Conflict between L2 and L3

Answered Question
Aug 6th, 2010
User Badges:
  • Green, 3000 points or more

Hi All,


I need to locate a server that is located in the data centre. The problem is that I don't have physical access, so I'm doing the following:


The server has the IP 172.16.9.12

The CORE switch 4506 shows the IP directly connected and the MAC via Port-Channel 6:


sw1-4506#sh arp | i 172.16.9.12
Internet  172.16.9.12            18   0004.0d05.b12f  ARPA   Vlan14


sw1-4506#sh mac address-table address 0004.0d05.b12f
Unicast Entries
vlan   mac address     type        protocols               port
-------+---------------+--------+---------------------+--------------------
  14    0004.0d05.b12f   dynamic ip,ipx,assigned,other Port-channel6


So, from the above, I assume that the server is located through Port-Channel 6.

The problem is that Port-Channel 6 connects to a 3750 switch.


sw1-4506#

Port-channel: Po6
------+------+------+------------------+-----------
  0     00     Gi2/3    Desirable-Sl       0
  1     00     Gi3/6    Desirable-Sl       0


Both ports Gig2/3 and Gig3/6 are connected to the 3750


sw1-4506#

sw3750-central.ln.corp.nacion.com
                 Gig 3/6           138              S I   WS-C3750G Gig 1/0/50
sw3750-central.ln.corp.nacion.com
                 Gig 2/3           138              S I   WS-C3750G Gig 1/0/49


Now, this is the part that I don't understand:


The 3750 thinks that in order to reach the server 172.16.9.12, it should send the traffic back to the 4506.


sw3750-central#trace 172.16.9.12

  1 172.16.10.2 8 msec 0 msec 8 msec
  2 172.16.9.12 9 msec 8 msec 0 msec


sw1-4506#sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  172.16.10.2     YES NVRAM  up                    up     


Could somebody explian this to me please???


Thank you!!


Federico.

Correct Answer by Jon Marshall about 6 years 10 months ago

Federico


You won't see an arp entry on the 3750. The only arp entries you will see on the 3750 are arps for devices in the same subnet as the L3 SVI on the 3750 ie. any other switches in the 172.16.10.x network and obviously the default-gateway. Because the 3750 is only L2 switching it will only arp out for devices in it's own subnet. Because the 4500 is doing the inter-vlan routing that is where the full arp table will be.


What you should see on the 3750 is the mac-address of the server in the mac-address table because that is a L2 table.


Jon

Correct Answer by Jon Marshall about 6 years 10 months ago

Federico


If the 3750 is acting a L2 switch which it sounds like it is then it all depends on the subnet it's management vlan is in. So if the L3 SVI on the 3750 is not in the server subnet then the 3750  will send the packet to it's default-gateway, presumably on the 4500 and the 4500 will route the packet onto the server subnet and switch it back to the 3750 in the correct vlan.


From the traceroute output it looks like the 3750 L3 SVI for management is in 172.16.10.x subnet.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
Correct Answer
Jon Marshall Fri, 08/06/2010 - 10:45
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Federico


If the 3750 is acting a L2 switch which it sounds like it is then it all depends on the subnet it's management vlan is in. So if the L3 SVI on the 3750 is not in the server subnet then the 3750  will send the packet to it's default-gateway, presumably on the 4500 and the 4500 will route the packet onto the server subnet and switch it back to the 3750 in the correct vlan.


From the traceroute output it looks like the 3750 L3 SVI for management is in 172.16.10.x subnet.


Jon

Federico Coto F... Fri, 08/06/2010 - 10:58
User Badges:
  • Green, 3000 points or more

John correct!


The 3750 is acting as a L2 switch and the management IP is 172.16.10.200


sw3750-central#sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  172.16.10.200   YES NVRAM  up                    up
    


I understand now why the 3750 sends the packet back to the 4506.

Now, I should see an ARP entry on the 3750 for the server?


sw3750-central#sh arp | i 172.16.9.12

sw3750-central#


If I understand correctly, the server is physically connected to a port on this 3750. I don't know why I don't see the ARP entry on the 3750 (I see it only on the 4506)


Federico.

Correct Answer
Jon Marshall Fri, 08/06/2010 - 11:58
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Federico


You won't see an arp entry on the 3750. The only arp entries you will see on the 3750 are arps for devices in the same subnet as the L3 SVI on the 3750 ie. any other switches in the 172.16.10.x network and obviously the default-gateway. Because the 3750 is only L2 switching it will only arp out for devices in it's own subnet. Because the 4500 is doing the inter-vlan routing that is where the full arp table will be.


What you should see on the 3750 is the mac-address of the server in the mac-address table because that is a L2 table.


Jon

Federico Coto F... Fri, 08/06/2010 - 12:03
User Badges:
  • Green, 3000 points or more

John,


Not much to say besides thank you very much!

It solved my problem.


sw3750-central#sh mac address-table address 0004.0d05.b12f
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  14    0004.0d05.b12f    DYNAMIC     Gi1/0/41


If I could ask you something else, it will be this:


The EtherChannel between two devices does not have to match the number correct?

i.e.

Port-Channel 6 (4506)  connects to Port-Channel 1 (3750)


Thank you again.


Federico.


Jon Marshall Fri, 08/06/2010 - 12:07
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Federico


No problem, glad to have helped.


No, port-channel numbers do not need to match between switches ie. they are locally significant on the switch only.


Jon

burleyman Fri, 08/06/2010 - 13:51
User Badges:
  • Blue, 1500 points or more

Jon,


Read through this post and the info was great so 5+ all around.


Mike

Jon Marshall Fri, 08/06/2010 - 15:44
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mike


Many thanks for the ratings and kind words.


Federico


Forgot to say many thanks for the ratings as well.


Jon

Actions

This Discussion