cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2363
Views
0
Helpful
12
Replies

Subnets on single switch problem

160thehaven
Level 1
Level 1

subnets.jpg

Hi i recently completed a CCENT and am now moving onto to CCNA. I came across a network recently shown in the attachment that had a problem and i have a few questions and am trying to debug it. Any suggestions would be appreicated.

Device a sends info to device b every second over tcp/ip (few packets of info). If the link to Switch 1 is not connected the 192.168.1 network works fine and device a and device b function as normal.

When the link from switch 3 is plugged into switch 1 after approx 2 hours device b stops working as it does not receive infomation from device a.

This is repeatable plugging into switch 1 always causes an issue on device b.

All the switches are unmanaged switches.

The server needs to communicate with the 10.0.1.x and to the 192.168.1.x network but the other deices on the 10 network and 192 network do not have to communicate with each other. The server runs monitoring software and needs to "see" all devices. The server has one NIC with an alternate IP set up and can ping the devices on the 192,.168.1.x network and the 10.0.1.x network.

I was wondering is there a potential issue with the two subnets on the switch or is there possibly an issue with broadcast traffic?

The devices are not PC but industrial communication devices so im am unsure how to debug the issue.Also cannot view any logs on the switches as they are unmanaged.

One though i had was to put a cisco 3550 switch i have for testing in there and connect device a,device b on the cisco switch, then create a SPAN port and connect wireshark/dumcap to the SPAN port to monitor the traffic being sent between the two.

If anyone has any suggestions please let me know thanks

12 Replies 12

Richard Burts
Hall of Fame
Hall of Fame

You describe quite a few things about this network but as a start I am going to focus just on device a, device b, and the impact of connecting to switch 1. If device a and device b are connected in the same unmanaged switch, and if they have IP addresses in the same subnet, it is kind of difficult to think of what would prevent their communication.

So I would like to ask a question to clarify some things. After the connection to switch 1 is established is the problem just between a and b? Can a still access other resources in its network? Can b still access other resources in its network? My assumption here is that there may be some device connected on switch 1 that is creating a conflict. It might be another device with one of the IP addresses or it might be another device that claims the same MAC address.

And I have a suggestion. Is it possible to check what is in the arp table of devices a and b? If so I suggest that while the network is working ok that you check both devices and record what is in their arp table. Then connect switch 1. After the problem starts then check the arp tables again and see if some IP address in the arp table has a different MAC address.

HTH

Rick

HTH

Rick

Thanks very much

yes the issue is between a and b, they are however industrial devices which send data directly to each other every 100ms or so, if device a doesnt send this heartbeat signal device b will stop. i cant check arp tables of devices as they dont have the option to check their arp table like you would do on a pc, what i did do was connect a cisco 3550 switch to a blank port on switch 2 and set up a span port on the cisco which in turn was connected to a laptop running wireshark, i noticed when not connected to the comms room(cable plugged out) there was very little traffic on the port as you would expect then when i connected up the cable (after 9:03) there was a jump in broadcast traffic.

Maybe switch 2 (a cheap 8 port switch), get overwhelmed when connected to the comms room with broadcast traffic and causes a delay in the communication of the packets from device a to device b?

Thanks for the additional information. Just to help me understand better what is going on - it is correct to understand that device a talks only to device b and that device b talks only to device a (neither device communicates with other network devices)?

If you have the 3550 connected into the network can you use wireshark to look for traffic from their IP addresses? This should give you the MAC address that each is using. Then can you use wireshark to examine traffic, especially as it comes from switch 1 to see if anything coming from switch 1 is using either of the IP addresses or either of the MAC addresses that are used by a or b?

HTH

Rick

HTH

Rick

Yes device a only communicates to device b.

If I replaced switch 1 with a L3 switch could I put the devices in switch 2 and switch 3 in a vlan let's say vlan 10

Could I then put the 10.0 devices in a vlan let's say vlan 20.

Could I then connect the switch 4 to my new l3 switch and put it in vlan 10 and set the ip on the server to 10.0.x.x

Basically the 10.0 devices need to see each other , the server needs to communicate with them.

The 192 devices need to see each other and the server needs to communicate with them.(doesn't need to see a/b)

192 network only needs to see the server not any other devices on 10.x

Can the unmanaged switch be plugged into a port on the cisco and assigned to vlan 20 so that if the server needs to send a packet to  a device on 192.x it goes to the unmanaged switch 4 which then is forwarded to a port on the l3 switch which is part of the 20 vlan , the switch then has a route to the vlan 10 and send the packet to the device on the 192.x network . Is it possible to implement this.?

I would like to isolate the 192 network as I can see a lot of broadcast traffic from the 10 network on it and I think it is affecting the simple 8 port switch, switch 2. I only have one 24 port L3 switch though.

I like your suggestion also to track the mac and look for rogue mac / ip . Thanks

One characteristic that is generally true of unmanaged switches is that they have no concept of VLANs and that all of their ports are all in the same VLAN (same broadcast domain). So although you may have some devices configured as part of 192.168.1 network and other devices configured as part of 10.0.1 network the reality is that all of the devices are part of one big flat network.

If you put a Layer 3 switch into the network then you create the opportunity to actually separate these networks. You could configure vlan 10 and assign some ports on the layer 3 switch as access ports in vlan 10. If you connect switches 2 and 3 to ports that are access ports in vlan 10 then all the ports in switches 2 and 3 will be in vlan 10. You could configure vlan 20 on the layer 3 switch and make vlan 20 have subnet 10.0.1.

You could connect switch 4 to an access port in whatever vlan you choose. You suggest that it might go into vlan 10 which is certainly possible. But you then suggest setting the IP of the server as part of 10.0. But in the preceding paragraph you suggested that 10.0 would be associated with vlan 20. You need to be clear and consistent about the relationship between vlan and subnet.

If you associate 10.0 subnet with vlan 20 then any device in vlan 20 should have an IP address in 10.0. And all devices in the vlan and subnet would easily communicate with each other.

I am somewhat unclear about the server. At some places you seem to indicate that it needs to communicate with devices in network 10.0 and in some places it seems that it should communicate with 192. If it really needs to communicate with both then you will need some layer 3 device that allows routing between the subnets.

HTH

Rick

HTH

Rick

Switch 4 would be part of vlan20.

The server needs to communicate with devices both in the 10.0 and 192 network.

To clear this up what i was thinking of was:

remove switch 1- replace with  a 3550 L3 switch

Put all the 192 devices on vlan 10 on the L3 switch

Put all the 10 devices on vlan 20 including the server

Have some form of inter vlan routing between the vlans so that the server can access both the 10 and 192 network. (the server needs to access both)

What i was wondering was that can i just take the switch 4 and plug it into a port on the L3 switch- will this make all device on the unmanaged switch 4 part of the vlan 20 (assuming i have the port on the L3 switch configured for vlan20) ?

what do i set the gateway of the server to would it be the subinterface of one of the vlans?

how would i let the server get off the vlan and onto the internet. do i need a default route to the router on the network

Thanks for the help, apologies if i am confusing things

If you configure a port on the 3550 as an access port in vlan 20 and connect switch 4 to that port then it effectively would make all of the ports in switch 4 be in vlan 20 (assuming that switch 4 is an unmanaged switch).

To allow routing between the vlans you could enable routing on the 3550 and configure vlan interfaces for vlan 10 and 20. See this link for discussion and details of routing with 3550

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

Assuming that you also have a router in the network you could create a trunk port on the 3550 and trunk both vlans to the router. On the router you would configure subinterfaces for the vlans and do the inter vlan routing on the router.

If you do routing on the 3550 and if you want Internet access then the 3550 does need a default route pointing to the router. And the router needs routing logic to be able to reach these remote subnets. You also probably will need address translation for these subnets.

The default gateway for the server will depend on whether the routing is done on the switch (in which case the server default gateway is the switch vlan interface address) or on the router (in which case the server default gateway is the router subinterface address).

Note that if you enable routing between vlans/subnets it will potentially allow devices other than the server to communicate between vlans. If you do not want other devices to communicate you will probably need to configure some access lists to control the traffic.

HTH

Rick

HTH

Rick

there is no cisco router on the network- some form of sonicwall which doesnt have vlan capability.

i would try to do the routing on the 3550.(between vlans)

If you do routing on the 3550 and if you want Internet access then the 3550 does need a default route pointing to the router.

-okay i get this to get off the vlan i would assume it needs a route to the internet. I.E if trying to contact google it resolves the name to the IP but this Ip is not on either subnet so the switch(L3 switch) will need a default route to route the traffic to the router which will then pass on the packet

And the router needs routing logic to be able to reach these remote subnets. You also probably will need address translation for these subnets.

if the router is in the same subnet, same vlan as the 10.x network is this still needed. To clairfy the devices in the 192.x network do not need to reach the internet only the devices in vlan 20. I dont quite understand this.

Note that if you enable routing between vlans/subnets it will potentially allow devices other than the server to communicate between vlans. If you do not want other devices to communicate you will probably need to configure some access lists to control the traffic.

- thanks i think it is okay that the devices communicate on the vlans once the broadcast traffic is eliminated. I will also look into learning access lists though as they seem very powerful

Thanks very much for your help, i am at CCENT level moving to CCNA so some of my questions may seems a little stupid.

-

The post that I was responding to mentioned a router on the network. If that is the Sonicwall and it does not have vlan capability then it makes very good sense to do the routing on the 3550.

Your understanding of the default route on the 3550 is correct.

If the router/Sonicwall is in the 10 network then the server and other devices in that network should work ok for Internet access. If anything in the 192 network needs Internet access then my comments apply to them. Since you say that 192 does not need Internet access then it is not something you need to worry about.

Probably there is not a need for access lists for your current situation. At some point you should learn about access lists. While they can get pretty complicated the basic principles are simple enough. The access list will identify traffic sometimes by address and mask, sometimes by protocol type or port number, and then the access list can permit some traffic and deny some traffic.

We all started at the beginning and learned as we went along. So far your questions have been fine (and certainly not stupid). Keep up your efforts and you will learn more.

HTH

Rick

HTH

Rick

there is command "IP ROUTING "this is global configuration  command on switch L3,by this command you can communicate VLAN with each other

router(config-t)# ip routing

this is help ful for you.

thankyou

okay so i set up a Layer3 switch at home for testing with 2 vlans, vlan 10 and vlan 20- I can ping between the vlans.

i cant get onto the intenet however- i have an isp cisco modem/wireless router which has 4 ports on it, i connected a port from this to port 14 on my L3 switch which is part of vlan 20.

I can ping the router from a laptop connected to vlan 20 but i cant access the internet. Currently the gateway of the laptop is set to 192.168.1.20 which is the ip address of the vlan interface, if i change the gateway on the laptop to 192.168.1.1 which is the adddress of the router i can access the internet- then however i loose my access to the vlan 10.

I put in  a static route 0.0.0.0 0.0.0.0 192.168.1.1 on the layer 3 switch.

Any suggestions?

My first thought when I read the description of your symptoms now was that perhaps the addresses in vlan 20 were not being translated by the router. But if it works ok when the PC default gateway is the router address then it is probably not a problem with address translation.

I wonder if the switch or the router might be configured with no ip redirects. If the client gateway is the switch vlan IP address then the switch would need to use IP redirect when it forwards the packet to the router (signaling to the PC that it should use the router address for further traffic to this address. If redirects are disabled then it might cause the symptoms that you describe.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco