Cisco Catalyst 3750-E VRF-lite problems

Unanswered Question
Sep 15th, 2009

Hello !

I created configuration there are two separate firewalls (gateways) one for the workstations networks(L3 VLANs)and one for the servers networks (L3 VLANs). Workstations and servers must communicate with each other.

Workstations must get their ip addresses from DHCP server. For that reason i created to VRF routers "toonet" and "servnet", configured the VRF routers interfaces and default gateways. I used BGP to make inter VRF routable. All went well BGP routing etc. Even workstation got their ip addresses from DHCP server.

From the Cisco 3750-E side all looked correct but then I tried to ping from one workstations to an other workstations (notebooks) and servers then ping request timed out 135 seconds and after that ping worked normally 45 seconds and then ping request timed out 135 seconds etc.

This kind of strange ping behavior continius for ever. But then I repeared or disabled/enabled workstation the network connection under MS Windows XP then the ping continued normally.

There are some other strange things :

then I can not ping others hosts I can ping VLAN IP addresses;

then I added into 3750-E configuration workstation static arp entry into workstation vrf then the ping worked normally (arp vrf toonet "workstaion ip aaddress" "workstation mac address" arpr );

then I tried to ping server from an another server all is working well.

Can any one help to solve this problem of my configuration and make it work.

I added my configuration file and picturs of my hardware and VRF setup as attacment.

Lauri Adamson

AS Andmevara

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Wed, 09/16/2009 - 04:18

Hello Lauri,

I don't like the following line:

no spanning-tree vlan 37,47,57,67,123,133,201,211,333,777,881

I strongly recommend to enable STP for these vlans even if currently you have a single link (a port channel) between C3750 stack and the L2 switch.

Also to be mentioned:

you have

no ip forward-protocol udp

About your issue:

you say that you see connectivity working for 35 seconds then not working for 145 seconds and then again working for 35 seconds

check the cam table aging time on C3750 and on the L2 procurve.

Hope to help

Giuseppe

lauri.adamson Wed, 09/16/2009 - 05:44

Hello !

Many thanks for your answer ! But spanning tree is not the problem I tried it.

I used cisco command "show mac address-table vlan 47"

The cam table seem to be ok also - I can see the workstation mac addresses.

I also tried to "debug arp " and discovered that there was lines like

"IP ARP: creating incomplete entry for IP address:

192.168.11.3 interface Vlan47"

There the ip address of the workstation and the vlan 47 is the vlan where this workstation sits.

What this debug arp results mean ?

More for examle :

IP ARP: creating incomplete entry for IP address: 192.168.11.4 interface Vlan47

IP ARP: sent req src 192.168.11.254 0025.b462.1342 , dst 192.168.11.4 0000.0000.0000 Vlan47

IP ARP: creating incomplete entry for IP address: 192.168.11.3 interface Vlan47

IP ARP: sent req src 192.168.11.254 0025.b462.1342, dst 192.168.11.3 0000.0000.0000 Vlan47

IP ARP: rcvd rep src 192.168.11.3 0007.e9f3.2c54, dst 192.168.11.254 Vlan47

Lauri Adamson

AS Andmevara

lauri.adamson Wed, 09/16/2009 - 05:44

Hello !

Many thanks for your answer ! But spanning tree is not the problem I tried it.

I used cisco command "show mac address-table vlan 47"

The cam table seem to be ok also - I can see the workstation mac addresses.

I also tried to "debug arp " and discovered that there was lines like

"IP ARP: creating incomplete entry for IP address:

192.168.11.3 interface Vlan47"

There the ip address of the workstation and the vlan 47 is the vlan where this workstation sits.

What this debug arp results mean ?

More for examle :

IP ARP: creating incomplete entry for IP address: 192.168.11.4 interface Vlan47

IP ARP: sent req src 192.168.11.254 0025.b462.1342 , dst 192.168.11.4 0000.0000.0000 Vlan47

IP ARP: creating incomplete entry for IP address: 192.168.11.3 interface Vlan47

IP ARP: sent req src 192.168.11.254 0025.b462.1342, dst 192.168.11.3 0000.0000.0000 Vlan47

IP ARP: rcvd rep src 192.168.11.3 0007.e9f3.2c54, dst 192.168.11.254 Vlan47

Lauri Adamson

AS Andmevara

Actions

This Discussion