Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2140
Views
0
Helpful
4
Replies

Cisco Catalyst 3750-E VRF-lite problems

lauri.adamson
Level 1
Level 1

‎09-15-2009 12:11 AM - edited ‎03-06-2019 07:43 AM

Hello !

I created configuration there are two separate firewalls (gateways) one for the workstations networks(L3 VLANs)and one for the servers networks (L3 VLANs). Workstations and servers must communicate with each other.

Workstations must get their ip addresses from DHCP server. For that reason i created to VRF routers "toonet" and "servnet", configured the VRF routers interfaces and default gateways. I used BGP to make inter VRF routable. All went well BGP routing etc. Even workstation got their ip addresses from DHCP server.

From the Cisco 3750-E side all looked correct but then I tried to ping from one workstations to an other workstations (notebooks) and servers then ping request timed out 135 seconds and after that ping worked normally 45 seconds and then ping request timed out 135 seconds etc.

This kind of strange ping behavior continius for ever. But then I repeared or disabled/enabled workstation the network connection under MS Windows XP then the ping continued normally.

There are some other strange things :

then I can not ping others hosts I can ping VLAN IP addresses;

then I added into 3750-E configuration workstation static arp entry into workstation vrf then the ping worked normally (arp vrf toonet "workstaion ip aaddress" "workstation mac address" arpr );

then I tried to ping server from an another server all is working well.

Can any one help to solve this problem of my configuration and make it work.

I added my configuration file and picturs of my hardware and VRF setup as attacment.

Lauri Adamson

AS Andmevara

Labels:
Preview file
6 KB
Preview file
45 KB
Preview file
61 KB
0 Helpful
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-16-2009 04:18 AM

Hello Lauri,

I don't like the following line:

no spanning-tree vlan 37,47,57,67,123,133,201,211,333,777,881

I strongly recommend to enable STP for these vlans even if currently you have a single link (a port channel) between C3750 stack and the L2 switch.

Also to be mentioned:

you have

no ip forward-protocol udp

About your issue:

you say that you see connectivity working for 35 seconds then not working for 145 seconds and then again working for 35 seconds

check the cam table aging time on C3750 and on the L2 procurve.

Hope to help

Giuseppe

0 Helpful

lauri.adamson
Level 1
Level 1
In response to Giuseppe Larosa

‎09-16-2009 05:44 AM

Hello !

Many thanks for your answer ! But spanning tree is not the problem I tried it.

I used cisco command "show mac address-table vlan 47"

The cam table seem to be ok also - I can see the workstation mac addresses.

I also tried to "debug arp " and discovered that there was lines like

"IP ARP: creating incomplete entry for IP address:

192.168.11.3 interface Vlan47"

There the ip address of the workstation and the vlan 47 is the vlan where this workstation sits.

What this debug arp results mean ?

More for examle :

IP ARP: creating incomplete entry for IP address: 192.168.11.4 interface Vlan47

IP ARP: sent req src 192.168.11.254 0025.b462.1342 , dst 192.168.11.4 0000.0000.0000 Vlan47

IP ARP: creating incomplete entry for IP address: 192.168.11.3 interface Vlan47

IP ARP: sent req src 192.168.11.254 0025.b462.1342, dst 192.168.11.3 0000.0000.0000 Vlan47

IP ARP: rcvd rep src 192.168.11.3 0007.e9f3.2c54, dst 192.168.11.254 Vlan47

Lauri Adamson

AS Andmevara

0 Helpful

lauri.adamson
Level 1
Level 1
In response to Giuseppe Larosa

‎09-16-2009 05:44 AM

Hello !

Many thanks for your answer ! But spanning tree is not the problem I tried it.

I used cisco command "show mac address-table vlan 47"

The cam table seem to be ok also - I can see the workstation mac addresses.

I also tried to "debug arp " and discovered that there was lines like

"IP ARP: creating incomplete entry for IP address:

192.168.11.3 interface Vlan47"

There the ip address of the workstation and the vlan 47 is the vlan where this workstation sits.

What this debug arp results mean ?

More for examle :

IP ARP: creating incomplete entry for IP address: 192.168.11.4 interface Vlan47

IP ARP: sent req src 192.168.11.254 0025.b462.1342 , dst 192.168.11.4 0000.0000.0000 Vlan47

IP ARP: creating incomplete entry for IP address: 192.168.11.3 interface Vlan47

IP ARP: sent req src 192.168.11.254 0025.b462.1342, dst 192.168.11.3 0000.0000.0000 Vlan47

IP ARP: rcvd rep src 192.168.11.3 0007.e9f3.2c54, dst 192.168.11.254 Vlan47

Lauri Adamson

AS Andmevara

0 Helpful

jmokhtary13
Level 1
Level 1
In response to lauri.adamson

‎04-27-2020 08:19 PM

Hi . Thank you so much for your good support. I have a problem in C3750-48PF-S . In config mode don't accept command "IP vrf " and there isn't any VRF command in help of IOS. Would you help me to active vrf for that. I upgrade IOS to 15.2 but wasn't solved my problem. my email is: jmokhtary@gmail.com. Thank you so much
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card