07-18-2009 10:57 AM - edited 03-06-2019 06:50 AM
Hi there,
I'm having a strange problem that I can't figure out: I have a 4507R that I have configured with a vlan interface, number 661, as follows:
int vlan661
ip address 10.5.0.243 255.255.255.248
no shut
I have also added the vlan 661, and configured gig6/48 to be a part of that vlan:
int gig6/48
switchport access vlan 661
My problem is that I can't communicate with the devices on the other end of the link. The link is connected to a VPLS provider and is connecting over to two more sites. Both of the other sites can see each other and ping each other, but they are unable to reach my vlan661 interface. I had the provider configure a static IP on the interface connecting to my 4507R and both other sites can reach that IP.
When I do a 'show mac-address-table int gig6/48' it doesn't show any mac-addresses on that interface, but the interface does have counters incrementing.
The physical interface (Gig6/48) has counters incrementing, but the SVI (Vlan661) only has output counters incrementing.
Any ideas?
Thanks in advance,
--Brandon
Solved! Go to Solution.
07-18-2009 12:09 PM
Based on the routing tables:
Local Switch
C 10.5.0.240/29 is directly connected, Vlan661
Site 1
C 10.5.0.240/29 is directly connected, Vlan661
Site 2
C 10.5.0.240 255.255.255.248 is directly connected, RGC_Inside
These 3 sites are part of the VPLS and the designated subnet is 10.5.0.240/29 for the VPLS, correct?
Are you able to see the remote connections via CDP? Can the sites that ping each other able to see each other via CDP?
It seems to be a provider problem. You can also change the port to Layer3 and apply the IP address on the switchport instead of the SVI to eliminate any L2 issue with your switch facing the provider switch.
HTH,
__
Edison.
07-18-2009 11:38 AM
Which interface is connected to the VPLS - G6/48?
Can we see the 'show ip route' from this device as well as the remote devices?
__
Edison.
07-18-2009 11:48 AM
Hi Edison,
I'm not quite sure what you mean? Gig6/48 on my 4507R is connected to the providers switch, and Gig6/48 is a member of vlan 661.
Here's the show ip route on this device:
Gateway of last resort is 10.5.0.65 to network 0.0.0.0
192.168.167.0/29 is subnetted, 1 subnets
C 192.168.167.184 is directly connected, Vlan3544
10.0.0.0/8 is variably subnetted, 25 subnets, 6 masks
C 10.10.0.0/24 is directly connected, Vlan1
C 10.10.1.0/24 is directly connected, Vlan40
C 10.10.3.0/24 is directly connected, Vlan20
S 10.10.6.0/24 [1/0] via 10.5.0.65
O 10.5.0.8/29 [110/15] via 10.10.0.13, 00:59:26, Vlan1
S 10.10.8.0/24 [1/0] via 10.5.0.33
O 10.2.0.0/16 [110/15] via 10.10.0.13, 00:59:26, Vlan1
O 10.3.0.0/24 [110/14] via 10.10.0.13, 00:59:26, Vlan1
S 10.3.0.0/16 [250/0] via 10.10.0.16
O 10.7.7.0/24 [110/5] via 10.10.0.16, 00:59:26, Vlan1
[110/5] via 10.10.0.15, 00:59:26, Vlan1
O 10.7.0.0/24 [110/4] via 10.10.0.16, 00:59:26, Vlan1
[110/4] via 10.10.0.15, 00:59:26, Vlan1
S 10.7.0.0/16 [250/0] via 10.10.0.14
O 10.7.3.0/24 [110/5] via 10.10.0.16, 00:59:26, Vlan1
[110/5] via 10.10.0.15, 00:59:26, Vlan1
O 10.7.255.224/27 [110/5] via 10.10.0.16, 00:59:27, Vlan1
[110/5] via 10.10.0.15, 00:59:27, Vlan1
O 10.5.0.24/30 [110/14] via 10.10.0.13, 00:59:27, Vlan1
O 10.5.0.16/29 [110/4] via 10.10.0.13, 00:59:27, Vlan1
O 10.5.0.40/29 [110/5] via 10.10.0.16, 00:59:27, Vlan1
[110/5] via 10.10.0.15, 00:59:27, Vlan1
C 10.5.0.32/29 is directly connected, Vlan110
O 10.5.0.72/29 [110/5] via 10.10.0.16, 00:59:27, Vlan1
[110/5] via 10.10.0.15, 00:59:27, Vlan1
C 10.5.0.64/29 is directly connected, Vlan100
O 10.5.0.88/29 [110/5] via 10.10.0.16, 00:59:27, Vlan1
[110/5] via 10.10.0.15, 00:59:27, Vlan1
O 10.5.0.104/29 [110/5] via 10.10.0.16, 00:59:27, Vlan1
[110/5] via 10.10.0.15, 00:59:27, Vlan1
S 10.10.6.104/32 [1/0] via 10.5.0.65
O 10.5.0.96/29 [110/5] via 10.10.0.16, 00:59:27, Vlan1
[110/5] via 10.10.0.15, 00:59:27, Vlan1
C 10.5.0.240/29 is directly connected, Vlan661
75.0.0.0/32 is subnetted, 1 subnets
S 75.124.44.88 [1/0] via 10.10.0.14
S* 0.0.0.0/0 [1/0] via 10.5.0.65
07-18-2009 11:58 AM
Here's the show ip route from site 1:
Gateway of last resort is 10.5.0.73 to network 0.0.0.0
220.178.4.0/32 is subnetted, 1 subnets
S 220.178.4.124 is directly connected, Null0
192.168.130.0/29 is subnetted, 1 subnets
C 192.168.130.240 is directly connected, Vlan3462
S 198.140.33.0/24 [1/0] via 10.5.0.94
10.0.0.0/8 is variably subnetted, 26 subnets, 5 masks
O 10.10.0.0/24 [110/4] via 10.7.0.8, 01:10:42, Vlan1
[110/4] via 10.7.0.9, 01:10:42, Vlan1
S 10.10.0.0/16 [250/0] via 10.7.0.6
O 10.10.1.0/24 [110/5] via 10.7.0.8, 01:10:42, Vlan1
[110/5] via 10.7.0.9, 01:10:42, Vlan1
S 10.8.0.0/16 [250/0] via 10.5.0.73
O 10.10.3.0/24 [110/5] via 10.7.0.8, 01:10:42, Vlan1
[110/5] via 10.7.0.9, 01:10:42, Vlan1
S 10.7.8.0/24 [1/0] via 10.5.0.41
O 10.5.0.8/29 [110/12] via 10.5.0.241, 01:10:43, Vlan661
S 10.10.8.0/24 [1/0] via 10.7.0.8
S 10.7.5.0/24 [1/0] via 10.5.0.73
O 10.2.0.0/16 [110/12] via 10.5.0.241, 01:10:43, Vlan661
C 10.7.4.0/24 is directly connected, Vlan50
O 10.3.0.0/24 [110/11] via 10.5.0.241, 01:10:43, Vlan661
C 10.7.7.0/24 is directly connected, Vlan70
C 10.7.0.0/24 is directly connected, Vlan1
C 10.7.3.0/24 is directly connected, Vlan20
C 10.7.255.224/27 is directly connected, Vlan85
O 10.5.0.24/30 [110/11] via 10.5.0.241, 01:10:43, Vlan661
O 10.5.0.16/29 [110/7] via 10.7.0.8, 01:10:43, Vlan1
[110/7] via 10.7.0.9, 01:10:43, Vlan1
C 10.5.0.40/29 is directly connected, Vlan110
O 10.5.0.32/29 [110/5] via 10.7.0.8, 01:10:43, Vlan1
[110/5] via 10.7.0.9, 01:10:43, Vlan1
C 10.5.0.72/29 is directly connected, Vlan100
O 10.5.0.64/29 [110/5] via 10.7.0.8, 01:10:43, Vlan1
[110/5] via 10.7.0.9, 01:10:43, Vlan1
C 10.5.0.88/29 is directly connected, Vlan300
C 10.5.0.104/29 is directly connected, Vlan320
C 10.5.0.96/29 is directly connected, Vlan310
C 10.5.0.240/29 is directly connected, Vlan661
75.0.0.0/32 is subnetted, 1 subnets
S 75.124.44.88 [1/0] via 10.5.0.73
S* 0.0.0.0/0 [1/0] via 10.5.0.73
07-18-2009 11:59 AM
Here's the show route from site 2:
Gateway of last resort is 10.5.0.19 to network 0.0.0.0
S 169.71.65.0 255.255.255.0 [1/0] via 10.5.0.19, Inside
S 198.75.225.107 255.255.255.255 [1/0] via 10.5.0.19, Inside
S 198.75.252.19 255.255.255.255 [1/0] via 10.5.0.19, Inside
S 198.75.252.0 255.255.255.0 [1/0] via 10.5.0.19, Inside
O 10.10.0.0 255.255.255.0 [110/13] via 10.5.0.19, 1:12:20, Inside
S 10.10.0.0 255.255.0.0 [250/0] via 10.5.0.21, Inside
O 10.10.1.0 255.255.255.0 [110/14] via 10.5.0.19, 1:12:20, Inside
O 10.10.3.0 255.255.255.0 [110/14] via 10.5.0.19, 1:12:20, Inside
S 10.7.8.0 255.255.255.0 [1/0] via 10.5.0.242, RGC_Inside
S 10.10.6.0 255.255.255.0 [1/0] via 10.5.0.19, Inside
O 10.5.0.8 255.255.255.248 [110/11] via 10.5.0.25, 1:12:20, Outside
O 10.2.0.0 255.255.0.0 [110/11] via 10.5.0.25, 1:12:20, Outside
S 10.10.8.0 255.255.255.0 [1/0] via 10.5.0.19, Inside
C 10.3.0.0 255.255.255.0 is directly connected, IT
O 10.7.7.0 255.255.255.0 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside
S 10.7.6.0 255.255.255.0 [1/0] via 10.5.0.242, RGC_Inside
S 10.7.0.0 255.255.0.0 [250/0] via 10.5.0.21, Inside
O 10.7.0.0 255.255.255.0 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside
O 10.7.3.0 255.255.255.0 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside
O 10.7.255.224 255.255.255.224 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside
C 10.5.0.24 255.255.255.252 is directly connected, Outside
C 10.5.0.16 255.255.255.248 is directly connected, Inside
O 10.5.0.40 255.255.255.248 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside
O 10.5.0.32 255.255.255.248 [110/14] via 10.5.0.19, 1:12:21, Inside
O 10.5.0.72 255.255.255.248 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside
O 10.5.0.64 255.255.255.248 [110/14] via 10.5.0.19, 1:12:21, Inside
O 10.5.0.88 255.255.255.248 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside
O 10.5.0.104 255.255.255.248 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside
O 10.5.0.96 255.255.255.248 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside
C 10.5.0.240 255.255.255.248 is directly connected, RGC_Inside
O 147.249.25.112 255.255.255.252 [110/12] via 10.5.0.19, 1:12:21, Inside
O 147.249.31.59 255.255.255.255 [110/11] via 10.5.0.19, 1:12:21, Inside
O 147.249.26.188 255.255.255.252
[110/13] via 10.5.0.242, 1:12:21, RGC_Inside
O 147.249.25.144 255.255.255.252
[110/13] via 10.5.0.242, 1:12:21, RGC_Inside
S 198.75.251.0 255.255.255.0 [1/0] via 10.5.0.19, Inside
S* 0.0.0.0 0.0.0.0 [1/0] via 10.5.0.19, Inside
07-18-2009 12:09 PM
Based on the routing tables:
Local Switch
C 10.5.0.240/29 is directly connected, Vlan661
Site 1
C 10.5.0.240/29 is directly connected, Vlan661
Site 2
C 10.5.0.240 255.255.255.248 is directly connected, RGC_Inside
These 3 sites are part of the VPLS and the designated subnet is 10.5.0.240/29 for the VPLS, correct?
Are you able to see the remote connections via CDP? Can the sites that ping each other able to see each other via CDP?
It seems to be a provider problem. You can also change the port to Layer3 and apply the IP address on the switchport instead of the SVI to eliminate any L2 issue with your switch facing the provider switch.
HTH,
__
Edison.
07-18-2009 12:54 PM
Thanks Edison. Both of the other sites have full connectivity, although I haven't checked CDP. I'll be sure to do that.
Also, that's a good idea about putting the IP address on the port instead of an SVI. I'll give that a try and let you know.
07-18-2009 04:06 PM
Edison,
As soon as I switch from the SVI to the layer 3 port everything worked great. So the problem seems to be inside my 4507, somewhere between the SVI and the switchport. Can you think of any reason why there would be trouble there? I've never encounted a problem like this before.
Thanks,
--Brandon
07-18-2009 04:56 PM
Have never seen a problem using a svi , use them all the time.Technically its really not much different other than you can apply vlan 661 to multiple ports and use a single gateway instead of using a routed link. If you do a show vlan does 661 show active with your uplink as a member in that vlan ?
07-18-2009 05:08 PM
Hi Glen,
I use SVI's all the time and this is the first time i've ever seen anything like this. When I show vlan everything looks as it should -- active vlan, and in this case, Gig6/48 as a member. But when I had it configured like that, the interface was not seeing any MAC addresses, and I couldn't ping to any of the "directly connected" routers at my other 2 site (or the directly connected provider switch).
It's an odd one for sure.
Here's the output from show vlan:
661 RGC-VPLS active Gi6/48
here's the show mac-address for gig6/48:
4507R-01#sh mac-address-table int gig6/48
No entries present.
4507R-01#sh int vlan661
Vlan661 is up, line protocol is up
Hardware is Ethernet SVI, address is 0013.6010.167f (bia 0013.6010.167f)
Description: RGC-VPLS
Internet address is 10.5.0.243/29
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 01:10:40, output never, output hang never
Last clearing of "show interface" counters 00:00:32
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
8 packets output, 458 bytes, 0 underruns
0 output errors, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
4507R-01#sh int gig6/48
GigabitEthernet6/48 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet Port, address is 000f.f7d0.650f (bia 000f.f7d0.650f)
Description: RGC-VPLS
MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is 10/100/1000-TX
input flow-control is off, output flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output never, output hang never
Last clearing of "show interface" counters 00:01:21
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
63 packets input, 5278 bytes, 0 no buffer
Received 63 broadcasts (63 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
07-18-2009 05:57 PM
Without knowing the provider's directly attached configuration, very hard to tell the issue here but the main difference between using SVI vs L3 switchport is that with SVI the directly attached switchport is still sending BPDUs and L2 frames while with L3 switchport, the switch no longer sends BPDUs.
My suggestion is to ask the provider what kind of security setting they've implemented on their PE devices.
__
Edison.
07-18-2009 06:25 PM
Edison,
I checked out spanning-tree on that port and sure enough it was labeled as "BKN". When I did a debug, I saw the following:
Jul 19 02:21:34: set portid: VLAN0661 Gi6/48: new port id 8170
Jul 19 02:21:34: STP: VLAN0661 Gi6/48 -> listening
Jul 19 02:21:35: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk GigabitEthernet6/48 VLAN661.
Jul 19 02:21:35: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking GigabitEthernet6/48 on VLAN0661. Inconsistent port type.
Jul 19 02:21:35: STP: VLAN0661 Gi6/48 -> blocking
I'm not quite sure what it means though. If the provider is sending an 802.1q BPDU, does that mean he is statically configured for a trunk interface? Or is it possible that one of my other sites is sending this across?
At my second site, I have a trunk link between the provider and my device, and I have multiple connections from them over that one link. At my other sites I either have the 1 connection for VPLS, or seperate links for each service.
07-18-2009 06:38 PM
Your other site is sending that across. Your provider is encapsulating your entire frame into whatever pseudowire implementation they are using.
Your remote site is tagging Vlan 661 while you are sending it untagged.
If you aren't planning to extend your L2 domain over this VPLS, go with L3 switchport on the 4507.
You now understand why it didn't work before which is a good thing when you spend quite some time facing at a problem :)
__
Edison.
07-18-2009 06:46 PM
Thanks Edison.
I suppose the other option I have is to change my other site so that each connection goes over it's own link, instead of one trunk link.
On a "funny" note... After I did the debug on the spanning-tree events, I decided I wanted to try and debug the actual BPDU to see if I could determine which device it was coming from. Well, that didn't go over very well. I basically brought my device to it's knees. Luckily, it was still processing my ssh session input (verrrry slowly) and I was able to turn off debugging.
07-19-2009 12:15 PM
How are you planning to change from trunk to it's own link?
Yes, careful with debugging L2 packets..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: