03-05-2009 08:24 PM - edited 03-06-2019 04:25 AM
I have a layer 3 switch with two routers connected to it. When I trace from one WAN site to another through this switch I hit vlan 31 and just stop. I can get on the switch and trace to the 10.175.0.0/24 network but from our other WAN connection I can't get past it. If I source the IP of vlan 31 on that same switch I cannot get to the 10.175.0.0/24 network. I have a static route for the 10.175.x.x net on the switch pointing to the router that is connected via an access port. The router's gi0/1 interface has 10.10.1.250 address which is a part of the vlan 710 on the layer3 switch. Any ideas why I can't route past that 10.210.31.3 address?
03-05-2009 08:57 PM
Your description is pretty hard to follow, so I will start with the "low hanging fruit"
what type of layer 3 switch are you using? 3750? 6509?
Is ip routing enabled on your layer 3 switch?
03-05-2009 09:07 PM
It's a 6513 with routing enabled.
WAN Router to 6513 to 3845 to 10.175.0.0
Both routers are connected to this switch via access ports on different vlans.
03-05-2009 09:12 PM
Are there any other static routes, default routes, or routing protocols running?
What's the output of your "show ip route" look like?
try using the "show ip cef exact-route
03-05-2009 09:16 PM
multiple static routes, a default route, and eigrp.
show ip route is very huge routing table but here is the particular network I want to get to.
SERVER2#sh ip route 10.175.0.2
Routing entry for 10.175.0.0/24
Known via "static", distance 1, metric 0
Redistributing via eigrp 100
Advertised by eigrp 100
Routing Descriptor Blocks:
* 10.10.1.250
Route metric is 0, traffic share count is 1
SERVER2#sh ip cef exact-route 10.210.31.3 10.175.0.2
10.210.31.3 -> 10.175.0.2 : Vlan710 (next hop 10.10.1.250)
03-05-2009 09:21 PM
What about from the 10.10.1.250 router? What's the "show ip route 10.210.31.3" look like?
Your L3 switch looks fine, looks like the problem is more than likely the 10.10.1.250 router not knowing how to reach the 10.210.31.0 subnet.
03-05-2009 09:25 PM
RTR#sh ip route 10.210.31.3
% Subnet not in table
Yeah I see now. The problem is this router has two connections into it, one for data and one for voice only. I can't put a static route to that network in the router to go out this interface or I'll get an asymetric route, this vlan is a data vlan not a voice one.
03-05-2009 10:01 PM
I'm a little confused at how the network is setup, but I assume there is a reason :)
But aside from that, there are several options you can do, but I would need quite a bit more information about your configuration and traffic patterns.
Asymmetric routing isn't bad, just as long as you expect it and the results are desirable, and care should be given because it does increase complexity and limit future designs.
So my first question is a design question, why do you have your voice and data going out 2 separate physical ports? Do they terminate to the same L3 switch?
What does the "voice network" look like, traffic patterns, routing, source / destination, call managers, h323 gateways etc.
Why not just run EIGRP 100 on your edge routers to participate with your L3 switch?
Why configure static routes? In the event of a link failure, all of your static routes (unless you configure floating static routes etc.) mean nothing.
You can't get to the network no matter what, asymmetric routing isn't a factor here, undeliverable packets is the factor. If you have voice vlan 1.1.1.0/24 and data vlan 2.2.2.0/24, you can write route policies to determine traffic patterns. We will say that the voice traffic should go to the router with the IP of 10.1.1.1 and data should go to the router with the IP of 10.2.2.2.
IE
ip access-list extended Voice
permit ip 1.1.1.0 0.0.0.255 any
ip route-map Voice
match ip address Voice
set ip next-hop 10.1.1.1
interface gi 0/1 (policy routing is placed on the inbound interface)
ip policy route-map Voice
ip route 0.0.0.0 0.0.0.0 10.2.2.2
This configuration will send all traffic that come in interface Gi0/1 with a source IP of 1.1.1.0/24 (voice traffic) to the voice network, all other traffic will be sent to 10.2.2.2.
03-05-2009 10:22 PM
I'll try to answer your questions the best I can.
This is a very hard to explain network design. We have a DS3 between two offices connected by two 3845s. On either side of those we have firewalls then Layer3 switches 4500 series. We have the corporate VRF and Engineering VRF routing thru the firewalls via the Gi0/0 interfaces on the routers. Then to bypass the firewalls for voice we connect them off of Gi0/1 directly into the switches (the HQ side were we are working now goes into a different switch than the corp and eng traffic).
The source voice network is in site B the 10.210.31.x network is at the HQ office.
The remote site voice network is the 10.175.0.0/24 and the destination network is another remote office routing thru the HQ network to another WAN connection. The CMs live at the HQ on the 10.10.1.x network. So voice traffic leaves the 4500 at site B goes to Gi0/1 on the 3845 across the 45MB p2p into s1/0 on the HQ 3845 then out the Gi0/1 int to the 6513 to another 3845 (managed by WAN provider) then out to the other remote office.
All other layer3 devices on the network participate in EIGRP except this router b/c we don't want it to learn all the data networks via the Gi0/1 int. The firewalls can't do EIGRP so we're doing statics from the 4500 to the FW for all data and statics to the 3845 for voice traffic.
There is a default route on the 3845 for all traffic coming in from site B and a static route for traffic destined to our 10.10.1.x network.
How is the route map going to enable the HQ 3845 to learn how to get to the 10.210.31.x network?
How is that route map going to
03-05-2009 11:23 PM
Gotcha, so you just connect a second physical cable to bypass your FW for voice.
The route-map sets the next hop value to whatever the destination (just like a static route but it allows you (in this case) to specify a source, a destination, and how to get there (next hop) where a static route just allows you to specify destination and how to get there (next hop)). The route-map allows you to separate voice and data traffic based on the source IP, the router will still need to know how to get to the next-hop that you specify in the route map, either via a routing protocol or a static route.
I attached a "diagram" drawn in paint(I don't have visio at home!) to make sure I was clear with your setup. If you can fill in the data network IP's and correct anything I got wrong that would help me with an overview if you still need it.
03-05-2009 10:35 PM
Let's see if this diagram shows up.
Site B
4510
| |
FW | (voice)
| |
3845
| (DS3)
3845
| |
FW |
| --6513 -- WAN Router to other site
4507 |
| |
6513 (core)
03-05-2009 11:47 PM
What is the data network on the 10.10.1.250 router, and what is the voice network?
what link do you want the voice traffic to go out of and what link do you want the data traffic to go out of?
03-06-2009 07:55 AM
The data network for site B is 10.175.1.0/24 and the voice is 10.175.0.0/24 so basically any 10.175.x.x traffic is destined for site B.
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname RTR
!
boot-start-marker
boot-end-marker
!
card type t3 1
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 XXXXXXXXX
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login Console local
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 0 default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!
!
!
aaa session-id common
clock timezone PST -8
clock summer-time PDT recurring
!
dot11 syslog
ip source-route
ip cef
!
!
!
!
no ip bootp server
ip domain name is.ad.igt.com
ip name-server 10.210.41.190
multilink bundle-name authenticated
!
!
!
!
!
!
archive
log config
hidekeys
!
!
controller T3 1/0
cablelength 10
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh logging events
ip ssh version 2
!
!
!
interface Loopback0
ip address 10.1.1.2 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Null0
no ip unreachables
!
interface GigabitEthernet0/0
description To FW Port 1
ip address 10.254.1.70 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
media-type rj45
no mop enabled
!
interface GigabitEthernet0/1
description To Server2 Gi3/4
ip address 10.10.1.250 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
media-type rj45
no mop enabled
!
interface Serial1/0
ip address 10.254.1.73 255.255.255.252
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
dsu bandwidth 44210
!
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.254.1.69
ip route 10.1.1.175 255.255.255.255 10.254.1.74
ip route 10.1.1.176 255.255.255.255 10.254.1.74
ip route 10.10.0.0 255.255.0.0 10.10.1.1
ip route 10.175.0.0 255.255.255.0 10.254.1.74
ip route 10.175.1.0 255.255.255.0 10.254.1.74
ip route 10.175.2.0 255.255.255.0 10.254.1.74
ip route 10.175.4.0 255.255.252.0 10.254.1.74
ip route 10.175.8.0 255.255.255.0 10.254.1.74
ip route 10.210.44.221 255.255.255.255 10.10.1.1
ip route 10.210.44.222 255.255.255.255 10.10.1.1
ip route 10.254.1.76 255.255.255.252 10.254.1.74
!
ip http server
no ip http secure-server
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 100
!
ip tacacs source-interface Loopback0
!
logging history informational
logging trap debugging
logging 10.210.41.145
logging 10.210.41.75
access-list 23 permit 10.210.104.0 0.0.0.255
access-list 23 deny any log
snmp-server enable traps tty
!
!
control-plane
!
03-06-2009 10:16 AM
So from the 10.10.1.250 RTR anything destined for 10.175.x.x send out the DS3 (to 10.254.1.74)
From the 10.10.1.250 RTR, traffic destined for 10.210.13.x, where should it be sent to? I'm assuming that 10.210.13 is a voice network, is there a data network as well?
03-06-2009 01:15 AM
"ip routing" enable
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide