IP Routing on 3550

Unanswered Question
Mar 30th, 2007
User Badges:

Starting point: 8-3550 Switches, 1-2811 router (10.2.232.250), all on one subnet 10.2.232.0:255.255.252.0, one VLAN=1. ALL WORKS FINE.


I'm adding VLANs and I need to enable routing on the switches for Inter-VLAN routing. However, when I enable ip routing on the frist switch, the 'network' still works (stations work fine) however, in about 3 minutes, I can no longer HTTP nor ping the VLAN 1 interface. I'm guessing the 3 min delay is routing info updating. I can't even reach it on the switch itself. So, I can't manage it in Network Assistant, nor the web interface. I can still get to any other switch VLAN interface.


Here is before conf info:

no ip subnet-zero

no file verify auto

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree extend system-id

vlan internal allocation policy ascending

interface Vlan1

ip address 10.2.232.203 255.255.252.0

ip default-gateway 10.2.232.250

ip classless

ip http server


Here is after:

no ip subnet-zero

ip routing

no file verify auto

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree extend system-id

vlan internal allocation policy ascending

interface Vlan1

ip address 10.2.232.203 255.255.252.0

ip default-gateway 10.2.232.250

ip classless

ip route 0.0.0.0 0.0.0.0 10.2.232.250

ip http server


This driving me crazy and not a good experience with ip routing on the 3550. It probably comes down to me misconfiguring something, but I don't know what.


Please assist and I will be singing praises about you!


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Fri, 03/30/2007 - 06:47
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Don


In looking at what you posted it looks like these are the only things that are different:

ip routing

ip route 0.0.0.0 0.0.0.0 10.2.232.250


I do not see what about these 2 additions would cause the symptoms that you describe. Is it possible that you have changed anything else?


As a check on the problem, if you remove these 2 statements does the behavior go back to what it used to be?


Also I am not clear whether PCs connected to this switch still work (it is only a problem getting to the management interface of the switch) or does everything on this switch stop working?


HTH


Rick

aravindhs Fri, 03/30/2007 - 07:32
User Badges:

Hi


Why do you need the entry 'ip default-gateway 10.2.232.250 ' on the router after you have enabled routing ?


cheers

Arav

Richard Burts Fri, 03/30/2007 - 07:41
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Arav


I am not sure that you "need" the ip default-gateway when ip routing is enabled. But it does no harm and sometimes you may want to have it. In a few circumstances (most especially operating in rommon) the router is not routing and the ip route 0.0.0.0 does you no good. But the ip default-gateway does work in that situation.


So for normal operation the ip default-gateway is not used. But it is cheap and easy insurance to cover you in certain problem situations.


HTH


Rick

ddaugherty1264 Fri, 03/30/2007 - 09:55
User Badges:

The only changes are these.

And if I remove them and RESTART the switch all is back to normal. If I remove and clear routes, it still is hosed.

All PCs work without a hitch. The only problem is management.

Strange, huh?


ddaugherty1264 Fri, 03/30/2007 - 10:05
User Badges:

Just for grins, here is the entire configs. OOPS, there is one more change: in VLAN1 added, "no ip route-cache"

Just for more info, these changes were created by Network Assistant. I am running 12.2(35)SE-IP-BASE on all switches.

BEFORE:


version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

service sequence-numbers

!

hostname ICUSwitch1.net.fleming.org

!

enable secret 5 ####

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

mls qos map cos-dscp 0 8 16 26 32 46 48 56

mls qos min-reserve 5 170

mls qos min-reserve 6 85

mls qos min-reserve 7 51

--More-- mls qos min-reserve 8 34

mls qos

no ip subnet-zero


no file verify auto

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport mode dynamic desirable

!

interface FastEthernet0/2

switchport mode dynamic desirable

!

interface FastEthernet0/3

switchport trunk encapsulation dot1q

switchport mode trunk

--More-- mls qos trust cos

macro description cisco-switch

auto qos voip trust

wrr-queue bandwidth 10 20 70 1

wrr-queue min-reserve 1 5

wrr-queue min-reserve 2 6

wrr-queue min-reserve 3 7

wrr-queue min-reserve 4 8

wrr-queue cos-map 1 0 1

wrr-queue cos-map 2 2 4

wrr-queue cos-map 3 3 6 7

wrr-queue cos-map 4 5

priority-queue out

spanning-tree link-type point-to-point

!

interface FastEthernet0/4

switchport mode dynamic desirable

!

interface FastEthernet0/5

switchport mode dynamic desirable

!

interface FastEthernet0/6

switchport mode dynamic desirable

--More-- !

interface FastEthernet0/7

switchport mode dynamic desirable

!

interface FastEthernet0/8

switchport mode dynamic desirable

!

interface FastEthernet0/9

switchport mode dynamic desirable

!

interface FastEthernet0/10

switchport mode dynamic desirable

!

interface FastEthernet0/11

switchport mode dynamic desirable

!

interface FastEthernet0/12

switchport mode dynamic desirable

!

interface FastEthernet0/13

switchport mode dynamic desirable

!

interface FastEthernet0/14

--More-- switchport mode dynamic desirable

!

interface FastEthernet0/15

switchport mode dynamic desirable

!

interface FastEthernet0/16

switchport mode dynamic desirable

!

interface FastEthernet0/17

switchport mode dynamic desirable

!

interface FastEthernet0/18

switchport mode dynamic desirable

!

interface FastEthernet0/19

switchport mode dynamic desirable

!

interface FastEthernet0/20

switchport mode dynamic desirable

!

interface FastEthernet0/21

switchport mode dynamic desirable

!

--More-- interface FastEthernet0/22

switchport mode dynamic desirable

!

interface FastEthernet0/23

switchport mode dynamic desirable

!

interface FastEthernet0/24

switchport mode dynamic desirable

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

ip address 10.2.232.203 255.255.252.0

!

ip default-gateway 10.2.232.250

ip classless

ip http server


ddaugherty1264 Fri, 03/30/2007 - 10:08
User Badges:

I did remove the SNMP stuff at the bottom for posting a message space issues.

AFTER:

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

service sequence-numbers

!

hostname ICUSwitch1.net.fleming.org

!

enable secret 5 ####

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

mls qos map cos-dscp 0 8 16 26 32 46 48 56

mls qos min-reserve 5 170

mls qos min-reserve 6 85

mls qos min-reserve 7 51

--More-- mls qos min-reserve 8 34

mls qos

no ip subnet-zero

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport mode dynamic desirable

!

interface FastEthernet0/2

switchport mode dynamic desirable

!

interface FastEthernet0/3

switchport trunk encapsulation dot1q

switchport mode trunk

--More-- mls qos trust cos

macro description cisco-switch

auto qos voip trust

wrr-queue bandwidth 10 20 70 1

wrr-queue min-reserve 1 5

wrr-queue min-reserve 2 6

wrr-queue min-reserve 3 7

wrr-queue min-reserve 4 8

wrr-queue cos-map 1 0 1

wrr-queue cos-map 2 2 4

wrr-queue cos-map 3 3 6 7

wrr-queue cos-map 4 5

priority-queue out

spanning-tree link-type point-to-point

!

interface FastEthernet0/4

switchport mode dynamic desirable

!

interface FastEthernet0/5

switchport mode dynamic desirable

!

interface FastEthernet0/6

switchport mode dynamic desirable

--More-- !

interface FastEthernet0/7

switchport mode dynamic desirable

!

interface FastEthernet0/8

switchport mode dynamic desirable

!

interface FastEthernet0/9

switchport mode dynamic desirable

!

interface FastEthernet0/10

switchport mode dynamic desirable

!

interface FastEthernet0/11

switchport mode dynamic desirable

!

interface FastEthernet0/12

switchport mode dynamic desirable

!

interface FastEthernet0/13

switchport mode dynamic desirable

!

interface FastEthernet0/14

--More-- switchport mode dynamic desirable

!

interface FastEthernet0/15

switchport mode dynamic desirable

!

interface FastEthernet0/16

switchport mode dynamic desirable

!

interface FastEthernet0/17

switchport mode dynamic desirable

!

interface FastEthernet0/18

switchport mode dynamic desirable

!

interface FastEthernet0/19

switchport mode dynamic desirable

!

interface FastEthernet0/20

switchport mode dynamic desirable

!

interface FastEthernet0/21

switchport mode dynamic desirable

!

--More-- interface FastEthernet0/22

switchport mode dynamic desirable

!

interface FastEthernet0/23

switchport mode dynamic desirable

!

interface FastEthernet0/24

switchport mode dynamic desirable

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

ip address 10.2.232.203 255.255.252.0

!

ip default-gateway 10.2.232.250

ip classless

ip http server


Richard Burts Fri, 03/30/2007 - 10:32
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Don

I do like the idea of seeing the entire config and think that it may be helpful.


Is it possible that you have posted the same config as before and as after? Unless my eyes deceive me I am not seeing any difference in the 2 configs that you posted.


And it is helpful to know that it only impacts the management address of the switch, so that all PCs continue to work as they should. Would I be correct in assuming that the PC default gateway is still configured as the router address?


Do I understand that when you make the change that you still have access to the switch for a few minutes and then you no longer have access?


HTH


Rick

ddaugherty1264 Fri, 03/30/2007 - 12:48
User Badges:

Sorry about this. Yes, the PCs continue to work (forever). Yes, the PCs default g/w is the router. Yes, I do have access to the switch for about 3-4 minutes, then it goes away.


ddaugherty1264 Fri, 03/30/2007 - 12:51
User Badges:

You guys are really going to think I am ate up. But this is what happens when you append logs together.

The following is really, the real after:

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

service sequence-numbers

!

hostname ICUSwitch1.net.fleming.org

!

enable secret 5 ####

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

mls qos map cos-dscp 0 8 16 26 32 46 48 56

mls qos min-reserve 5 170

mls qos min-reserve 6 85

mls qos min-reserve 7 51

--More-- mls qos min-reserve 8 34

mls qos

no ip subnet-zero

ip routing

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport mode dynamic desirable

!

interface FastEthernet0/2

switchport mode dynamic desirable

!

interface FastEthernet0/3

switchport trunk encapsulation dot1q

--More-- switchport mode trunk

mls qos trust cos

macro description cisco-switch

auto qos voip trust

wrr-queue bandwidth 10 20 70 1

wrr-queue min-reserve 1 5

wrr-queue min-reserve 2 6

wrr-queue min-reserve 3 7

wrr-queue min-reserve 4 8

wrr-queue cos-map 1 0 1

wrr-queue cos-map 2 2 4

wrr-queue cos-map 3 3 6 7

wrr-queue cos-map 4 5

priority-queue out

spanning-tree link-type point-to-point

!

interface FastEthernet0/4

switchport mode dynamic desirable

!

interface FastEthernet0/5

switchport mode dynamic desirable

!

interface FastEthernet0/6

--More-- switchport mode dynamic desirable

!

interface FastEthernet0/7

switchport mode dynamic desirable

!

interface FastEthernet0/8

switchport mode dynamic desirable

!

interface FastEthernet0/9

switchport mode dynamic desirable

!

interface FastEthernet0/10

switchport mode dynamic desirable

!

interface FastEthernet0/11

switchport mode dynamic desirable

!

interface FastEthernet0/12

switchport mode dynamic desirable

!

interface FastEthernet0/13

switchport mode dynamic desirable

!

--More-- interface FastEthernet0/14

switchport mode dynamic desirable

!

interface FastEthernet0/15

switchport mode dynamic desirable

!

interface FastEthernet0/16

switchport mode dynamic desirable

!

interface FastEthernet0/17

switchport mode dynamic desirable

!

interface FastEthernet0/18

switchport mode dynamic desirable

!

interface FastEthernet0/19

switchport mode dynamic desirable

!

interface FastEthernet0/20

switchport mode dynamic desirable

!

interface FastEthernet0/21

switchport mode dynamic desirable

--More-- !

interface FastEthernet0/22

switchport mode dynamic desirable

!

interface FastEthernet0/23

switchport mode dynamic desirable

!

interface FastEthernet0/24

switchport mode dynamic desirable

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

ip address 10.2.232.203 255.255.252.0

!

ip default-gateway 10.2.232.250

ip classless

ip route 0.0.0.0 0.0.0.0 10.2.232.250

ip http server

Richard Burts Fri, 03/30/2007 - 13:46
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Don


Thanks for posting the correct after version of the config. I have looked at it and do not see anything that seems to explain what is going on.


From the fact that after you make the change you still have access for several minutes it may be reasonable to assume that something is timing out. I wonder if you made the change and when it stopped working if you clear the ARP cache - first on the switch and then if needed on the router - if it might fix it.


If clearing the ARP does not make a difference then I would probably look into the mac address table on the switch. It might help to show mac-address-table, before the change, after the change, and after connectivity is interrupted.


HTH


Rick

Danilo Dy Tue, 04/03/2007 - 23:38
User Badges:
  • Blue, 1500 points or more

Hi,


Check the vlan 1 interface of the switch. The line may be "up" but the protocol may be "down". If this is the case, you must have an active client connection on vlan 1 for the SVI to go to an up/up condition . Once there is a live client on the switch you will see vlan 1 up/up.



glen.grant Sat, 03/31/2007 - 07:09
User Badges:
  • Purple, 4500 points or more

It is working correctly . When you turn on ip routing you cannot use the ip default-gateway command , you must use a static default route , not sure why you are turning on ip routing but that is another story . The reason everything else works is that is appears you are trunking to another layer 3 device which is the default gateway for your subnets , so all the clients have their default gateways pointed to that address so they would keep working as they are not pointed to anything on the problematic 3550. I think everything will normalize if you pull the ip default gatway command and add the default static route 0.0.0.0 0.0.0.0 10.2.232.250 . Is there some reason you feel you have to turn on ip routing ?

Richard Burts Sat, 03/31/2007 - 09:12
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Glen


The posted config clearly shows that a static route for 0.0.0.0 has already been configured.


Your assertion that the ip default-gateway may be causing the problem is not correct. I frequently configure layer 3 devices with ip default-gateway and it does not cause problems. You are correct that when the device is acting as a router (ip routing enabled) that the default-gateway is not used. But if the device is not routing (for example in rxboot) then the ip default-gateway would be used.


HTH


Rick

svanhandel Sat, 03/31/2007 - 09:28
User Badges:

The IP default gateway command has absolutely no effect if IP routing is enabled. Once ip routein

jasonrandolph Fri, 04/06/2007 - 14:02
User Badges:

Correct. Once the routing process is enabled IP default gateway no longer functions.


I'm wondering why "no IP subnet-zero" is enabled and why all the switch ports are set to dynamic desirable, but that is really neither here nor there.


What does the output of "show ip route" provide?


What is the default gateway of your client machines?

Richard Bradfield Tue, 04/03/2007 - 20:45
User Badges:
  • Silver, 250 points or more

Have you fixed this problem? looking at the posts on this it does not address the problem

has your 3550 have EMI or SMI IOS loaded that determines whether you could do L3 switching otherwise

You do your L3 routing on the 2811

create subinterfaces on the etherner ports

trunk to the switches, then on the switch ports use the "Switchport access vlan" command to select the required vlan


ecornwell Wed, 04/25/2007 - 11:35
User Badges:

Hello,


I was wondering if anyone has made any headway on this. We just put a 3550 in service and ran into the same problem.


I've got a very similar setup. I was working in the switch earlier today when this problem happened. I turned off ip routing and reloaded. Everything worked fine. I was able to pass a little data with the switch configured without routing but DHCP wouldn't work. I turned on ip routing and DHCP started working. A little while later my telnet session was closed and when I tried to reconntect the switch wouldn't respond.


I've got the latest code as of today loaded on the switch and still no luck.

ecornwell Thu, 04/26/2007 - 04:32
User Badges:

version 12.2

no service pad

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption

!

hostname SWITCH

!

enable secret ********************

no aaa new-model

clock timezone EST -5

clock summer-time EST recurring

ip subnet-zero

ip routing


!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

descr Currenlty used Port

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/2

switchport mode dynamic desirable

!

interface FastEthernet0/3

switchport mode dynamic desirable

!

interface FastEthernet0/4

switchport mode dynamic desirable

!

interface FastEthernet0/5

switchport mode dynamic desirable

!

interface FastEthernet0/6

switchport mode dynamic desirable

!

interface FastEthernet0/7

switchport mode dynamic desirable

!

interface FastEthernet0/8

switchport mode dynamic desirable

!

interface FastEthernet0/9

switchport mode dynamic desirable

!

interface FastEthernet0/10

switchport mode dynamic desirable

!

interface FastEthernet0/11

switchport mode dynamic desirable

!

interface FastEthernet0/12

switchport mode dynamic desirable

!

interface FastEthernet0/13

switchport mode dynamic desirable

!

interface FastEthernet0/14

switchport mode dynamic desirable

!

interface FastEthernet0/15

switchport mode dynamic desirable

!

interface FastEthernet0/16

switchport mode dynamic desirable

!

interface FastEthernet0/17

switchport mode dynamic desirable

!

interface FastEthernet0/18

switchport mode dynamic desirable

!

interface FastEthernet0/19

switchport mode dynamic desirable

!

interface FastEthernet0/20

switchport mode dynamic desirable

!

interface FastEthernet0/21

switchport mode dynamic desirable

!

interface FastEthernet0/22

switchport mode dynamic desirable

!

interface FastEthernet0/23

switchport mode dynamic desirable

!

interface FastEthernet0/24

switchport mode dynamic desirable

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

descr PORT NO LONGER USED

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Vlan1

ip address 1.1.0.10 225.255.252.0

!

interface Vlan60

ip address 1.2.0.1 255.255.252.0

ip helper-address 1.1.0.2

!

interface Vlan61

ip address 1.3.0.1 255.255.252.0

ip helper-address 1.1.0.2

!

interface Vlan62

ip address 1.4.0.1 255.255.252.0

ip helper-address 1.1.0.2

!

ip default-gateway 1.1.0.1

ip classless

ip route 0.0.0.0 0.0.0.0 1.1.0.1 permanent

ip http server

ip http secure-server

!

control-plane

!

ntp server 1.1.0.1

end


I changed a few things to hide addresses and stuff.

ddaugherty1264 Thu, 04/26/2007 - 07:36
User Badges:

All - I got tired of messing with this. My guess is there is a bug in the IOS version. I configured a 'router on a stick', and all works as expected.


ecornwell Thu, 04/26/2007 - 07:50
User Badges:

That's too bad... I was afriad that would happen.


What exactly is a 'router on a stick?'

cprice2k7 Fri, 04/27/2007 - 08:12
User Badges:

I had a similar issue with a 3550 switch. I opened a TAC case and was told to remove the MLS entries. Unfortunately I changed jobs before this could get implemented.

rseiler Fri, 04/27/2007 - 09:03
User Badges:
  • Silver, 250 points or more

You were only doing this on *ONE* 3550 switch, right? Not all 8? You would only need to do the ip routing on *ONE* (core?) 3550 switch and cannot have *ANY* other switches configured for routing without a much more complicated config.


Just checking. You sent one config but I would be interested in the config of the other 7 switches.


I have had *ZERO* issues with the Cisco 3550 switch for IP routing over the last 5 years...


Let me know if you would like to troubleshoot this further...

ecornwell Fri, 04/27/2007 - 09:17
User Badges:

I would love to get this working. We only have one layer 3 switch in this network and it was purchased to do vlan routing. Do you see anything wrong with the config I posted? I've followed the documents I found and the switch is setup almost the exact same way.


rseiler Fri, 04/27/2007 - 10:53
User Badges:
  • Silver, 250 points or more

I'm more interested in the config of the other 7 switches. How are they connected and configured?

ecornwell Sat, 04/28/2007 - 09:44
User Badges:

That wasn't me that posted that, I'm just having the exact same problem. The 3550 is the only layer 3 switch we have in that network. All other switches are connected through 802.1q trunks.

Hi,


Have you tried using vlan 1 as the native vlan for all trunks on connected switches?


vlan 1 or your management vlan should be used.


This should solve your issue. Each switch should have an dot1q trunk w/VLAN1 configured as the native vlan. This way your trunks will always pass traffic and you should be able to communicate with your switches (vty) on the configured vlan1 address.

ecornwell Mon, 04/30/2007 - 12:23
User Badges:

I'm not really sure what you're asking. Typically we don't change the native vlan on the switch.


We configure all switches for 802.1q trunks and we haven't had any problems at our main facility. We have used a very similar config on a 3750 and it works without and problems at another facility.


The really strange thing is that it works for a little while then just stops responding.

Actions

This Discussion