Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Redundant Trunks

On a network that I work on (very new at) I am having trouble getting access to a switch over a new fiber trunk.  I have a 3560 with 2 trunks.  trunk 1 is connected directly to a 4500.  Trunk 2 (fiber) is connected to a 3750 and in turn that 3750 is trunked to a 4500.  Now both trunks on the 3560 are the exact same config.  Both trunks are up and neither of them are being blocked by stp.  I saw data going over both trunks under the show int command.  When I shut trunk 1 down I am no longer able to get to the 3560.  I can no longer ping or do anything else with the 3560.  I am trying to figure out why I cannot reach the 3560 through trunk 2.                      

26 REPLIES

Redundant Trunks

It would be helpful if you could draw out a topology of the way these switches are laid out. Which switch is the root bridge?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Redundant Trunks

So in the attached (very basic) diagram you will see a visual of what I explained in the first post.  The root bridge for the vlan I am routing is the 4500 A.  I have it labeled in the diagram.  I hope I am making sense here.

New Member

Redundant Trunks

Hi Bryan,

From which device are you trying to access/ping 3560 ? Is it from 3750 or 4500a ?

And in which subnets are each of these devices? Are their routes fine ?

Regards,

Chandu

Regards, Chandu
New Member

Redundant Trunks

Hi Chandra

Yes I am trying to ping from the 3750 or the 4500a. The subnets are different but the routes should be fine. I say should because I didn't set any of this up.

Hall of Fame Super Blue

Redundant Trunks

Bryan

So you shut down the trunk link to 4500b and then you cannot ping the 3560 from either the 3750 or 4500a - is that correct ?

If so what is the IP address you are trying to ping and what is the source IP address ? Are they in the same subnet ?

Which switch(es) are actually acting as L3 switches doign inter vlan routing and which are acting as L2 ?

If the 3560 is only acting as L2 what is the defaut gateway set to ie which device has the default gateway IP address ?

Jon

New Member

Redundant Trunks

So you shut down the trunk link to 4500b and then you cannot ping the 3560 from either the 3750 or 4500a - is that correct ?

Yes this is correct

If so what is the IP address you are trying to ping and what is the source IP address ? Are they in the same subnet ?

The two IP's are in different subnets

Which switch(es) are actually acting as L3 switches doign inter vlan routing and which are acting as L2 ?

The 4500's are the only ones with L3 routing going on.

If the 3560 is only acting as L2 what is the defaut gateway set to ie which device has the default gateway IP address ?

I see on the 3560 there is no default gw.

Hall of Fame Super Blue

Re: Redundant Trunks

Bryan

My initial thought was the the 3560 was acting as L2 and it's default gateway was on 4500b. When you pinged from a different subnet the 3560 would send the response to 4500b because that is it's default gateway and because you have shut the trunk down it stopped working.

But now you say there is no default gateway configured on the 3560 so i cant see how you would be able to ping it from a different IP subnet whether or not the trunk to 4500b was up or not.

Perhaps you can post config of the 3560 ?

Jon

New Member

Redundant Trunks

Here it is

PTCC-3560-001#sh run
Building configuration...

Current configuration : 5034 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service unsupported-transceiver
!
hostname PTCC-3560-001
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$ZBlD$vvwPD6uBgu9Xzgjqw6dDR.
!
!
!
no aaa new-model
clock timezone Eastern -4 14
system mtu routing 1500
!
!        
!
!
crypto pki trustpoint TP-self-signed-326576768
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-326576768
revocation-check none
rsakeypair TP-self-signed-326576768
!
!
crypto pki certificate chain TP-self-signed-326576768
certificate self-signed 01
  30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33323635 37363736 38301E17 0D393330 33303130 30303131
  355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3332 36353736
  37363830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  A735DCCD 1572FA88 1CE635DF EEB02A2C 393AC9FA 83DD04D0 90994AC9 9FA2304C
  614B139D BA366E54 E9D4258E B85A78DA F7BC7322 346B1A1C 9787F3BD 3FEFB985
  C81CECE2 97B33800 765D55A6 DC7E5165 6A3A50B8 7369C3C1 58000607 3FC9791F
  FC29C41D 666B4F97 375577C8 2FB2E642 6A5006F6 85513DB0 DB77E9E8 41DBAF39
  02030100 01A36E30 6C300F06 03551D13 0101FF04 05300301 01FF3019 0603551D
  11041230 10820E50 5443432D 33353630 2D303031 2E301F06 03551D23 04183016
  80149EB9 6586711D 579D7D4F 6A29F7B1 D0D21057 DA80301D 0603551D 0E041604
  149EB965 86711D57 9D7D4F6A 29F7B1D0 D21057DA 80300D06 092A8648 86F70D01
  01040500 03818100 57177E1F 6ED2E5D5 A1EF55C1 972AB02D 285DF383 8F75CA22
  EE4741A8 31ADD91A CAA3F6D2 F7479F49 26D4177F D182C794 D59BD1D4 6003C87A
  2D43A36D 2AA67B07 BAA4C25E 00C994B8 8714C6FF 70299E3A F974D98C A18F8121
  D049F7EF 70719C5A 4A12EF91 703CEF03 0814F95D 21100284 EC15A746 AA5177FC
  BF703A8B C4813161
  quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
no errdisable detect cause gbic-invalid
no errdisable detect cause sfp-config-mismatch
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
!        
interface GigabitEthernet0/1
description 10.4.8.94 PTCC-CRWKS-001                                      
switchport access vlan 208
no cdp enable
no cdp tlv server-location
no cdp tlv app
arp timeout 10
spanning-tree portfast
!
interface GigabitEthernet0/2
description 10.4.8.95 PTCC-CRWKS-002
switchport access vlan 208
no cdp enable
no cdp tlv server-location
no cdp tlv app
arp timeout 10
spanning-tree portfast
!
interface GigabitEthernet0/3
description 10.4.8.96 PTCC-CRWKS-003
switchport access vlan 208
no cdp enable
no cdp tlv server-location
no cdp tlv app
arp timeout 10
spanning-tree portfast
!
interface GigabitEthernet0/4
description 10.4.8.97 PTCC-CRWKS-004
switchport access vlan 208
no cdp enable
no cdp tlv server-location
no cdp tlv app
arp timeout 10
spanning-tree portfast
!
interface GigabitEthernet0/5
description 10.4.8.98 PTCC-CRWKS-005
switchport access vlan 208
no cdp enable
no cdp tlv server-location
no cdp tlv app
arp timeout 10
spanning-tree portfast
!
interface GigabitEthernet0/6
description 10.4.8.99 PTCC-CRWKS-006
switchport access vlan 208
no cdp enable
no cdp tlv server-location
no cdp tlv app
arp timeout 10
spanning-tree portfast
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet1/1
description Link to CMF-4507
switchport trunk encapsulation dot1q
switchport trunk native vlan 208
switchport trunk allowed vlan 202,208
switchport mode trunk
!
interface GigabitEthernet1/2
description Link to HBN-4507
switchport trunk encapsulation dot1q
switchport trunk native vlan 208
switchport trunk allowed vlan 202,208
switchport mode trunk
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
description uplink to CMF 4507
switchport trunk encapsulation dot1q
switchport trunk native vlan 208
switchport trunk allowed vlan 202,208
switchport mode trunk
!
interface TenGigabitEthernet1/1
!        
interface TenGigabitEthernet1/2
!
interface Vlan1
no ip address
!
interface Vlan208
ip address 10.4.8.14 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
!
!
line con 0
line vty 0 4
password 7 111A18011A1B055C52
login
transport input telnet
line vty 5 15
login
!        
ntp peer 10.4.2.3
end

Hall of Fame Super Blue

Redundant Trunks

Bryan

There is definitely no default gateway so i am not sure how you would ever be able to ping the vlan 208 IP address on the switch from any other subnet regardless of whether the trunk to the 4500b was up or not.

But you are saying you can ?

Jon

New Member

Redundant Trunks

Yes I can ping from 4500B no problem. 

Hall of Fame Super Blue

Redundant Trunks

Bryan

Sorry, what do you mean you can ping from the 4500b no problem. Do you mean using a different source IP ie. not in vlan 208 ?

And i thought the trunk to 4500b was the one you were shutting down ?

I was thinking it may be something to do with proxy arp but before that can you describe in detail the sequence of events ie.

1) before you shut the trunk down where are you pinging from. What is the src IP.

2) after you shut the trunk down (trunk link to 4500b) where are you pinging from. Again src IP.

Do both 4500s have a vlan 208 L3 interface ?

Jon

New Member

Redundant Trunks

Do you mean using a different source IP ie. not in vlan 208 ?

scratch that I cannot ping from an IP that is not in VLAN 208.  I wasnt adding a source IP to my ping previously.

And i thought the trunk to 4500b was the one you were shutting down ?

I am not going to shut it down permenantly I wanted to test connectivity incase that trunk went down. 

I was thinking it may be something to do with proxy arp but before that can you describe in detail the sequence of events ie.

1) before you shut the trunk down where are you pinging from. What is the src IP.

I realize I was pinging from an IP in the same VLAN.

2) after you shut the trunk down (trunk link to 4500b) where are you pinging from. Again src IP.

Any other subnet I tried.

Do both 4500s have a vlan 208 L3 interface ?

Both 4500's have this in the sh ip route output

C       10.4.8.0/24 is directly connected, Vlan208

New Member

Redundant Trunks

Is IP routing enabled on the devices ? Can you please paste the output of "show ip route" from 3 of those devices?

Regards,

Chandu

Regards, Chandu
New Member

Redundant Trunks

On both the 4500's there is the subnet of the 3560 when I do a " sh ip route "

C       10.4.8.0/24 is directly connected, Vlan208

Hall of Fame Super Blue

Redundant Trunks

Bryan

after you shut the trunk down (trunk link to 4500b) where are you pinging from. Again src IP.

Any other subnet I tried.

But you won't be able to ping from any other subnet regardless of whether the trunk is up or not because there is no default gateway on the 3560.

So is the issue simply that when you shut down the trunk link you cannot ping even when in the same subnet from the 4500a ?

Jon

New Member

Redundant Trunks

I want to be able to get access to the switch when I shut down the trunk from 4500B. 

Hall of Fame Super Blue

Redundant Trunks

Bryan

I understand that. Because of the confusion of what the src IP was i just wanted to clarify exactly what the issue is.

So 4500a has a L3 vlan interface in vlan 208. I assume the 3750 does as well. You shut the trunk down between the 3560 and the 4500b and you cannot ping from the 4500a - is that the current situation ?

If so can you post -

1) "sh ip int br | include Vlan"  from the 4500a and the 3750

2) "sh int trunk"  from the 4500a and the 3750 and indicate which trunks are connecting -

a) from 4500a to the 3750

b) from the 3750 to the 3560

Jon

New Member

Redundant Trunks

So 4500a has a L3 vlan interface in vlan 208. I assume the 3750 does as well. You shut the trunk down between the 3560 and the 4500b and you cannot ping from the 4500a - is that the current situation ?

That is correct.

If so can you post -

1) "sh ip int br | include Vlan"  from the 4500a and the 3750

For the 3750

Vlan1                  unassigned      YES NVRAM  administratively down down   

Vlan203                10.4.3.3        YES NVRAM  up                    up     

Vlan999                unassigned      YES NVRAM  administratively down down

For the 4500A

Vlan207                unassigned      YES NVRAM  down                  down   

Vlan208                10.4.8.2        YES NVRAM  up                    up     

Vlan209                10.4.9.2        YES NVRAM  up                    up    

2) "sh int trunk"  from the 4500a and the 3750 and indicate which trunks are connecting -

3750 Trunk G1/0/27 is connected to the 3560

Gi1/0/1     on           802.1q         trunking      203
Gi1/0/26    on           802.1q         trunking      205
Gi1/0/27    on           802.1q         trunking      208

Port        Vlans allowed on trunk
Gi1/0/1     202-203,208
Gi1/0/26    1,205,1002-1005
Gi1/0/27    202,208

Port        Vlans allowed and active in management domain
Gi1/0/1     202-203
Gi1/0/26    1,205
Gi1/0/27    202

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/1     202-203
Gi1/0/26    1,205
Gi1/0/27    202

a) from 4500a to the 3750

Trunk G1/4 is the trunk from the 4500A to the 3750

Gi1/4       auto             802.1q         trunking      203
Gi1/8       auto             802.1q         trunking      1
Gi1/23      auto             802.1q         trunking      999

Port        Vlans allowed on trunk
Gi1/1       202,210,218,220,227
Gi1/2       211-212,222,224,233,244,255
Gi1/3       208-209,213,226
Gi1/4       202-203,208
Gi1/8       1-4094
Gi1/23      202,208

Port        Vlans allowed and active in management domain
Gi1/1       202,210,218,220,227
Gi1/2       211-212,222,224,233,244,255
Gi1/3       208-209,213,226
Gi1/4       202-203,208
Gi1/8       1,202-203,208-213,218,220,222,224,226-227,233,244,255
         
Port        Vlans allowed and active in management domain
Gi1/23      202,208

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/1       202,210,218,220,227
Gi1/2       211-212,222,224,233,244,255
Gi1/3       208-209,213,226
Gi1/4       202-203,208

b) from the 3750 to the 3560

Hall of Fame Super Blue

Redundant Trunks

Bryan

From the 3750 output -

Port        Vlans allowed and active in management domain
Gi1/0/1     202-203
Gi1/0/26    1,205
Gi1/0/27    202

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/1     202-203
Gi1/0/26    1,205
Gi1/0/27    202

vlan 208 is not going across that trunk which is why you cannot ping from the the 4500a switch. Can you post -

"sh vlan brief" from the 3750 switch

Also is the diagram you posted the full picture ie. there are no other switches connected anywhere that could create a loop are there ?

Jon

New Member

Redundant Trunks

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi1/0/25, Gi1/0/28

202  VLAN0202                         active   

203  VLAN0203                         active    Gi1/0/3, Gi1/0/5, Gi1/0/11, Gi1/0/12

205  VLAN0205                         active    Gi1/0/7

999  VLAN0999                         active    Gi1/0/2, Gi1/0/4, Gi1/0/6, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/13, Gi1/0/14

                                                Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21

                                                Gi1/0/22, Gi1/0/23, Gi1/0/24

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/25, Gi1/0/28
202  VLAN0202                         active   
203  VLAN0203                         active    Gi1/0/3, Gi1/0/5, Gi1/0/11, Gi1/0/12
205  VLAN0205                         active    Gi1/0/7
999  VLAN0999                         active    Gi1/0/2, Gi1/0/4, Gi1/0/6, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/13, Gi1/0/14
                                                Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21
                                                Gi1/0/22, Gi1/0/23, Gi1/0/24
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default

There two 4500's do communicate.  So I am thinking STP would shut a trunk down when this is properly configured.

Hall of Fame Super Blue

Redundant Trunks

Bryan

There is no vlan 208 in the vlan database so vlan 208 does not extend from the 4500a to the 3560 and that is why you can't ping.

There two 4500's do communicate.  So I am thinking STP would shut a trunk down when this is properly configured.

It depends but as both 4500s have a vlan 208 L3 interface it suggests there is another connection not shown in your diagram and perhaps that is why vlan 208 has not be included in the vlan database of the 3750.

It's difficult to say without knowing the full network layout and interconnects between all the switches so adding vlan 208 to the 3750 is not necessarily a solution and may, as you suggest, cause a loop depending on what other interconnections there are.

Jon

New Member

Redundant Trunks

The trunks you see in the diagram from the 3560 are the only ones it has.  The trunk you see from the 3750 to the 3560 is new.  I forgot to add the vlan 208 to 3750 when I made that trunk.

If I were to add the default gateway of 10.4.8.2 to the 3560 and add vlan 208 to the 3750 it should put me in business right?  

Hall of Fame Super Blue

Redundant Trunks

Bryan

If I were to add the default gateway of 10.4.8.2 to the 3560 and add vlan 208 to the 3750 it should put me in business right?  

If you add vlan 208 to the vlan database on the 3750 that should mean you can ping from 4500a when the trunk to 4500b is down.

As for using 10.4.8.2, which 4500 is that ? Are you not running HSRP for all vlans between the 4500s ? Note if you are then at the moment both 4500s will think they are active for vlan 208 until you update the 3750. If you are running HSRP then use the virtual IP as the default gateway on the 3560.

One last thing. It looks like vlan 208 is the management vlan for your switches. Is there any reason you have used a different vlan on the 3750 ie. you have used vlan 203 ?

Jon

New Member

Redundant Trunks

I meant 10.4.8.1 I fat fingered it.  That is the virtual IP.  Also I have no idea why VLAN 203 is being used as management on the 3750.  This network was built way before I worked here.  I am just going in trying to find things to fix.  It is also a live network so I need to be careful. 

Hall of Fame Super Blue

Redundant Trunks

Bryan

No problem, i fat finger all the time

Then i suspect both 4500s are showing active for vlan 208. That would be a good way to check that there is no alternate path although you seem to be sure there isn't so it's just an extra check.

I would also recommend changing to vlan 208 for managing the 3750 as well as long as there is no other reason vlan 203 is being used.

Like you say, it's always best to go slow when working on a new network because it can be very difficult to tell when something has been done for a reason or whether it has just "evolved".

Jon

New Member

Redundant Trunks

Thanks for your help in this matter and to anyone else who helped. 

290
Views
0
Helpful
26
Replies