Routing between 3750 issue

[cmeljak]

Hi Everybody,

Let me introduce you to my configuration first:
I have two 3750s interconnected via L3 port channel (second switch will be placed on WAN after finished additional config).
I have RIP enabled for subnets on both sides, everything seems to be working perfectly fine, routing is OK...etc.

The problem I have been experiencing is:
1. Let's say VLAN1 is 10.0.0.1/24 (on switch_1) and VLAN1 L3 interface is not present on switch_2.
I can get from hosts on both sides to each other, that is not an issue, but when TRYING TO get to FTP/TFTP server from switch_2 (residing on VLAN1), IT TIMES OUT!?!

2. When do "trace 10.0.0.253(TFTP)" I am getting response from destination
When I ping TFTP IP address from switch_2, getting request time outs...

I suppose it is probably just silly mistake I may have overlooked, but I just can't find it...

I am attaching configuration files from both switches fopr your review, plus routing tables. Please let me know if you need more info.

Any help with this issue will be highly appreciated!

Best regards,

Ed

Config:

Switch_1:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
!
hostname CONWSR01
!
enable secret 5 $1$h9wf$.cJtwCNlr0VeAVhpT1/DI1
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750g-24ps
switch 2 provision ws-c3750g-24ps
switch 3 provision ws-c3750g-24ps
system mtu routing 1500
no ip subnet-zero
ip routing
no ip domain-lookup
!
interface Port-channel10
no switchport
ip address 10.10.10.2 255.255.255.252
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
no ip redirects
!
interface Vlan100
ip address 10.192.3.1 255.255.255.0
!
interface Vlan101
ip address 10.192.1.1 255.255.255.0
!
interface Vlan102
ip address 10.192.2.1 255.255.255.0
!
interface Vlan103
description DRHPMGMT
no ip address
!
interface Vlan104
description DRORCLDRPINT
no ip address
!
interface Vlan105
description COADINT
ip address 10.192.5.1 255.255.255.0
!
interface Vlan110
description Thin_Client network
ip address 10.192.10.1 255.255.255.0
no ip redirects
!
interface Vlan120
description HelpDesk
ip address 10.192.20.1 255.255.255.0
!
interface Vlan149
description Wireless 2
ip address 10.192.101.1 255.255.255.0
!
interface Vlan150
description WLAN_10.192.100
ip address 10.192.100.1 255.255.255.0
!
interface Vlan151
description VLAN198.73.51.0
ip address 198.73.51.1 255.255.255.0
no ip redirects
!
interface Vlan200
description VideoConf
ip address 10.192.200.1 255.255.255.0
!
interface Vlan600
no ip address
shutdown
!
interface Vlan601
description COORCLDEVPUB
ip address 10.192.4.1 255.255.255.0
!
interface Vlan602
description DRORCLDRPPUB
no ip address
!
interface Vlan900
description Internet VLAN
ip address 192.168.1.2 255.255.255.0
!
router rip
version 2
network 10.0.0.0
network 198.73.51.0
network 198.73.52.0
!
ip default-gateway 198.73.52.1
ip classless
ip route 0.0.0.0 0.0.0.0 198.73.52.1
ip route 10.10.10.0 255.255.255.252 10.10.10.1
ip http server
ip http secure-server

end

CONWSR01#sho ip rout
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 198.73.52.1 to network 0.0.0.0

C 10.1.0.0/24 is directly connected, Vlan151
10.0.0.0/8 is variably subnetted, 13 subnets, 2 masks
C 10.192.200.0/24 is directly connected, Vlan200
C 10.10.10.0/30 is directly connected, Port-channel10
C 10.192.100.0/24 is directly connected, Vlan150
C 10.192.101.0/24 is directly connected, Vlan149
C 10.192.10.0/24 is directly connected, Vlan110
C 10.192.2.0/24 is directly connected, Vlan102
C 10.192.3.0/24 is directly connected, Vlan100
C 10.192.1.0/24 is directly connected, Vlan101
R 10.196.2.0/24 [120/1] via 10.10.10.1, 00:00:21, Port-channel10
R 10.196.3.0/24 [120/1] via 10.10.10.1, 00:00:21, Port-channel10
C 10.192.4.0/24 is directly connected, Vlan601
R 10.196.1.0/24 [120/1] via 10.10.10.1, 00:00:21, Port-channel10
C 10.192.20.0/24 is directly connected, Vlan120
C 10.0.0.0/24 is directly connected, Vlan1
C 192.168.1.0/24 is directly connected, Vlan900
S* 0.0.0.0/0 [1/0] via 198.73.52.1
-----------------------------------------------------------

Switch_2:

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CODRPSW
!
interface Port-channel10
no switchport
ip address 10.10.10.1 255.255.255.252
!
interface Vlan1
no ip address
!
interface Vlan103
ip address 10.196.3.1 255.255.255.0
!
interface Vlan104
ip address 10.196.2.1 255.255.255.0
!
interface Vlan602
ip address 10.196.1.1 255.255.255.0
!
interface Vlan999
ip address 192.168.10.1 255.255.255.252
!
router rip
version 2
network 10.0.0.0
network 192.168.10.0
no auto-summary
!
ip default-gateway 10.10.10.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.2
ip route 198.73.52.0 255.255.255.0 198.73.52.164
ip http server
ip http secure-server

end

CODRPSW#sho ip rout
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.10.10.2 to network 0.0.0.0

R 10.1.0.0/24 [120/1] via 10.10.10.2, 00:00:12, Port-channel10
10.0.0.0/8 is variably subnetted, 13 subnets, 2 masks
R 10.192.200.0/24 [120/1] via 10.10.10.2, 00:00:12, Port-channel10
C 10.10.10.0/30 is directly connected, Port-channel10
R 10.192.100.0/24 [120/1] via 10.10.10.2, 00:00:12, Port-channel10
R 10.192.101.0/24 [120/1] via 10.10.10.2, 00:00:12, Port-channel10
R 10.192.10.0/24 [120/1] via 10.10.10.2, 00:00:12, Port-channel10
R 10.192.2.0/24 [120/1] via 10.10.10.2, 00:00:12, Port-channel10
R 10.192.3.0/24 [120/1] via 10.10.10.2, 00:00:12, Port-channel10
R 10.192.1.0/24 [120/1] via 10.10.10.2, 00:00:12, Port-channel10
C 10.196.2.0/24 is directly connected, Vlan104
C 10.196.3.0/24 is directly connected, Vlan103
R 10.192.4.0/24 [120/1] via 10.10.10.2, 00:00:12, Port-channel10
C 10.196.1.0/24 is directly connected, Vlan602
R 10.192.20.0/24 [120/1] via 10.10.10.2, 00:00:12, Port-channel10
R 10.0.0.0/24 [120/1] via 10.10.10.2, 00:00:12, Port-channel10
S* 0.0.0.0/0 [1/0] via 10.10.10.2
------------------------------------------------------------

 

[unclerico]

so you can reach hosts on every other subnet except for hosts on the 10.0.0.x/24 subnet?? if that's the case then on switch_1 you have no ip subnet-zero. the 10.0.0.x/24 is the first subnet (subnet zero). try removing that statement and see if it fixes anything.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[cmeljak]

Hi,

Yes I can reach all hosts on every subnet, even 10.0.0.0/24, from hosts.
Even to reach all subnets from switch_2 EXCEPT to 10.0.0.0/24 and 192.168.10.0/24.

 

[cmeljak]

..and I forgot to attach from switch_2 config:

!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750g-24ps
switch 2 provision ws-c3750g-24ps
system mtu routing 1500
no ip subnet-zero
ip routing
no ip domain-lookup

 

[unclerico]

so you are having issues getting to hosts on 192.168.10.x/24 also?? are the hosts that you are trying to ftp/tftp to windows hosts?? if so have you checked the host firewalls??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[cmeljak]

I can get to all subnets, to all hosts, from another hosts.
Including TFTP/FTP services.

My issue is, when the SWITCH_2 CANNOT reach hosts on subnet 10.0.0.0/24, where my TFTP/FTP servers are.
Switch_2 can reach the VLAN 1 interface on SWITCH_1 (10.0.0.1/24) though.

 

[unclerico]

i apologize, i'm not feeling well so things are kind of hazy right now and it'd difficult to follow things. just to make sure that the no ip subnet-zero command isn't causing problems, remove it from both switches and try again.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[cmeljak]

OK, let me try that. And get well soon ;-)

Thx

 

[cmeljak]

...and BTW, ip subnet-zero didn't fix it. The routes are being propagated properly accross, anyway. It might be something else.

I'm on IOS 12.2 (37)SE1, and 12.2(44)SE4 on the other.

 

[unclerico]

have you tried running a sniffer somewhere on the 10.0.0.x/24 network to see if hte ftp/tftp data is reaching the host(s)??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[cmeljak]

That is irrelevant at this point, 'cause I cannot reach the server even by pinging it...(from switch_2 ONLY!!!)

But I am able to access TFTP/FTP services from hosts on the same subnet (10.0.0.0/24), and another as well, who are connected to switch_2.

So I cannot reach hosts on 10.0.0.0/24 connected to Switch_1 from Switch_2. But can access the L3 interface 10.0.0.1/24 on switch_1.

Additionally, every host connected to switch_2 can access every host on "remote" subnets connected directly to Switch_1.

...so I don't really understand what could be wrong...;-)

 

[unclerico]

ok, at the risk of aggravating you i'll ask is it EVERY single host on 10.0.0.x/24 or just those servers hosting the FTP/TFTP services?? also, the sniffer will in fact prove useful as the hosts may be receiving the traffic but something is going wrong when sending the responses back.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[VinceWhirlwind]

Also, we can't see your configuration on your physical ports - please show us the config on ther multiple ports on each side that form your port channel.

Personally, I have never put an IP address on a port channel interface - I always use a VLAN interface for my transit subnets if I'm using VLAN interfaces for all the other subnets on the switch.

 

[cmeljak]

interface GigabitEthernet1/0/1
no switchport
no ip address
channel-group 10 mode auto
!
interface GigabitEthernet1/0/3
no switchport
no ip address
channel-group 10 mode auto
---------------------------------------------------------

CODRPSW#sho ether 10 detail
Group state = L3
Ports: 2 Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol: PAgP
Minimum Links: 0
Ports in the group:
-------------------
Port: Gi1/0/1
------------

Port state = Up Mstr In-Bndl
Channel group = 10 Mode = Automatic-Sl Gcchange = 0
Port-channel = Po10 GC = 0x000A0001 Pseudo port-channel = Po10
Port index = 0 Load = 0x00 Protocol = PAgP

Flags: S - Device is sending Slow hello. C - Device is in Consistent state.
A - Device is in Auto mode. P - Device learns on physical port.
d - PAgP is down.
Timers: H - Hello timer is running. Q - Quit timer is running.
S - Switching timer is running. I - Interface timer is running.

Local information:
Hello Partner PAgP Learning Group
Port Flags State Timers Interval Count Priority Method Ifindex
Gi1/0/1 SAC U6/S7 HQ 30s 1 128 Any 5010

Partner's information:

Partner Partner Partner Partner Group
Port Name Device ID Port Age Flags Cap.
Gi1/0/1 CONWSR01-3 001b.8fd6.1e80 Gi3/0/12 18s SC A0001

Age of the port in the current state: 6d:21h:38m:25s

Port: Gi1/0/3
------------

Port state = Up Mstr In-Bndl
Channel group = 10 Mode = Automatic-Sl Gcchange = 0
Port-channel = Po10 GC = 0x000A0001 Pseudo port-channel = Po10
Port index = 0 Load = 0x00 Protocol = PAgP

Flags: S - Device is sending Slow hello. C - Device is in Consistent state.
A - Device is in Auto mode. P - Device learns on physical port.
d - PAgP is down.
Timers: H - Hello timer is running. Q - Quit timer is running.
S - Switching timer is running. I - Interface timer is running.

Local information:
Hello Partner PAgP Learning Group
Port Flags State Timers Interval Count Priority Method Ifindex
Gi1/0/3 SAC U6/S7 HQ 30s 1 128 Any 5010

Partner's information:

Partner Partner Partner Partner Group
Port Name Device ID Port Age Flags Cap.
Gi1/0/3 CONWSR01-3 001b.8fd6.1e80 Gi3/0/11 6s SC A0001

Age of the port in the current state: 6d:21h:38m:29s

Port-channels in the group:
---------------------------

Port-channel: Po10
------------

Age of the Port-channel = 6d:23h:25m:27s
Logical slot/port = 10/10 Number of ports = 2
GC = 0x000A0001 HotStandBy port = null
Passive port list = Gi1/0/1 Gi1/0/3
Port state = Port-channel L3-Ag Ag-Inuse
Protocol = PAgP
Port security = Disabled

Ports in the Port-channel:

Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Gi1/0/1 Automatic-Sl 0
0 00 Gi1/0/3 Automatic-Sl 0

Time since last port bundled: 6d:21h:38m:26s Gi1/0/1
Time since last port Un-bundled: 6d:21h:38m:46s Gi1/0/1

 

[VinceWhirlwind]

Right, well I've never done it that way, and considering etherchannel is a layer-2 technology I find the "no switchport" on the etherchannel ports quite shocking....

So what *I* would do at this stage is eliminate the novel etherchennel configuration from the equation and see if the problem persists like this:

.get rid of the IP address off port-channel10
.create a new VLAN + new VLAN interface with that IP address
.restore the two etherchAnnel ports as switchports and put them in the new VLAN
.do the same thing on the other side.

 

[cmeljak]

Hi Vince,

Thanks for advice, but it does not work at all. When you put port-channel to VLAN "x" and as access ports only, routing cannot work at all.
There would be solution if I enabled trunk and allowed the desired subnets ( VLANs) on it, but that's not the way I want it configured. The reason is very prosaic:

Switch_2 will be connected to the Switch_1 remotely, so routing must work properly,and on L3, not L2.
I know when connected to ROUTER, I will use just trunk to it from Switch_2, but for now (during testing stage), I am simulating router/switch in Switch_2 and Switch_1.

 

[cmeljak]

...what is very interesting is:

1. When I ping any host on subnet 10.0.0.0/24 (on Switch_1) from any host on subnets 10.196.x.0/24 (on Switch_2) it works and I am getting response.

2. When I ping from Switch_2 itself to subnet 10.0.0.0/24, sepecifically any hosts on that subnet (connected to Switch_1), I am not getting replies. I get replies only when VLAN interface 10.0.0.1/24 pinged.
But when hosts on any other subnets pinged, it works just fine.

I do not understand what the problem could be...

 

[unclerico]

this will be a rather stupid question, but what about the reverse?? can you ping from a host on 10.0.0.x/24 to anything on switch_2??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[cmeljak]

Hi,

..well Yes I can ping all subnets from switch_1 to switch_2, except 192.168.10.0/24...I just found it is being routed over default gateway...getting lost in transition...

But other subnets work fine.

 

[VinceWhirlwind]

When you put port-channel to VLAN "x" and as access ports only, routing cannot work at all."

Why do you want them to be access ports? The VLAN interface becomes your routable interface, just like any other VLAN interface is routed by the switch. The etherchannel is a trunk - *you* decide what VLANs are on it and it goes without saying that you wouldn't put any VLANs on this trunk that belong on the edge.