Conflict between L2 and L3

Answered Question
Aug 6th, 2010

Hi All,

I need to locate a server that is located in the data centre. The problem is that I don't have physical access, so I'm doing the following:

The server has the IP 172.16.9.12

The CORE switch 4506 shows the IP directly connected and the MAC via Port-Channel 6:

sw1-4506#sh arp | i 172.16.9.12
Internet  172.16.9.12            18   0004.0d05.b12f  ARPA   Vlan14

sw1-4506#sh mac address-table address 0004.0d05.b12f
Unicast Entries
vlan   mac address     type        protocols               port
-------+---------------+--------+---------------------+--------------------
  14    0004.0d05.b12f   dynamic ip,ipx,assigned,other Port-channel6

So, from the above, I assume that the server is located through Port-Channel 6.

The problem is that Port-Channel 6 connects to a 3750 switch.

sw1-4506#

Port-channel: Po6
------+------+------+------------------+-----------
  0     00     Gi2/3    Desirable-Sl       0
  1     00     Gi3/6    Desirable-Sl       0

Both ports Gig2/3 and Gig3/6 are connected to the 3750

sw1-4506#

sw3750-central.ln.corp.nacion.com
                 Gig 3/6           138              S I   WS-C3750G Gig 1/0/50
sw3750-central.ln.corp.nacion.com
                 Gig 2/3           138              S I   WS-C3750G Gig 1/0/49

Now, this is the part that I don't understand:

The 3750 thinks that in order to reach the server 172.16.9.12, it should send the traffic back to the 4506.

sw3750-central#trace 172.16.9.12

  1 172.16.10.2 8 msec 0 msec 8 msec
  2 172.16.9.12 9 msec 8 msec 0 msec

sw1-4506#sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  172.16.10.2     YES NVRAM  up                    up     

Could somebody explian this to me please???

Thank you!!

Federico.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 4 months ago

Federico

You won't see an arp entry on the 3750. The only arp entries you will see on the 3750 are arps for devices in the same subnet as the L3 SVI on the 3750 ie. any other switches in the 172.16.10.x network and obviously the default-gateway. Because the 3750 is only L2 switching it will only arp out for devices in it's own subnet. Because the 4500 is doing the inter-vlan routing that is where the full arp table will be.

What you should see on the 3750 is the mac-address of the server in the mac-address table because that is a L2 table.

Jon

Correct Answer by Jon Marshall about 6 years 4 months ago

Federico

If the 3750 is acting a L2 switch which it sounds like it is then it all depends on the subnet it's management vlan is in. So if the L3 SVI on the 3750 is not in the server subnet then the 3750  will send the packet to it's default-gateway, presumably on the 4500 and the 4500 will route the packet onto the server subnet and switch it back to the 3750 in the correct vlan.

From the traceroute output it looks like the 3750 L3 SVI for management is in 172.16.10.x subnet.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
Correct Answer
Jon Marshall Fri, 08/06/2010 - 10:45

Federico

If the 3750 is acting a L2 switch which it sounds like it is then it all depends on the subnet it's management vlan is in. So if the L3 SVI on the 3750 is not in the server subnet then the 3750  will send the packet to it's default-gateway, presumably on the 4500 and the 4500 will route the packet onto the server subnet and switch it back to the 3750 in the correct vlan.

From the traceroute output it looks like the 3750 L3 SVI for management is in 172.16.10.x subnet.

Jon

Federico Coto F... Fri, 08/06/2010 - 10:58

John correct!

The 3750 is acting as a L2 switch and the management IP is 172.16.10.200

sw3750-central#sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  172.16.10.200   YES NVRAM  up                    up
    

I understand now why the 3750 sends the packet back to the 4506.

Now, I should see an ARP entry on the 3750 for the server?

sw3750-central#sh arp | i 172.16.9.12

sw3750-central#

If I understand correctly, the server is physically connected to a port on this 3750. I don't know why I don't see the ARP entry on the 3750 (I see it only on the 4506)

Federico.

Correct Answer
Jon Marshall Fri, 08/06/2010 - 11:58

Federico

You won't see an arp entry on the 3750. The only arp entries you will see on the 3750 are arps for devices in the same subnet as the L3 SVI on the 3750 ie. any other switches in the 172.16.10.x network and obviously the default-gateway. Because the 3750 is only L2 switching it will only arp out for devices in it's own subnet. Because the 4500 is doing the inter-vlan routing that is where the full arp table will be.

What you should see on the 3750 is the mac-address of the server in the mac-address table because that is a L2 table.

Jon

Federico Coto F... Fri, 08/06/2010 - 12:03

John,

Not much to say besides thank you very much!

It solved my problem.

sw3750-central#sh mac address-table address 0004.0d05.b12f
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  14    0004.0d05.b12f    DYNAMIC     Gi1/0/41

If I could ask you something else, it will be this:

The EtherChannel between two devices does not have to match the number correct?

i.e.

Port-Channel 6 (4506)  connects to Port-Channel 1 (3750)

Thank you again.

Federico.

Jon Marshall Fri, 08/06/2010 - 12:07

Federico

No problem, glad to have helped.

No, port-channel numbers do not need to match between switches ie. they are locally significant on the switch only.

Jon

burleyman Fri, 08/06/2010 - 13:51

Jon,

Read through this post and the info was great so 5+ all around.

Mike

Jon Marshall Fri, 08/06/2010 - 15:44

Mike

Many thanks for the ratings and kind words.

Federico

Forgot to say many thanks for the ratings as well.

Jon

Actions

This Discussion