Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IP Routing Issue - Layer 3 Switch

Guys,

I have an issue where I have the following scenario -

8 customers each segregated on a switch stack using VLANs and SVIs for their gateways, for example -

Customer A

Network ID - x.210.24.64

Subnet Mask - 255.255.255.248

SVI IP Address - x.210.24.65

Client IPs - x.210.24.66 - x.210.24.70

Broadcast - x.210.24.71

Customer B

Network ID - x.210.24.72

Subnet Mask - 255.255.255.248

SVI IP Address - x.210.24.73

Client IPs - x.210.24.74 - x.210.24.78

Broadcast - x.210.24.79

I then have a layer 3 routed port connected to an upstream layer 3 switch (managed by external supplier) using the following details -

Layer 3 Routed Port

Network ID - x.210.24.124

Subnet Mask - 255.255.255.252

Port IP - x.210.24.125

Broadcast - x.210.24.127

Finally, I have a default route which is configured as follows -

ip route 0.0.0.0 0.0.0.0 x.210.24.126

This is the next hop IP of the external supplier switch which performs the internet routing. 

I am experiencing the following problems with this -

1)  I am unable to obtain internet access from any of the customer VLANs.  I can successfully ping the SVI address for the VLAN.  I can successfully ping the layer 3 routed port, but I am unable to ping the external supplier switch (x.210.24.126) or any internet address.

2)  If I remove the SVI configuration and use a simple layer 3 routed port instead I receive the same problem.  For example, if I configure a port with the IP address x.210.24.65 (as per Customer A above) and plug my laptop into the port and configure it with (x.210.24.66 and a gateway of x.210.24.65) I receive the same problem.

As a side note, the switch can successfully access the internet without any problems.  It is ONLY when connected to one of the customer subnets that I am unable to route to the internet.

Any help as to the cause would be greatly appreciated.

11 REPLIES
New Member

Re: IP Routing Issue - Layer 3 Switch

Are you running NAT?

If not sounds like the next hop device connected to the switch does not have a route for either the Customer A, or Customer B networks.

Can hosts in either VLAN ping the other end of the layer-3 routed port x.210.24.126 ?

Does the next hop device(x.210.24.126) connect to the switch have a route for the Customer  A, and Customer B networks?

New Member

IP Routing Issue - Layer 3 Switch

Thanks for the reply, no there is no NAT taking place.  I would tend to agree with what you have stated "the next hop device connected to the switch does not have a route for either the Customer A, or Customer B networks".  I think the external supplier has not entered an aggregate route for the x.210.24.64/26 range.

New Member

IP Routing Issue - Layer 3 Switch

You have a 255.255.255.252 assigned to your internet space.  Meaning the .125 address is the only thing routable to the internet.

How are the other subnets assigned to you?  Are they ADDITIONAL subnets assigned to your circuit?  If they are assigned to your circuit, you need to have the ISP add route statement something like this:

ip route x.210.24.72 255.255.255.248 x.210.24.125

Thanks,

Sean Brown

http://www.sleepyshark.com

New Member

IP Routing Issue - Layer 3 Switch

Apologies, I should have made the original post a little clearer.  The supplier has supplied me with the network x.210.24.64/26.  I am then taking this subnet and dividing it into smaller subnets.  The x.210.24.124/30 subnet is purely used for routing purposes.  I need this subnet to ensure I can route upstream to the supplier router, therefore my default route is - 0.0.0.0 0.0.0.0 x.210.24.126. 

I think what I need to make this work is a route on the external supplier equipment to forward all requests for x.210.24.64/26 to my switch on x.210.24.125.  My switch can then perform the routing as they are all directly connected routes.

Thanks

Nick

New Member

IP Routing Issue - Layer 3 Switch

Can you PM me your subnets/IP assignments....

Sean

New Member

IP Routing Issue - Layer 3 Switch

Sean,

Unfortunately not, I would be in breach of my companies security policy.  The addresses above are the best real life example I could think of without exposing anybody's actual address.

Thanks

Nick

New Member

IP Routing Issue - Layer 3 Switch

No worries....

Can you post a full sh run... sh vlan and sh ip route....

essentially, you're having a subnetting/routing problem here, which can be fixed, just need to see how it's setup.

Sean

New Member

Re: IP Routing Issue - Layer 3 Switch

Thanks for the help yesterday, apologies for the delay in getting back to you.  I have been liaising with the ISP over the configuration at their end, and they have sent me the following -

interface TenGigabitEthernet1/x.3016

description ###  ###

encapsulation dot1Q 3016

ip vrf forwarding xx.INET.3016

ip address x.210.24.65 255.255.255.192

no ip redirects

no cdp enable

standby 116 ip x.210.24.9

standby 116 timers 1 3

standby 116 priority 95

standby 120 ip x.210.24.126

standby 120 timers 1 3

standby 120 priority 95

service-policy input xx

service-policy output xx

I have removed the real IPs and used the previous examples.  It would appear they are using VRF and HSRP for redundancy.  The VRF instance for me will therefore maintain a copy of the x.210.24.64/26 network.

My configuration is as follows -

Layer 3 Port

interface FastEthernet1/0/24

description XXX

ip address x.210.24.125 255.255.255.252

spanning-tree portfast

Customer A VLAN

interface Vlan101

description ****xxx****

ip address x.210.24.66 255.255.255.248

Customer A Ports

interface FastEthernet1/0/1

description XXX

switchport access vlan 101

switchport mode access

mls qos vlan-based

spanning-tree portfast

Default Route

ip route 0.0.0.0 0.0.0.0 x.210.24.126

I dont currently have access to the switch to post a sh ip route, or sh vlan but the configuration is as basic as above with regards to routing and subnetting, i have removed most of the other configuration from the examples above as its not needed.  Im guessing the problem is due to me passing different subnets upstream?  Although I thought the aggregate route for the x.210.24.64/26 network would have handled this.

Re: IP Routing Issue - Layer 3 Switch

Hi Nicholas,

Had a quick look at this thread. My thoughts here.Lets do some  ground work here before we jump into the issue you are having.

The ISP has given you a /26 to play with and you subnetted that into /29's and a /30.

The subnets are as below

Customer A

Network ID - x.210.24.64/29

Customer B

Network ID - x.210.24.72/29

Routed Link between switch and ISP

Network ID : x.210.24.124/30

Now, the ISP doesn't care how you route these between themselves. so essentially what they do is to route everything to /26 towards your GW which is .125. The problem you are having seems to be a return traffic You advised that you are unable to ping the GW IP of the ISP which is .126 from your PC's. If you can't ping .126 from your PC's somtimes it can be due to an accesslist at their end trying to mitigate DoS attacks. Anyway basically looks like that the ISP doesnt have a route to your subnets.

get them to check the static route for the /26. They should have something like this on their end.

ip route x.210.24.64 255.255.255.192  x.210.24.125.

Now, also not sure why is the ISP using your whole /26 at their end. They should pick a /29 if they want to use HSRP from the /26 which you won't be using on your end and then when they advertise your network into BGP towards upstream they would advertise it as a /26.

HTH

Kishore

New Member

Re: IP Routing Issue - Layer 3 Switch

Kishore,

Thanks for the response, I fully agree with the requirement for a return route to my switch. 

Can you clarify what you mean by "not sure why is the ISP using your whole /26 at their end. They should  pick a /29 if they want to use HSRP from the /26 which you won't be  using on your end and then when they advertise your network into BGP  towards upstream they would advertise it as a /26."

Are you suggesting the ISP should alter the subnet mask within the port configuration to a 255.255.255.248?  I am confused as to why they are providing me with a /26 network, but then using one of the IPs on their port configuration??? 

See below -

interface TenGigabitEthernet1/x.3016

description ###  ###

encapsulation dot1Q 3016

ip vrf forwarding xx.INET.3016

ip address x.210.24.65 255.255.255.192

no ip redirects

no cdp enable

standby 116 ip x.210.24.9

standby 116 timers 1 3

standby 116 priority 95

standby 120 ip x.210.24.126

standby 120 timers 1 3

standby 120 priority 95

service-policy input xx

service-policy output xx

I would have thought that if they are providing me with a /26 network, all of those addresses can be used by me.  Their configuration should not encroach on this.

New Member

Re: IP Routing Issue - Layer 3 Switch

A quick thankyou to everybody that provided information on this  thread.  I have finally convinced the ISP it was a fault at their end,  and that they were encroaching on my IP range within their port  configuration.  I have managed to convince them to create a different  subnet and advertise my network into BGP from this new subnet.

I now have a fully functional /26 network and can  fully subdivide the network into smaller segements with the ability to  route to the internet.

Thanks

Nick

631
Views
15
Helpful
11
Replies
CreatePlease to create content