Catalyst 3750 with 2 vlans. Only vlan1 drop packet when ping

Discussion in 'Cisco' started by hamster, Jun 28, 2007.

  1. hamster

    hamster Guest

    Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.

    I created vlan140 on the switch. There is only one port connected to
    up link. I could ping the ip on vlan140 without droping package, but
    when I ping to the ip on vlan1, about 10% come back with "Request
    timed out."

    I have checked the interface error on both side of the cable, they are
    all zero.
    I tried different ip addresses for vlan1 and even replace the cable,
    no luck.

    Could anybody suggest what else I can try?

    Many thanks.

    Here is the configuration which I believe is relevant:
    ==========================================
    no aaa new-model
    system mtu routing 1500
    ip subnet-zero
    ip routing
    !
    no file verify auto
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending

    interface Vlan1
    ip address 10.0.2.247 255.255.252.0
    standby 140 ip 10.0.0.117
    standby 140 preempt delay minimum 60
    !
    interface Vlan140
    ip address 10.0.140.16 255.255.252.0
    standby 141 ip 10.0.140.1
    standby 141 preempt delay minimum 60
    !
    ip default-gateway 10.0.0.1
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.0.0.1
    ip http server
    no ip http secure-server
    =====================================
     
    hamster, Jun 28, 2007
    #1
    1. Advertisements

  2. hamster

    Trendkill Guest

    You have HSRP configured....where is the other hsrp peer? Are these
    VLAN's trunked? Anything in the logs about 'standby' changes? If you
    just have it configured and there is no other switch/router, then this
    should work fine. But I am guessing that you have another core and we
    need to see that config and log as well.
     
    Trendkill, Jun 28, 2007
    #2
    1. Advertisements

  3. hamster

    Trendkill Guest

    Do me a favor and send me the configs for both routers. You may want
    to turn logging on at an informational level, in case HSRP is losing
    its neighbor and your timeout is causing it to failover for a specific
    time. Are you pinging the hsrp vlan 1 address, or the specific
    switch's address in vlan 1? Can you ping both and see if both fail or
    if it is just one? If it is just one, it tends to look like an HSRP
    or connectivity issue between your two switches. If both fail, then
    it sounds like we have another issue. Also, are you able to always
    ping vlan 140's interface with no problems? Is 140 trunked over to
    the other switch? If not, how does the other switch know how to get
    back to this switch to reply to the node's ping?
     
    Trendkill, Jun 28, 2007
    #3
  4. hamster

    Trendkill Guest

    In short, you can either trunk all vlans between your two cores (cores
    = routers that own all vlans, usually from a layer 2 and layer 3
    perspective), or you can have vlans on different switches, and have
    them advertise the networks between one another. What I see here is a
    hybrid model that will not work. If you want to do the second option,
    you need to turn up a routing protocol or statics to let the first
    switch/router know about the new vlan (140), or you need to trunk/
    connect 140 directly to avoid multi hop standby (should work, just not
    a good practice).
     
    Trendkill, Jun 28, 2007
    #4
  5. hamster

    hamster Guest

    Hi TrendKill,

    I have sent you the configurations.
    I can ping the vlan 140 interface ips (all three) without dropping
    packet.
    I have problem pinging vlan1 interface ip (not HSRP) on 3750-06
    switch. There is no packet drop on vlan1 interface ip on 3750-07
    switch nor the HSRP interface.

    In terms of trunking, we are not setting trunk on it because we only
    want to isolate this section during broadcast and running-out-of-ip
    issues. So, the layer 2 traffic is bound in this segment only.

    Do you need more informaiton?

    Thanks
     
    hamster, Jul 2, 2007
    #5
  6. hamster

    Trendkill Guest

    Ok, I need to see a show interface trunk on both switches. I also
    would like to see a show arp | include <ip you are having response
    issues with>, and a show mac-address <mac> of the mac that results
    from the show arp command. Basically, and while I don't have any
    concrete to go off of, there is some kind of communication issue
    between your two switches. If you can ping the closest physical
    interface, and the HSRP (probably because the closest switch is the
    owner of hsrp for both VLANs), I would guess that if you moved HSRP
    over you would be having connectivity issues.

    Perhaps the most important thing of all is, how does switch 06 know
    about vlan 140 on 07? It has an interface in that vlan, but if its
    not trunked over, you have the equivalent of two different vlan 140s.
    When a node on switch 07 needs to talk to vlan 1, it will go to its
    interface, which will route to the vlan 1 interface on switch 07, then
    send you across the vlan 1 trunk to 06, but 06 will not know how to
    respond since he is the default gateway for all networks. You either
    need to run a core set of switches that know about all vlans and
    collectively own layer 2 and layer 3 (hsrp, vlans created on both,
    trunking between the two or more, etc), or you can do distributed
    layer 3 which is where some switches own some vlans, while others own
    others. In this case, you have to run a routing protocol for the L3
    switches to exchange knowledge about the networks that they own. If
    you do this architecture, switches that do not 'own' the vlan should
    not have interfaces in it.

    Please let me know if this helps clarify something, or if it doesn't,
    please respond back with the commands requested.
     
    Trendkill, Jul 2, 2007
    #6
  7. hamster

    Trendkill Guest

    Also, the reason I say that switch 06 will not be able to get back to
    vlan 140 on switch 07, is that he will not know to route the packet
    since there are no protocols, but even more basic than that, he has an
    interface in that network. So when he gets a packet destined for vlan
    140 on switch 07, he moves it to his own vlan 140 (since the subnet
    matches), but if there is not a trunk across to switch 07 in vlan 140,
    it will never make it back.

    All of the above could be null and void if your show interface trunk
    comes back and shows vlans 1 and 140 being trunked on both sides, but
    I'm currently suspecting that is the issue with the limited knowledge
    of your environment that I have.
     
    Trendkill, Jul 2, 2007
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.