Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

GoKiwi64

1 Rookie

 • 

19 Posts

1539

January 22nd, 2020 00:00

S4048 vlt/vrrp/vlan configuration issues

Hi,

So we have a pair of 4048's that we are using as a core (in effect) , they are running vlt and I have vlans with vrrp.

The VLT configuration uses port channel 127

Node 0

vlt domain 1
peer-link port-channel 127
back-up destination 192.168.126.3
primary-priority 10
system-mac mac-address 00:11:22:33:44:55
unit-id 0
peer-routing

Node 1

vlt domain 1
peer-link port-channel 127
back-up destination 192.168.126.2
primary-priority 20
system-mac mac-address 00:11:22:33:44:55
unit-id 1
peer-routing

and VLT is up

VLT Domain Brief
------------------
Domain ID: 1
Role: Primary
Role Priority: 10
ICL Link Status: Up
HeartBeat Status: Up
VLT Peer Status: Up
Local Unit Id: 0
Version: 6(9)
Local System MAC address: 64:00:6a:ef:4f:b3
Remote System MAC address: 64:00:6a:ef:45:b3
Configured System MAC address: 00:11:22:33:44:55
Remote system version: 6(9)
Delay-Restore timer: 90 seconds
Delay-Restore Abort Threshold: 60 seconds
Peer-Routing : Enabled
Peer-Routing-Timeout timer: 0 seconds
Multicast peer-routing timeout: 150 seconds

Attached to these are Cisco and Dell switches as my edge devices (dual homed for resiliency).

I have about 30 vlan's configured (example below)

Node 0

interface Vlan 60
description Test Uplink Management
name Test Uplink Management
ip address 172.31.31.2/24
tagged TenGigabitEthernet 1/45-1/46
tagged Port-channel 127
!
vrrp-group 60
version both
priority 250
track Vlan 60
virtual-address 172.31.31.1
no shutdown

Node 1

interface Vlan 60
description Test Uplink Management
name Test Uplink Management
ip address 172.31.31.3/24
tagged TenGigabitEthernet 1/45-1/46
tagged Port-channel 127
!
vrrp-group 60
version both
track Vlan 60
virtual-address 172.31.31.1
no shutdown

The above happens to be my device management vlan so common to all attached switches.

However !!

When configured like this the switches can ping ALL vlan virtual addresses even though only vlan 60 is tagged to that vlan.

I dont want all edge devices to see ALL vlans only those that relate to that device

 

What am I doing wrong ?

 

 

GoKiwi64

1 Rookie

 • 

19 Posts

January 22nd, 2020 01:00

Additional information

On my edge switches I have a my management vlan configured and my access vlans via a port channel

interface Vlan60
description TestUplinkManagement
ip address 172.31.31.11 255.255.255.0

interface Port-channel1
switchport trunk allowed vlan 60,70-73
switchport trunk native vlan 666
switchport mode trunk
end

an ip route

ip route 0.0.0.0 0.0.0.0 Vlan60 (have also used 172.31.31.1)

with this configuration I can ping not only vlans 70-73 but all my other vlans.

however !

If I delete the ip route and change to a default gateway I can only ping 172.31.31.1 and nothing else !!

 

Was this post helpful?

View All

0 events found

No Events found!

Top