
    > > !
    > > interface Vlan140
    > > ip address 10.0.140.16 255.255.252.0
    > > standby 141 ip 10.0.140.1
    > > standby 141 preempt delay minimum 60
    > > !
    > > ip default-gateway 10.0.0.1
    > > ip classless
    > > ip route 0.0.0.0 0.0.0.0 10.0.0.1
    > > ip http server
    > > no ip http secure-server
    > > =====================================

    >
    > You have HSRP configured....where is the other hsrp peer? Are these
    > VLAN's trunked? Anything in the logs about 'standby' changes? If you
    > just have it configured and there is no other switch/router, then this
    > should work fine. But I am guessing that you have another core and we
    > need to see that config and log as well.


    Do me a favor and send me the configs for both routers. You may want
    to turn logging on at an informational level, in case HSRP is losing
    its neighbor and your timeout is causing it to failover for a specific
    time. Are you pinging the hsrp vlan 1 address, or the specific
    switch's address in vlan 1? Can you ping both and see if both fail or
    if it is just one? If it is just one, it tends to look like an HSRP
    or connectivity issue between your two switches. If both fail, then
    it sounds like we have another issue. Also, are you able to always
    ping vlan 140's interface with no problems? Is 140 trunked over to
    the other switch? If not, how does the other switch know how to get
    back to this switch to reply to the node's ping?
     
    Trendkill, Jun 28, 2007
    #3
  4. hamster

    Trendkill Guest

    On Jun 28, 2:28 pm, Trendkill <> wrote:
    > On Jun 27, 9:12 pm, Trendkill <> wrote:
    >
    >
    >
    > > On Jun 27, 9:00 pm, hamster <> wrote:

    >
    > > > Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.

    >
    > > > I created vlan140 on the switch. There is only one port connected to
    > > > up link. I could ping the ip on vlan140 without droping package, but
    > > > when I ping to the ip on vlan1, about 10% come back with "Request
    > > > timed out."

    >
    > > > I have checked the interface error on both side of the cable, they are
    > > > all zero.
    > > > I tried different ip addresses for vlan1 and even replace the cable,
    > > > no luck.

    >
    > > > Could anybody suggest what else I can try?

    >
    > > > Many thanks.

    >
    > > > Here is the configuration which I believe is relevant:
    > > > ==========================================
    > > > no aaa new-model
    > > > system mtu routing 1500
    > > > ip subnet-zero
    > > > ip routing
    > > > !
    > > > no file verify auto
    > > > spanning-tree mode pvst
    > > > no spanning-tree optimize bpdu transmission
    > > > spanning-tree extend system-id
    > > > !
    > > > vlan internal allocation policy ascending

    >
    > > > interface Vlan1
    > > > ip address 10.0.2.247 255.255.252.0
    > > > standby 140 ip 10.0.0.117
    > > > standby 140 preempt delay minimum 60
    > > > !
    > > > interface Vlan140
    > > > ip address 10.0.140.16 255.255.252.0
    > > > standby 141 ip 10.0.140.1
    > > > standby 141 preempt delay minimum 60
    > > > !
    > > > ip default-gateway 10.0.0.1
    > > > ip classless
    > > > ip route 0.0.0.0 0.0.0.0 10.0.0.1
    > > > ip http server
    > > > no ip http secure-server
    > > > =====================================

    >
    > > You have HSRP configured....where is the other hsrp peer? Are these
    > > VLAN's trunked? Anything in the logs about 'standby' changes? If you
    > > just have it configured and there is no other switch/router, then this
    > > should work fine. But I am guessing that you have another core and we
    > > need to see that config and log as well.

    >
    > Do me a favor and send me the configs for both routers. You may want
    > to turn logging on at an informational level, in case HSRP is losing
    > its neighbor and your timeout is causing it to failover for a specific
    > time. Are you pinging the hsrp vlan 1 address, or the specific
    > switch's address in vlan 1? Can you ping both and see if both fail or
    > if it is just one? If it is just one, it tends to look like an HSRP
    > or connectivity issue between your two switches. If both fail, then
    > it sounds like we have another issue. Also, are you able to always
    > ping vlan 140's interface with no problems? Is 140 trunked over to
    > the other switch? If not, how does the other switch know how to get
    > back to this switch to reply to the node's ping?


    In short, you can either trunk all vlans between your two cores (cores
    = routers that own all vlans, usually from a layer 2 and layer 3
    perspective), or you can have vlans on different switches, and have
    them advertise the networks between one another. What I see here is a
    hybrid model that will not work. If you want to do the second option,
    you need to turn up a routing protocol or statics to let the first
    switch/router know about the new vlan (140), or you need to trunk/
    connect 140 directly to avoid multi hop standby (should work, just not
    a good practice).
     
    Trendkill, Jun 28, 2007
    #4
  5. hamster

    hamster Guest

    On Jun 29, 4:33 am, Trendkill <> wrote:
    > On Jun 28, 2:28 pm, Trendkill <> wrote:
    >
    >
    >
    >
    >
    > > On Jun 27, 9:12 pm, Trendkill <> wrote:

    >
    > > > On Jun 27, 9:00 pm, hamster <> wrote:

    >
    > > > > Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.

    >
    > > > > I created vlan140 on the switch. There is only one port connected to
    > > > > up link. I could ping the ip on vlan140 without droping package, but
    > > > > when I ping to the ip onvlan1, about 10% come back with "Request
    > > > > timed out."

    >
    > > > > I have checked the interface error on both side of the cable, they are
    > > > > all zero.
    > > > > I tried different ip addresses forvlan1and even replace the cable,
    > > > > no luck.

    >
    > > > > Could anybody suggest what else I can try?

    >
    > > > > Many thanks.

    >
    > > > > Here is the configuration which I believe is relevant:
    > > > > ==========================================
    > > > > no aaa new-model
    > > > > system mtu routing 1500
    > > > > ip subnet-zero
    > > > > ip routing
    > > > > !
    > > > > no file verify auto
    > > > > spanning-tree mode pvst
    > > > > no spanning-tree optimize bpdu transmission
    > > > > spanning-tree extend system-id
    > > > > !
    > > > > vlan internal allocation policy ascending

    >
    > > > > interfaceVlan1
    > > > > ip address 10.0.2.247 255.255.252.0
    > > > > standby 140 ip 10.0.0.117
    > > > > standby 140 preempt delay minimum 60
    > > > > !
    > > > > interface Vlan140
    > > > > ip address 10.0.140.16 255.255.252.0
    > > > > standby 141 ip 10.0.140.1
    > > > > standby 141 preempt delay minimum 60
    > > > > !
    > > > > ip default-gateway 10.0.0.1
    > > > > ip classless
    > > > > ip route 0.0.0.0 0.0.0.0 10.0.0.1
    > > > > ip http server
    > > > > no ip http secure-server
    > > > > =====================================

    >
    > > > You have HSRP configured....where is the other hsrp peer? Are these
    > > > VLAN's trunked? Anything in the logs about 'standby' changes? If you
    > > > just have it configured and there is no other switch/router, then this
    > > > should work fine. But I am guessing that you have another core and we
    > > > need to see that config and log as well.

    >
    > > Do me a favor and send me the configs for both routers. You may want
    > > to turn logging on at an informational level, in case HSRP is losing
    > > its neighbor and your timeout is causing it to failover for a specific
    > > time. Are you pinging the hsrp vlan 1 address, or the specific
    > > switch's address in vlan 1? Can you ping both and see if both fail or
    > > if it is just one? If it is just one, it tends to look like an HSRP
    > > or connectivity issue between your two switches. If both fail, then
    > > it sounds like we have another issue. Also, are you able to always
    > > ping vlan 140's interface with no problems? Is 140 trunked over to
    > > the other switch? If not, how does the other switch know how to get
    > > back to this switch to reply to the node's ping?

    >
    > In short, you can either trunk all vlans between your two cores (cores
    > = routers that own all vlans, usually from a layer 2 and layer 3
    > perspective), or you can have vlans on different switches, and have
    > them advertise the networks between one another. What I see here is a
    > hybrid model that will not work. If you want to do the second option,
    > you need to turn up a routing protocol or statics to let the first
    > switch/router know about the new vlan (140), or you need to trunk/
    > connect 140 directly to avoid multi hop standby (should work, just not
    > a good practice).- Hide quoted text -
    >
    > - Show quoted text -


    Hi TrendKill,

    I have sent you the configurations.
    I can ping the vlan 140 interface ips (all three) without dropping
    packet.
    I have problem pinging vlan1 interface ip (not HSRP) on 3750-06
    switch. There is no packet drop on vlan1 interface ip on 3750-07
    switch nor the HSRP interface.

    In terms of trunking, we are not setting trunk on it because we only
    want to isolate this section during broadcast and running-out-of-ip
    issues. So, the layer 2 traffic is bound in this segment only.

    Do you need more informaiton?

    Thanks
     
    hamster, Jul 2, 2007
    #5
  6. hamster

    Trendkill Guest

    On Jul 2, 2:30 am, hamster <> wrote:
    > On Jun 29, 4:33 am, Trendkill <> wrote:
    >
    >
    >
    > > On Jun 28, 2:28 pm, Trendkill <> wrote:

    >
    > > > On Jun 27, 9:12 pm, Trendkill <> wrote:

    >
    > > > > On Jun 27, 9:00 pm, hamster <> wrote:

    >
    > > > > > Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.

    >
    > > > > > I created vlan140 on the switch. There is only one port connected to
    > > > > > up link. I could ping the ip on vlan140 without droping package, but
    > > > > > when I ping to the ip onvlan1, about 10% come back with "Request
    > > > > > timed out."

    >
    > > > > > I have checked the interface error on both side of the cable, they are
    > > > > > all zero.
    > > > > > I tried different ip addresses forvlan1and even replace the cable,
    > > > > > no luck.

    >
    > > > > > Could anybody suggest what else I can try?

    >
    > > > > > Many thanks.

    >
    > > > > > Here is the configuration which I believe is relevant:
    > > > > > ==========================================
    > > > > > no aaa new-model
    > > > > > system mtu routing 1500
    > > > > > ip subnet-zero
    > > > > > ip routing
    > > > > > !
    > > > > > no file verify auto
    > > > > > spanning-tree mode pvst
    > > > > > no spanning-tree optimize bpdu transmission
    > > > > > spanning-tree extend system-id
    > > > > > !
    > > > > > vlan internal allocation policy ascending

    >
    > > > > > interfaceVlan1
    > > > > > ip address 10.0.2.247 255.255.252.0
    > > > > > standby 140 ip 10.0.0.117
    > > > > > standby 140 preempt delay minimum 60
    > > > > > !
    > > > > > interface Vlan140
    > > > > > ip address 10.0.140.16 255.255.252.0
    > > > > > standby 141 ip 10.0.140.1
    > > > > > standby 141 preempt delay minimum 60
    > > > > > !
    > > > > > ip default-gateway 10.0.0.1
    > > > > > ip classless
    > > > > > ip route 0.0.0.0 0.0.0.0 10.0.0.1
    > > > > > ip http server
    > > > > > no ip http secure-server
    > > > > > =====================================

    >
    > > > > You have HSRP configured....where is the other hsrp peer? Are these
    > > > > VLAN's trunked? Anything in the logs about 'standby' changes? If you
    > > > > just have it configured and there is no other switch/router, then this
    > > > > should work fine. But I am guessing that you have another core and we
    > > > > need to see that config and log as well.

    >
    > > > Do me a favor and send me the configs for both routers. You may want
    > > > to turn logging on at an informational level, in case HSRP is losing
    > > > its neighbor and your timeout is causing it to failover for a specific
    > > > time. Are you pinging the hsrp vlan 1 address, or the specific
    > > > switch's address in vlan 1? Can you ping both and see if both fail or
    > > > if it is just one? If it is just one, it tends to look like an HSRP
    > > > or connectivity issue between your two switches. If both fail, then
    > > > it sounds like we have another issue. Also, are you able to always
    > > > ping vlan 140's interface with no problems? Is 140 trunked over to
    > > > the other switch? If not, how does the other switch know how to get
    > > > back to this switch to reply to the node's ping?

    >
    > > In short, you can either trunk all vlans between your two cores (cores
    > > = routers that own all vlans, usually from a layer 2 and layer 3
    > > perspective), or you can have vlans on different switches, and have
    > > them advertise the networks between one another. What I see here is a
    > > hybrid model that will not work. If you want to do the second option,
    > > you need to turn up a routing protocol or statics to let the first
    > > switch/router know about the new vlan (140), or you need to trunk/
    > > connect 140 directly to avoid multi hop standby (should work, just not
    > > a good practice).- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > Hi TrendKill,
    >
    > I have sent you the configurations.
    > I can ping the vlan 140 interface ips (all three) without dropping
    > packet.
    > I have problem pinging vlan1 interface ip (not HSRP) on 3750-06
    > switch. There is no packet drop on vlan1 interface ip on 3750-07
    > switch nor the HSRP interface.
    >
    > In terms of trunking, we are not setting trunk on it because we only
    > want to isolate this section during broadcast and running-out-of-ip
    > issues. So, the layer 2 traffic is bound in this segment only.
    >
    > Do you need more informaiton?
    >
    > Thanks


    Ok, I need to see a show interface trunk on both switches. I also
    would like to see a show arp | include <ip you are having response
    issues with>, and a show mac-address <mac> of the mac that results
    from the show arp command. Basically, and while I don't have any
    concrete to go off of, there is some kind of communication issue
    between your two switches. If you can ping the closest physical
    interface, and the HSRP (probably because the closest switch is the
    owner of hsrp for both VLANs), I would guess that if you moved HSRP
    over you would be having connectivity issues.

    Perhaps the most important thing of all is, how does switch 06 know
    about vlan 140 on 07? It has an interface in that vlan, but if its
    not trunked over, you have the equivalent of two different vlan 140s.
    When a node on switch 07 needs to talk to vlan 1, it will go to its
    interface, which will route to the vlan 1 interface on switch 07, then
    send you across the vlan 1 trunk to 06, but 06 will not know how to
    respond since he is the default gateway for all networks. You either
    need to run a core set of switches that know about all vlans and
    collectively own layer 2 and layer 3 (hsrp, vlans created on both,
    trunking between the two or more, etc), or you can do distributed
    layer 3 which is where some switches own some vlans, while others own
    others. In this case, you have to run a routing protocol for the L3
    switches to exchange knowledge about the networks that they own. If
    you do this architecture, switches that do not 'own' the vlan should
    not have interfaces in it.

    Please let me know if this helps clarify something, or if it doesn't,
    please respond back with the commands requested.
     
    Trendkill, Jul 2, 2007
    #6
  7. hamster

    Trendkill Guest

    On Jul 2, 7:39 am, Trendkill <> wrote:
    > On Jul 2, 2:30 am, hamster <> wrote:
    >
    >
    >
    > > On Jun 29, 4:33 am, Trendkill <> wrote:

    >
    > > > On Jun 28, 2:28 pm, Trendkill <> wrote:

    >
    > > > > On Jun 27, 9:12 pm, Trendkill <> wrote:

    >
    > > > > > On Jun 27, 9:00 pm, hamster <> wrote:

    >
    > > > > > > Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.

    >
    > > > > > > I created vlan140 on the switch. There is only one port connected to
    > > > > > > up link. I could ping the ip on vlan140 without droping package, but
    > > > > > > when I ping to the ip onvlan1, about 10% come back with "Request
    > > > > > > timed out."

    >
    > > > > > > I have checked the interface error on both side of the cable, they are
    > > > > > > all zero.
    > > > > > > I tried different ip addresses forvlan1and even replace the cable,
    > > > > > > no luck.

    >
    > > > > > > Could anybody suggest what else I can try?

    >
    > > > > > > Many thanks.

    >
    > > > > > > Here is the configuration which I believe is relevant:
    > > > > > > ==========================================
    > > > > > > no aaa new-model
    > > > > > > system mtu routing 1500
    > > > > > > ip subnet-zero
    > > > > > > ip routing
    > > > > > > !
    > > > > > > no file verify auto
    > > > > > > spanning-tree mode pvst
    > > > > > > no spanning-tree optimize bpdu transmission
    > > > > > > spanning-tree extend system-id
    > > > > > > !
    > > > > > > vlan internal allocation policy ascending

    >
    > > > > > > interfaceVlan1
    > > > > > > ip address 10.0.2.247 255.255.252.0
    > > > > > > standby 140 ip 10.0.0.117
    > > > > > > standby 140 preempt delay minimum 60
    > > > > > > !
    > > > > > > interface Vlan140
    > > > > > > ip address 10.0.140.16 255.255.252.0
    > > > > > > standby 141 ip 10.0.140.1
    > > > > > > standby 141 preempt delay minimum 60
    > > > > > > !
    > > > > > > ip default-gateway 10.0.0.1
    > > > > > > ip classless
    > > > > > > ip route 0.0.0.0 0.0.0.0 10.0.0.1
    > > > > > > ip http server
    > > > > > > no ip http secure-server
    > > > > > > =====================================

    >
    > > > > > You have HSRP configured....where is the other hsrp peer? Are these
    > > > > > VLAN's trunked? Anything in the logs about 'standby' changes? If you
    > > > > > just have it configured and there is no other switch/router, then this
    > > > > > should work fine. But I am guessing that you have another core and we
    > > > > > need to see that config and log as well.

    >
    > > > > Do me a favor and send me the configs for both routers. You may want
    > > > > to turn logging on at an informational level, in case HSRP is losing
    > > > > its neighbor and your timeout is causing it to failover for a specific
    > > > > time. Are you pinging the hsrp vlan 1 address, or the specific
    > > > > switch's address in vlan 1? Can you ping both and see if both fail or
    > > > > if it is just one? If it is just one, it tends to look like an HSRP
    > > > > or connectivity issue between your two switches. If both fail, then
    > > > > it sounds like we have another issue. Also, are you able to always
    > > > > ping vlan 140's interface with no problems? Is 140 trunked over to
    > > > > the other switch? If not, how does the other switch know how to get
    > > > > back to this switch to reply to the node's ping?

    >
    > > > In short, you can either trunk all vlans between your two cores (cores
    > > > = routers that own all vlans, usually from a layer 2 and layer 3
    > > > perspective), or you can have vlans on different switches, and have
    > > > them advertise the networks between one another. What I see here is a
    > > > hybrid model that will not work. If you want to do the second option,
    > > > you need to turn up a routing protocol or statics to let the first
    > > > switch/router know about the new vlan (140), or you need to trunk/
    > > > connect 140 directly to avoid multi hop standby (should work, just not
    > > > a good practice).- Hide quoted text -

    >
    > > > - Show quoted text -

    >
    > > Hi TrendKill,

    >
    > > I have sent you the configurations.
    > > I can ping the vlan 140 interface ips (all three) without dropping
    > > packet.
    > > I have problem pinging vlan1 interface ip (not HSRP) on 3750-06
    > > switch. There is no packet drop on vlan1 interface ip on 3750-07
    > > switch nor the HSRP interface.

    >
    > > In terms of trunking, we are not setting trunk on it because we only
    > > want to isolate this section during broadcast and running-out-of-ip
    > > issues. So, the layer 2 traffic is bound in this segment only.

    >
    > > Do you need more informaiton?

    >
    > > Thanks

    >
    > Ok, I need to see a show interface trunk on both switches. I also
    > would like to see a show arp | include <ip you are having response
    > issues with>, and a show mac-address <mac> of the mac that results
    > from the show arp command. Basically, and while I don't have any
    > concrete to go off of, there is some kind of communication issue
    > between your two switches. If you can ping the closest physical
    > interface, and the HSRP (probably because the closest switch is the
    > owner of hsrp for both VLANs), I would guess that if you moved HSRP
    > over you would be having connectivity issues.
    >
    > Perhaps the most important thing of all is, how does switch 06 know
    > about vlan 140 on 07? It has an interface in that vlan, but if its
    > not trunked over, you have the equivalent of two different vlan 140s.
    > When a node on switch 07 needs to talk to vlan 1, it will go to its
    > interface, which will route to the vlan 1 interface on switch 07, then
    > send you across the vlan 1 trunk to 06, but 06 will not know how to
    > respond since he is the default gateway for all networks. You either
    > need to run a core set of switches that know about all vlans and
    > collectively own layer 2 and layer 3 (hsrp, vlans created on both,
    > trunking between the two or more, etc), or you can do distributed
    > layer 3 which is where some switches own some vlans, while others own
    > others. In this case, you have to run a routing protocol for the L3
    > switches to exchange knowledge about the networks that they own. If
    > you do this architecture, switches that do not 'own' the vlan should
    > not have interfaces in it.
    >
    > Please let me know if this helps clarify something, or if it doesn't,
    > please respond back with the commands requested.


    Also, the reason I say that switch 06 will not be able to get back to
    vlan 140 on switch 07, is that he will not know to route the packet
    since there are no protocols, but even more basic than that, he has an
    interface in that network. So when he gets a packet destined for vlan
    140 on switch 07, he moves it to his own vlan 140 (since the subnet
    matches), but if there is not a trunk across to switch 07 in vlan 140,
    it will never make it back.

    All of the above could be null and void if your show interface trunk
    comes back and shows vlans 1 and 140 being trunked on both sides, but
    I'm currently suspecting that is the issue with the limited knowledge
    of your environment that I have.
     
    Trendkill, Jul 2, 2007
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Raymond Chow
    Replies:
    2
    Views:
    6,308
    vsakel
    Oct 27, 2003
  2. 40net
    Replies:
    0
    Views:
    459
    40net
    Apr 14, 2006
  3. lfnetworking
    Replies:
    3
    Views:
    5,029
    lfnetworking
    Aug 27, 2006
  4. Replies:
    6
    Views:
    2,278
  5. mediumkuriboh
    Replies:
    0
    Views:
    1,596
    mediumkuriboh
    Feb 9, 2009
Loading...

Share This Page