cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3224
Views
0
Helpful
15
Replies

4006 not passing broadcasts

heath.barnhart
Level 1
Level 1

Here's a good one I'm stuck on.

Most of my buildings are divided up by VLANs. In one particular building, no one else in the buildings VLAN can communicate with devices on the third floor. From what I can gather so far from my troubleshooting, the switch doesn't appear to be passing incoming broadcasts. I'm fairly certain both L2 and L3 broadcasts are effected. Devices connected to the 4006 appear to be able to use broadcasts, as they are getting their addresses via DHCP. ARP packets sent from within the VLAN from other parts of the building never reach the third floor. I can ping the devices from the core and other networks, as the core does have ARP entries for the other devices.

The switch on the third floor is a 4006 with a SUPII running CatOS. The next upstream switch is a 375012S, which is the distribution switch. From there it goes to our core router. The uplink between the 4006 and the 375012 is multimode fiber (SX transcievers). There are no port errors on any of the uplinks. The 4006 does show one of the Ethernet line cards as faulty, but client communtications appear to be working and I have confirmed that clients on the other cards can not be contacted as well.

I'm really grasping at straws at this point. I have scheduled after hours maintenance this week, any thing I should try? I was going to take another switch over to confirm/deny the problem lies in the 4006, possibly reboot the 4006.

Any suggestions would be helpful.

15 Replies 15

boss.silva
Level 1
Level 1

Hello,

Correct me if i'm wrong, please. You want broadcasts on one vlan to be sent out another vlan.

If yes, that's how it should work. a vlan is a broadcast segment, and the hosts will only see broadcasts for the vlan it is connected to.    

Regards,

Bruno Silva.

No, the broadcasts from devices in the vlan (VL60) are not reaching clients in the same vlan connected to this 4006. From what I can tell from my captures, clients connected to the 4006 can see each other's broadcasts and can make broadcasts out. Unicast traffic isn't effected.

Heath

Hello,

Do you have any other L2 switch with devices on vlan 60? I don't see it mentioned on the question.

If yes, can you please post the sanitized configs? Also, make sure you have the trunks allowing this vlan to pass through.

Regards,

Bruno Silva.

Bruno,

The trunks are there, otherwise other stuff wouldn't work either (first place I looked).

There are several L2 devices in VL60. The VLAN interface resides on our core (6509). Off the core is a trunk link to the buildings distribution switch, a375012s. The 375012 feeds off to the various closets in the building, including a stack of 3750s, a 4503, a 2900, and another 4006.

Port 1/1 is the uplink to the 375012. In addition to the 4006's config what other devices' configs would you like?

#dot1x

set feature dot1x-radius-keepalive disable

!

#system

set system name  hlrc300c4006p

set system location

set system contact

!

#Default Inlinepower

set inlinepower defaultallocation 6000

!

#frame distribution method

set port channel all distribution mac both

!

#snmp

set snmp community read-only      1t5pub1t5

set snmp community read-write     1t5priv1t5

set snmp trap enable  module

set snmp trap enable  chassis

set snmp trap enable  vtp

set snmp trap enable  vlancreate

set snmp trap enable  vlandelete

set snmp trap enable  auth

set snmp trap enable entityfr

set snmp trap enable  ippermit

set snmp targetaddr  nms param  ip_addr 10.30.0.8 udpport 162 maxmsgsize 484 timeout 1500 retries 3 nonvolatile

set snmp trap enable  vmps

set snmp trap enable  entity

set snmp trap enable  config

set snmp trap enable  stpx

set snmp trap enable  syslog

set snmp trap enable  system

set snmp trap enable  envfan

set snmp trap enable  envpower

set snmp trap enable  envstate

set snmp trap x.x.x.x 1t5pub1t5 port 162 owner CLI index 1

!

#tacacs+

set tacacs server x.x.x.x primary

set tacacs key c15c0

!

#authentication

set authentication login tacacs enable console primary

set authentication login tacacs enable telnet primary

set authentication login tacacs enable http primary

set authentication enable tacacs enable console primary

set authentication enable tacacs enable telnet primary

set authentication enable tacacs enable http primary

!

#Local User

#vtp

set vtp domain washburn

set vtp mode client vlan

!

#ip

set interface sc0 1 192.168.254.224/255.255.254.0 192.168.255.255

set interface sl0 down

set interface me1 down

set ip route 0.0.0.0/0.0.0.0         192.168.254.254

set ip alias default         0.0.0.0

!

#rcp

set rcp username cwuser

!

#dns

set ip dns server x.x.x.x primary

set ip dns server x.x.x.x

set ip dns enable

set ip dns domain washburn.edu

!

#spantree

#portfast

set spantree global-default bpdu-guard enable

set spantree global-default bpdu-filter enable

!

#cgmp

set cgmp enable

!

#syslog

set logging console disable

set logging server enabl

set logging server x.x.x.x

set logging level ethc 2 default

set logging server facility SYSLOG

!

#ntp

set ntp broadcastclient enable

set ntp client enable

set ntp server x.x.x.x

set timezone central -6 0

set summertime enable

set summertime recurring second Sunday March 02:00 first Sunday November 02:00 60

!

#set boot command

set boot config-register 0xf

set boot system flash bootflash:cat4000-k9.8-3-1-GLX.bin

set boot system flash bootflash:cat4000.6-1-1.bin

!

#permit list

set ip permit enable telnet

set ip permit enable ssh

set ip permit enable snmp

set ip permit x.x.x.x  ssh

set ip permit x.x.x.x  snmp

set ip permit x.x.x.x  ssh

set ip permit x.x.x.x ssh

set ip permit x.x.x.x ssh

!

#port channel

set port channel 2/1-4 551

set port channel 2/5-8 552

set port channel 2/9-12 553

set port channel 2/13-16 554

set port channel 2/17-20 555

set port channel 2/21-24 556

set port channel 2/25-28 557

set port channel 2/29-32 558

set port channel 2/33-36 559

set port channel 2/37-40 560

set port channel 2/41-44 561

set port channel 2/45-48 562

set port channel 4/1-4 822

set port channel 4/5-8 823

set port channel 4/9-12 824

set port channel 4/13-16 825

set port channel 4/17-20 826

set port channel 4/21-24 827

set port channel 4/25-28 828

set port channel 4/29-32 829

set port channel 4/33-36 830

set port channel 4/37-40 831

set port channel 4/41-44 832

set port channel 4/45-48 833

set port channel 6/1-4 834

set port channel 6/5-8 835

set port channel 6/9-12 836

set port channel 6/13-16 837

set port channel 6/17-20 838

set port channel 6/21-24 839

set port channel 6/25-28 840

set port channel 6/29-32 841

set port channel 6/33-36 842

set port channel 6/37-40 843

set port channel 6/41-44 844

set port channel 6/45-48 845

!

#accounting

set accounting exec enable start-stop tacacs+

set accounting connect enable start-stop tacacs+

set accounting commands enable all stop-only tacacs+

!

#crypto key

set crypto key rsa 1024

!

#multicast filter

set igmp filter disable

!

#module 1 : 2-port 1000BaseX Supervisor

set port trap       1/1-2  enable

set udld enable 1/2

clear trunk 1/1  2-16,18-59,61-96,98,101-148,150-1005,1025-4094

set trunk 1/1  on dot1q 1,17,60,97,99-100,149

set trunk 1/2  nonegotiate dot1q 1-1005,1025-4094

set spantree portfast    1/1-2 disable

set spantree guard none 1/1-2

!

#module 2 : 48-port Inline Power Module

set vlan 60   2/1-15,2/18-48

set port speed      2/6,2/12,2/14,2/35,2/37-38,2/40-42,2/44-45  10

set port speed      2/16-17  100

set port duplex     2/6,2/12,2/14,2/16-17,2/35,2/37-38,2/40-42,2/44-45  full

set port trap       2/1-48  enable

set port name       2/7  sobujet2

set port name       2/9  Rise

set port name       2/16 air3hlrce225

set port name       2/17 air3hlrc224

set port name       2/26 lookhere

set port name       2/36 311A

set port name       2/47 MMEHC316-02783

set port security 2/1 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/2 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/3 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/4 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/5 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/6 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/7 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/8 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/9 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/10 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/11 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/12 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/13 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/14 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/15 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/16 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/17 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/18 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/19 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/20 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/21 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/22 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/23 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/24 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/25 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/26 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/27 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/28 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/29 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/30 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/31 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/32 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/33 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/34 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/35 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/36 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/37 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/38 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/39 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/40 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/41 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/42 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/43 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/44 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/45 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/46 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/47 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port security 2/48 disable age 1440 maximum 1 shutdown 0 unicast-flood enable violation restrict

set port protocol 2/1-48 ipx off

set cdp disable  2/1-15,2/18-48

set trunk 2/1  off dot1q 1-1005,1025-4094

set trunk 2/2  off dot1q 1-1005,1025-4094

set trunk 2/3  off dot1q 1-1005,1025-4094

set trunk 2/4  off dot1q 1-1005,1025-4094

set trunk 2/5  off dot1q 1-1005,1025-4094

set trunk 2/6  off dot1q 1-1005,1025-4094

set trunk 2/7  off dot1q 1-1005,1025-4094

set trunk 2/8  off dot1q 1-1005,1025-4094

set trunk 2/9  off dot1q 1-1005,1025-4094

set trunk 2/10 off dot1q 1-1005,1025-4094

set trunk 2/11 off dot1q 1-1005,1025-4094

set trunk 2/12 off dot1q 1-1005,1025-4094

set trunk 2/13 off dot1q 1-1005,1025-4094

set trunk 2/14 off dot1q 1-1005,1025-4094

set trunk 2/15 off dot1q 1-1005,1025-4094

clear trunk 2/16 2-96,98,101-148,150-1005,1025-4094

set trunk 2/16 on dot1q 1,97,99-100,149

clear trunk 2/17 2-96,98,101-148,150-1005,1025-4094

set trunk 2/17 on dot1q 1,97,99-100,149

set trunk 2/18 off dot1q 1-1005,1025-4094

set trunk 2/19 off dot1q 1-1005,1025-4094

set trunk 2/20 off dot1q 1-1005,1025-4094

set trunk 2/21 off dot1q 1-1005,1025-4094

set trunk 2/22 off dot1q 1-1005,1025-4094

set trunk 2/23 off dot1q 1-1005,1025-4094

set trunk 2/24 off dot1q 1-1005,1025-4094

set trunk 2/25 off dot1q 1-1005,1025-4094

set trunk 2/26 off dot1q 1-1005,1025-4094

set trunk 2/27 off dot1q 1-1005,1025-4094

set trunk 2/28 off dot1q 1-1005,1025-4094

set trunk 2/29 off dot1q 1-1005,1025-4094

set trunk 2/30 off dot1q 1-1005,1025-4094

set trunk 2/31 off dot1q 1-1005,1025-4094

set trunk 2/32 off dot1q 1-1005,1025-4094

set trunk 2/33 off dot1q 1-1005,1025-4094

set trunk 2/34 off dot1q 1-1005,1025-4094

set trunk 2/35 off dot1q 1-1005,1025-4094

set trunk 2/36 off dot1q 1-1005,1025-4094

set trunk 2/37 off dot1q 1-1005,1025-4094

set trunk 2/38 off dot1q 1-1005,1025-4094

set trunk 2/39 off dot1q 1-1005,1025-4094

set trunk 2/40 off dot1q 1-1005,1025-4094

set trunk 2/41 off dot1q 1-1005,1025-4094

set trunk 2/42 off dot1q 1-1005,1025-4094

set trunk 2/43 off dot1q 1-1005,1025-4094

set trunk 2/44 off dot1q 1-1005,1025-4094

set trunk 2/45 off dot1q 1-1005,1025-4094

set trunk 2/46 off dot1q 1-1005,1025-4094

set trunk 2/47 off dot1q 1-1005,1025-4094

set trunk 2/48 off dot1q 1-1005,1025-4094

set spantree portfast    2/16-17 disable

set spantree portfast    2/1-15,2/18-48 enable

set port channel 2/1-48 mode off

!

#module 3 empty

!

#module 4 : 48-port Inline Power Module

set vlan 60   4/1-48

set port speed      4/4-5,4/26,4/28,4/32,4/38-40,4/44-45,4/48  10

set port duplex     4/4-5,4/26,4/28,4/32,4/38-40,4/44-45,4/48  full

set port trap       4/1-48  enable

set port protocol 4/1-48 ipx off

set cdp disable  4/1-48

set trunk 4/1  off dot1q 1-1005,1025-4094

set trunk 4/2  off dot1q 1-1005,1025-4094

set trunk 4/3  off dot1q 1-1005,1025-4094

set trunk 4/4  off dot1q 1-1005,1025-4094

set trunk 4/5  off dot1q 1-1005,1025-4094

set trunk 4/6  off dot1q 1-1005,1025-4094

set trunk 4/7  off dot1q 1-1005,1025-4094

set trunk 4/8  off dot1q 1-1005,1025-4094

set trunk 4/9  off dot1q 1-1005,1025-4094

set trunk 4/10 off dot1q 1-1005,1025-4094

set trunk 4/11 off dot1q 1-1005,1025-4094

set trunk 4/12 off dot1q 1-1005,1025-4094

set trunk 4/13 off dot1q 1-1005,1025-4094

set trunk 4/14 off dot1q 1-1005,1025-4094

set trunk 4/15 off dot1q 1-1005,1025-4094

set trunk 4/16 off dot1q 1-1005,1025-4094

set trunk 4/17 off dot1q 1-1005,1025-4094

set trunk 4/18 off dot1q 1-1005,1025-4094

set trunk 4/19 off dot1q 1-1005,1025-4094

set trunk 4/20 off dot1q 1-1005,1025-4094

set trunk 4/21 off dot1q 1-1005,1025-4094

set trunk 4/22 off dot1q 1-1005,1025-4094

set trunk 4/23 off dot1q 1-1005,1025-4094

set trunk 4/24 off dot1q 1-1005,1025-4094

set trunk 4/25 off dot1q 1-1005,1025-4094

set trunk 4/26 off dot1q 1-1005,1025-4094

set trunk 4/27 off dot1q 1-1005,1025-4094

set trunk 4/28 off dot1q 1-1005,1025-4094

set trunk 4/29 off dot1q 1-1005,1025-4094

set trunk 4/30 off dot1q 1-1005,1025-4094

set trunk 4/31 off dot1q 1-1005,1025-4094

set trunk 4/32 off dot1q 1-1005,1025-4094

set trunk 4/33 off dot1q 1-1005,1025-4094

set trunk 4/34 off dot1q 1-1005,1025-4094

set trunk 4/35 off dot1q 1-1005,1025-4094

set trunk 4/36 off dot1q 1-1005,1025-4094

set trunk 4/37 off dot1q 1-1005,1025-4094

set trunk 4/38 off dot1q 1-1005,1025-4094

set trunk 4/39 off dot1q 1-1005,1025-4094

set trunk 4/40 off dot1q 1-1005,1025-4094

set trunk 4/41 off dot1q 1-1005,1025-4094

set trunk 4/42 off dot1q 1-1005,1025-4094

set trunk 4/43 off dot1q 1-1005,1025-4094

set trunk 4/44 off dot1q 1-1005,1025-4094

set trunk 4/45 off dot1q 1-1005,1025-4094

set trunk 4/46 off dot1q 1-1005,1025-4094

set trunk 4/47 off dot1q 1-1005,1025-4094

set trunk 4/48 off dot1q 1-1005,1025-4094

set spantree portfast    4/1-48 enable

set port channel 4/1-48 mode off

!

#module 5 empty

!

#module 6 : 48-port Inline Power Module

set vlan 60   6/1-48

set port disable    6/41-48

set port speed      6/37  10

set port duplex     6/37  full

set port trap       6/1-48  enable

set port name       6/10 histjet

set port name       6/11 HC316 mmcljet

set port name       6/41 faulty

set port name       6/42 faulty

set port name       6/43 faulty

set port name       6/44 faulty

set port name       6/45 faulty

set port name       6/46 faulty

set port name       6/47 faulty

set port name       6/48 faulty

set port protocol 6/1-48 ipx off

set cdp disable  6/1-48

set trunk 6/1  off dot1q 1-1005,1025-4094

set trunk 6/2  off dot1q 1-1005,1025-4094

set trunk 6/3  off dot1q 1-1005,1025-4094

set trunk 6/4  off dot1q 1-1005,1025-4094

set trunk 6/5  off dot1q 1-1005,1025-4094

set trunk 6/6  off dot1q 1-1005,1025-4094

set trunk 6/7  off dot1q 1-1005,1025-4094

set trunk 6/8  off dot1q 1-1005,1025-4094

set trunk 6/9  off dot1q 1-1005,1025-4094

set trunk 6/10 off dot1q 1-1005,1025-4094

set trunk 6/11 off dot1q 1-1005,1025-4094

set trunk 6/12 off dot1q 1-1005,1025-4094

set trunk 6/13 off dot1q 1-1005,1025-4094

set trunk 6/14 off dot1q 1-1005,1025-4094

set trunk 6/15 off dot1q 1-1005,1025-4094

set trunk 6/16 off dot1q 1-1005,1025-4094

set trunk 6/17 off dot1q 1-1005,1025-4094

set trunk 6/18 off dot1q 1-1005,1025-4094

set trunk 6/19 off dot1q 1-1005,1025-4094

set trunk 6/20 off dot1q 1-1005,1025-4094

set trunk 6/21 off dot1q 1-1005,1025-4094

set trunk 6/22 off dot1q 1-1005,1025-4094

set trunk 6/23 off dot1q 1-1005,1025-4094

set trunk 6/24 off dot1q 1-1005,1025-4094

set trunk 6/25 off dot1q 1-1005,1025-4094

set trunk 6/26 off dot1q 1-1005,1025-4094

set trunk 6/27 off dot1q 1-1005,1025-4094

set trunk 6/28 off dot1q 1-1005,1025-4094

set trunk 6/29 off dot1q 1-1005,1025-4094

set trunk 6/30 off dot1q 1-1005,1025-4094

set trunk 6/31 off dot1q 1-1005,1025-4094

set trunk 6/32 off dot1q 1-1005,1025-4094

set trunk 6/33 off dot1q 1-1005,1025-4094

set trunk 6/34 off dot1q 1-1005,1025-4094

set trunk 6/35 off dot1q 1-1005,1025-4094

set trunk 6/36 off dot1q 1-1005,1025-4094

set trunk 6/37 off dot1q 1-1005,1025-4094

set trunk 6/38 off dot1q 1-1005,1025-4094

set trunk 6/39 off dot1q 1-1005,1025-4094

set trunk 6/40 off dot1q 1-1005,1025-4094

set trunk 6/41 off dot1q 1-1005,1025-4094

set trunk 6/42 off dot1q 1-1005,1025-4094

set trunk 6/43 off dot1q 1-1005,1025-4094

set trunk 6/44 off dot1q 1-1005,1025-4094

set trunk 6/45 off dot1q 1-1005,1025-4094

set trunk 6/46 off dot1q 1-1005,1025-4094

set trunk 6/47 off dot1q 1-1005,1025-4094

set trunk 6/48 off dot1q 1-1005,1025-4094

set spantree portfast    6/1-48 enable

set port channel 6/1-48 mode off

!

#authorization

set authorization commands enable all tacacs+ deny console

set authorization commands enable all tacacs+ deny telnet

end


Hello,

So far i don't see any configuration error on the 4006.

But I would check the following:

- What is connected to these trunk links other than on port 1/1? Other switches?

- I see that you only have devices on vlan 60. Is it possible for you to make the uplink an access port and try?

- When this problem started to occur? Was there a change that caused it or started suddenly?

- Is it possible to run a debug ip packet with an acl for only the broadcast address? I really don't remember if that's possible on CatOS.

Regards,

Bruno Silva.

The other trunks go to two access-points, which are in other vlans. I can try making the uplink an access port tonight during our maintenance window, but that's probably not going to be a solution as the wireless lan is in other vlans.

I'm not sure when this started. I work at a University and classes just got back in session, so it could have started at any point over the summer wouldn't have known there was an issue. I checked the syslog don't show anything unsual.

I check on the debug.

Hi,

Are you sure that there is no storm-control enabled on the 3750 distribution switch?

Regards,

Alex

No, there's no storm control configured. Below is the 3750's config. G1/0/1 is the uplink to the core router and g1/0/3 is the link to the 4006 in question.

version 12.2

parser config cache interface

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname hlrc1bc375012g

!

boot-start-marker

boot-end-marker

!

!

aaa new-model

!

!

aaa group server tacacs+ tac_admin

server

!

aaa group server tacacs+ tac_acct

server

!

aaa authentication login default group tac_admin local

aaa authentication enable default group tac_admin enable

aaa authorization commands 15 default group tac_admin local

aaa accounting exec default start-stop group tac_acct

aaa accounting commands 15 default start-stop group tac_acct

!

!

!

aaa session-id common

clock timezone central -6

clock summer-time CDT recurring

switch 1 provision ws-c3750g-12s

system mtu routing 1500

authentication mac-move permit

ip subnet-zero

ip domain-name wn.washburn.edu

!

!

!

!

crypto pki trustpoint TP-self-signed-1283969536

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1283969536

revocation-check none

rsakeypair TP-self-signed-1283969536

!

!

!

!

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

!

interface GigabitEthernet1/0/1

description bt103c6509core 4/21

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,3,4,6,8,17,35,41,42,53,60,66,75,76,79,97,99

switchport trunk allowed vlan add 100,149

switchport mode trunk

!

interface GigabitEthernet1/0/2

description hrlc1bC6506 1/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/3

description hlrc300C4006p 1/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,17,60,97,99,100,149,1002-1005

switchport mode trunk

!

interface GigabitEthernet1/0/4

description hlrc1bfgs24gp

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,35,41,53,60,97,99,100,149,1002-1005

switchport mode trunk

!

interface GigabitEthernet1/0/5

description hlrc200C4503p 1/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,4,60,97,99,100,149,1002-1005

switchport mode trunk

!

interface GigabitEthernet1/0/6

description hlrcll4006 1/1 trunk

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,3,8,35,41,42,60,66,75,97,99,100,149,1002-1005

switchport mode trunk

!

interface GigabitEthernet1/0/7

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,35,1002-1005

switchport mode trunk

!

interface GigabitEthernet1/0/8

description hlrc1bC3750stkg 1/1/0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,35,60,75,76,79

switchport mode trunk

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface Vlan1

ip address 192.168.254.220 255.255.254.0

no ip proxy-arp

no ip route-cache

no ip mroute-cache

ip default-gateway 192.168.254.254

ip classless

ip http server

ip http secure-server

!

!

ip sla enable reaction-alerts

logging trap errors

logging facility syslog

logging

!

snmp-server engineID local 000000090200000142AE62C0

snmp-server view cutdown internet included

snmp-server view cutdown at excluded

snmp-server view cutdown ip.20 excluded

snmp-server view cutdown ip.21 excluded

snmp-server view cutdown ip.22 excluded

snmp-server community

snmp-server community

snmp-server location HLRC 1b

snmp-server contact

snmp-server chassis-id 0x13

snmp-server system-shutdown

snmp-server enable traps snmp coldstart

snmp-server enable traps license

snmp-server host

tacacs-server host

tacacs-server directed-request

tacacs-server key 7

!

banner login ^C

##########################################################################

###############################!!!Warning!!!##############################

##                                                                      ##

## This is private network. If you are not authorized leave now.        ##

##                                                                      ##

## This access attempt was logged.                                      ##

##                                                                      ##

##########################################################################

^C

!

line con 0

logging synchronous

stopbits 1

line vty 0 4

access-class 10 in

password 7

logging synchronous

transport input ssh

line vty 5 15

access-class 10 in

password 7

logging synchronous

transport input ssh

!

ntp clock-period 36028945

ntp server  prefer

ntp server

end

Hello,

I wasn't able to find any bugs associated with your situation. BUT...

By re-reading your question, I see that you are almost sure that the clients can communicate fine since they are using DHCP. The question is: Is the DHCP server in the same subnet as the hosts on vlan 60? I don't see the ip-helper configured on the 3750.

Also, does it mean then, that the only affected vlan is the vlan 60? Since the other access-points use other vlans, and you only mentioned the vlan 60, is that correct? If yes, i've seen a weird bug, even though it was on IOS, that hosts on a vlan x would not be able to communicate, and if you just changed the vlan number, it would work fine. Basically, we need to do some testing to try to isolate this issue.

Please try removing and adding the vlan again (on the vtp server, since the 4006 is the client). Also, using another vlan number, or using two hosts (one on one switch, and one in the 4006) on the access-points vlans to try to isolate this issue.

And for sure, i wouldn't care to reboot the switch itself IF possible. That can save us a lot of troubleshooting.

If we do all this and yet no point is made, upgrading the CatOS image to the latest might be good as well.

Let me know your findings, as this is becoming more interesting

Regards,

Bruno Silva.

Bruno,

No the DHCP server is not in the same VLAN. The IP helper is on the core where the VLAN interface resides.

I haven't tried the wireless on the third floor yet, but I will now. Only clients exist in the wireless subnets, so theres no reason for anyone to contact another client and the reason why I haven't seen any complaints from that direction. I'll update with how that goes.

My after hours maintenance was postponed until next Wednesday, so I won't be able to do anything invasive until then. Rebooting will probably be included in the things I try.

I'm fairly sure this 4006 has the final CatOS image on it, but I'll check to be sure.

Besides verifying that the wireless network connected to the 4006 is affected as well, there's not much else I can do until next Wednesday. I'll update with my findings then.

Heath

Hello,

Your concept of access and distribution is kind of different then. According to Cisco the distribution block is where a broadcast domain should end. This is not your case.

BTW, why don't you have the vlan 60 allowed on interfaces Gig1/0/1 and Gig1/0/7 ?

Please also post the core config.

Let me know once you do the testing next wednesday.

Thank you.

Regards,

Bruno Silva.

Yeah, I inherited this network like this. Almost all the Vlans reside at the core currently, the 3750 in this case is just L2 distribution. I have been moving stuff off the core to the Cisco three tiered model, I just haven't gotten to this particular building yet.

G1/0/1 does have vlan 60 allowed, G1/0/7 doesn't have clients in the VLAN on it. Special case.

Hello,

Sorry, didn't realize the scroll bar at the bottom.

Let me know once you do those tests, then we can move forward with the investigation.

Regards,

Bruno Silva.    

Here's what I did last night:

Took a PC's connection that was not reachable from other floors in the building.

Replace 4006 with 3550.

Put PC's connection (in vlan 60) on 3550 it pings while I'm connected to the 4503 down stairs.

Put PC back on 4006, ping fails from 4503.

Connect my laptop to 4006, I can ping the PC.

I believe this confirms that the 4006 is the issue.

Reload 4006

Can ping the PC from 4503 (yea!)

This was all done between midnight and 2 a.m. this morning, so I have yet to find out if the problem has truly been fixed. I'm going to do some more digging and will update later.

Heath

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco