inter vlan issue

  • 0
  • 1
  • Problem
  • Updated 3 days ago
  • Not a Problem
core switch 1
vlan 10 -10.2.0.200/16
vlan 0 -10.3.0.2/16

tagged port 23 connected to core switch 2 port 23


access switches:(all access switch is connected to core switch 1)
10.3.0.3
10.3.0.4
10.3.0.5
10.3.0.6

core switch 2
vlan 10 -10.2.0.2/16
vlan 0 -10.3.0.101/16

tagged port 23 connected to core switch 1 port 23


access switches:(all access switch is connected to core switch 1)
10.2.0.3
10.2.0.4
10.2.0.5
10.2.0.6


core switch to core switch communication is ok.


problem is core sw1 not pinging to core sw2 access switch
Photo of Ranjith Kumar

Ranjith Kumar

  • 190 Points 100 badge 2x thumb

Posted 6 days ago

  • 0
  • 1
Photo of Ranjith Kumar

Ranjith Kumar

  • 190 Points 100 badge 2x thumb
any update,
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,972 Points 20k badge 2x thumb
sure... 11minutes since you've posted the first time.

How about a network diagram ?!
Photo of Laurent Rillet

Laurent Rillet

  • 202 Points 100 badge 2x thumb
Please do a "show configuration" on core sw1 and one of the access switches and provide the result... 
Photo of Ranjith Kumar

Ranjith Kumar

  • 190 Points 100 badge 2x thumb

Photo of Drew C.

Drew C., Community Manager

  • 40,070 Points 20k badge 2x thumb

Here's a better view of that diagram.
Photo of Ranjith Kumar

Ranjith Kumar

  • 190 Points 100 badge 2x thumb
Access switch cant communicate to another access switch(10.3.0.0 to 10.2.0.2)
but coresw1 is able to ping to core sw2
Photo of Laurent Rillet

Laurent Rillet

  • 180 Points 100 badge 2x thumb
How the routing is built ?
Photo of Ranjith Kumar

Ranjith Kumar

  • 190 Points 100 badge 2x thumb
default route is configured on both core switch
SW1
configure iproute add 10.2.0.0 255.255.0.0 10.3.0.221
SW2
configure iproute add 10.3.0.0 255.255.0.0 10.2.0.200
Photo of Ranjith Kumar

Ranjith Kumar

  • 190 Points 100 badge 2x thumb
Slot-1 Stack.4 # sh configuration
#
# Module devmgr configuration.
#
configure snmp sysContact "support@extremenetworks.com, +1 888 257 3000"
configure slot 1 module X440G2-48p-10G4
configure sys-recovery-level slot 1 reset
configure slot 2 module X440G2-48p-10G4
configure sys-recovery-level slot 2 reset

#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1:1-52,2:1-52
configure vr VR-Default add ports 1:1-52,2:1-52
configure vlan default delete ports 1:1-52,2:1-52
create vlan "CCTV"
configure vlan CCTV tag 10
configure vlan CCTV add ports 1:1-52,2:1-52 untagged
configure vlan CCTV ipaddress 10.3.0.5 255.255.0.0

#
# Module mcmgr configuration.
#

# Module fdb configuration.
#

#
# Module rtmgr configuration.
#

#
# Module policy configuration.
#

#
# Module aaa configuration.
#
configure account admin encrypted [snip]

#
# Module acl configuration.
# Module bfd configuration.
#

#
# Module cfgmgr configuration.
#

#
# Module dosprotect configuration.
#

#
# Module dot1ag configuration.
#

#
# Module eaps configuration.
#

#
# Module edp configuration.
#

#
# Module elrp configuration.
#

#
# Module ems configuration.
#

#
# Module epm configuration.
#

#
# Module erps configuration.
#

#
# Module esrp configuration.
#

#
# Module ethoam configuration.
#

#
# Module etmon configuration.
#

#
# Module exsshd configuration.
#


#
# Module hal configuration.
#

#
# Module idMgr configuration.
#

#
# Module ipSecurity configuration.
#

#
# Module ipfix configuration.
#

#
# Module lldp configuration.
#
disable lldp ports 2:1
disable lldp ports 2:2
disable lldp ports 2:3
disable lldp ports 2:4
disable lldp ports 2:5
disable lldp ports 2:6
disable lldp ports 2:7
disable lldp ports 2:8
disable lldp ports 2:9
disable lldp ports 2:10
disable lldp ports 2:11
disable lldp ports 2:12
disable lldp ports 2:13
disable lldp ports 2:14
disable lldp ports 2:15
disable lldp ports 2:16
disable lldp ports 2:17
disable lldp ports 2:18
disable lldp ports 2:19
disable lldp ports 2:20
disable lldp ports 2:21
disable lldp ports 2:22
disable lldp ports 2:23
disable lldp ports 2:24
disable lldp ports 2:25
disable lldp ports 2:26
disable lldp ports 2:27
disable lldp ports 2:28
disable lldp ports 2:29
disable lldp ports 2:30
disable lldp ports 2:31
disable lldp ports 2:32
disable lldp ports 2:33
disable lldp ports 2:34
disable lldp ports 2:35
disable lldp ports 2:36
disable lldp ports 2:37
disable lldp ports 2:38
disable lldp ports 2:39
disable lldp ports 2:40
disable lldp ports 2:41
disable lldp ports 2:42
disable lldp ports 2:43
disable lldp ports 2:44
disable lldp ports 2:45
disable lldp ports 2:46
disable lldp ports 2:47
disable lldp ports 2:48
disable lldp ports 2:49
disable lldp ports 2:50
disable lldp ports 2:51
disable lldp ports 2:52

#
# Module mrp configuration.
#

#
# Module msdp configuration.
#

#
# Module netLogin configuration.
#

#
# Module netTools configuration.
#

#
# Module ntp configuration.
#

#
# Module poe configuration.
#

#
# Module rip configuration.
#

#
# Module ripng configuration.
#

#
# Module snmpMaster configuration.
#

#
# Module stp configuration.
#
configure mstp region 0204969edd8c

#
# Module synce configuration.
#

#
# Module techSupport configuration.
#
enable tech-support collector

#
# Module telnetd configuration.
#

#
# Module tftpd configuration.
#

#
# Module thttpd configuration.
#
enable web https

#
# Module twamp configuration.
#

#
# Module vmt configuration.
#

#
# Module vsm configuration.
(Edited)
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,972 Points 20k badge 2x thumb
Photo of Laurent Rillet

Laurent Rillet

  • 202 Points 100 badge 2x thumb
For me, on these switch you need :
configure iproute add default 10.3.0.2

On the switches other side
configure iproute add default 10.2.0.2

On core :
each must have other core as default route next hop.

You may need to enable ipforwarding on your vLANs...

Photo of Eric Burke

Eric Burke

  • 3,288 Points 3k badge 2x thumb
I don't see IP routing enabled anywhere in the switch configs. Are you routing between subnets through another device (like a firewall or router)?
Photo of Ranjith Kumar

Ranjith Kumar

  • 190 Points 100 badge 2x thumb
default route is configured on both core switch
SW1
configure iproute add 10.2.0.0 255.255.0.0 10.3.0.221
SW2
configure iproute add 10.3.0.0 255.255.0.0 10.2.0.200
Photo of Eric Burke

Eric Burke

  • 3,288 Points 3k badge 2x thumb
By default, the switch won't forward/route between vlan's without ipforwarding enabled. The routes alone will net get you between subnets.
Photo of Tomasz

Tomasz

  • 1,642 Points 1k badge 2x thumb
Hi Ranjith,

looking at this:
core switch 1
vlan 10 -10.2.0.200/16
vlan 0 -10.3.0.2/16

tagged port 23 connected to core switch 2 port 23


access switches:(all access switch is connected to core switch 1)
10.3.0.3
10.3.0.4
10.3.0.5
10.3.0.6

core switch 2
vlan 10 -10.2.0.2/16
vlan 0 -10.3.0.101/16

tagged port 23 connected to core switch 1 port 23


access switches:(all access switch is connected to core switch 1)
10.2.0.3
10.2.0.4
10.2.0.5
10.2.0.6
I don't get which VLAN ID is for core-core communication.
IMHO it would be good to have point-to-point VLAN between routers with no other ports in that VLAN and with unique addressing (VLAN 101 with IPs 10.10.1.0/30 for instance: 10.10.1.1/30, 10.10.1.2/30).

Core 1 should have its access ports to the access switches (LAN1, let's call those) added to VLAN that is compliant with local address space, ie. 10.3.0.1(/16?) for instance.
Core 2 should have this VLAN with 10.2.0.1(/16?) (let's call its access switches LAN2).
Then you can be sure that the addressing scheme is consistent across the entire network. Having LAN1 addressing on a VLAN at Core 2 router might turn routing tables misleading.

Then, are access switches equipped with IP addressing just for management or do they route? I assume no.

Just to sum up what colleagues wrote above, your both core routers need to have:
a) enable ipforwarding
or enable ipforwarding <vlan name> - for all VLANs you want to route between, here two would be of your interest - local LAN VLAN and core-core VLAN
b) statically od dynamically defined route to a "distant" network (that is not directly connected), for Core 1 it would be conf iproute add 10.2.0.0/16 10.10.1.2 (if you agree with my addressing suggestion for core-core)

Then with your access switches you can either set default route (that's better) or static route that will point to your core router directly attached interface; for example on LAN1 switches it would be conf iproute add default 10.3.0.1 (Core 1 IP for that VLAN).

Please explain your target and directions so we can guide you further.

Hope that helps,
Tomasz
(Edited)
Photo of Ranjith Kumar

Ranjith Kumar

  • 190 Points 100 badge 2x thumb
any access switch can able to ping tocore switch,but 10.3.0.0 access switch cant access to 10.2.0.0 access switch
Photo of Ranjith Kumar

Ranjith Kumar

  • 190 Points 100 badge 2x thumb
any solutions???
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,908 Points 20k badge 2x thumb
Did you even read the helpful suggestions that the forum members provided and if yes what is the result.
Photo of Drew C.

Drew C., Community Manager

  • 40,070 Points 20k badge 2x thumb
If nothing here has worked for you, Ranjith, you need to open a case with GTAC.
Photo of Ranjith Kumar

Ranjith Kumar

  • 190 Points 100 badge 2x thumb
any updates
Photo of Tomasz

Tomasz

  • 1,420 Points 1k badge 2x thumb
Ranjith,

Do you want someone to config the switches for you? That's how it looks.

We told you - enable ipforwarding on VLANs, provide at least static routes on core routers, provide default routes on switches, think of tuning the vlan and addressing scheme. You could be done within an hour with your issue, but you didn't confirm what is your status right now, did you try all those steps and did they work, we have seen just single device config at the beginning.
If it's not enough here for you to work on your case, call GTAC as Drew said.

Regards,
Tomasz