Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

VLAN routing problem. Please help.

Our network is rrunning 5 vlans. Recently the config was changed so that native is not running on a data vlan. Machines on one of our vlan is unable get outside of their vlan. All other vlans are working fine. This is the message that I get:

.

00:27:04: IP-EIGRP: Neighbor 10.8.8.1 not on common subnet for GigabitEthernet4.5

00:27:14: IP-EIGRP: Neighbor 10.8.250.1 not on common subnet for GigabitEthernet3.2

00:27:27: IP-EIGRP: Neighbor 10.8.8.1 not on common subnet for GigabitEthernet4.5

00:27:37: IP-EIGRP: Neighbor 10.8.250.1 not on common subnet for GigabitEthernet3.2

00:27:51: IP-EIGRP: Neighbor 10.8.8.1 not on common subnet for GigabitEthernet4.5

00:28:05: IP-EIGRP: Neighbor 10.8.8.1 not on common subnet for GigabitEthernet4.5

00:28:20: IP-EIGRP: Neighbor 10.8.8.1 not on common subnet for GigabitEthernet4.5

13 REPLIES
New Member

Re: VLAN routing problem. Please help.

Tou Vue

Take a look at this page on CCO and see if that matches what you are seeing. It sounds like you may have mismatched network assignments at each end of these segments.

http://www.cisco.com/warp/public/103/15.html

Hope this helps

Bill

New Member

Re: VLAN routing problem. Please help.

Tou vue,

I am also having this problem!! What did you finally do to solve it.

New Member

Re: VLAN routing problem. Please help.

Net yet. Let me know if you have any luck too.

Good luck,

Tou

Silver

Re: VLAN routing problem. Please help.

Can you post the configurations of the router/switch? I am assuming it is a 3550?

New Member

Re: VLAN routing problem. Please help.

--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --

No it is a 4006

--moderator edit--

Current configuration:

!

version 12.0

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname --moderator edit-- router

!

boot system flash bootflash:cat4232-in-mz.120-18.W5.22b.bin

enable secret 5 --moderator edit--

!

clock timezone EST -5

ip subnet-zero

!

!

!

interface Port-channel1

no ip address

no ip directed-broadcast

hold-queue 300 in

!

interface FastEthernet1

no ip address

no ip directed-broadcast

shutdown

!

interface GigabitEthernet1

no ip address

no ip directed-broadcast

shutdown

!

interface GigabitEthernet2

no ip address

no ip directed-broadcast

shutdown

!

interface GigabitEthernet3

no ip address

no ip directed-broadcast

no negotiation auto

!

interface GigabitEthernet3.1

encapsulation dot1Q 1

ip address 10.8.1.1 255.255.255.0

ip helper-address 10.8.16.2

no ip redirects

no ip directed-broadcast

!

interface GigabitEthernet3.2

encapsulation dot1Q 2 native

ip address 10.8.8.1 255.255.255.0

ip helper-address 10.8.16.2

no ip redirects

no ip directed-broadcast

!

interface GigabitEthernet3.3

encapsulation dot1Q 3

ip address 10.8.16.1 255.255.255.0

ip helper-address 10.8.16.2

no ip redirects

no ip directed-broadcast

!

interface GigabitEthernet4

no ip address

no ip redirects

no ip directed-broadcast

no negotiation auto

!

interface GigabitEthernet4.4

encapsulation dot1Q 4

ip address 10.8.24.1 255.255.248.0

ip access-group 101 in

ip helper-address 10.8.16.2

no ip redirects

no ip directed-broadcast

!

interface GigabitEthernet4.5

encapsulation dot1Q 5 native

ip address 10.8.250.1 255.255.255.0

ip helper-address 10.8.16.2

no ip redirects

no ip directed-broadcast

!

router eigrp 100

passive-interface FastEthernet1

network 10.0.0.0

!

ip classless

!

access-list 101 permit udp 10.8.24.0 0.0.7.255 any eq netbios-ns

access-list 101 permit udp 10.8.24.0 0.0.7.255 any eq netbios-dgm

access-list 101 permit tcp 10.8.24.0 0.0.7.255 host 10.189.16.7 eq www

access-list 101 permit icmp 10.8.24.0 0.0.7.255 any

access-list 101 permit ip host 10.8.24.7 any

access-list 101 permit ip host 10.8.24.6 any

access-list 101 deny ip 10.8.24.0 0.0.7.255 host 10.8.16.1

access-list 101 deny tcp 10.8.24.0 0.0.7.255 host 10.8.24.1 eq telnet

access-list 101 permit ip 10.8.24.0 0.0.7.255 host 10.8.24.1

access-list 101 permit ip 10.8.24.0 0.0.7.255 10.8.16.0 0.0.0.255

access-list 101 permit ip host 10.8.24.245 host 10.189.16.2 log

access-list 101 permit ip host 10.8.24.246 host 10.189.16.2 log

access-list 101 permit ip host 10.8.24.247 host 10.189.16.2 log

access-list 101 permit ip host 10.8.24.248 host 10.189.16.2 log

access-list 101 permit ip host 10.8.24.249 host 10.189.16.2 log

access-list 101 permit ip host 10.8.24.250 host 10.189.16.2 log

access-list 101 permit ip host 10.8.24.251 host 10.189.16.2 log

access-list 101 permit ip host 10.8.24.252 host 10.189.16.2 log

access-list 101 permit ip host 10.8.24.253 host 10.189.16.2 log

access-list 101 deny ip 10.8.24.0 0.0.7.255 10.0.0.0 0.255.255.255

access-list 101 permit ip 10.8.24.0 0.0.7.255 any

snmp-server community

snmp-server community

snmp-server location

snmp-server host --moderator edit-- traps --moderator edit--

banner motd ^C

Authorized Access Only, All others will be prosecuted

^C

!

line con 0

password 7 --moderator edit--

login

transport input none

line aux 0

password 7 --moderator edit--

login

line vty 0 4

password 7 --moderator edit--

login

!

end

--moderator edit-- router#

3d21h: IP-EIGRP: Neighbor 10.8.250.1 not on common subnet for GigabitEthernet3.2

Silver

Re: VLAN routing problem. Please help.

It seems that there are 2 potential problems with the configurations:

1. Interfaces GE4.5 and GE3.2 are both configured as native vlan members but with different ids:

interface GigabitEthernet3.2

encapsulation dot1Q 2 native

interface GigabitEthernet4.5

encapsulation dot1Q 5 native

which explains the error messages you are getting. In addition, this usually causes high cpu utilization because switching is done on the cpu instead of the microcode.

2. You are running an old native IOS version. As far as I know, the maturity of the native IOS is still being debated.

hth,

Mustafa

New Member

Re: VLAN routing problem. Please help.

Check how summerization is being done.May wan to turn off auto-summary in eigrp . Example

router eigrp XXX

network XXXX

no auto-summary

Bronze

Re: VLAN routing problem. Please help.

I am wondering if the messages have anything to do with the users not getting out of their vlan. What vlan is not working? If its not one of the two in the messages then it is probably a separate problem.

The messages indicate a loop behind the two ports, thats why the two interfaces are seeing each other. But it seems like the mystery device is not forwarding bpdus or you would think stp would block one of the ports.

Re: VLAN routing problem. Please help.

Hi,

I agree that the two ports (subinterfaces) are seeing each other.

Probably because they are both configured as a part of native VLAN (i.e. not-tagged).

There is probably some mistake in assigning subinterfaces to VLANs - I would guess native VLAN should be the same on both trunks - and that's why IP addresses assigned to the subinterfaces are from different IP subnets but should be from one subnet (one - native, non-tagged -VLAN is supposed to use the same IP subnet).

STP does'n block the subinterfaces because they are probably considered as router (L3) ports and don't participate in STP then.

Regards,

Milan

Silver

Re: VLAN routing problem. Please help.

is vlan 4 the vlan that is not working ?

under your Eigrp config use the no auto-summary command . I beleive that Eigrp is doing classful routing

New Member

Re: VLAN routing problem. Please help.

No it is vlan 5 that is not working.

Silver

Re: VLAN routing problem. Please help.

can you paste in a sh ip route

New Member

Re: VLAN routing problem. Please help.

I called Cisco and they sent me a new SUP II to replace the old one and also configure the switch to how it was before the changes were made (ie the new vlan 800). Everything is working now. What is weird is that I thought they were going to send me the Router switch card blade but when it arrived it was the SUP II engine blade. I figure they know what they are doing so I just installed it and everything is working fine. Does anyone know why it was the SUP II and not the router blade (WS-X4232-L3) . We have 3 other 4006s and this one is the only one with problem.

Tou

132
Views
0
Helpful
13
Replies
CreatePlease to create content