05-21-2008 10:51 AM - edited 03-05-2019 11:08 PM
I have a 4506 with about 30 SVI's. I have a connection through a metro service provider for a branch with a 3560 in layer 3. It has a few SVI's on it. I am running EIGRP between the 3560 and my 4506. router eigrp 100, network 10.0.0.0, auto sum. The problem is on the 3560 i keep getting a "IP-EIGRP(Default-IP-Routing-Table:100): Neighbor 10.0.34.1 not on common subnet for Vlan1" I have double checked the configs and i have vlan 34 configured correctly. it is configured just like all of my other SVI's on the 4506. why would i be getting this error? The configuration works great, the error just keeps showing up in the log
Solved! Go to Solution.
05-21-2008 01:54 PM
Alright, man. Sorry for the confusion. It isnt easy to follow the conversations on here sometimes.
Just to summarize my recommendations:
1.) As Edison pointed out, you should be pruning your dot1q trunk on the 4506 -- in other words, only allow traffic from the vlans you want traversing the trunk. In your case, its vlan 1, and everyone else will get blocked. Use the command I gave you.
NOTE: You mentioned bringing up more vlans in the future, so if you are going to span another vlan across the provider link, you must also allow that one, too. You added vlan 50 on the 3560 end, but that vlan is local to that side. Its not traversing the link, so you dont need to allow it across. Im talking about a case in which a vlan exists on BOTH sides and there are hosts sitting on that vlan on both sides. In that case, you would allow it through on the trunk.
I know I beat a dead horse. :-)
2.) On the 3560 end, convert that service provider-facing port to a dot1q and make sure you allow vlan 1 and block everything else.
HTH
Victor
05-21-2008 03:51 PM
I'm not questioning your design. When I ask a question is for a reason. I asked before if you were trunking the interface and you said no. About 5 responses later, it comes to light that you are trunking. That was a time wasted for you and for me.
Again, I asked you if you were pruning the Vlans and you said you are only sending Vlan 1 towards the ISP. The portion of the config above clearly indicates that you aren't pruning and all the Vlans are being forwarded to the HP switch. You don't want that as it can create problems. You have no control on the HP side so you want to limit what is sent to the ISP. They told only Vlan 1 is the transport Vlan, then you only send that Vlan and prune the rest.
You should have asked those questions before. I can't tell the level of knowledge from a poster unless the poster ask for more clarification.
The problem indicates there is a Vlan leakage from the HP to the 3750 within the ISP and it's passing Vlan 34 for some odd reason. You can control this behavior by pruning your Vlans per Victor's command.
Let us know how it works out.
__
Edison.
05-21-2008 10:53 AM
4506 routing table
Gateway of last resort is 10.0.0.75 to network 0.0.0.0
5.0.0.0/24 is subnetted, 1 subnets
C 5.5.5.0 is directly connected, Loopback0
C 192.168.250.0/24 is directly connected, Vlan250
10.0.0.0/8 is variably subnetted, 19 subnets, 2 masks
C 10.0.10.0/24 is directly connected, Vlan10
C 10.0.11.0/24 is directly connected, Vlan11
C 10.0.0.0/21 is directly connected, Vlan1
C 10.0.27.0/24 is directly connected, Vlan27
C 10.0.30.0/24 is directly connected, Vlan30
C 10.0.28.0/24 is directly connected, Vlan28
C 10.0.23.0/24 is directly connected, Vlan23
C 10.0.41.0/24 is directly connected, Vlan41
C 10.0.45.0/24 is directly connected, Vlan45
C 10.0.34.0/24 is directly connected, Vlan34
C 10.0.35.0/24 is directly connected, Vlan35
C 10.0.32.0/24 is directly connected, Vlan32
C 10.0.38.0/24 is directly connected, Vlan38
C 10.0.39.0/24 is directly connected, Vlan39
C 10.0.36.0/24 is directly connected, Vlan36
D 10.0.50.0/24 [90/3072] via 10.0.2.76, 15:52:13, Vlan1
C 10.0.103.0/24 is directly connected, Vlan103
C 10.0.100.0/24 is directly connected, Vlan100
C 10.0.101.0/24 is directly connected, Vlan101
C 192.168.252.0/24 is directly connected, Vlan252
S* 0.0.0.0/0 [1/0] via 10.0.0.75
05-21-2008 10:53 AM
3560 routing table
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 19 subnets, 2 masks
D 10.0.10.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.11.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
C 10.0.0.0/21 is directly connected, Vlan1
D 10.0.27.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.30.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.28.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.23.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.41.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.45.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.34.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.35.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.32.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.38.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.39.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.36.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
C 10.0.50.0/24 is directly connected, Vlan50
D 10.0.103.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.100.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan1
D 10.0.101.0/24 [90/3072] via 10.0.0.1, 00:14:28, Vlan
05-21-2008 11:26 AM
Let's see your "router eigrp" portion of the config from both routers.
__
Edison.
05-21-2008 11:32 AM
!
router eigrp 100
network 10.0.0.0 0.0.255.255
no auto-summary
!
It's the same on both.
05-21-2008 11:40 AM
Are you trunking Vlan34 along with Vlan1 ?
The 3560 is receiving EIGRP Hello packets from Vlan34 on Vlan1. The hello packets are multicast with TTL of 1 so they aren't routed.
Verify your native Vlan and/or trunking is in order between these links.
__
Edison.
05-21-2008 11:48 AM
I can't trunk vlan 34 to that location. I'm routing over a metro vlan connection between two buildings. it goes through our ISP on a layer 2 vlan to one of our branches. It is all running over vlan 1. 10.0.0.1 is the 4506 and 10.0.2.76 is the 3560. (/21). 4506 and 3560 both advertising 10.0.0.0 /16.
yes, i have a lot of devices on vlan 1. trying to segment.
05-21-2008 11:56 AM
Are you saying Vlan34 is part of the MetroE connection towards another building and Vlan1 is part of the MetroE connection towards the 3560 ?
If so, it seems there is a Vlan leakage in the MetroE and 3560 is seeing Vlan34 on that MetroE cloud.
I've seen that problem in Frame-Relay networks with improper frame-mappings but never on MetroE.
If you issue a show cdp neighbor on both switches, what do you see? Can you post the output ?
__
Edison.
05-21-2008 11:57 AM
Maybe its a good idea to post the entire configs so we dont have to guess...
Victor
05-21-2008 12:02 PM
thanks for helping out. But NO. vlan 34 is not a part of the metro connection. On my 4506, I have an ACCESS PORT on vlan 1 connecting to the ISP switch. They have a layer 2 vlan to my branch. I have a 3560 in layer 3. it has 2 SVI's. One for vlan 1 and the other for vlan 50. (i plan to add more). I have....
!
router eigrp 100
network 10.0.0.0 0.0.255.255
no auto-summary
!
.....on both 4506 and 3560. The 3560 is the one that has the error in the log. It is receiving all of the updates from the 4506. the 4506 and 3560 are advertising 10.0.0.0 /16.
05-21-2008 12:16 PM
Please post sanitized configs along with the cdp neighbor output as I requested before. Else, I can't continue troubleshooting this problem.
__
Edison.
05-21-2008 12:22 PM
----3560----
ip routing
!
vlan 50
name TEST
!
interface GigabitEthernet0/1
description Uplink
switchport mode access
!
interface Vlan1
ip address 10.0.2.76 255.255.248.0
!
interface Vlan50
ip address 10.0.50.1 255.255.255.0
!
router eigrp 100
network 10.0.0.0 0.0.255.255
no auto-summary
05-21-2008 12:23 PM
ip multicast-routing
!
vlan 3
name SAN
!
vlan 10
name WIFIMGT
!
vlan 11
name WIFIInt
!
vlan 20
name IT
!
vlan 21
name *
!
vlan 22
name *
!
vlan 23
name *
!
vlan 24
name *
!
vlan 25
name *
!
vlan 26
name *
!
vlan 27
name *
!
vlan 28
name *
!
vlan 29
name *
!
vlan 30
name *
!
vlan 31
name *
!
vlan 32
name *
!
vlan 33
name *
!
vlan 34
name *
!
vlan 35
name *
!
vlan 36
name *
!
vlan 37
name *
!
vlan 38
name *
!
vlan 39
name A*
!
vlan 41
name *
!
vlan 45
name *
!
vlan 100
name *_VOIP
!
vlan 101
name *_VOIP
!
vlan 103
name *_VOIP
!
vlan 250
name *
!
vlan 252
name *
!
interface Loopback0
ip address 5.5.5.5 255.255.255.0
ip pim sparse-mode
interface FastEthernet5/48
description ISP P2P
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
interface Vlan1
description Data
ip address 10.0.0.1 255.255.248.0
!
interface Vlan10
description WIFIMGT
ip address 10.0.10.1 255.255.255.0
!
interface Vlan11
description WIFIInt
ip address 10.0.11.1 255.255.255.0
!
interface Vlan20
description IT
ip address 10.0.20.1 255.255.255.0
ip helper-address 10.0.0.30
shutdown
!
interface Vlan22
description *
ip address 10.0.22.1 255.255.255.0
ip helper-address 10.0.0.30
shutdown
!
interface Vlan23
description *
ip address 10.0.23.1 255.255.255.0
ip helper-address 10.0.0.30
!
interface Vlan24
description *
ip address 10.0.24.1 255.255.255.0
ip helper-address 10.0.0.30
shutdown
!
interface Vlan25
description *
ip address 10.0.25.1 255.255.255.0
ip helper-address 10.0.0.30
shutdown
!
interface Vlan26
description *
ip address 10.0.26.1 255.255.255.0
ip helper-address 10.0.0.30
shutdown
!
interface Vlan27
description *
ip address 10.0.27.1 255.255.255.0
ip helper-address 10.0.0.30
!
interface Vlan28
description *
ip address 10.0.28.1 255.255.255.0
ip helper-address 10.0.0.30
!
interface Vlan29
description *
ip address 10.0.29.1 255.255.255.0
ip helper-address 10.0.0.30
shutdown
!
interface Vlan30
description *
ip address 10.0.30.1 255.255.255.0
ip helper-address 10.0.0.30
ip pim dense-mode
!
interface Vlan31
description *
ip address 10.0.31.1 255.255.255.0
ip helper-address 10.0.0.30
shutdown
!
interface Vlan32
description *
ip address 10.0.32.1 255.255.255.0
ip helper-address 10.0.0.30
!
interface Vlan33
description *
ip address 10.0.33.1 255.255.255.0
ip helper-address 10.0.0.30
shutdown
!
interface Vlan34
description *
ip address 10.0.34.1 255.255.255.0
ip helper-address 10.0.0.30
!
interface Vlan35
description *
ip address 10.0.35.1 255.255.255.0
ip helper-address 10.0.0.30
!
interface Vlan36
description *
ip address 10.0.36.1 255.255.255.0
ip helper-address 10.0.0.30
!
interface Vlan37
description *
ip address 10.0.37.1 255.255.255.0
ip helper-address 10.0.0.30
shutdown
!
interface Vlan38
description *
ip address 10.0.38.1 255.255.255.0
ip helper-address 10.0.0.30
!
interface Vlan103
description *_VOIP
ip address 10.0.103.75 255.255.255.0
!
interface Vlan250
description *
ip address 192.168.250.1 255.255.255.0
ip helper-address 10.0.0.30
ip pim dense-mode
ip policy route-map CPLS
!
interface Vlan252
description CPLS
ip address 192.168.252.1 255.255.255.0
ip access-group CPLS-WIRELESS-SECURITY in
ip helper-address 10.0.0.30
ip policy route-map CPLS
!
router eigrp 100
network 10.0.0.0 0.0.255.255
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 10.0.0.75
05-21-2008 12:30 PM
Ok, one more time.....
I need to see the CDP output from both devices
AND
this time, please post the output from "show vlan" as well.
05-21-2008 12:34 PM
4506
Library_4510 Gig 6/18 126 S I WS-C4510R Gig 1/2
AdultProbation Gig 6/3 136 S I WS-C3560-2Gig 0/2
JusticeCenter_4507
Gig 6/2 165 S I WS-C4507R Gig 3/17
Temp_switch_in_Admin
Gig 2/6 137 S I WS-C3560G-Gig 0/47
WaterAuth_MB Gig 6/1 122 S I WS-C3560G-Gig 0/52
SherriffOffice_4506
Gig 1/2 167 S I WS-C4506 Gig 1/1
WLC01 Gig 2/20 169 H AIR-WLC440Unit - 0 Slot - 0 Port - 1
CC MIS(000883-2caac0)
Fas 5/48 135 S HP 2524 16
BTBrown_3560#sh cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SEP001E13E5FEA3 Fas 0/2 168 H P IP Phone Port 1
SEP001E13E6007C Fas 0/3 164 H P IP Phone Port 1
SEP001E135CF67A Fas 0/6 174 H P IP Phone Port 1
SEP001E13E5EBDD Fas 0/1 162 H P IP Phone Port 1
BT_Brown_2950 Gig 0/1 154 S I WS-C2950- Fas 0/2
2950 is in layer 2 of course
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: