Access port connection

Unanswered Question
Feb 12th, 2010

Hello,

This is collapsed core design.

I have 3550  which has  a Gig access link connection   to core switch 2(6513) on vlan253.

It also has another access-link connection  to a 3524 switch on vlan 230.

3550 switch has ip address as 192.168.253.13 and default gateway 192.168.253.1 (core 2)  and no SVI for vlan230.

I am trying to connect a host on 3550 swi in vlan 30 with static ip address and see port UP and UP  but no connectevity.

Q1. On my host i am using a default gateway as 192.168.230.1. Is this a problem. if not what can be the problem?

Core 2 has route to 192.168.230.0 network. Core 2 does not any SVI for 230

I have noticed my network has lot of access link connection between switches and not trunks

Q2.What effect does this make?

Please advice

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Federico Coto F... Fri, 02/12/2010 - 16:31

Hi,

On you host connected to the 3550 using static IP, what is the IP (is it in the 192.168.230.x range and the same mask as the default gateway 192.168.230.1?) Also, which device is 192.168.230.1? This will tell us if there's any problem.

Having access links between switches instead of trunks have a difference that only a single VLAN can pass through that link.

Is this correct with your scenario?

Federico.

gurkamal01 Fri, 02/12/2010 - 17:22

Thanks for the reply,

Host has an ip of 192.168.230.x and vlan 230 exist on th 3550 switch

port connected to host is in vlan 230

Host ---->3550(No SVi for vlan230) ------> 3524(NO SVI for valn 230)-------> 3750(192.168.230.5) --------> content service switch

I am sorry the default gateway on host is 192.168.230.5

Leo Laohoo Fri, 02/12/2010 - 16:46

Is the port configured for VLAN 230?  Is VLAN 230 existing in the VLAN Database of the 3500XL?

Jon Marshall Fri, 02/12/2010 - 16:50

gurkamal01 wrote:


I have noticed my network has lot of access link connection between switches and not trunks

Q2.What effect does this make?

Please advice

Just to try and clarify exactly what is happening in your network, the difference between using access ports and trunks between switches -

(Leo / Federico - apologies if this seems a bit off topic but this is kind of a continuation of a couple of other posts so i'm just concentrating on Q2)


  SW1   <--- VLAN 253 ----> SW2

SW1 has vlan 10
SW2 has vlan 11

for any clients in vlan 10 to communicate with clients in vlan 11 you would need to route them across the vlan 253 link.


SW1 would need a L3 SVI for vlan 10 and a L3 SVI for vlan 253
SW2 would need a L3 SVI for vlan 11 and a L3 SVI for vlan 253

HI is in vlan 10
H2 is in vlan 11

H1 sends a packet to it's default-gateway which is the IP address of SVI for vlan 10. SW1 then routes the packet to vlan 253 and the packet is switched across the vlan 253 interconnect. When it arrives at SW2, SW2 routes the packet onto vlan 11 and to H2.

Now, if you wanted to put a host on SW1 into vlan 11 you can't do this because the 2 switches are separated by a different vlan. The key thing is with the above setup vlan 10 is isolated to SW1 and vlan 11 is isolated to SW2.

To understand exactly why it's important to understand how packets are switched/routed. Lets say we add another host

H3 is in vlan 10 but on SW2

So H1 wants to send a packet to H3. H1 knows it's own network by comparing it's IP address with it's subnet mask -

H1 = 192.168.5.10 255.255.255.0  so H1 knows it's subnet is 192.168.5.0

H3 has an IP of 192.168.5.12

H1 compares H3s IP with it's own subnet mask (it only knows it's own subnet mask) -  192.168.5.12 255.255.255.0 so H1 knows H3 is also on the 192.168.5.0 subnet.

Because they are on the same subnet the packet cannot be routed, it has to be switched. And the only way the packet could be L2 switched is either -

1) the interconnect between the 2 switches would have to be in vlan 10

or

2) the interconnect would have to be a trunk


SW1  <--- trunk ----> SW2

SW1 has vlan 10
SW2 has vlan 11

vlan 10 & 11 are allowed on the trunk

In the above setup you can put a host in vlan 10 on either switch and it will be able to communicate with a host in vlan 10 on the other switch. As for the SVIs, you can put both SVIs on SW1 or SW2 and it will work fine. The vlans are not isolated to each switch, they can be on both switches if that is what you want.

So in answer to your question, using access ports on interconnects isolates vlans on either side of the links that are not part of the vlan that you use to interconnect the switches. You cannot have the same L2 vlan on either side of the interconnect.

This is basically what it is happening in your network. You need to fully understand this so you can troubleshoot why you are having connectivity problems.

Jon

gurkamal01 Sat, 02/13/2010 - 13:20

Thanks for the reply,

Host has an ip of 192.168.230.x and vlan 230 exist on th 3550 switch

port connected to host is in vlan 230

Host ---->3550(No SVi for vlan230) ------> 3524(NO SVI for valn 230)-------> 3750(192.168.230.5) --------> content service switch

I am sorry the default gateway on host is 192.168.230.5

Please advice

gurkamal01 Sat, 02/13/2010 - 14:35

Hello,

I have added all the config files for the interconnected switch

Host ----> 3550------> 3524-------> 3750--------> Content service switch

please advice how can fix this problem

Attachment: 
Ganesh Hariharan Sun, 02/14/2010 - 00:02

Hello,

I have added all the config files for the interconnected switch

Host ----> 3550------> 3524-------> 3750--------> Content service switch

please advice how can fix this problem

           
        Attachments:                

Hi,

Configure SVI in 3750 and make this as default gateway for vlan 230 in which host is connected and in switches 3550 and 3524 cofnigure trunk ports and also configure default-network command towards 3750 Vlan 230 SVI.

Check out the belwo link to configure trunk port in switches

http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010f615.shtml

Hope to help !!

If helpful do rate the post

Ganesh.H

gurkamal01 Sun, 02/14/2010 - 01:07

Hi

3750 has a default gateway of 192.168.230.1

how will it help by having SVI for vlan230 on 3750.

i already have access port connections in vlan 230 going from 3550 to 3524 and also another access port in vlan230 going to 3750

I believe i only need a trunk if i need to carry multiple vlans

3750 has uplink connection to a cisco content service switch (11500).

please advice

Ganesh Hariharan Sun, 02/14/2010 - 01:20

Hello

This is collapsed core design.
I have 3550  which has  a Gig access link connection   to core switch 2(6513) on vlan253.
It also has another access-link connection  to a 3524 switch on vlan 230.
3550 switch has ip address as 192.168.253.13 and default gateway 192.168.253.1 (core 2)  and no SVI for vlan230.
I am trying to connect a host on 3550 swi in vlan 30 with static ip address and see port UP and UP  but no connectevity.
Q1. On my host i am using a default gateway as 192.168.230.1. Is this a problem. if not what can be the problem?
Core 2 has route to 192.168.230.0 network. Core 2 does not any SVI for 230
I have noticed my network has lot of access link connection between switches and not trunks
Q2.What effect does this make?

Thanks for the reply,

Host has an ip of 192.168.230.x and vlan 230 exist on th 3550 switch
port connected to host is in vlan 230
Host ---->3550(No SVi for vlan230) ------> 3524(NO SVI for valn 230)-------> 3750(192.168.230.5) --------> content service switch
I am sorry the default gateway on host is 192.168.230.5

Please advice

Hi,

Actually there is lots of confusion with above post which post is true i would go with the lates one

Host is connected in 3550 vlan 230 and gateway is configured as 192.168.230.5 what is this ip address is this SVI configured in 3750 switch for vlan 230 or something else ?

If SVI for vlan 230 then configure ip default-network command in 3550 and 3524 switches towards 192.168.230.5 and then check are you able to ping this ip or not 192.168.230.5

Hope to help

Ganesh.H

gurkamal01 Sun, 02/14/2010 - 01:28

Hi

  I am sorry about the confusion

192.168.230.5 is ip adress of 3750

3750 has a default gateway of 192.168.230.1

Q1 what should i use as deafult gateway on my host?

Q2 should i go ahead and put a default network command on 3550 and 3524?

Please Advice

Ganesh Hariharan Sun, 02/14/2010 - 01:39

Hi

  I am sorry about the confusion

192.168.230.5 is ip adress of 3750

3750 has a default gateway of 192.168.230.1

Q1 what should i use as deafult gateway on my host?

Q2 should i go ahead and put a default network command on 3550 and 3524?

Please Advice

Hi,

The problem is your connectivty in switch 3524 with 3550 and 3750,The port which are connected with 3550 and 3750 with 3524 are in different vlan that is in vlan 21 configured in switch 3524 port 0/1 and 0/2.

So change the port to vlan 230 and make a host default gateway as 3750 switch ip 192.168.230.5 and then check are you able to ping or not.

Hope to help

Ganesh.H

gurkamal01 Sun, 02/14/2010 - 02:13

HI

I am sorry but i checked gi0/1and gi0/2 are in vlan 230

I edited the config file of 3524 and by mistake deleted the Gig word

we can verify that in the config of 3550  as remote interface in cdp command

! can ping 192.168.230.5(3750) from 3550

when i do traceroute from 3550 it goes to core 2 swi (192.168.230.1)and then to  another switch and completes.

Is this because 3550 has default gateway of 192.168.230.1.

please advice

Ganesh Hariharan Sun, 02/14/2010 - 02:23

HI

I am sorry but i checked gi0/1and gi0/2 are in vlan 230

I edited the config file of 3524 and by mistake deleted the Gig word

we can verify that in the config of 3550  as remote interface in cdp command

! can ping 192.168.230.5(3750) from 3550

when i do traceroute from 3550 it goes to core 2 swi (192.168.230.1)and then to  another switch and completes.

Is this because 3550 has default gateway of 192.168.230.1.

please advice

Hi,

But the config files which you have uploaded it shows the ports are in vlan 21 which are connected to switch 3550 and 3750 and 3550 config file is havin a default gateway towards the ip default-gateway 192.168.253.1 in the uploaded file.

and for your query yes if default gateway is configured as 192.168.230.1 in 3550 which is the vlan 230 ip subnet as per the config file then it will land on to core 2 and then to switch 3750 switch SVI interface ip address 192.168.230.5, Hope that clear !!

Anyhow i would recommend you to have clear cut understanding of your network flow so that in future you wont have trouble to understand the traffic flow in your network and always whenever you do changes just note down the changes what ever yo have done on the switches or take complete backup of switches before doing any change in live network.

Hope to help !!

If helpful do rate the post

Ganesh.H

gurkamal01 Sun, 02/14/2010 - 02:34

Hi

the default gateway on 3550 is 192.168.253.1(core 2) and not 192.168.230.1 (my fault agian)

so how can i fix this problem

I have access connection of vlan 253 from 3550 to core 2

and another access connection of vlan 230 to 3524 SWI

Traceroute 192.168.230.5 first hits core 2 and goes ahead to destination

3550 does not have SVI for vlan 230 and nor does Core 2?

on core 2 i do see a route of 192.168.230.0(ospf) via vlan 253 when i do a show ip route

please advice

Ganesh Hariharan Sun, 02/14/2010 - 02:44

Hi

the default gateway on 3550 is 192.168.253.1(core 2) and not 192.168.230.1 (my fault agian)

so how can i fix this problem

I have access connection of vlan 253 from 3550 to core 2

and another access connection of vlan 230 to 3524 SWI

Traceroute 192.168.230.5 first hits core 2 and goes ahead to destination

3550 does not have SVI for vlan 230 and nor does Core 2?

on core 2 i do see a route of 192.168.230.0(ospf) via vlan 253 when i do a show ip route

please advice

Hi,

I think you should not do any changes because vlan 253 subnet is reachable via core 2 to switch 3550 and i have already told you that you need to discuss your entire network topology before doing any routing changes and need to finalise how the traffic will be moved between vlans.

With the current setup switch 3550 is able to ping vlan 253 ip address that is 192.168.230.5 via core 2,so your query in the thread is solved i suppose.

If you have any other query please feel to ask us !!

Hope to help !!

Ganesh.H

gurkamal01 Sun, 02/14/2010 - 14:02

Hi Ganesh,

Nobody has a information how traffic is sent in this network . Our Network is all messed up  and i am tryng to get it straight.All i need is you guys help and that i why i come to this forum and reate it when i get a correct answer.

Previous in this thread i was informed the following which creates confusion in my mind!

" SW1   <--- VLAN 253 ----> SW2

SW1 has vlan 10
SW2 has vlan 11

for any clients in vlan 10 to communicate with clients in vlan 11 you would need to route them across the vlan 253 link.


SW1 would need a L3 SVI for vlan 10 and a L3 SVI for vlan 253
SW2 would need a L3 SVI for vlan 11 and a L3 SVI for vlan 253

HI is in vlan 10
H2 is in vlan 11

H1 sends a packet to it's default-gateway which is the IP address of SVI for vlan 10. SW1 then routes the packet to vlan 253 and the packet is switched across the vlan 253 interconnect. When it arrives at SW2, SW2 routes the packet onto vlan 11 and to H2."

Q1 My question as nformed above is the 3550 does not have an SVI for vlan 230 and core 2 also doesnt have and SVI for vlan 230

only an access connection of vlan 230 goes from 3550 to Core 2. How is traffic going to core 2 and ahead when there is no SVI on both Core 2 and 3550 ?

I did a trace for 192.168.230.1 (vlan 230)and hits the core 2 and goes ahead . 3550 also has an access connection in vlan 230 to 3524.

The dafult gateway on 3550 is 192.168.253.1 (core 2) address.

Q2.why is traffic not going from 3550 to 3524 when i do a trace route.

Please advice

Jon Marshall Sun, 02/14/2010 - 15:37

Q1 My question as informed above is the 3550 does not have an SVI for vlan 230 and core 2 also doesnt have and SVI for vlan 230

only an access connection of vlan 230 goes from 3550 to Core 2. How is traffic going to core 2 and ahead when there is no SVI on both Core 2 and 3550 ?

You do not need an SVI to forward traffic in the same vlan ie.

H1 (vlan 10 ) -> SW1  <-- vlan 10 --> SW2 <--- vlan 10 ---> SW3 <--- vlan 10 ---> SW4 -> H2 (vlan 10)

in the above both H1 & H2 are in vlan 10. For H1 to talk to H2 and vice-versa you do not need an SVI anywhere for vlan 10. The traffic will simply be switched at L2 from SW1 to SW2 to SW3 and to SW4

H1 (vlan 10) -> SW1  <--- vlan 10 ---> SW2 <--- vlan 10 ---> SW3 <--- vlan 10 ---> SW4 ->  H2 (vlan 11)

In the above H1 is in vlan 10 and H2 in vlan 11.

SW4 has L3 SVI for vlan 10 and vlan 11. For H1 to talk to H2, H1 has to send the traffic to it's default-gateway. The default-gateway on H1 would be the L3 SVI for vlan 10 on SW4. So traffic goes to SW4 vlan 10 SVI. SW4 then routes the packet to H2 on vlan 11.

Key thing to note is that you need SVIs for both vlan 10 and vlan 11 for H1 & H2 to communicate. Also you only need one SVI for vlan 10 ie. you don't need an SVI on all the intermediate switches because you are not routing the traffic to SW4, you are switching the traffic at L2.

Your network is not setup in an optimal way as far as i can see but to change it you need to have an overall design/idea of how you want it to be. If you make individual changes on individual switches then it will not get better but even more complicated. By all means ask as many questions as you need on this forum but you do need to have an idea of where you are and where you want to be for us to help you properly.

Jon

gurkamal01 Sun, 02/14/2010 - 18:24

Thanks again

Jon

I just mad a typo in the earler post

Q1 My question as informed above is the 3550 does not have an SVI for vlan 230 and core 2 also doesnt have and SVI for vlan 230

only an access connection of vlan 230 goes from 3550 to Core 2. How is traffic going to core 2 and ahead when there is no SVI on both Core 2 and 3550 ?

Vlan 253 goes from 3550 to core 2  not vlan 230

vlan 230 access connection goes from 3550 to 3524

I would lke ask the folloeing question agian.

Q1 How is traffic going to core 2 and ahead when there is no SVI on both Core 2 and 3550 ?

I did a trace for 192.168.230.1 (vlan 230)and hits the core 2 and goes ahead . 3550 also has an access connection in vlan 230 to 3524.

The dafult gateway on 3550 is 192.168.253.1 (core 2) address.

Q2.why is traffic not going from 3550 to 3524 when i do a trace route

Thanks

gurkamal01 Sun, 02/14/2010 - 21:23

Please advice on this

I just mad a typo in the earler post

Q1 My question as informed above is the 3550 does not have an SVI for vlan 230 and core 2 also doesnt have and SVI for vlan 230

only an access connection of vlan 230 goes from 3550 to Core 2. How is traffic going to core 2 and ahead when there is no SVI on both Core 2 and 3550 ?

Vlan 253 goes from 3550 to core 2  not vlan 230

vlan 230 access connection goes from 3550 to 3524

I would lke ask the folloeing question agian.

Q1 How is traffic going to core 2 and ahead when there is no SVI on both Core 2 and 3550 ?

I did a trace for 192.168.230.1 (vlan 230)and hits the core 2 and goes ahead . 3550 also has an access connection in vlan 230 to 3524.

The dafult gateway on 3550 is 192.168.253.1 (core 2) address.

Q2.why is traffic not going from 3550 to 3524 when i do a trace route

Thanks

Actions

This Discussion