Unsolved
This post is more than 5 years old
2 Intern
•
129 Posts
0
994
July 28th, 2016 07:00
62xx - routing or vlan config error ?
hi,
I have 4 vlans and a number of hosts connected to it - and one oddity, well, it boggles my mind and I cannot see - most likely obvious - reason for this weird situation.
Very last Vlan I created for the moment has no connections to any port, but! - as soon as any one member port goes up - physical link on - then one of the hosts/nodes becomes unavailable to some some part of the network, let me call it hostXX
Vlans:
1 vlan 1 192.168.2.1 255.255.255.0
2 vlan 2 192.168.3.1 255.255.255.0
3 vlan 3 172.25.12.201 255.255.255.0 # here is Vlan which when a port is active then ...
4 vlan 4 10.5.6.1 255.255.255.0
and that hostXX's routing:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.5.6.1 0.0.0.0 UG 100 0 0 p3p1
0.0.0.0 192.168.2.100 0.0.0.0 UG 110 0 0 em2
0.0.0.0 131.111.42.62 0.0.0.0 UG 199 0 0 em3
one difference between hostXX and other hosts which remain accessible & unaffected is, other hosts have:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.100 0.0.0.0 UG 100 0 0 enp2s0f0
That 192.168.2.100 gateway is a host(not the switch) that connects to external Intranet and switch's 192.168.2.0/24 is the Default Vlan as above.
My wild guess is that hostXX's gateway - 10.5.6.1 is switch's Vlan 4 - being first on kernel routing list, does not do something to manage that traffic from hostXX's 10.5.6.100.
But why would this only happen when there is a link on any member port of Vlan 3 and problem does not exist when no port is active/connected?
many thanks.
0 events found
lejeczek
2 Intern
•
129 Posts
0
July 30th, 2016 06:00
actually there is nothing physically connected to Vlan 3 - when I do connect something, and ant that something let be just another 8-port simple switch (but any other device too), then one host - that hostXX becomes inaccessible.
configure
vlan database
vlan 2-4,99
vlan routing 1 1
vlan routing 2 2
vlan routing 3 3
vlan routing 4 4
exit
clock timezone 0 zone "GMT"
stack
member 1 1
member 2 1
exit
ip address none
ip address vlan 99
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.2.100
interface vlan 1
routing
ip address 192.168.2.1 255.255.255.0
exit
interface vlan 2
name "192-168-3-0-isci"
routing
ip address 192.168.3.1 255.255.255.0
exit
interface vlan 3
name "172-25-12-0"
routing
ip address 172.25.12.201 255.255.255.0
exit
interface vlan 4
name "10-5-6-0"
routing
ip address 10.5.6.1 255.255.255.0
exit
aaa authentication login "RadiusList" radius local
aaa authentication enable "enableRadius" radius
aaa authentication enable "enableLocal" enable
dot1x system-auth-control
aaa authentication dot1x default radius
radius-server host auth 10.5.6.100
name "Default-RADIUS-Server"
timeout 5
exit
radius-server host auth 10.5.6.32
name "Default-RADIUS-Server"
timeout 5
exit
line ssh
exec-timeout 600
login authentication RadiusList
enable authentication enableLocal
exit
ip ssh server
no spanning-tree
!
interface ethernet 1/g1
channel-group 1 mode on
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 3
dot1x port-control mac-based
dot1x re-authentication
exit
!
interface ethernet 1/g2
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 3
dot1x port-control force-authorized
exit
!
interface ethernet 1/g3
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 3
dot1x port-control force-authorized
exit
!
interface ethernet 1/g4
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 3
dot1x port-control force-authorized
exit
!
interface ethernet 1/g5
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 1/g6
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 1/g7
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 1/g8
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 1/g9
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 1/g10
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 1/g11
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 1/g12
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 1/g13
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 1/g14
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 1/g15
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 1/g16
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 1/g17
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 1/g18
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 1/g19
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 1/g20
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 1/g21
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 4
dot1x port-control force-authorized
exit
!
interface ethernet 1/g22
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 4
dot1x port-control force-authorized
exit
!
interface ethernet 1/g23
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 1/g24
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 3
dot1x port-control force-authorized
exit
!
interface ethernet 1/xg1
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 1/xg2
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 1/xg3
storm-control broadcast
storm-control multicast
mtu 9216
switchport mode trunk
switchport trunk allowed vlan add 1,4
dot1x port-control force-authorized
exit
!
interface ethernet 1/xg4
storm-control broadcast
storm-control multicast
mtu 9216
switchport mode trunk
switchport trunk allowed vlan add 1,4
dot1x port-control force-authorized
exit
!
interface ethernet 2/g1
channel-group 1 mode on
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 3
dot1x port-control force-authorized
exit
!
interface ethernet 2/g2
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 3
dot1x port-control force-authorized
exit
!
interface ethernet 2/g3
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 3
dot1x port-control force-authorized
exit
!
interface ethernet 2/g4
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 3
dot1x port-control force-authorized
exit
!
interface ethernet 2/g5
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 2/g6
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 2/g7
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 2/g8
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 2/g9
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 2/g10
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 2/g11
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 2/g12
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 2/g13
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 2/g14
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 2/g15
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 2/g16
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 2/g17
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 2/g18
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 2/g19
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 2/g20
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 2
dot1x port-control force-authorized
exit
!
interface ethernet 2/g21
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 4
dot1x port-control force-authorized
exit
!
interface ethernet 2/g22
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 4
dot1x port-control force-authorized
exit
!
interface ethernet 2/g23
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 2/g24
storm-control broadcast
storm-control multicast
mtu 9216
switchport access vlan 3
dot1x port-control force-authorized
exit
!
interface ethernet 2/xg1
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 2/xg2
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 2/xg3
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface ethernet 2/xg4
storm-control broadcast
storm-control multicast
mtu 9216
dot1x port-control force-authorized
exit
!
interface port-channel 1
description 'LAG to CEB priv'
switchport access vlan 3
exit
exit
lejeczek
2 Intern
•
129 Posts
0
August 8th, 2016 08:00
"..on hostXX I deleted this routing:
0.0.0.0 10.5.6.1 0.0.0.0 UG 100 0 0 p3p1 # and 10.5.6.1 is switch's vlan5
.."
it's vlan4 naturally, typo.
lejeczek
2 Intern
•
129 Posts
0
August 8th, 2016 08:00
I've tried something trivial, on hostXX I deleted this routing:
0.0.0.0 10.5.6.1 0.0.0.0 UG 100 0 0 p3p1 # and 10.5.6.1 is switch's vlan5
so now default gw on hostXX is:
0.0.0.0 192.168.2.100 0.0.0.0 UG 110 0 0 em2
when I connect a host(a win7 box) to Vlan3 it goes on to ping other hosts on other Vlans successfully.
hostXX is connected to 2/g22.
would the problem be routing/switching beetween vlan4 (switch's 10.5.6.1) and other vlans.
Other hosts on Vlan3 do not stop being accessible when a(any) port in Vlan3 has a connection, which is what happens to hostXX, but those hosts/nodes do NOT use 10.5.6.1 has the default gateway.
Even though removing that 10.5.6.1 as default gw on hostXX is a kind of solution I really really have to have it fixed in the switches, thus will appreciate your help a lot.