Traceroute

Answered Question
Feb 15th, 2010

Hi

I have 3550  which has  a Gig access link connection   to core switch 2(6513) on vlan253.

It also has another access-link connection  to a 3524 switch on vlan 230.

3550 switch has a  default gateway 192.168.253.1 (core 2)  and no SVI for vlan230.

Core 2 has route to 192.168.230.0 network. Core 2 does not any SVI for 230

This is how the network looks

Host ---->3550(No SVi for vlan230) ------> 3524(NO SVI for valn 230)-------> 3750(192.168.230.5) --------> content service switch

Q1 How is traffic going to core 2 and ahead when there is no SVI on both Core 2 and 3550  when i do a trace to vlan 230 network?

I did a trace for 192.168.230.1 (vlan 230)and hits the core 2 and goes ahead . 3550 also has an access connection in vlan 230 to 3524.

The dafult gateway on 3550 is 192.168.253.1 (core 2) address.

Q2.why is traffic not going from 3550 to 3524 when i do a trace route to vlan 230 network

am attaching the config files of 3550,3524 and 3950 .

Thanks

Please advice

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 9 months ago

The above wouldn't work because of what we discussed earlier ie. you cannot route to the same vlan over a link that is not in that vlan.

Q1 why is this not possible as core 2 does not have vlan 230

host wii send packet for vlan 230 on 3550 it goes to vlan 230 SVI  and then sent thru L2 access connection of vlan 253 to core 2

when packet arrives in vlan 253 at core it can route it to 192.168.230.0 network which sits on core 2. this is waht your below post said earlier.

As per your earlier post you stated the following

SW1   <--- VLAN 253 ----> SW2

SW1 has vlan 10
SW2 has vlan 11

for any clients in vlan 10 to communicate with clients in vlan 11 you would need to route them across the vlan 253 link.


Because it's not the same. In my example the vlans are different so traffic on SW1 with a destination IP of vlan 11 would be routed across the vlan 253 link.

In your example traffic on 3550 with a destination IP of vlan 230 is simply routed onto vlan 230 ie. you are trying to the to the same vlan at either end - vlan 230. In the example i gave the vlans at either end are not the same hence you can route to get there.

Q2. Also when i turned ip routing ON on 3550 from my workstation i lost connectivity to the 3550. As a solution i logged  into core 2 and telneted to 3550 from core 2 which worked fine. Can anybody please explain why this happened?

This happened because when you turn on routing the "default-gateway" configured on the 3550 is no longer used. You need to replace the following line in your config

ip default-gateway 192.168.253.1

with

ip route 0.0.0.0 0.0.0.0 192.168.253.1

Thanks for the diagram. I have had a look and from the diagram there should be no reason why the server cannot get access on the 3550. Are you sure when you connected the server into the 3550 that the port you connected it into was allocated to vlan 230 eg.

int fa0/10         <-- this is the server port

switchport mode access

switchport access vlan 230

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Jon Marshall Mon, 02/15/2010 - 01:47

Where are you doing the traceroute from ?

If the switch is not routing then it will it's default-gateway and send packets to that address. If you have a host then the host will use it's own default-gateway.

So it's important to understand where you are doing the traceroute from because the switch and the host might be using different default-gateways.

Jon

Kevin Dorrell Mon, 02/15/2010 - 02:12

If you are tracing from the host, it does not matter what the default-gateway is on the switch.  If the switch is layer-2, then the default-gateway only applies to packets originating from the switch itself.  If the switch is layer-3, then the configured default-gateway is irrelevant ... the default route is determined by other means.

What actually matters is which VLAN the host is in, and what it has configured as a default gateway.  That is the first hop at layer-3.  After that, it depends on the routing table at that gateway.

Can you show us a show ip route on the 3550?

