09-17-2007 12:42 PM - edited 03-05-2019 06:32 PM
I can pass traffic thru the switches but when I'm logged into the switches on the console port, I can't ping anything, not even the default gateway. here's my config:
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname airport3750
!
enable password xxx
!
username damiens privilege 15 password xxx
username admin privilege 15 secret xxx
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
switch 1 provision ws-c3750g-24ts
vtp domain DCIPA
vtp mode transparent
ip subnet-zero
ip routing
ip cef load-sharing algorithm universal CB41AB75
ip domain-name dcipa.com
ip name-server 172.16.0.20
ip name-server 172.16.0.26
!
!
mls qos
!
crypto pki trustpoint TP-self-signed-3281851776
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3281851776
revocation-check none
rsakeypair TP-self-signed-3281851776
!
!
crypto ca certificate chain TP-self-signed-3281851776
certificate self-signed 01
no file verify auto
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 99
name voice
!
vlan 100
name ITSS
!
vlan 120
name DCIPA
!
vlan 121
name ABCT-Servers
!
vlan 300
name management
interface GigabitEthernet1/0/1
description to HMP
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 100
switchport voice vlan 99
!
interface GigabitEthernet1/0/6
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
..... etc.
!
interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan300
ip address 172.30.1.15 255.255.255.0
!
ip default-gateway 172.30.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 172.30.1.1
ip http server
no ip http secure-server
!
snmp-server community abct RW
snmp-server community public RO
!
control-plane
!
!
line con 0
logging synchronous
login local
line vty 0 4
password xxx
logging synchronous
login local
line vty 0 4
password xxx
logging synchronous
login
transport input telnet ssh
line vty 5 15
no login
transport input none
!
ntp clock-period 36028793
ntp access-group peer 4
ntp access-group serve 5
ntp server 172.30.1.1
!
end
09-17-2007 03:44 PM
I am guessing you configured the subnet mask correct. On VLAN300, you have /24. Also, I don't see any interface/port in vlan300. Is the default gateway on a different switch?
I see that the vtp mode is transparent. Could this be the issue?
09-17-2007 08:10 PM
Subnet mask is correct. Int vlan 300 is just used for management, therefore I don't need any ports in that vlan.
Default gateway is on a different switch.
Vtp mode is setup transparent because the switches connect over a fiber link and the ISP doesn't pass the vtp information thru, so it has to be transparent.
09-17-2007 08:16 PM
Is the port connecting to the default gateway (on the other switch) in VLAN300 as well?
Can you configure a port in VLAN300 on this Switch and try pinging the device connected to it?
09-17-2007 08:55 PM
Hi,
How are you connecting to defualt gateway ? which is the uplink port ?
As there is no L3 port configured in your configuration but you have enabled ip routing on the switch and have defined defualt route also but most of the ports are L2 and rest are not configured with any IP so routing just wonnt do anything.
But you have not shown the status of all the ports, if you are using routing on those ports then let it be like this only and paste the configuration of those ports also.
If all the port are L2 only, are you connected to the defualt gateway with some trunk port, kindly check the status of trunking on that port.
Kindly check if you are able to ping the 172.30.1.15 from defualt gateway switch ?
** Also you have enabled portfast on your trunk port i.e. interface GigabitEthernet1/0/24 , you shouldnt have portfast on trunk port.
rgds
09-18-2007 06:24 AM
sho int trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 1
Gi1/0/23 on 802.1q trunking 1
Gi1/0/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/1 1-4094
Gi1/0/23 1-4094
Gi1/0/24 1-4094
Port Vlans allowed and active in management domain
Gi1/0/1 1,99-100,120-121,300
Gi1/0/23 1,99-100,120-121,300
Gi1/0/24 1,99-100,120-121,300
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 1,99-100,120-121,300
Gi1/0/23 1,99-100,120-121,300
Gi1/0/24 1,99-100,120-121,300
I put an interface on the switch in vlan 300, assigned myself an ip address and I was able to ping the switch from my laptop and the laptop from the switch.
1. uplink port is port 1/0/1
2. I tried turning off IP routing and it made no difference.
3. I cannot ping 172.30.1.15 from the other switch either.
4. I turned off portfast for 1/0/24.
09-18-2007 06:44 AM
Is the default gateway 172.30.1.15 actually on VLAN 300? How is the default gateway itself configured, and what platform is it?
Kevin Dorrell
Luxembourg
09-18-2007 06:46 AM
the default gateway is 172.30.1.1 and it's in VLAN 300. It's on a Cisco 6513 switch.
The IP address 172.30.1.15 is the ip assigned to the interface VLAN 300 on the local switch.
09-18-2007 07:03 AM
In that case, I don't think you have continuity between VLAN 300 on the local switch and VLAN 300 on the 6513. If you do a show spanning-tree vlan 300 on each switch, do they show the same root?
Kevin Dorrell
Luxembourg
09-18-2007 07:23 AM
The VTP is setup in Server mode on the 6513 and it's setup in Transparent mode on the 3750. I can't setup the 3750 in client mode because that won't pass thru the ISP.
6500-1#sho spanning-tree vlan 300
VLAN0300
Spanning tree enabled protocol ieee
Root ID Priority 33068
Address 0009.e889.9980
Cost 4
Port 392 (GigabitEthernet4/8)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33068 (priority 32768 sys-id-ext 300)
Address 000d.662e.1340
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------
Gi4/7 Desg FWD 4 128.391 P2p
Gi4/8 Root FWD 4 128.392 P2p
Gi4/10 Desg FWD 4 128.394 P2p
Gi4/12 Desg FWD 4 128.396 P2p
Gi4/13 Desg FWD 4 128.397 P2p
Gi9/1 Desg FWD 4 128.1025 P2p
3750#show spanning-tree vlan 300
VLAN0300
Spanning tree enabled protocol ieee
Root ID Priority 33068
Address 0013.c3ca.9d80
Cost 4
Port 23 (GigabitEthernet1/0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33068 (priority 32768 sys-id-ext 300)
Address 0013.c3ca.fa00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 100 128.1 P2p
Gi1/0/23 Root FWD 4 128.23 P2p
Gi1/0/24 Desg FWD 19 128.24 P2p
09-18-2007 07:59 AM
So that shows that there is no continuity between the two versions of VLAN 300. The two sides are showing different root bridges: 0013.c3ca.9d80 and 0009.e889.9980. And that is independent of the VTP. The VTP only sets up the VLAN database - it doesn't take part in the Spanning Tree itself.
(Futhermore, neither switch in this exercise is the root of VLAN 300).
Having said that, I am now out of my depth because I have never run LAN across a Service Provider cloud yet. Normally, does the cloud pass Spanning Tree BPDUs? Perhaps someone with more experience of this situation could take over. How is it supposed to work? Aren't you supposed to configure q-in-q or something?
Kevin Dorrell
Luxembourg
09-18-2007 08:08 AM
No, we don't have Q-in-Q setup yet. the provider is just allowing us to pass certain VLANs thru. Spanning tree BPDUs aren't passed thru. CDP is not passed thru either so if I do a sho cdp neighbor, I only see local devices.
We have another location that's setup exactly the same way and that one works just fine.
09-18-2007 09:01 PM
You have another location that is working fine with the same setup. And as far as I can see you have no evidence yet that any traffic at all is crossing the cloud from the new switch. So I would approach the Service Provider to see if they can test their connection.
Kevin Dorrell
Luxembourg
09-19-2007 12:44 AM
Hi,
So the case is that you have 3750 which is connected to 6500 via Service Provider and provider does not allowed STP and CDP to pass through, but only some of your VLANs.
As STP information is not passing through Service Provider then root of both switches will be different.
Not you but Service Provider will be using QinQ at his end to pass your vlan information transparently to other end.
As kevin suggested you may need to involve your service provider also.
I still want to check couple of things
As you said in your first post that you are not able to ping the default gateway from switch but traffic passing through the switch normally. does that mean except ping everything else working normal i.e. from desktop connected to 3750 can access the resources at 6500 end ?
and then you said you are able to ping the switch from desktop in vlan 300. were you able to ping both 3750 and 6500 IP Address?
best regards,
09-19-2007 06:09 AM
Actually it was a service provider issue. they had provisioned vlan 399 instead of 300 on their end. He changed that and all is working fine now. Thank you everybody for all of your help though.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: