Subnet conflict on L3 Switch?

Answered Question
May 1st, 2008

I'm having trouble with our core switch. Int Vlan 1 and our switchport to our Pop switch are having conflicts. We're using a Catalyst 3750. Here is the abbreviated, edited for content config:

version 12.2

switch 1 provision ws-c3750g-24ts

ip subnet-zero

ip routing

interface GigabitEthernet1/0/1

no switchport

ip address x.x.x.129 255.255.255.128

duplex full

interface Vlan1

ip address x.x.x.33 255.255.255.224

router eigrp xxxx

redistribute static

network x.x.x.32 0.0.0.31

network x.x.x.96 0.0.0.7

network x.x.x.128 0.0.0.127

auto-summary

ip default-gateway x.x.x.1

The errors we are getting come in pairs:

(time): IP-EIGRP(Default-IP-Routing-Table:xxxx): Neighbor x.x.x.33 not on common subnet for Gigabit Ethernet1/0/1

(time): IP-EIGRP(Default-IP-Routing-Table:xxxx): Neighbor x.x.x.129 not on common subnet for Gigabit Ethernet1/0/1

1/0/1 isn't on a VLAN, hence the no switchport command. Yet, it's acting as if it's a VLAN mismatch. VTP Server is setup on the Pop switch, and on the Pop switch, the port to the core is Vlan 1. Any ideas?

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 7 months ago

Okay i'm confused as to why that affected all your users.

I made vlan 1 passive under the router eigrp config and this stopped the errors as well. But then you may as well just not have an entry for vlan 1 subnet under eigrp.

It does seem to be something specific to vlan 1 because if i remove ip address off vlan 1 and allocate it to either another vlan interface or a routed switchport then the error messages don't appear.

I need to do some debugging. When you tried reassigning vlan 1 ip address to a different vlan interface did you still get the error messages or were you just too busy trying to get your users back !

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
robert.bahr Thu, 05/01/2008 - 09:54

I just tried it, it rediscovered all the adjacencies and continued with the barrage of errors. Seems like no change.

Jon Marshall Thu, 05/01/2008 - 10:10

Robert

I believe the issue may be with it being vlan 1 interface. I just had a look at this in our and got the same error as you with your config - i tried it on a 3560 switch.

Using a vlan interface other than vlan 1 seems to stop the error messages. Vlan 1 is slightly different from the other vlans in some respects. Is there any chance you could change the vlan interface and see what happens.

Jon

robert.bahr Thu, 05/01/2008 - 10:28

Jon,

I gave this a shot and no joy. It disconnected our users at L3, they couldn't ping their default gateway, which is the closest switchport on the L3 switch.

Jon Marshall Thu, 05/01/2008 - 10:31

Robert

What vlan are you users in - vlan 1 ?

Can you

1) post full config of 3750

2) Is the POP switch a L2 or L3 switch ? Can you post config for this as well.

Jon

robert.bahr Thu, 05/01/2008 - 10:38

Vlan 1 is our administrative Vlan, users are on another one. My counterpart is editing the configs for the switches now.

robert.bahr Thu, 05/01/2008 - 10:50

Pop config--

Current configuration : 4475 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname NGS143(AQSYSCON2)

!

enable secret 5 xxxxxxxxxxxxxxxxx

enable password 7 xxxxxxxxxxxxxx

!

username xxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

username xxxxxxx privilege 10 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

aaa new-model

aaa authentication login default local

aaa authorization exec default local if-authenticated

!

aaa session-id common

switch 1 provision ws-c3750g-24ps

ip subnet-zero

!

!

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

interface GigabitEthernet1/0/1

description ** CN to NCORESW **

!

interface GigabitEthernet1/0/2

description ** CN to COCSW **

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/3

description ** CN to S6SW **

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/4

description ** CN to TECHSSW **

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/5

description super secret

switchport access vlan 109

switchport trunk encapsulation dot1q

shutdown

!

interface GigabitEthernet1/0/6

description ** CN to SOULTRAINSW **

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/7

description ** CN to NSYSCONSW **

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

description ***Cinnection to Snipers Switch***

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

switchport access vlan 109

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

switchport access vlan 99

!

interface GigabitEthernet1/0/24

description Conn to Vlan 150

switchport access vlan 150

!

interface GigabitEthernet1/0/25

description Conn to EOD

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface Vlan1

ip address xxx.xxx.82.143 255.255.255.128

!

ip classless

no ip http server

ip http secure-server

!

!

ip access-list standard HAL_9000

permit xxx.xxx.82.61

permit xxx.xxx.82.62

!

snmp-server community xxxxxxx

radius-server source-ports 1645-1646

!

control-plane

!

privilege exec level 10 show startup-config

ntp clock-period 36035312

ntp server xxx.xxx.147.1

robert.bahr Thu, 05/01/2008 - 10:56

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname NGS129(CORE)

!

aaa new-model

aaa authentication login default local

aaa authorization exec default local if-authenticated

!

aaa session-id common

clock timezone baghdad 3

switch 1 provision ws-c3750g-24ts

ip subnet-zero

ip routing

ip domain-name xxxx

ip name-server xxx.xxx.82.34

no ip dhcp conflict logging

ip dhcp excluded-address xxx.xxx.82.113

!

ip multicast-routing distributed

ip multicast auto-enable

ip multicast multipath

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause security-violation

errdisable recovery cause channel-misconfig

errdisable recovery cause pagp-flap

errdisable recovery cause dtp-flap

errdisable recovery cause link-flap

errdisable recovery cause gbic-invalid

errdisable recovery cause psecure-violation

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause unicast-flood

errdisable recovery cause vmps

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery cause loopback

no file verify auto

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

class-map match-all test

match access-group 103

!

policy-map SCtest

class test

!

interface Loopback0

ip address xxx.xxx.210.11 255.255.255.255

!

interface GigabitEthernet1/0/1

description **CN to NSYSCONSW**

no switchport

ip address xxx.xxx.82.129 255.255.255.128

duplex full

!

interface GigabitEthernet1/0/2

description ** CN to NGR27 **

no switchport

ip address xxx.xxx.84.206 255.255.255.252

no keepalive

!

interface GigabitEthernet1/0/3

no switchport

ip address xxx.xxx.140.225 255.255.255.248

!

interface GigabitEthernet1/0/4

description ** CN to 1bnrctan01c (NDC) **

!

interface GigabitEthernet1/0/8

description ** CN to 1BNRCTAN02E

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

spanning-tree portfast

!

interface GigabitEthernet1/0/12

spanning-tree portfast

!

!

interface GigabitEthernet1/0/21

description ** Syscon Nipr Laptop **

!

!

interface GigabitEthernet1/0/23

description ** CN to Tarawa's V100 **

switchport access vlan 2

!

interface GigabitEthernet1/0/24

description ** CN to Tarawa's Taclane **

switchport access vlan 2

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

description Conn to GSWAN

no switchport

bandwidth 1000

ip address xxx.xxx.41.4 255.255.255.248

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

description Conn to EOD

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Vlan1

ip address xxx.xxx.82.33 255.255.255.224

!

interface Vlan2

description ** Tarawa Subnet **

no ip address

!

router eigrp 6036

redistribute static

network xxx.xxx.41.0 0.0.0.7

network xxx.xxx.64.128 0.0.0.31

network xxx.xxx.82.32 0.0.0.31

network xxx.xxx.82.96 0.0.0.7

network xxx.xxx.82.128 0.0.0.127

network xxx.xxx.84.204 0.0.0.3

network xxx.xxx.92.160 0.0.0.31

network xxx.xxx.140.128 0.0.0.7

network xxx.xxx.140.224 0.0.0.7

network xxx.xxx.140.244 0.0.0.3

network xxx.xxx.140.0

network xxx.xxx.142.0 0.0.0.15

network xxx.xxx.176.128 0.0.0.31

no auto-summary

!

ip default-gateway xxx.xxx.84.1

ip classless

ip route xxx.xxx.82.0 255.255.255.0 xxx.xxx.84.205

ip http server

ip http secure-server

!

snmp-server community xxx

snmp-server community xxxxx

snmp-server enable traps bgp

snmp-server enable traps config

snmp-server enable traps ipmulticast

radius-server source-ports 1645-1646

!

control-plane

!

privilege exec level 10 show startup-config

!

ntp clock-period 36027702

ntp server xxx.xxx.82.1

Jon Marshall Thu, 05/01/2008 - 11:18

Robert

I'm not sure why when you disabled vlan 1 all users lost connectivity. What is vlan 1 used for on this switch ie the 3750 core switch ? is it just management ?

Jon

robert.bahr Thu, 05/01/2008 - 11:26

Jon,

VLAN 1 is our subnet inside our server room, that's the subnet we use for our admin machines.

Correct Answer
Jon Marshall Thu, 05/01/2008 - 11:31

Okay i'm confused as to why that affected all your users.

I made vlan 1 passive under the router eigrp config and this stopped the errors as well. But then you may as well just not have an entry for vlan 1 subnet under eigrp.

It does seem to be something specific to vlan 1 because if i remove ip address off vlan 1 and allocate it to either another vlan interface or a routed switchport then the error messages don't appear.

I need to do some debugging. When you tried reassigning vlan 1 ip address to a different vlan interface did you still get the error messages or were you just too busy trying to get your users back !

Jon

robert.bahr Fri, 05/02/2008 - 04:05

Night shift found a workaround last night by removing the network statement for the .33 network. I'm not sure how that worked, but we still have full connectivity out and in. Thanks for all the help.

Richard Burts Thu, 05/01/2008 - 11:00

Robert

In the original post you gave this:

interface Vlan1

ip address x.x.x.33 255.255.255.224

and this defines a subnet which starts at .33 and ends at .63.

now from the pop switch you post:

interface Vlan1

ip address xxx.xxx.82.143 255.255.255.128

and .82 is not in the subnet defined on the first switch. This is the cause of the error.

HTH

Rick

robert.bahr Thu, 05/01/2008 - 11:16

Rick,

The original configs I sent were for the Core switch, not the Pop, which is .143; It was my mistake to post the Pop switch configs first. There are two posts due to the character limit. I had to strip off the banner and ACL's due to the limit.

Actions

This Discussion