Catalyst 3750 with 2 vlans. Only vlan1 drop packet when ping

Hi all, I have problem with vlan 1 on the Cisco Catalyst 3750 switch.

I created vlan140 on the switch. There is only one port connected to up link. I could ping the ip on vlan140 without droping package, but when I ping to the ip on vlan1, about 10% come back with "Request timed out."

I have checked the interface error on both side of the cable, they are all zero. I tried different ip addresses for vlan1 and even replace the cable, no luck.

Could anybody suggest what else I can try?

Many thanks.

Here is the configuration which I believe is relevant: ========================================== no aaa new-model system mtu routing 1500 ip subnet-zero ip routing ! no file verify auto spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! vlan internal allocation policy ascending

interface Vlan1 ip address 10.0.2.247 255.255.252.0 standby 140 ip 10.0.0.117 standby 140 preempt delay minimum 60 ! interface Vlan140 ip address 10.0.140.16 255.255.252.0 standby 141 ip 10.0.140.1 standby 141 preempt delay minimum 60 ! ip default-gateway 10.0.0.1 ip classless ip route 0.0.0.0 0.0.0.0 10.0.0.1 ip http server no ip http secure-server =====================================

Reply to
hamster
Loading thread data ...

You have HSRP configured....where is the other hsrp peer? Are these VLAN's trunked? Anything in the logs about 'standby' changes? If you just have it configured and there is no other switch/router, then this should work fine. But I am guessing that you have another core and we need to see that config and log as well.

Reply to
Trendkill

Do me a favor and send me the configs for both routers. You may want to turn logging on at an informational level, in case HSRP is losing its neighbor and your timeout is causing it to failover for a specific time. Are you pinging the hsrp vlan 1 address, or the specific switch's address in vlan 1? Can you ping both and see if both fail or if it is just one? If it is just one, it tends to look like an HSRP or connectivity issue between your two switches. If both fail, then it sounds like we have another issue. Also, are you able to always ping vlan 140's interface with no problems? Is 140 trunked over to the other switch? If not, how does the other switch know how to get back to this switch to reply to the node's ping?

Reply to
Trendkill

In short, you can either trunk all vlans between your two cores (cores = routers that own all vlans, usually from a layer 2 and layer 3 perspective), or you can have vlans on different switches, and have them advertise the networks between one another. What I see here is a hybrid model that will not work. If you want to do the second option, you need to turn up a routing protocol or statics to let the first switch/router know about the new vlan (140), or you need to trunk/ connect 140 directly to avoid multi hop standby (should work, just not a good practice).

Reply to
Trendkill

Hi TrendKill,

I have sent you the configurations. I can ping the vlan 140 interface ips (all three) without dropping packet. I have problem pinging vlan1 interface ip (not HSRP) on 3750-06 switch. There is no packet drop on vlan1 interface ip on 3750-07 switch nor the HSRP interface.

In terms of trunking, we are not setting trunk on it because we only want to isolate this section during broadcast and running-out-of-ip issues. So, the layer 2 traffic is bound in this segment only.

Do you need more informaiton?

Thanks

Reply to
hamster

Ok, I need to see a show interface trunk on both switches. I also would like to see a show arp | include , and a show mac-address of the mac that results from the show arp command. Basically, and while I don't have any concrete to go off of, there is some kind of communication issue between your two switches. If you can ping the closest physical interface, and the HSRP (probably because the closest switch is the owner of hsrp for both VLANs), I would guess that if you moved HSRP over you would be having connectivity issues.

Perhaps the most important thing of all is, how does switch 06 know about vlan 140 on 07? It has an interface in that vlan, but if its not trunked over, you have the equivalent of two different vlan 140s. When a node on switch 07 needs to talk to vlan 1, it will go to its interface, which will route to the vlan 1 interface on switch 07, then send you across the vlan 1 trunk to 06, but 06 will not know how to respond since he is the default gateway for all networks. You either need to run a core set of switches that know about all vlans and collectively own layer 2 and layer 3 (hsrp, vlans created on both, trunking between the two or more, etc), or you can do distributed layer 3 which is where some switches own some vlans, while others own others. In this case, you have to run a routing protocol for the L3 switches to exchange knowledge about the networks that they own. If you do this architecture, switches that do not 'own' the vlan should not have interfaces in it.

Please let me know if this helps clarify something, or if it doesn't, please respond back with the commands requested.

Reply to
Trendkill

Also, the reason I say that switch 06 will not be able to get back to vlan 140 on switch 07, is that he will not know to route the packet since there are no protocols, but even more basic than that, he has an interface in that network. So when he gets a packet destined for vlan

140 on switch 07, he moves it to his own vlan 140 (since the subnet matches), but if there is not a trunk across to switch 07 in vlan 140, it will never make it back.

All of the above could be null and void if your show interface trunk comes back and shows vlans 1 and 140 being trunked on both sides, but I'm currently suspecting that is the issue with the limited knowledge of your environment that I have.

Reply to
Trendkill

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.