Kevin Dorrell

Luxembourg

gurkamal01 Mon, 02/15/2010 - 09:58

Thanks for the reply

My host is vlan 230 with default gateway  192.168.230.1. switchport is vlan 230

Here is the detail from show ip route on 3550 switch

Default gateway is 192.168.253.1

Host               Gateway           Last Use    Total Uses  Interface
207.107.192.30     192.168.253.15        0:15          5816  Vlan253
207.42.82.30       192.168.253.1         0:02         15200  Vlan253

My client is complaining that when i connect server to 3550 he get no network connectivity but when i connect to 3524 it works

gurkamal01 Mon, 02/15/2010 - 21:31

Please help in this

Thanks

Info for question 4

3550 has 2 neigbors

  1. 3524
  2. core 2 Swi

3550 is connected to core 2 thru an access connection of vlan 253 on port Gi0/1

3550 is connected to 3524 thru acces connection of vlan 230 on port Gi0/2

3524 has 4 neibors ------

  1. 3550
  2. 3750
  3. CSS1(content service switch)
  4. CSS2 (content service switch)

3524 is connected to 3750 thru access connection of vlan 230 on port G0/1

3524 is connected to 3550 thru access connection of vlan 230 on port Gi0/2

3524  is connected to CSS1 thru access connection of vlan 21 on port fa0/8

3524  is connected to CSS2 thru access connection of vlan 253 on port fa0/12

As  for Q3. I read the previous post for last couple of days

do you i think i should go ahead and enable ip routing on 3550 and create SVI of vlan 230 on 3550

So when host sends packet for vlan 230 on 3550 it goes to vlan 230 SVI  and then sent thru L2 access connection of vlan 253 to core 2

when packet arrives in vlan 253 at core it can route it to 192.168.230.0 network which sits on core 2

please advice

Please advice

Jon Marshall Tue, 02/16/2010 - 02:49

When you connect the host to the 3524 and the 3550 switches are you putting the port the host is connected to into vlan 230 ?

As  for Q3. I read the previous post for last couple of days

do you i think i should go ahead and enable ip routing on 3550 and create SVI of vlan 230 on 3550

So when host sends packet for vlan 230 on 3550 it goes to vlan 230 SVI  and then sent thru L2 access connection of vlan 253 to core 2

when packet arrives in vlan 253 at core it can route it to 192.168.230.0 network which sits on core 2

please advice

The above wouldn't work because of what we discussed earlier ie. you cannot route to the same vlan over a link that is not in that vlan.

Could you do me a favour and do a very quick drawing of just this situation ie. please show just switches that are involved with vlan 230 so that would include the 3550 and core 2 and any other switches. Also can you make clear which switches have SVIs for vlan 230 and what extra config there is ie. you talk of a route on core 2, can you post the details of that.

If we can get a diagram of the setup for vlan 230 then it will help me explain exactly what is going on and why certain things work and others don't.

Jon

gurkamal01 Tue, 02/16/2010 - 12:13

Jon,

Q3. I read the previous post for last couple of days

do you i think i should go ahead and enable ip routing on 3550 and create SVI of vlan 230 on 3550

So when host sends packet for vlan 230 on 3550 it goes to vlan 230 SVI  and then sent thru L2 access connection of vlan 253 to core 2

when packet arrives in vlan 253 at core it can route it to 192.168.230.0 network which sits on core 2

please advice

The above wouldn't work because of what we discussed earlier ie. you cannot route to the same vlan over a link that is not in that vlan.

Q1 why is this not possible as core 2 does not have vlan 230

host wii send packet for vlan 230 on 3550 it goes to vlan 230 SVI  and then sent thru L2 access connection of vlan 253 to core 2

when packet arrives in vlan 253 at core it can route it to 192.168.230.0 network which sits on core 2. this is waht your below post said earlier.

As per your earlier post you stated the following

SW1   <--- VLAN 253 ----> SW2

SW1 has vlan 10
SW2 has vlan 11

for any clients in vlan 10 to communicate with clients in vlan 11 you would need to route them across the vlan 253 link.


SW1 would need a L3 SVI for vlan 10 and a L3 SVI for vlan 253
SW2 would need a L3 SVI for vlan 11 and a L3 SVI for vlan 253

HI is in vlan 10
H2 is in vlan 11

H1 sends a packet to it's default-gateway which is the IP address of SVI for vlan 10. SW1 then routes the packet to vlan 253 and the packet is switched across the vlan 253 interconnect. When it arrives at SW2, SW2 routes the packet onto vlan 11 and to H2.

i have attached a diagram for the vlan 230 and the switches.

Q2. Also when i turned ip routing ON on 3550 from my workstation i lost connectivity to the 3550. As a solution i logged  into core 2 and telneted to 3550 from core 2 which worked fine. Can anybody please explain why this happened?

Here is the ouput from core 2 for sh ip route

Core02#sh ip route | inc 192.168.230.0
O    192.168.230.0/24 [110/2] via 192.168.253.8, 1d03h, Vlan253

Please advice

Attachment: 
Correct Answer
Jon Marshall Wed, 02/17/2010 - 09:30

The above wouldn't work because of what we discussed earlier ie. you cannot route to the same vlan over a link that is not in that vlan.

Q1 why is this not possible as core 2 does not have vlan 230

host wii send packet for vlan 230 on 3550 it goes to vlan 230 SVI  and then sent thru L2 access connection of vlan 253 to core 2

when packet arrives in vlan 253 at core it can route it to 192.168.230.0 network which sits on core 2. this is waht your below post said earlier.

As per your earlier post you stated the following

SW1   <--- VLAN 253 ----> SW2

SW1 has vlan 10
SW2 has vlan 11

for any clients in vlan 10 to communicate with clients in vlan 11 you would need to route them across the vlan 253 link.


Because it's not the same. In my example the vlans are different so traffic on SW1 with a destination IP of vlan 11 would be routed across the vlan 253 link.

In your example traffic on 3550 with a destination IP of vlan 230 is simply routed onto vlan 230 ie. you are trying to the to the same vlan at either end - vlan 230. In the example i gave the vlans at either end are not the same hence you can route to get there.

Q2. Also when i turned ip routing ON on 3550 from my workstation i lost connectivity to the 3550. As a solution i logged  into core 2 and telneted to 3550 from core 2 which worked fine. Can anybody please explain why this happened?

This happened because when you turn on routing the "default-gateway" configured on the 3550 is no longer used. You need to replace the following line in your config

ip default-gateway 192.168.253.1

with

ip route 0.0.0.0 0.0.0.0 192.168.253.1

Thanks for the diagram. I have had a look and from the diagram there should be no reason why the server cannot get access on the 3550. Are you sure when you connected the server into the 3550 that the port you connected it into was allocated to vlan 230 eg.

int fa0/10         <-- this is the server port

switchport mode access

switchport access vlan 230

Jon

Jon Marshall Mon, 02/15/2010 - 02:02

gurkamal01 wrote:


Core 2 has route to 192.168.230.0 network. Core 2 does not any SVI for 230

This is how the network looks

Host ---->3550(No SVi for vlan230) ------> 3524(NO SVI for valn 230)-------> 3750(192.168.230.5) --------> content service switch

Q1 How is traffic going to core 2 and ahead when there is no SVI on both Core 2 and 3550  when i do a trace to vlan 230 network?

I did a trace for 192.168.230.1 (vlan 230)and hits the core 2 and goes ahead . 3550 also has an access connection in vlan 230 to 3524.

The dafult gateway on 3550 is 192.168.253.1 (core 2) address.

Q2.why is traffic not going from 3550 to 3524 when i do a trace route to vlan 230 network

am attaching the config files of 3550,3524 and 3950 .

Thanks

Please advice

Q1 - if the default-gateway is core 2 then the 3550 switch will send all it's traffic to that gateway because the 3550 switch is acting as a L2 switch. It doesn't matter if the 3550 has a connection in vlan 230, it will still send it's traffic to core 2.

There are 2 instances where it would use it's vlan 230 link to the 3524 -

1) if the SVI on the 3550 was an SVI for vlan 230 instead of vlan 253

or

2) if the 3550 was routing and had multiple SVIs one of which was vlans 230.

It's important to understand that if a switch is acting as a L2 switch then the SVI on that switch is only used to manage the switch. And if the packet is being L2 switched across other switches it doesn't matter what SVIs they have, they will not be used. L2 switching means you send the packet based on the mac-address. So not all SVIs on switches do the same thing.

On a L3 switch that is routing the SVIs do indeed forward packets but that is not the case here.

So you do a traceroute to vlan 230 network. The 3550 has an SVI in vlan 253 so that is not the same vlan. We covered how clients etc. compare their IP address and subnet mask with the destination address in another thread -

3550 IP - 192.168.253.65 255.255.255.0  which means it's on network 192.168.253.

destination IP is 192.168.230.x  which means destination is on 192.168.230

192.168.253 does not equal 192.168.230 so the 3550 switch has to send the traffic to the default-gateway which is core 2. That is why traffic goes to core 2.

I think some of the confusion is coming because of the SVIs on switches. Before you doing anything else you need to work out whether the switch is acting as a L2 switch or a L3 switch. Just because it has an SVI does not mean it is acting as a L3 switch.

3550/3560/3750/4500/6500 switches are all capable of acting as a L3 switches, however they are also capable of acting as L2 switches. The beahviour of the switch is very different depending on which it is doing. You need to check whether the switch is running "ip routing". If not then it acting as a L2 switch and it can only send it's own packets to remote vlans by sendng packets to it's default-gateway.

Jon

gurkamal01 Mon, 02/15/2010 - 10:06

Thanks for the awesome explanation

As you mentioned in the previous post

There are 2 instances where it would use it's vlan 230 link to the 3524 -

1) if the SVI on the 3550 was an SVI for vlan 230 instead of vlan 253

My question is

Q1 Can i create another SVI on 3550 for vlan 230, Will this work.

Q2.Also you have noticed in the config of 3524 it doesn't have a default gateway .How will packets generated from 3524 go ahead as 3524 does not have a deafault gateway?

My client is complaining that when i connect server to 3550 he get no network connectivity but when i connect to 3524 it works

Please advice

Jon Marshall Mon, 02/15/2010 - 10:40

gurkamal01 wrote:

Thanks for the awesome explanation

As you mentioned in the previous post

There are 2 instances where it would use it's vlan 230 link to the 3524 -

1) if the SVI on the 3550 was an SVI for vlan 230 instead of vlan 253

My question is

Q1 Can i create another SVI on 3550 for vlan 230, Will this work.

Q2.Also you have noticed in the config of 3524 it doesn't have a default gateway .How will packets generated from 3524 go ahead as 3524 does not have a deafault gateway?

My client is complaining that when i connect server to 3550 he get no network connectivity but when i connect to 3524 it works

Please advice

Q1 - yes you could create another SVI on 3550 for vlan 230. To do this you would have to enable "ip routing" to be able to have 2 SVIs up and running at the same time. However enabling ip routing and having multiple SVIs should not be used just so the switch itself can reach 2 different networks through 2 different SVIs. You should work out why access is not working and change the config accordingly.

Q2 - if the 3524 has not default-gateway then the switch will only be able to communicate with other devices that are in the same vlan as it's SVI.

A key thing to understand is that when you connect a client to L2 switch, unless the client is in the same vlan as the SVI on the switch then if you test connectivity to a destination from the switch that does not emulate what happens from the client.

So lets say you have a L2 switch with 4 vlans - 5,6,7,8. The switch itself has an SVI in vlan 5 and it's default-gateway is the L3 SVI for vlan 5 on a L3 switch. If you connect a client on a port in vlan 6 on the 3550 then do a traceroute from the switch and a traceroute from the client the two are not doing the same thing.  So if you are testing end user connectivity and the vlan is different from the SVI on the layer 2 switch it is no good testing from the switch.

Jon

gurkamal01 Mon, 02/15/2010 - 12:09

Hi

When i do  sh ip route on 3550 it shows the following

Default gateway is 192.168.253.1

Host               Gateway           Last Use    Total Uses  Interface
207.107.192.30     192.168.253.15        0:15          5816  Vlan253
207.42.82.30       192.168.253.1         0:02         15200  Vlan253

Q1.So this means its a L3 switch right?

As mentioned arlier in your post

"if the 3524 has no default-gateway then the switch will only be able to communicate with other devices that are in the same vlan as it's SVI"

When i check 3524 i only see an SVI for vlan 21 (205.162.136.x) the swi is L2  . 3524 has vlan 253,230 and 21 and no default gateway

Q2 if i connect an host on 3524 on vlan 230 will it communicate thru access port connection (vlan 230) to the 3750 which has default gateway of 192.168.230.1 and an svi of 192.168.230.5

Q3. If i create SVI of vlan 230 on 3550 and make it L3  and core2  has route to 192.168.230.0 do i still need an SVI of vlan 230 on core 2 for connectivity?

Q4. By looking at the config files of 3550 and 3524 can you see why server is getting connectivity from 3524 and not 3550. Server is using default gateway of 192.168.230.1

Please advice

Jon Marshall Mon, 02/15/2010 - 13:26

gurkamal01 wrote:

Hi

When i do  sh ip route on 3550 it shows the following

Default gateway is 192.168.253.1

Host               Gateway           Last Use    Total Uses  Interface
207.107.192.30     192.168.253.15        0:15          5816  Vlan253
207.42.82.30       192.168.253.1         0:02         15200  Vlan253

Q1.So this means its a L3 switch right?

As mentioned arlier in your post

"if the 3524 has no default-gateway then the switch will only be able to communicate with other devices that are in the same vlan as it's SVI"

When i check 3524 i only see an SVI for vlan 21 (205.162.136.x) the swi is L2  . 3524 has vlan 253,230 and 21 and no default gateway

Q2 if i connect an host on 3524 on vlan 230 will it communicate thru access port connection (vlan 230) to the 3750 which has default gateway of 192.168.230.1 and an svi of 192.168.230.5

Q3. If i create SVI of vlan 230 on 3550 and make it L3  and core2  has route to 192.168.230.0 do i still need an SVI of vlan 230 on core 2 for connectivity?

Q4. By looking at the config files of 3550 and 3524 can you see why server is getting connectivity from 3524 and not 3550. Server is using default gateway of 192.168.230.1

Please advice

Q1 - no it looks like it is a L2 switch because it doesn't have ip routing enabled in the config and for the 3550 you need to enable it and it is reporting a default-gateway not a default route

Q2  You are still confusing switch default-gateways with host default-gateways. If you connect a host into vlan 230 then it will send traffic to it's default-gateway, whatever that is you have configured. It doesn't matter what the default-gateway on the 3750 is. All that matters is

1) where is the default-gateway you have assigned to the host ie. which device

and

2) what is the L2 path for vlan 230 from the 3524 to that device in 1. If the L2 path goes through the 3750 then yes traffic will go to the 3750 but that has nothing to do with the L3 SVI on the 3750 or the default-gateway set on the 3750.

If the 3750 was acting as a L3 switch and routing for vlans then you would set the default-gateway on the host to be the IP address of the SVI for vlan 230 on the 3750. But as far as i am aware your 3750 is not acting as a L3 switch

Q3  You need to reread all the other posts we have exchanged over the last couple of days. Concentrate on the differences between routing and switching and what that means in terms of SVIs on switches.

To answer Q4 can you provide the following info -

1) the 3550 is connected to which switches ?  and which vlan are the ports that connect to these switches in ie. the ports on the 3550

2) the 3524 is connected to which switches ? and which vlan(s) are the ports in

Jon

gurkamal01 Mon, 02/15/2010 - 14:20

Thanks

Info for question 4

3550 has 2 neigbors

  1. 3524
  2. core 2 Swi

3550 is connected to core 2 thru an access connection of vlan 253 on port Gi0/1

3550 is connected to 3524 thru acces connection of vlan 230 on port Gi0/2

3524 has 4 neibors ------

  1. 3550
  2. 3750
  3. CSS1(content service switch)
  4. CSS2 (content service switch)

3524 is connected to 3750 thru access connection of vlan 230 on port G0/1

3524 is connected to 3550 thru access connection of vlan 230 on port Gi0/2

3524  is connected to CSS1 thru access connection of vlan 21 on port fa0/8

3524  is connected to CSS2 thru access connection of vlan 253 on port fa0/12

As  for Q3. I read the previous post for last couple of days

do you i think i should go ahead and enable ip routing on 3550 and create SVI of vlan 230 on 3550

So when host sends packet for vlan 230 on 3550 it goes to vlan 230 SVI  and then sent thru L2 access connection of vlan 253 to core 2

when packet arrives in vlan 253 at core it can route it to 192.168.230.0 network which sits on core 2

please advice

Please advice

gurkamal01 Wed, 02/17/2010 - 06:52

Jon,

Can you please advice on the above post

I will really appreciate that.

I have posted the diagram

Regards

Actions

This Discussion