cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2700
Views
0
Helpful
9
Replies

Cisco 4948 switch - Vlan routing issues

Aaron Alvarado
Level 1
Level 1

I am setting up a new cisco 4948 switch for SAN traffic and so far it is looking very good with exeptions of not being able to ping the SAN default gateway inside the switch. Also I am  not able to hit the switch ouside of the LAN it only works internally.

Vlan229 is assiged for SAN and Vlan224 is for Data and management. I cannnot ping my SAN Gateway inside of the switch 10.23.229.5. This gateway is coming from my core. Secondly, I am not able to reach the switch 10.23.224.21 outside of the LAN. This is the first 4948 deployed in my shop and most likely I am missing something basic. Your expert advised will be greatly apreciated.

Please take a pick at my simple config..

Current configuration : 3835 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

service compress-config

!

hostname USBLRLS008

!

boot-start-marker

boot-end-marker

!

enable password 7 012339255658145E224D

!

no aaa new-model

ip subnet-zero

!

ip vrf mgmtVrf

!

vtp mode transparent

!

power redundancy-mode redundant

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 224,229

!

interface FastEthernet1

ip vrf forwarding mgmtVrf

no ip address

speed auto

duplex auto

!

interface GigabitEthernet1/1

description Uplink to USBLRELS001

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/2

description SAN Ports

switchport access vlan 229

switchport mode access

mtu 9198

spanning-tree portfast

!

interface GigabitEthernet1/3

description SAN Ports

switchport access vlan 229

switchport mode access

mtu 9198

spanning-tree portfast

!

interface GigabitEthernet1/4

description SAN Ports

switchport access vlan 229

switchport mode access

mtu 9198

spanning-tree portfast

!

interface GigabitEthernet1/5

description SAN Ports

switchport access vlan 229

switchport mode access

mtu 9198

spanning-tree portfast

!

interface GigabitEthernet1/6

description iSCSI pambappbck01 nic1

switchport access vlan 229

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/7

description iSCSI pambappbck01 nic2

switchport access vlan 229

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/8

description SAN Ports

switchport access vlan 229

switchport mode access

!

interface GigabitEthernet1/9

description SAN Ports

switchport access vlan 229

switchport mode access

!

interface GigabitEthernet1/10

description SAN Ports

switchport access vlan 229

switchport mode access

!

!

interface Vlan1

no ip address

!

interface Vlan224

ip address 10.23.224.21 255.255.255.0

!

ip http server

!

control-plane

!

!

line con 0

stopbits 1

line vty 0 4

password 7 012339255658145E224D

login

length 0

line vty 5

password 7 113926241A41195D072B

login

line vty 6 15

login

!

end

1 Accepted Solution

Accepted Solutions

Aaron

Not sure why your 3560s work without a default gateway or a default route. It may be something to do with proxy arp on your core switch but that is just a guess and i may be completely off track with that suggestion.

I would still try adding the default gateway of 10.23.224.5 to the 4948.

So if you do a "sh ip route" on a 3560 what does it actually show ?

Jon

View solution in original post

9 Replies 9

Jon Marshall
Hall of Fame
Hall of Fame

Aaron

So this switch is meant to be acting as L2 switch or a L3 switch. From the looks of it, it is L2. If so you need to add a default gateway so you can reach it from remote subnets eg.

ip default-gateway 10.23.224.x 

so the actual address is the vlan 224 SVI IP address on the L3 switch that does the inter vlan routing.

Jon

Joh

Correct this is an L2 switch and the L3 routing is comming from my core stack. From my other 3560's the ip default-gateway is not set and it routes correctly, so I thought i did not have to add it. How is it possible that the other switches router without the gateway harcoded?  Thanks

From my core these are the interface vlan gateways:

interface Vlan224

ip address 10.23.224.5 255.255.255.0

ip helper-address 10.23.224.24

interface Vlan229

ip address 10.23.229.5 255.255.255.0

ip helper-address 10.23.224.24

ip route 0.0.0.0 0.0.0.0 10.23.224.1

Aaron

Not sure why your 3560s work without a default gateway or a default route. It may be something to do with proxy arp on your core switch but that is just a guess and i may be completely off track with that suggestion.

I would still try adding the default gateway of 10.23.224.5 to the 4948.

So if you do a "sh ip route" on a 3560 what does it actually show ?

Jon

Jon,

  This is the 3560 I copied the config  for the 4948 and did the sh ip route as shown below and it seems empty but I am able to ping the SAN gateway 10.23.229.5 and it is reacheable from the outside. My two issues remain in the 4948 I am not able to ping the SAN gateway and I cant reach it out of the LAN. I added the defaulr gateway and still no luck out of the LAN.

I attached the copy of 3560 i copied from so

3560 below

sw#sh ip route

Default gateway is not set

Host               Gateway           Last Use    Total Uses  Interface

ICMP redirect cache is empty

sw#ping 10.23.229.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.23.229.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

sw#ping 10.23.224.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.23.224.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

sw#

3560 configuration:

Current configuration : 16924 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname myname

!

enable password 7 012339255658145E224D

!

username admin privilege 15

username goc privilege 15 secret 5 $1$GSJY$PT.qhBRRkCV4BQHXz/iez1

aaa new-model

!

aaa session-id common

system mtu routing 1500

vtp mode transparent

ip subnet-zero

!

!

mls qos map cos-dscp 0 8 16 26 32 46 48 56

mls qos srr-queue input bandwidth 90 10

mls qos srr-queue input threshold 1 8 16

mls qos srr-queue input threshold 2 34 66

mls qos srr-queue input buffers 67 33

mls qos srr-queue input cos-map queue 1 threshold 2  1

mls qos srr-queue input cos-map queue 1 threshold 3  0

mls qos srr-queue input cos-map queue 2 threshold 1  2

mls qos srr-queue input cos-map queue 2 threshold 2  4 6 7

mls qos srr-queue input cos-map queue 2 threshold 3  3 5

mls qos srr-queue input dscp-map queue 1 threshold 2  9 10 11 12 13 14 15

mls qos srr-queue input dscp-map queue 1 threshold 3  0 1 2 3 4 5 6 7

mls qos srr-queue input dscp-map queue 1 threshold 3  32

mls qos srr-queue input dscp-map queue 2 threshold 1  16 17 18 19 20 21 22 23

mls qos srr-queue input dscp-map queue 2 threshold 2  33 34 35 36 37 38 39 48

mls qos srr-queue input dscp-map queue 2 threshold 2  49 50 51 52 53 54 55 56

mls qos srr-queue input dscp-map queue 2 threshold 2  57 58 59 60 61 62 63

mls qos srr-queue input dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31

mls qos srr-queue input dscp-map queue 2 threshold 3  40 41 42 43 44 45 46 47

mls qos srr-queue output cos-map queue 1 threshold 3  5

mls qos srr-queue output cos-map queue 2 threshold 3  3 6 7

mls qos srr-queue output cos-map queue 3 threshold 3  2 4

mls qos srr-queue output cos-map queue 4 threshold 2  1

mls qos srr-queue output cos-map queue 4 threshold 3  0

mls qos srr-queue output dscp-map queue 1 threshold 3  40 41 42 43 44 45 46 47

mls qos srr-queue output dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31

mls qos srr-queue output dscp-map queue 2 threshold 3  48 49 50 51 52 53 54 55

mls qos srr-queue output dscp-map queue 2 threshold 3  56 57 58 59 60 61 62 63

mls qos srr-queue output dscp-map queue 3 threshold 3  16 17 18 19 20 21 22 23

mls qos srr-queue output dscp-map queue 3 threshold 3  32 33 34 35 36 37 38 39

mls qos srr-queue output dscp-map queue 4 threshold 1  8

mls qos srr-queue output dscp-map queue 4 threshold 2  9 10 11 12 13 14 15

mls qos srr-queue output dscp-map queue 4 threshold 3  0 1 2 3 4 5 6 7

mls qos queue-set output 1 threshold 1 138 138 92 138

mls qos queue-set output 1 threshold 2 138 138 92 400

mls qos queue-set output 1 threshold 3 36 77 100 318

mls qos queue-set output 1 threshold 4 20 50 67 400

mls qos queue-set output 2 threshold 1 149 149 100 149

mls qos queue-set output 2 threshold 2 118 118 100 235

mls qos queue-set output 2 threshold 3 41 68 100 272

mls qos queue-set output 2 threshold 4 42 72 100 242

mls qos queue-set output 1 buffers 10 10 26 54

mls qos queue-set output 2 buffers 16 6 17 61

mls qos

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 224-226,228

!

!

interface FastEthernet0/48

description uplink to Core Stack

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

priority-queue out

mls qos trust cos

auto qos voip trust

interface Vlan1

no ip address

!

interface Vlan224

ip address 10.23.224.4 255.255.255.0

!

ip classless

ip http server

ip http authentication aaa login-authentication default

ip http authentication aaa exec-authorization default

!

1646

!

control-plane

!

!

line con 0

line vty 0 4

password 7 012339255658145E224D

length 0

line vty 5

password 7 113926241A41195D072B

line vty 6 15

!

end

Aaron

From one your earlier posts -

From my core these are the interface vlan gateways:

interface Vlan224

ip address 10.23.224.5 255.255.255.0

ip helper-address 10.23.224.24

interface Vlan229

ip address 10.23.229.5 255.255.255.0

ip helper-address 10.23.224.24

ip route 0.0.0.0 0.0.0.0 10.23.224.1

what is 10.23.224.1 ie. what device  ?

what device(s) are the core switches ?

can you from a 3560 do a traceroute to a remote LAN and post the results

can you from the 4948 do a traceroute to the same remote LAN and post the results

Finally i recently was involved in a thread about a new 4500-X switch that was also only L2 but did not use it's default gateway. The documentation was rather vague as to when you would need a default route instead of a default gateway. The 4948 shares the same IOS as the 4500s (or it did) so, although i am not a big fan of just making changes for changes sake it might be worth trying to replace the default gateway on the 4948 with a default route pointing to the same IP address.

Perhaps try the traceroute from the 4948 first though before you try adding the default route.

Jon

Thanks much and yes this ios is quite different the rest of the 3560's. Below are my asnwers

what is 10.23.224.1 ie. what device ? This IP address is the AT&T routers converted locally into 10.23.224.5

what device(s) are the core switches ? 2x 48port 3750 Stack

Can you from a 3560 do a traceroute to a remote LAN and post the results?

USBLRLS001#ping 10.23.232.253

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.23.232.253, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 42/43/50 ms

USBLRLS001#trace

USBLRLS001#traceroute 10.23.232.253

Type escape sequence to abort.

Tracing the route to 10.23.232.253

  1 10.23.224.2 0 msec 0 msec 0 msec This is one of the dual AT&T routers in EIGRP  mode set as default gt 10.23.224.1

  2 32.3.178.133 17 msec 25 msec 17 msec

  3 32.3.174.74 42 msec *  *

can you from the 4948 do a traceroute to the same remote LAN and post the results

USBLRLS008>ping 10.23.232.253

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.23.232.253, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

USBLRLS008>tra

USBLRLS008>traceroute 10.23.232.253

Type escape sequence to abort.

Tracing the route to 10.23.232.253

  1  *  *  *

  2  *  *  *

  3  *  *  *

  4  *  *  *

  5  *  *  *

  6  *  *  *

  7  *  *  *

  8  *  *  *


Aaron

Thanks for that. When a host  has no defaut gateway (and a L2 switch acts as a host in respect of it's management interface) it arps out for every destination IP. I suspect there may be some form of proxy arp going on with the AT&T routers.

The 4948, as i mentioned my well not be using it's default gateway ie. it is not acting like a host so can you add the default route and retest.

Jon

I removed the previously hardcoded gateway on the 4948 abd added  the ip router as suggested and I am now both of my problems were resolved. Althought the other switches did not require the iproute or gateway I found out all of these switches have a comand "Ip Classless" which I am not able to set in the 4948. Just a thought maybe it is not related at all.

Thanks for all the help.

Aaron

Thanks for letting me know. The documentation on the 4500/4900 switches in terms of when to use a default gateway vs a default route is, as i say, very vague so it was worth a try and it's good to know it worked.

I don't think it is ip classless as i suspect the 4948 is running that anyway ie. you can't turn it off.

What i would say though is i still think your other switches may be working via proxy arp so bear that in mind if you ever decide you want to turn it off or you replace one of the AT&T routers.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: