Solved: Help with VTP Server and Hot Standby

Armegeden · ‎11-01-2005

Hello all,

Okay this whole VLAN infested network is a mess. I think people made the VLANs with good intention, but never told anyone else how to set up Static IP's (no DHCP, bleh).

Anyway, my machine and this whole section of computers is part of VLAN6. My IP is 10.10.65.93 255.255.255.0 with Gateway of 10.10.65.1.

Now here's the strange part, the VTP Server config for VLAN6:

!

interface Vlan6

ip address 10.10.65.67 255.255.255.192

ip access-group virus in

ip access-group virus out

ip helper-address 10.10.66.18

no ip redirects

ip pim sparse-dense-mode

standby 6 priority 105

standby 6 preempt

standby 6 ip 10.10.65.65

!

To my knowledge (i've connected to every Layer3 switch i can find), I've set this 4000 series switch to be the ONLY VTP Server.

How is this working? haha. How am I able to communicate with the network, or even the other machines on VLAN6, if the management VLAN looks like that?

As far as Standby goes, it's my understanding that the standby IP is a "virtual IP" right? So I should take one of the other Layer3 switches and assign it to the same standy IP and give it a lower priority, right?

Ugh, one step at a time.

Thanx for any advice...

thisisshanky · ‎11-01-2005

Armegeden,

I have seen previous posts from you regarding the same network. Recollecting from those posts, you have a 4000 and 4500 with the 4500 being active HSRP router.

The Standby ip that you configure should be the default gateway of all users in that vlan. You define standby ip and configure one switch with more priority (so that it becomes active) while leave the other switch's priority to default (100).

It looks like your default gateway (since it is set to 10.10.65.1), is messed up, either because,

a. your DHCP scope is configured wrong.

b. if using static IP, you have configured the wrong default gateway.

Regardless of all this, 10.10.65.1 is possibly a router in your network, that falls in vlan 6 and is routing traffic for you. You need to find out what this device is.

And if using DHCP check your DHCP scope on the DHCP server 10.10.66.18 and reconfigure that as 10.10.65.65.

HTH

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

View solution in original post

JASON WELCH · ‎11-01-2005

As long as all the other machines in vlan6 are in the same subnet as your machine you'd be able to talk to them. Talking to another vlan is a different story. If this cat4000 config that you've posted is supposed to be your default gw for vlan6, then you've got issues ;)

If you resolve the mac addy of your default gw for vlan6, 10.10.65.1, from your machine in vlan6, using ping 10.10.65.1, then arp -a. Does the mac addy that you pulled from arp corispond to the above cat4000. My guess is that it won't, unless the switch has a ip secondary address.

Once you have the mac, track down the switch, this will be your other vtp server, probably with your 10.10.65.1 address on its vlan6 SVI.

Anyhow, that is the first thing you need to do, get an accurate mapping of your network. From there you can tackle other issues.

HTH,

Jason

View solution in original post

thisisshanky · ‎11-01-2005

Armegeden,

I have seen previous posts from you regarding the same network. Recollecting from those posts, you have a 4000 and 4500 with the 4500 being active HSRP router.

The Standby ip that you configure should be the default gateway of all users in that vlan. You define standby ip and configure one switch with more priority (so that it becomes active) while leave the other switch's priority to default (100).

It looks like your default gateway (since it is set to 10.10.65.1), is messed up, either because,

a. your DHCP scope is configured wrong.

b. if using static IP, you have configured the wrong default gateway.

Regardless of all this, 10.10.65.1 is possibly a router in your network, that falls in vlan 6 and is routing traffic for you. You need to find out what this device is.

And if using DHCP check your DHCP scope on the DHCP server 10.10.66.18 and reconfigure that as 10.10.65.65.

HTH

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

JASON WELCH · ‎11-01-2005

As long as all the other machines in vlan6 are in the same subnet as your machine you'd be able to talk to them. Talking to another vlan is a different story. If this cat4000 config that you've posted is supposed to be your default gw for vlan6, then you've got issues ;)

If you resolve the mac addy of your default gw for vlan6, 10.10.65.1, from your machine in vlan6, using ping 10.10.65.1, then arp -a. Does the mac addy that you pulled from arp corispond to the above cat4000. My guess is that it won't, unless the switch has a ip secondary address.

Once you have the mac, track down the switch, this will be your other vtp server, probably with your 10.10.65.1 address on its vlan6 SVI.

Anyhow, that is the first thing you need to do, get an accurate mapping of your network. From there you can tackle other issues.

HTH,

Jason

Armegeden · ‎11-01-2005

Wow guys,

I'm in trouble. haha. This is a mess.

Okay, to answer the first question, this network is all Static, no DHCP whatsoever. So isn't the ip-helper address useless?

Next,

I did the ping and arp -a and did the "sh mac-address | include ac06" and tracked it from the 4506's trunk to the 4000. The 4000 is in VTP Client mode (i set this days ago).

I did a "sh run | include 10.10.65.1" and this is what the IP is. Oh man...

!

interface Vlan2

ip address 10.10.65.2 255.255.255.248

ip helper-address 10.10.66.18

no ip redirects

ip pim sparse-dense-mode

standby 2 ip 10.10.65.1

standby 2 priority 110

standby 2 preempt

!

Now, this 65.1 address is my Vlan6's default gw. So just now I wondered what Vlan2's setup was like in the 4500 (VTP SERVER). Here it is:

!

interface Vlan2

ip address 10.10.65.1 255.255.255.248

ip access-group virus in

ip access-group virus out

ip helper-address 10.10.66.18

no ip redirects

ip pim sparse-dense-mode

standby 2 priority 105

standby 2 preempt

!

I'm wondering why the 65.1 is going to a VTP Client switch's "virtual" standy address instead of the VTP Server's logical Vlan address? I mean I know it's a horrible config, but... ?

Oh well, don't bother explaining that. No idea even where to begin on this...

(oh and there are 27 active Vlans here, this is just a couple lol)

JASON WELCH · ‎11-01-2005

Wow, your network needs an overhaul ;)

The reason you got the mac address for the vlan2 interface of your 4000 instead of the 4506 is this part of your hsrp config:

!standby 2 ip 10.10.65.1

standby 2 priority 110

standby 2 preempt

!

The priority on your vlan2 interface is set to 110, which is a higher priority for group 2 than your 4506 interface (which is set to 105). Your 4000 is acting as the hsrp active router, replying to ip address 10.10.65.1.

The first thing you should do is map out your network, starting with layer1 and working your way up to layer3.

Example:

Layer1:

4506-->4000-->PC

4506 fiber to 4000, 4000 cat5e to PC

Layer2:

4506: 'primary' VTP server for domain, vlans 1-27 config'd, vlans 1-27 dot1q trunk'd to cat4000 switch.

Cat4000: 'secondary' VTP server for domain, vlans 1-27 config'd, vlans1-27 dot1q trunk'd

Layer3:

Subnets assigned to vlans1-27 (i.e. 10.10.1.0/24 vlan1, 10.10.2.0/24 vlan2, 10.10.3.0/24 vlan3, etc)

4506: each vlan SVI config'd with appropriate IP address for corrisponding vlan subnet (i.e. int vlan1 10.10.1.1/24, int vlan2 10.10.2.1/24, etc)

After you have a good understanding of the network, then you can worry about hsrp\gateway redundancy.

Anyhow, I hope that helps.

Jason