05-01-2008 09:11 AM - edited 03-05-2019 10:43 PM
I'm having trouble with our core switch. Int Vlan 1 and our switchport to our Pop switch are having conflicts. We're using a Catalyst 3750. Here is the abbreviated, edited for content config:
version 12.2
switch 1 provision ws-c3750g-24ts
ip subnet-zero
ip routing
interface GigabitEthernet1/0/1
no switchport
ip address x.x.x.129 255.255.255.128
duplex full
interface Vlan1
ip address x.x.x.33 255.255.255.224
router eigrp xxxx
redistribute static
network x.x.x.32 0.0.0.31
network x.x.x.96 0.0.0.7
network x.x.x.128 0.0.0.127
auto-summary
ip default-gateway x.x.x.1
The errors we are getting come in pairs:
(time): IP-EIGRP(Default-IP-Routing-Table:xxxx): Neighbor x.x.x.33 not on common subnet for Gigabit Ethernet1/0/1
(time): IP-EIGRP(Default-IP-Routing-Table:xxxx): Neighbor x.x.x.129 not on common subnet for Gigabit Ethernet1/0/1
1/0/1 isn't on a VLAN, hence the no switchport command. Yet, it's acting as if it's a VLAN mismatch. VTP Server is setup on the Pop switch, and on the Pop switch, the port to the core is Vlan 1. Any ideas?
Solved! Go to Solution.
05-01-2008 11:31 AM
Okay i'm confused as to why that affected all your users.
I made vlan 1 passive under the router eigrp config and this stopped the errors as well. But then you may as well just not have an entry for vlan 1 subnet under eigrp.
It does seem to be something specific to vlan 1 because if i remove ip address off vlan 1 and allocate it to either another vlan interface or a routed switchport then the error messages don't appear.
I need to do some debugging. When you tried reassigning vlan 1 ip address to a different vlan interface did you still get the error messages or were you just too busy trying to get your users back !
Jon
05-01-2008 09:44 AM
try no auto-summary under EIGRP process.
HTH
Sam
05-01-2008 09:54 AM
I just tried it, it rediscovered all the adjacencies and continued with the barrage of errors. Seems like no change.
05-01-2008 10:10 AM
Robert
I believe the issue may be with it being vlan 1 interface. I just had a look at this in our and got the same error as you with your config - i tried it on a 3560 switch.
Using a vlan interface other than vlan 1 seems to stop the error messages. Vlan 1 is slightly different from the other vlans in some respects. Is there any chance you could change the vlan interface and see what happens.
Jon
05-01-2008 10:28 AM
Jon,
I gave this a shot and no joy. It disconnected our users at L3, they couldn't ping their default gateway, which is the closest switchport on the L3 switch.
05-01-2008 10:31 AM
Robert
What vlan are you users in - vlan 1 ?
Can you
1) post full config of 3750
2) Is the POP switch a L2 or L3 switch ? Can you post config for this as well.
Jon
05-01-2008 10:38 AM
Vlan 1 is our administrative Vlan, users are on another one. My counterpart is editing the configs for the switches now.
05-01-2008 10:50 AM
Pop config--
Current configuration : 4475 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname NGS143(AQSYSCON2)
!
enable secret 5 xxxxxxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxx
!
username xxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username xxxxxxx privilege 10 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa authentication login default local
aaa authorization exec default local if-authenticated
!
aaa session-id common
switch 1 provision ws-c3750g-24ps
ip subnet-zero
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet1/0/1
description ** CN to NCORESW **
!
interface GigabitEthernet1/0/2
description ** CN to COCSW **
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/3
description ** CN to S6SW **
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/4
description ** CN to TECHSSW **
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/5
description super secret
switchport access vlan 109
switchport trunk encapsulation dot1q
shutdown
!
interface GigabitEthernet1/0/6
description ** CN to SOULTRAINSW **
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/7
description ** CN to NSYSCONSW **
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
description ***Cinnection to Snipers Switch***
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
switchport access vlan 109
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
switchport access vlan 99
!
interface GigabitEthernet1/0/24
description Conn to Vlan 150
switchport access vlan 150
!
interface GigabitEthernet1/0/25
description Conn to EOD
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address xxx.xxx.82.143 255.255.255.128
!
ip classless
no ip http server
ip http secure-server
!
!
ip access-list standard HAL_9000
permit xxx.xxx.82.61
permit xxx.xxx.82.62
!
snmp-server community xxxxxxx
radius-server source-ports 1645-1646
!
control-plane
!
privilege exec level 10 show startup-config
ntp clock-period 36035312
ntp server xxx.xxx.147.1
05-01-2008 10:56 AM
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname NGS129(CORE)
!
aaa new-model
aaa authentication login default local
aaa authorization exec default local if-authenticated
!
aaa session-id common
clock timezone baghdad 3
switch 1 provision ws-c3750g-24ts
ip subnet-zero
ip routing
ip domain-name xxxx
ip name-server xxx.xxx.82.34
no ip dhcp conflict logging
ip dhcp excluded-address xxx.xxx.82.113
!
ip multicast-routing distributed
ip multicast auto-enable
ip multicast multipath
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause unicast-flood
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
no file verify auto
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
class-map match-all test
match access-group 103
!
policy-map SCtest
class test
!
interface Loopback0
ip address xxx.xxx.210.11 255.255.255.255
!
interface GigabitEthernet1/0/1
description **CN to NSYSCONSW**
no switchport
ip address xxx.xxx.82.129 255.255.255.128
duplex full
!
interface GigabitEthernet1/0/2
description ** CN to NGR27 **
no switchport
ip address xxx.xxx.84.206 255.255.255.252
no keepalive
!
interface GigabitEthernet1/0/3
no switchport
ip address xxx.xxx.140.225 255.255.255.248
!
interface GigabitEthernet1/0/4
description ** CN to 1bnrctan01c (NDC) **
!
interface GigabitEthernet1/0/8
description ** CN to 1BNRCTAN02E
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
spanning-tree portfast
!
interface GigabitEthernet1/0/12
spanning-tree portfast
!
!
interface GigabitEthernet1/0/21
description ** Syscon Nipr Laptop **
!
!
interface GigabitEthernet1/0/23
description ** CN to Tarawa's V100 **
switchport access vlan 2
!
interface GigabitEthernet1/0/24
description ** CN to Tarawa's Taclane **
switchport access vlan 2
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
description Conn to GSWAN
no switchport
bandwidth 1000
ip address xxx.xxx.41.4 255.255.255.248
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
description Conn to EOD
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
ip address xxx.xxx.82.33 255.255.255.224
!
interface Vlan2
description ** Tarawa Subnet **
no ip address
!
router eigrp 6036
redistribute static
network xxx.xxx.41.0 0.0.0.7
network xxx.xxx.64.128 0.0.0.31
network xxx.xxx.82.32 0.0.0.31
network xxx.xxx.82.96 0.0.0.7
network xxx.xxx.82.128 0.0.0.127
network xxx.xxx.84.204 0.0.0.3
network xxx.xxx.92.160 0.0.0.31
network xxx.xxx.140.128 0.0.0.7
network xxx.xxx.140.224 0.0.0.7
network xxx.xxx.140.244 0.0.0.3
network xxx.xxx.140.0
network xxx.xxx.142.0 0.0.0.15
network xxx.xxx.176.128 0.0.0.31
no auto-summary
!
ip default-gateway xxx.xxx.84.1
ip classless
ip route xxx.xxx.82.0 255.255.255.0 xxx.xxx.84.205
ip http server
ip http secure-server
!
snmp-server community xxx
snmp-server community xxxxx
snmp-server enable traps bgp
snmp-server enable traps config
snmp-server enable traps ipmulticast
radius-server source-ports 1645-1646
!
control-plane
!
privilege exec level 10 show startup-config
!
ntp clock-period 36027702
ntp server xxx.xxx.82.1
05-01-2008 11:18 AM
Robert
I'm not sure why when you disabled vlan 1 all users lost connectivity. What is vlan 1 used for on this switch ie the 3750 core switch ? is it just management ?
Jon
05-01-2008 11:26 AM
Jon,
VLAN 1 is our subnet inside our server room, that's the subnet we use for our admin machines.
05-01-2008 11:31 AM
Okay i'm confused as to why that affected all your users.
I made vlan 1 passive under the router eigrp config and this stopped the errors as well. But then you may as well just not have an entry for vlan 1 subnet under eigrp.
It does seem to be something specific to vlan 1 because if i remove ip address off vlan 1 and allocate it to either another vlan interface or a routed switchport then the error messages don't appear.
I need to do some debugging. When you tried reassigning vlan 1 ip address to a different vlan interface did you still get the error messages or were you just too busy trying to get your users back !
Jon
05-02-2008 04:05 AM
Night shift found a workaround last night by removing the network statement for the .33 network. I'm not sure how that worked, but we still have full connectivity out and in. Thanks for all the help.
05-01-2008 11:00 AM
Robert
In the original post you gave this:
interface Vlan1
ip address x.x.x.33 255.255.255.224
and this defines a subnet which starts at .33 and ends at .63.
now from the pop switch you post:
interface Vlan1
ip address xxx.xxx.82.143 255.255.255.128
and .82 is not in the subnet defined on the first switch. This is the cause of the error.
HTH
Rick
05-01-2008 11:16 AM
Rick,
The original configs I sent were for the Core switch, not the Pop, which is .143; It was my mistake to post the Pop switch configs first. There are two posts due to the character limit. I had to strip off the banner and ACL's due to the limit.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: