05-26-2009 05:10 AM - edited 03-06-2019 05:55 AM
Hi guys,
I'm pretty sure I'm missing something blatantly obvious here but please indulge me.
I have a switch which used to be in a vlan and had no problem connecting to other devices in the same vlan.
During an upgrade and because the I wanted only L3 routed links on the switch, I took the device out of the vlan and connected a routed interface to one of the devices in the vlan as it is imperative that these two devices talk.
Lets say the device in question is 10.25.10.200 (which is the same address it had when it was a member of vlan 50), it is directly connected to another switch which 10.25.10.50.
Both these addresses are part of vlan 50 but the addresses are now on routed ports on the switches - no Vlans.
Nothing in vlan 50 can talk to these devices and vice-versa.
I would want to just assign these two devices /30 addresses but I am definitely unable to change the address of 10.25.10.50.
What changes may I make to enable the devices in vlan 50 access these two devices, even the default gateway of vlan 50 (10.25.10.250) can't get to the devices so what hope for the others?....
I can't subnet down the IP address allocation for vlan 50 either as it is pretty much all used up.
Any ideas would be much appreciated. Is there a command that would help route the traffic? proxy-arp somewhere perhaps? I'm a bit lost here so I hope its a quick fix.
Cheers,
Martha.
Solved! Go to Solution.
05-26-2009 08:00 AM
Hello Martha,
just a little addition:
I've realized you had asked for more details of the static NAT approach.
I've provided you a possible procedure to change the ip subnet on the point-to-point link.
The reasons are the following:
the NAT approach is feasible only if SW1 is a C6500 all other multilayer platforms don't support NAT.
From the fact that you reach SW2 from Sw1 I've seen enough space to propose a definitive correction as described in my second post in this thread.
if SW1 is a C6500 that is NAT capable and you don't feel confident with the suggested procedure (I've provided an example of using scheduled reload to be able to recover as we do with remote sites changes).
NAt
int type x1/y1
ip nat inside
int other x1/y1
ip nat outside
ip nat inside source static 10.25.10.50 10.x.y.2
ip nat inside source static 10.25.10.50 10.x.y.3
int loop M
ip address 10.x.y.1 255.255.255.248
see
advertise this in your intranet in your IGP
Hope to help
Giuseppe
05-26-2009 05:20 AM
Hello Martha,
when you introduce routed ports in a campus network you should use dedicated /30 IP subnets.
Using ip addresses belonging to the IP subnet associated to Vlan50 is not correct: you are introducing a duplicated ip subnet.
When a device in vlan50 tries to reach 10.25.10.200 or 10.25.10.50 it arps on the broadcast domain and no one answers.
Even if you enable ip proxy-arp this doesn't solve because it is meant to help hosts that try to ARP for IP addresses outside the local subnet.
The only way to deal with this would be the usage of some static NAT statements that make appear those ip addresses as something different to users in vlan50.
However, I would suggest to get access to the modified switch by any means (another ip address in a different ip subnet if ip routing has been enabled) or have someone connects the console cable to a PC you can have access to using remote desktop.
Hope to help
Giuseppe
05-26-2009 05:38 AM
Hi Giuseppe,
Thanks for your prompt response and for the explanantion of how I've cocked things up :).
I have every intention of making the connection between the two a dedicated /30 subnet but as I said at this point in time I am unable to change the 10.25.10.50 address.
Please expand on your theory to get it working in the meantime - the static NAT statements. Where do I configure these and is it more trouble than its worth for a short-term solution.
I am able to connect to both switches as 10.25.10.200 has interfaces in other subnets so I have access to the switch via one of these and to get to .50 switch, there is a direct connection from the .200 device.
Thanks again,
Martha.
05-26-2009 06:16 AM
Hello Martha,
if you have access to 10.25.10.200 you should be able to recover:
from 10.25.10.200 access the other switch at 10.25.10.50:
use
reload at ?
hh:mm Time to reload (hh:mm)
example
reload at 22:23 31 May pippo
Reload scheduled for 22:23:00 MET Sun May 31 2009 (in 126 hours and 17 minutes) by g.larosa on vty0 (10.55.49.57)
Reload reason: pippo
Proceed with reload? [confirm]y
sh reload
Reload scheduled for 22:23:00 MET Sun May 31 2009 (in 126 hours and 17 minutes) by g.larosa on vty0 (10.55.49.57)
Reload reason: pippo
to schedule a timed reload in case things go bad
go to the routed port
conf t
int type x/y
! assign new ip address from unused /30
ip address 10.x.y.1 255.255.255.252
after you type enter you lost telnet to Sw2
open another telnet session to the switch with ip 10.25.10.200 (called switch1) using a valid ip address different from that
do
conf t
int type x1/y1
ip address 10.x.y.2 255.255.255.252
from SW1 try to ping Sw2 at new ip 10.x.y.1 (first packet is lost for sure for ARP)
if everything is well you can access SW2 at 10.x.y.1
save config !
then remove the scheduled reload
to remove use
reload cancel
router#
***
*** --- SHUTDOWN ABORTED ---
***
sh reload
No reload is scheduled.
see
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_r1.html#wp1056246
you can finish your config with
ip route 0.0.0.0 0.0.0.0 10.x.y.2 on Sw2
on Sw1 you can advertise the new subnet 10.x.y.0/30 with no problems
Hope to help
Giuseppe
(if you have enabled ip routing )
05-26-2009 08:00 AM
Hello Martha,
just a little addition:
I've realized you had asked for more details of the static NAT approach.
I've provided you a possible procedure to change the ip subnet on the point-to-point link.
The reasons are the following:
the NAT approach is feasible only if SW1 is a C6500 all other multilayer platforms don't support NAT.
From the fact that you reach SW2 from Sw1 I've seen enough space to propose a definitive correction as described in my second post in this thread.
if SW1 is a C6500 that is NAT capable and you don't feel confident with the suggested procedure (I've provided an example of using scheduled reload to be able to recover as we do with remote sites changes).
NAt
int type x1/y1
ip nat inside
int other x1/y1
ip nat outside
ip nat inside source static 10.25.10.50 10.x.y.2
ip nat inside source static 10.25.10.50 10.x.y.3
int loop M
ip address 10.x.y.1 255.255.255.248
see
advertise this in your intranet in your IGP
Hope to help
Giuseppe
05-26-2009 10:32 PM
Hi Giuseppe, I guess there's no way around it. I will make the changes as advised.
Thanks again,
Martha.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide