cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5308
Views
0
Helpful
16
Replies

cannot ping anywhere on 3750 switches

gflorescu
Level 1
Level 1

I can pass traffic thru the switches but when I'm logged into the switches on the console port, I can't ping anything, not even the default gateway. here's my config:

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

hostname airport3750

!

enable password xxx

!

username damiens privilege 15 password xxx

username admin privilege 15 secret xxx

no aaa new-model

clock timezone PST -8

clock summer-time PDT recurring

switch 1 provision ws-c3750g-24ts

vtp domain DCIPA

vtp mode transparent

ip subnet-zero

ip routing

ip cef load-sharing algorithm universal CB41AB75

ip domain-name dcipa.com

ip name-server 172.16.0.20

ip name-server 172.16.0.26

!

!

mls qos

!

crypto pki trustpoint TP-self-signed-3281851776

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3281851776

revocation-check none

rsakeypair TP-self-signed-3281851776

!

!

crypto ca certificate chain TP-self-signed-3281851776

certificate self-signed 01

no file verify auto

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 99

name voice

!

vlan 100

name ITSS

!

vlan 120

name DCIPA

!

vlan 121

name ABCT-Servers

!

vlan 300

name management

interface GigabitEthernet1/0/1

description to HMP

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/2

switchport access vlan 100

switchport voice vlan 99

spanning-tree portfast

!

interface GigabitEthernet1/0/3

switchport access vlan 100

switchport voice vlan 99

spanning-tree portfast

!

interface GigabitEthernet1/0/4

switchport access vlan 100

switchport voice vlan 99

spanning-tree portfast

!

interface GigabitEthernet1/0/5

switchport access vlan 100

switchport voice vlan 99

!

interface GigabitEthernet1/0/6

switchport access vlan 100

switchport voice vlan 99

spanning-tree portfast

!

interface GigabitEthernet1/0/7

switchport access vlan 100

switchport voice vlan 99

spanning-tree portfast

!

interface GigabitEthernet1/0/8

switchport access vlan 100

switchport voice vlan 99

spanning-tree portfast

..... etc.

!

interface GigabitEthernet1/0/23

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/24

switchport trunk encapsulation dot1q

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface Vlan1

no ip address

shutdown

!

interface Vlan300

ip address 172.30.1.15 255.255.255.0

!

ip default-gateway 172.30.1.1

ip classless

ip route 0.0.0.0 0.0.0.0 172.30.1.1

ip http server

no ip http secure-server

!

snmp-server community abct RW

snmp-server community public RO

!

control-plane

!

!

line con 0

logging synchronous

login local

line vty 0 4

password xxx

logging synchronous

login local

line vty 0 4

password xxx

logging synchronous

login

transport input telnet ssh

line vty 5 15

no login

transport input none

!

ntp clock-period 36028793

ntp access-group peer 4

ntp access-group serve 5

ntp server 172.30.1.1

!

end

16 Replies 16

sgelli
Level 4
Level 4

I am guessing you configured the subnet mask correct. On VLAN300, you have /24. Also, I don't see any interface/port in vlan300. Is the default gateway on a different switch?

I see that the vtp mode is transparent. Could this be the issue?

Subnet mask is correct. Int vlan 300 is just used for management, therefore I don't need any ports in that vlan.

Default gateway is on a different switch.

Vtp mode is setup transparent because the switches connect over a fiber link and the ISP doesn't pass the vtp information thru, so it has to be transparent.

Is the port connecting to the default gateway (on the other switch) in VLAN300 as well?

Can you configure a port in VLAN300 on this Switch and try pinging the device connected to it?

Hi,

How are you connecting to defualt gateway ? which is the uplink port ?

As there is no L3 port configured in your configuration but you have enabled ip routing on the switch and have defined defualt route also but most of the ports are L2 and rest are not configured with any IP so routing just wonnt do anything.

But you have not shown the status of all the ports, if you are using routing on those ports then let it be like this only and paste the configuration of those ports also.

If all the port are L2 only, are you connected to the defualt gateway with some trunk port, kindly check the status of trunking on that port.

Kindly check if you are able to ping the 172.30.1.15 from defualt gateway switch ?

** Also you have enabled portfast on your trunk port i.e. interface GigabitEthernet1/0/24 , you shouldnt have portfast on trunk port.

rgds

sho int trunk

Port Mode Encapsulation Status Native vlan

Gi1/0/1 on 802.1q trunking 1

Gi1/0/23 on 802.1q trunking 1

Gi1/0/24 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi1/0/1 1-4094

Gi1/0/23 1-4094

Gi1/0/24 1-4094

Port Vlans allowed and active in management domain

Gi1/0/1 1,99-100,120-121,300

Gi1/0/23 1,99-100,120-121,300

Gi1/0/24 1,99-100,120-121,300

Port Vlans in spanning tree forwarding state and not pruned

Gi1/0/1 1,99-100,120-121,300

Gi1/0/23 1,99-100,120-121,300

Gi1/0/24 1,99-100,120-121,300

I put an interface on the switch in vlan 300, assigned myself an ip address and I was able to ping the switch from my laptop and the laptop from the switch.

1. uplink port is port 1/0/1

2. I tried turning off IP routing and it made no difference.

3. I cannot ping 172.30.1.15 from the other switch either.

4. I turned off portfast for 1/0/24.

Is the default gateway 172.30.1.15 actually on VLAN 300? How is the default gateway itself configured, and what platform is it?

Kevin Dorrell

Luxembourg

the default gateway is 172.30.1.1 and it's in VLAN 300. It's on a Cisco 6513 switch.

The IP address 172.30.1.15 is the ip assigned to the interface VLAN 300 on the local switch.

In that case, I don't think you have continuity between VLAN 300 on the local switch and VLAN 300 on the 6513. If you do a show spanning-tree vlan 300 on each switch, do they show the same root?

Kevin Dorrell

Luxembourg

The VTP is setup in Server mode on the 6513 and it's setup in Transparent mode on the 3750. I can't setup the 3750 in client mode because that won't pass thru the ISP.

6500-1#sho spanning-tree vlan 300

VLAN0300

Spanning tree enabled protocol ieee

Root ID Priority 33068

Address 0009.e889.9980

Cost 4

Port 392 (GigabitEthernet4/8)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33068 (priority 32768 sys-id-ext 300)

Address 000d.662e.1340

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------

Gi4/7 Desg FWD 4 128.391 P2p

Gi4/8 Root FWD 4 128.392 P2p

Gi4/10 Desg FWD 4 128.394 P2p

Gi4/12 Desg FWD 4 128.396 P2p

Gi4/13 Desg FWD 4 128.397 P2p

Gi9/1 Desg FWD 4 128.1025 P2p

3750#show spanning-tree vlan 300

VLAN0300

Spanning tree enabled protocol ieee

Root ID Priority 33068

Address 0013.c3ca.9d80

Cost 4

Port 23 (GigabitEthernet1/0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33068 (priority 32768 sys-id-ext 300)

Address 0013.c3ca.fa00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/0/1 Desg FWD 100 128.1 P2p

Gi1/0/23 Root FWD 4 128.23 P2p

Gi1/0/24 Desg FWD 19 128.24 P2p

So that shows that there is no continuity between the two versions of VLAN 300. The two sides are showing different root bridges: 0013.c3ca.9d80 and 0009.e889.9980. And that is independent of the VTP. The VTP only sets up the VLAN database - it doesn't take part in the Spanning Tree itself.

(Futhermore, neither switch in this exercise is the root of VLAN 300).

Having said that, I am now out of my depth because I have never run LAN across a Service Provider cloud yet. Normally, does the cloud pass Spanning Tree BPDUs? Perhaps someone with more experience of this situation could take over. How is it supposed to work? Aren't you supposed to configure q-in-q or something?

Kevin Dorrell

Luxembourg

No, we don't have Q-in-Q setup yet. the provider is just allowing us to pass certain VLANs thru. Spanning tree BPDUs aren't passed thru. CDP is not passed thru either so if I do a sho cdp neighbor, I only see local devices.

We have another location that's setup exactly the same way and that one works just fine.

You have another location that is working fine with the same setup. And as far as I can see you have no evidence yet that any traffic at all is crossing the cloud from the new switch. So I would approach the Service Provider to see if they can test their connection.

Kevin Dorrell

Luxembourg

Hi,

So the case is that you have 3750 which is connected to 6500 via Service Provider and provider does not allowed STP and CDP to pass through, but only some of your VLANs.

As STP information is not passing through Service Provider then root of both switches will be different.

Not you but Service Provider will be using QinQ at his end to pass your vlan information transparently to other end.

As kevin suggested you may need to involve your service provider also.

I still want to check couple of things

As you said in your first post that you are not able to ping the default gateway from switch but traffic passing through the switch normally. does that mean except ping everything else working normal i.e. from desktop connected to 3750 can access the resources at 6500 end ?

and then you said you are able to ping the switch from desktop in vlan 300. were you able to ping both 3750 and 6500 IP Address?

best regards,

Actually it was a service provider issue. they had provisioned vlan 399 instead of 300 on their end. He changed that and all is working fine now. Thank you everybody for all of your help though.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: