cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
690
Views
0
Helpful
3
Replies

Cannot access anything outside the L2 switch

Alvaro Rugama
Level 1
Level 1

Hi everyone

 

I'm having an odd issue with Cisco Catalyst Switches. We have several VLAN (more than a 100) where we use 4500-X VSS as the distribution Layer, and 2960X stacks as Access Layer (10 stacks directly attach to the 4500X VSS).

 

The 4500-X VSS is the default gateway for 4 VLANs. a few weeks ago, one of this VLANs began to fail. Where users in it cannot reach any device outside the stack where they connect.

 

For testing, we assigned an IP in this VLAN to the 2960X stack, we see that this stack (access layer), also, cannot ping anything outside it. But all other VLANs that reside in this same stack does not have this issue.

 

We look at the trunk links to see if the VLAN disappear from it, we look the "show vlan" output to see if the VLAN was remove from the stack (because we are using VTP to replicate all the VLANs).

 

Have you ever had a similar issue? can you recommend something?

 

Regards

 

 

3 Replies 3

Hi

Have you verified the STP for that VLAN? is the VLAN created on the stack (the ports could be assigned to that VLAN but the VLAN is gone) also is that VLAN allowed on both ends?




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hi Julio

 

Thanks for the reply.

 

We checked for the VLANs in both ends (4500-X and 2960X), they exist in both ends. As for STP, we are running MST, we check the configuration and statistics and it seems clear, no errors, one way to go out of the stack as we have no loops in the network.

 

We already troubleshoot all basic configuration, trunks vlans, vtp, mst. All seems ok, however, VSS show drops in the "show platform software drop-port" output, but not sure is this drops are normal or not.

 

The values that show drops are:

- DropActivityCount

- XppTmmPtdDropPortCount

-SptDrop

-InpL2AclDrop

-L2FwdDrop

 

But haven't find any document that explains what this values means.

 

Regards

Hello

 

From the VSS can you ping the other vlans sourced from the troublesome vlan?

 


@Alvaro Rugama wrote:

We look at the trunk links to see if the VLAN disappear from it, we look the "show vlan" output to see if the VLAN was remove from the stack (because we are using VTP to replicate all the VLANs).

 


 

Having vtp enabled is one thing but do you also have pruning enabled?
Are all you switches running the same vtp version?
Is it possible you can have a duplicate ip address relating to the L3 of that vlan?

Are the clients obtaining the correct addressing subnet mask etc..
res
Paul

 

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: