[e-nsp] Layer 2/3 VLAN Issue between two switches

root net rootnet08 at gmail.com
Mon Mar 25 00:58:59 EDT 2013 

So, I've done some more testing.

I've added an additional switch connected to switch 1. And I've also added
the vlan and from switch 1 to switch 3 it works fine. I can ping just fine.

I've connected switch 3 to switch 2 and tagged the vlan across it and I can
ping just fine from switch 2 to switch 3.

I can now ping from switch 2 to switch 1 but only if switch 3 is in the
mix. I can also ping to the router. I've been over the configs and checked
the fdb and it's almost like the switch 1 is blocking switch 2 from talking
to it.

Not sure what the issue is. I've got learning on.

>From switch 1 showing a fdb of the port switch 2 is connected to.

I see

FF:FF:FF:FF:FF:FF  servers(0004)  0000000 0000  s m      CPU, 2:25(router),
6:3(switch 2), 8:4(switch 3)


>From switch 2 showing a fdb of the prot switch 1 is connected to.

08010-206 FF:FF:FF:FF:FF:FF  servers(0004)  0000000 0000  s m      CPU, 9,
25

port 25 is to switch 3
port 9 is to switch 2


Any help is appreciated.
Thanks

On Thu, Mar 21, 2013 at 6:39 AM, root net <rootnet08 at gmail.com> wrote:

> Hello All,
>
> I am faced with a issue.
>
> I have for this scenario, one router, two switches and one server.
>
> router on a stick <-tagged-> switch 1 <-tagged-> switch 2 -> (untagged)
> server (dual nic/port)
>
> Vlans
> 2 = staff
> 3 = mgmt
> 4 = servers
>
> switch 1 = bd6808 7.8e.4-1 MSM64ix2
> switch 2 = summit 400-48T 7.8e.4-1
>
> switch 1 and switch 2 are connected over copper.
> router and switch 2 are connected over copper.
>
> If I plug the server directly into switch 1 the server can ping gateway on
> router and switch 1 but not any device in same vlan on switch 2, just
> switch 1 and router.
> If I plug the server into switch 2 the server cannot ping anything but
> other servers on that vlan only on switch 2.
>
> Not sure what's wrong haven't had much sleep so it could be something
> simple I'm missing.
>
> I can see the mac address of switch 2 if I try to ping but can't get a
> successful ping. I can also see the other switch if I enable edp on the
> port.
>
> sh iparp on switch 2 when try to ping 192.168.100.2
>
> 192.168.100.2   (incomplete)         0   NO  servers[0004]
>
>
> BD6808:9 # sh iparp (switch 1)
> Destination     Mac                Age Static  VLAN    [VID]   Port
> 192.168.100.1   00:0F:34:57:A7:00    5   NO  servers[0004]  2:25 (to
> router)
> 192.168.100.3   00:04:96:18:49:C0    1   NO  servers[0004]  6:3 (to switch
> 2)
>
>
> router
>
> interface fa0/0
> no ip add
> !
> !
> !
> interface fa0/0.4
> encap dot1q 4
> ip add 192.168.100.1 255.255.255.0
>
>
> switch 1
>
> IGMP snooping is enabled for all vlans BTW
>
> # Config information for VLAN servers.
> configure vlan "servers" tag 4     # VLAN-ID=0xc  Global Tag 28
> configure vlan "servers" protocol "ANY"
> configure vlan "servers" qosprofile "QP1"
> configure vlan "servers" qosprofile ingress none
> configure vlan "servers" ipaddress 192.168.100.2 255.255.255.0
> configure vlan "servers" add port 2:25 tagged (port to router)
> configure vlan "servers" add port 6:3 tagged (port to switch 2)
>
> # -- IP Interface[1] = "servers"
> enable icmp unreachable vlan "servers"
> enable icmp redirects vlan "servers"
> enable icmp port-unreachables vlan "servers"
> enable icmp time-exceeded vlan "servers"
> enable icmp parameter-problem vlan "servers"
> disable icmp timestamp vlan "servers"
> disable icmp address-mask vlan "servers"
> enable subvlan-proxy-arp "servers"
> configure ip-mtu 1500 vlan "servers"
>
> # IP ARP Configuration
>
> configure iparp timeout 20
> configure iparp max-entries 4096
> configure iparp max-pending-entries 256
> enable iparp checking
> enable iparp refresh
> #
>
> switch 2
>
> IGMP snooping is enabled for all vlans
>
> # Config information for VLAN servers.
> configure vlan "servers" tag 4     # VLAN-ID=0xc  Global Tag 7
> configure vlan "servers" protocol "ANY"
> configure vlan "servers" qosprofile "QP1"
> configure vlan "servers" ipaddress 192.168.100.3 255.255.255.0  (only
> configured to see if could ping)
> configure vlan "servers" add port 15 untagged (to server)
> configure vlan "servers" add port 31 untagged (to server)
> configure vlan "servers" add port 9 tagged   (going to switch 1)
>
> # -- IP Interface[4] = "servers"
> enable icmp unreachable vlan "servers"
> enable icmp redirects vlan "servers"
> enable icmp port-unreachables vlan "servers"
> enable icmp time-exceeded vlan "servers"
> enable icmp parameter-problem vlan "servers"
> disable icmp timestamp vlan "servers"
> disable icmp address-mask vlan "servers"
> configure ip-mtu 1500 vlan "servers"
>
> # IP ARP Configuration
>
> configure iparp timeout 20
> configure iparp max-entries 4096
> configure iparp max-pending-entries 256
> enable iparp checking
> enable iparp refresh
> #
>
>
>
> Any help is much appreciated!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/extreme-nsp/attachments/20130324/4f1443a2/attachment.html>

More information about the extreme-nsp mailing list