cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1035
Views
5
Helpful
15
Replies

Odd SVI problem on 4507R

branfarm1
Level 4
Level 4

Hi there,

I'm having a strange problem that I can't figure out: I have a 4507R that I have configured with a vlan interface, number 661, as follows:

int vlan661

ip address 10.5.0.243 255.255.255.248

no shut

I have also added the vlan 661, and configured gig6/48 to be a part of that vlan:

int gig6/48

switchport access vlan 661

My problem is that I can't communicate with the devices on the other end of the link. The link is connected to a VPLS provider and is connecting over to two more sites. Both of the other sites can see each other and ping each other, but they are unable to reach my vlan661 interface. I had the provider configure a static IP on the interface connecting to my 4507R and both other sites can reach that IP.

When I do a 'show mac-address-table int gig6/48' it doesn't show any mac-addresses on that interface, but the interface does have counters incrementing.

The physical interface (Gig6/48) has counters incrementing, but the SVI (Vlan661) only has output counters incrementing.

Any ideas?

Thanks in advance,

--Brandon

1 Accepted Solution

Accepted Solutions

Based on the routing tables:

Local Switch

C 10.5.0.240/29 is directly connected, Vlan661

Site 1

C 10.5.0.240/29 is directly connected, Vlan661

Site 2

C 10.5.0.240 255.255.255.248 is directly connected, RGC_Inside

These 3 sites are part of the VPLS and the designated subnet is 10.5.0.240/29 for the VPLS, correct?

Are you able to see the remote connections via CDP? Can the sites that ping each other able to see each other via CDP?

It seems to be a provider problem. You can also change the port to Layer3 and apply the IP address on the switchport instead of the SVI to eliminate any L2 issue with your switch facing the provider switch.

HTH,

__

Edison.

View solution in original post

15 Replies 15

Edison Ortiz
Hall of Fame
Hall of Fame

Which interface is connected to the VPLS - G6/48?

Can we see the 'show ip route' from this device as well as the remote devices?

__

Edison.

Hi Edison,

I'm not quite sure what you mean? Gig6/48 on my 4507R is connected to the providers switch, and Gig6/48 is a member of vlan 661.

Here's the show ip route on this device:

Gateway of last resort is 10.5.0.65 to network 0.0.0.0

192.168.167.0/29 is subnetted, 1 subnets

C 192.168.167.184 is directly connected, Vlan3544

10.0.0.0/8 is variably subnetted, 25 subnets, 6 masks

C 10.10.0.0/24 is directly connected, Vlan1

C 10.10.1.0/24 is directly connected, Vlan40

C 10.10.3.0/24 is directly connected, Vlan20

S 10.10.6.0/24 [1/0] via 10.5.0.65

O 10.5.0.8/29 [110/15] via 10.10.0.13, 00:59:26, Vlan1

S 10.10.8.0/24 [1/0] via 10.5.0.33

O 10.2.0.0/16 [110/15] via 10.10.0.13, 00:59:26, Vlan1

O 10.3.0.0/24 [110/14] via 10.10.0.13, 00:59:26, Vlan1

S 10.3.0.0/16 [250/0] via 10.10.0.16

O 10.7.7.0/24 [110/5] via 10.10.0.16, 00:59:26, Vlan1

[110/5] via 10.10.0.15, 00:59:26, Vlan1

O 10.7.0.0/24 [110/4] via 10.10.0.16, 00:59:26, Vlan1

[110/4] via 10.10.0.15, 00:59:26, Vlan1

S 10.7.0.0/16 [250/0] via 10.10.0.14

O 10.7.3.0/24 [110/5] via 10.10.0.16, 00:59:26, Vlan1

[110/5] via 10.10.0.15, 00:59:26, Vlan1

O 10.7.255.224/27 [110/5] via 10.10.0.16, 00:59:27, Vlan1

[110/5] via 10.10.0.15, 00:59:27, Vlan1

O 10.5.0.24/30 [110/14] via 10.10.0.13, 00:59:27, Vlan1

O 10.5.0.16/29 [110/4] via 10.10.0.13, 00:59:27, Vlan1

O 10.5.0.40/29 [110/5] via 10.10.0.16, 00:59:27, Vlan1

[110/5] via 10.10.0.15, 00:59:27, Vlan1

C 10.5.0.32/29 is directly connected, Vlan110

O 10.5.0.72/29 [110/5] via 10.10.0.16, 00:59:27, Vlan1

[110/5] via 10.10.0.15, 00:59:27, Vlan1

C 10.5.0.64/29 is directly connected, Vlan100

O 10.5.0.88/29 [110/5] via 10.10.0.16, 00:59:27, Vlan1

[110/5] via 10.10.0.15, 00:59:27, Vlan1

O 10.5.0.104/29 [110/5] via 10.10.0.16, 00:59:27, Vlan1

[110/5] via 10.10.0.15, 00:59:27, Vlan1

S 10.10.6.104/32 [1/0] via 10.5.0.65

O 10.5.0.96/29 [110/5] via 10.10.0.16, 00:59:27, Vlan1

[110/5] via 10.10.0.15, 00:59:27, Vlan1

C 10.5.0.240/29 is directly connected, Vlan661

75.0.0.0/32 is subnetted, 1 subnets

S 75.124.44.88 [1/0] via 10.10.0.14

S* 0.0.0.0/0 [1/0] via 10.5.0.65

Here's the show ip route from site 1:

Gateway of last resort is 10.5.0.73 to network 0.0.0.0

220.178.4.0/32 is subnetted, 1 subnets

S 220.178.4.124 is directly connected, Null0

192.168.130.0/29 is subnetted, 1 subnets

C 192.168.130.240 is directly connected, Vlan3462

S 198.140.33.0/24 [1/0] via 10.5.0.94

10.0.0.0/8 is variably subnetted, 26 subnets, 5 masks

O 10.10.0.0/24 [110/4] via 10.7.0.8, 01:10:42, Vlan1

[110/4] via 10.7.0.9, 01:10:42, Vlan1

S 10.10.0.0/16 [250/0] via 10.7.0.6

O 10.10.1.0/24 [110/5] via 10.7.0.8, 01:10:42, Vlan1

[110/5] via 10.7.0.9, 01:10:42, Vlan1

S 10.8.0.0/16 [250/0] via 10.5.0.73

O 10.10.3.0/24 [110/5] via 10.7.0.8, 01:10:42, Vlan1

[110/5] via 10.7.0.9, 01:10:42, Vlan1

S 10.7.8.0/24 [1/0] via 10.5.0.41

O 10.5.0.8/29 [110/12] via 10.5.0.241, 01:10:43, Vlan661

S 10.10.8.0/24 [1/0] via 10.7.0.8

S 10.7.5.0/24 [1/0] via 10.5.0.73

O 10.2.0.0/16 [110/12] via 10.5.0.241, 01:10:43, Vlan661

C 10.7.4.0/24 is directly connected, Vlan50

O 10.3.0.0/24 [110/11] via 10.5.0.241, 01:10:43, Vlan661

C 10.7.7.0/24 is directly connected, Vlan70

C 10.7.0.0/24 is directly connected, Vlan1

C 10.7.3.0/24 is directly connected, Vlan20

C 10.7.255.224/27 is directly connected, Vlan85

O 10.5.0.24/30 [110/11] via 10.5.0.241, 01:10:43, Vlan661

O 10.5.0.16/29 [110/7] via 10.7.0.8, 01:10:43, Vlan1

[110/7] via 10.7.0.9, 01:10:43, Vlan1

C 10.5.0.40/29 is directly connected, Vlan110

O 10.5.0.32/29 [110/5] via 10.7.0.8, 01:10:43, Vlan1

[110/5] via 10.7.0.9, 01:10:43, Vlan1

C 10.5.0.72/29 is directly connected, Vlan100

O 10.5.0.64/29 [110/5] via 10.7.0.8, 01:10:43, Vlan1

[110/5] via 10.7.0.9, 01:10:43, Vlan1

C 10.5.0.88/29 is directly connected, Vlan300

C 10.5.0.104/29 is directly connected, Vlan320

C 10.5.0.96/29 is directly connected, Vlan310

C 10.5.0.240/29 is directly connected, Vlan661

75.0.0.0/32 is subnetted, 1 subnets

S 75.124.44.88 [1/0] via 10.5.0.73

S* 0.0.0.0/0 [1/0] via 10.5.0.73

Here's the show route from site 2:

Gateway of last resort is 10.5.0.19 to network 0.0.0.0

S 169.71.65.0 255.255.255.0 [1/0] via 10.5.0.19, Inside

S 198.75.225.107 255.255.255.255 [1/0] via 10.5.0.19, Inside

S 198.75.252.19 255.255.255.255 [1/0] via 10.5.0.19, Inside

S 198.75.252.0 255.255.255.0 [1/0] via 10.5.0.19, Inside

O 10.10.0.0 255.255.255.0 [110/13] via 10.5.0.19, 1:12:20, Inside

S 10.10.0.0 255.255.0.0 [250/0] via 10.5.0.21, Inside

O 10.10.1.0 255.255.255.0 [110/14] via 10.5.0.19, 1:12:20, Inside

O 10.10.3.0 255.255.255.0 [110/14] via 10.5.0.19, 1:12:20, Inside

S 10.7.8.0 255.255.255.0 [1/0] via 10.5.0.242, RGC_Inside

S 10.10.6.0 255.255.255.0 [1/0] via 10.5.0.19, Inside

O 10.5.0.8 255.255.255.248 [110/11] via 10.5.0.25, 1:12:20, Outside

O 10.2.0.0 255.255.0.0 [110/11] via 10.5.0.25, 1:12:20, Outside

S 10.10.8.0 255.255.255.0 [1/0] via 10.5.0.19, Inside

C 10.3.0.0 255.255.255.0 is directly connected, IT

O 10.7.7.0 255.255.255.0 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside

S 10.7.6.0 255.255.255.0 [1/0] via 10.5.0.242, RGC_Inside

S 10.7.0.0 255.255.0.0 [250/0] via 10.5.0.21, Inside

O 10.7.0.0 255.255.255.0 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside

O 10.7.3.0 255.255.255.0 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside

O 10.7.255.224 255.255.255.224 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside

C 10.5.0.24 255.255.255.252 is directly connected, Outside

C 10.5.0.16 255.255.255.248 is directly connected, Inside

O 10.5.0.40 255.255.255.248 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside

O 10.5.0.32 255.255.255.248 [110/14] via 10.5.0.19, 1:12:21, Inside

O 10.5.0.72 255.255.255.248 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside

O 10.5.0.64 255.255.255.248 [110/14] via 10.5.0.19, 1:12:21, Inside

O 10.5.0.88 255.255.255.248 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside

O 10.5.0.104 255.255.255.248 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside

O 10.5.0.96 255.255.255.248 [110/11] via 10.5.0.242, 1:12:21, RGC_Inside

C 10.5.0.240 255.255.255.248 is directly connected, RGC_Inside

O 147.249.25.112 255.255.255.252 [110/12] via 10.5.0.19, 1:12:21, Inside

O 147.249.31.59 255.255.255.255 [110/11] via 10.5.0.19, 1:12:21, Inside

O 147.249.26.188 255.255.255.252

[110/13] via 10.5.0.242, 1:12:21, RGC_Inside

O 147.249.25.144 255.255.255.252

[110/13] via 10.5.0.242, 1:12:21, RGC_Inside

S 198.75.251.0 255.255.255.0 [1/0] via 10.5.0.19, Inside

S* 0.0.0.0 0.0.0.0 [1/0] via 10.5.0.19, Inside

Based on the routing tables:

Local Switch

C 10.5.0.240/29 is directly connected, Vlan661

Site 1

C 10.5.0.240/29 is directly connected, Vlan661

Site 2

C 10.5.0.240 255.255.255.248 is directly connected, RGC_Inside

These 3 sites are part of the VPLS and the designated subnet is 10.5.0.240/29 for the VPLS, correct?

Are you able to see the remote connections via CDP? Can the sites that ping each other able to see each other via CDP?

It seems to be a provider problem. You can also change the port to Layer3 and apply the IP address on the switchport instead of the SVI to eliminate any L2 issue with your switch facing the provider switch.

HTH,

__

Edison.

Thanks Edison. Both of the other sites have full connectivity, although I haven't checked CDP. I'll be sure to do that.

Also, that's a good idea about putting the IP address on the port instead of an SVI. I'll give that a try and let you know.

Edison,

As soon as I switch from the SVI to the layer 3 port everything worked great. So the problem seems to be inside my 4507, somewhere between the SVI and the switchport. Can you think of any reason why there would be trouble there? I've never encounted a problem like this before.

Thanks,

--Brandon

Have never seen a problem using a svi , use them all the time.Technically its really not much different other than you can apply vlan 661 to multiple ports and use a single gateway instead of using a routed link. If you do a show vlan does 661 show active with your uplink as a member in that vlan ?

Hi Glen,

I use SVI's all the time and this is the first time i've ever seen anything like this. When I show vlan everything looks as it should -- active vlan, and in this case, Gig6/48 as a member. But when I had it configured like that, the interface was not seeing any MAC addresses, and I couldn't ping to any of the "directly connected" routers at my other 2 site (or the directly connected provider switch).

It's an odd one for sure.

Here's the output from show vlan:

661 RGC-VPLS active Gi6/48

here's the show mac-address for gig6/48:

4507R-01#sh mac-address-table int gig6/48

No entries present.

4507R-01#sh int vlan661

Vlan661 is up, line protocol is up

Hardware is Ethernet SVI, address is 0013.6010.167f (bia 0013.6010.167f)

Description: RGC-VPLS

Internet address is 10.5.0.243/29

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

ARP type: ARPA, ARP Timeout 04:00:00

Last input 01:10:40, output never, output hang never

Last clearing of "show interface" counters 00:00:32

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes

L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts (0 IP multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

8 packets output, 458 bytes, 0 underruns

0 output errors, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

4507R-01#sh int gig6/48

GigabitEthernet6/48 is up, line protocol is up (connected)

Hardware is Gigabit Ethernet Port, address is 000f.f7d0.650f (bia 000f.f7d0.650f)

Description: RGC-VPLS

MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, link type is auto, media type is 10/100/1000-TX

input flow-control is off, output flow-control is off

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:01, output never, output hang never

Last clearing of "show interface" counters 00:01:21

Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

63 packets input, 5278 bytes, 0 no buffer

Received 63 broadcasts (63 multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 input packets with dribble condition detected

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

Without knowing the provider's directly attached configuration, very hard to tell the issue here but the main difference between using SVI vs L3 switchport is that with SVI the directly attached switchport is still sending BPDUs and L2 frames while with L3 switchport, the switch no longer sends BPDUs.

My suggestion is to ask the provider what kind of security setting they've implemented on their PE devices.

__

Edison.

Edison,

I checked out spanning-tree on that port and sure enough it was labeled as "BKN". When I did a debug, I saw the following:

Jul 19 02:21:34: set portid: VLAN0661 Gi6/48: new port id 8170

Jul 19 02:21:34: STP: VLAN0661 Gi6/48 -> listening

Jul 19 02:21:35: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk GigabitEthernet6/48 VLAN661.

Jul 19 02:21:35: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking GigabitEthernet6/48 on VLAN0661. Inconsistent port type.

Jul 19 02:21:35: STP: VLAN0661 Gi6/48 -> blocking

I'm not quite sure what it means though. If the provider is sending an 802.1q BPDU, does that mean he is statically configured for a trunk interface? Or is it possible that one of my other sites is sending this across?

At my second site, I have a trunk link between the provider and my device, and I have multiple connections from them over that one link. At my other sites I either have the 1 connection for VPLS, or seperate links for each service.

Your other site is sending that across. Your provider is encapsulating your entire frame into whatever pseudowire implementation they are using.

Your remote site is tagging Vlan 661 while you are sending it untagged.

If you aren't planning to extend your L2 domain over this VPLS, go with L3 switchport on the 4507.

You now understand why it didn't work before which is a good thing when you spend quite some time facing at a problem :)

__

Edison.

Thanks Edison.

I suppose the other option I have is to change my other site so that each connection goes over it's own link, instead of one trunk link.

On a "funny" note... After I did the debug on the spanning-tree events, I decided I wanted to try and debug the actual BPDU to see if I could determine which device it was coming from. Well, that didn't go over very well. I basically brought my device to it's knees. Luckily, it was still processing my ssh session input (verrrry slowly) and I was able to turn off debugging.

How are you planning to change from trunk to it's own link?

Yes, careful with debugging L2 packets..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco