Re: Network connectivity issue at campus

pankaj_cisco111 · ‎09-30-2005

Pls. look into my real Network scenario.

I'm implementing campus network for a CALL Center that consists of 2 Cisco 6509 core switch & seventeen 2950 switches for access. I have 3 2950 access switches from different floors are terminated on Core. These 3 switches are cascaded to another l2 access switches on floors for access-point of data. I have made 6 vlans for users & all are occupied with DHCP servers. I have enabled intervlan-routing for all. Now the problem is.. All users are getting IP address from DHCP, They are able to ping & access all the servers but servers are not able to ping any Users PC & also users are not pinging together. Pinging is just going in one way. I manually defined 100mbps duplex on all 2950 access ports. now If I change the duplex setting on client from Auto to 100 mbpsfull, Pinging comes in both way but after 20-30 minutes, it drops. Again I change it to auto, the same thing happens. It's very much required for me as it solves my purpose to access all the users pc remotely.

Georg Pauwen · ‎09-30-2005

Hello,

a couple of thoughts: make sure your 6509 core switches are the root switches for your VLANs, in order to optimize the traffic load.

Also, as a rule of thumb, user ports should be left to the default speed and duplex settings (that is, autonegotiate), while servers should be set to fixed speed and duplex. Make sure that not only the ports to which the servers are connected to are set to fixed speed and duplex, but also the server NICs.

And last but not least, user ports should be configured with 'switchport mode access' and 'spanning-tree portfast'...which you might have already done.

Regards,

GP

glen.grant · ‎09-30-2005

I'll make a assumption here that your l3 definitions are on the 6509, that being the case I would start looking at all your trunks and make sure that all your vlans are allowed on the trunks . If you are running transparent you will also have to make sure you have a L2 vlan definition on each of your access layer switches for vlans you want on that switch . Keep in mind on the 2950 just because you put a switchport access vlan XX command on a port does not mean the L2 vlan is created . You verify each switch with the "show vlan" command . All the vlans that you need on the switch and allowed on the trunks must show up here as "active" . To me it sounds like you don't have your trunking setup correctly.

mark.mcsherry · ‎10-02-2005

Hi,

If I understsand your issue correctly, you are saying that users in the same VLAN cannot ping each other, but they can ping the server?

If they are on the same layer 2 domain, then there isn't any filtering (although some is possible for port level security, ie MAC Address filters).

So.. you have users in the same VLAN that cannot ping each other. I would suspect that you either do not have your VLANs extended to all switches, or more likely you have a loop.

When you have a loop, you will see the network going up and down. The best bet at this point is to map out your network. You will need to draw a diagram showing connections between each of the switches.

Anywhere that a loop could form (ie a switch with more than one connection to it), you need to ensure that one of the links is blocking. Check this on each switch and update your diagram to show which links are open and which are blocking.

If you have a loop though, you will be seeing high CPU, so you'd want to watch out for that too.

If the one-way pinging is occuring through a layer 3 device (router), then you could have an access list causing this issue.

HTH,

Mark