Using a layer 3 switch

markulous

So I'm using Packet Tracer and I setup a small network with two vlans. I'm using a 3560 switch and a 2911 router. I was able to configure the network just fine using a "router on a stick" type config and I could successfully ping computers on other vlans. When I tried to utilize the layer 3 switch as the gateway, it's not working for some reason.

The two vlans are 50 and 51. I went into global config and then interface for each one and set their ip addresses. 50 has an ip of 192.168.1.122 255.255.255.0 and 51 has an ip of 192.168.2.222 255.255.255.0. I've got 2 workstations on each vlan with the same network subnet as the vlans. I made sure on each workstation used the above default gateways. The vlans are up as they were communicating just fine using the router and I can ping workstations on the same vlan. I even disconnected the router to see if that would help but that didn't work either.

What am I missing? I'm studying for my CCENT and using CBT Nuggets. I thought I did everything he had did on his end. I ran a show ip int brief and that showed the vlans are up and have those ips associated with them.

EDIT: Figured this out, new problem at post #9.

RouteMyPacket

conf t
ip routing

Now try after applying that

markulous

D'oh! That worked. I must have missed that on CBT Nuggets (or he didn't say that). Makes sense, I didn't think to enable routing, I was taking it for granted it was already enabled.

Thanks!

Hondabuff

I used the no switch port command to make the trunk port a L3 link. IP routing on the switch and EIGRP routing between the router and switch. Can Ping the loopback from both PC's

Hondabuff

If you get bored, you can replicate this lab I have been tinkering with

markulous

Hondabuff wrote: »

If you get bored, you can replicate this lab I have been tinkering with

That's pretty cool! I think I may definitely try to build something like that soon. Especially before my CCNA. Thanks for your help too.

Hondabuff

When your done watching the cbt nuggets for CCNA, I would watch the first couple of cbt CCNP switch videos. It will really fill in the missing gaps from the CCNA course.

markulous

I'm not sure if I have access to those through WGU. After the CCNA I'll go for my CCNA Security, but I'll have to see if I can view the switch videos. Hopefully it's the same guy teaching all of these, he rocks.

markulous

For some reason it won't let me attach it Packet Tracer file, but now ever since I've gone to the L3 switching, I can't get traffic off of my switch. Any hosts on the switch, even on different subnets/vlans, can ping each other fine. But if I try to get off the switch (COOL_SWITCH) to the 2911 router (router6), it won't go anywhere. The router and switch can't ping each other either. I had the router initially setup on a trunking port (encapsulation, dot1q) but that didn't work. I tried making a static route on the switch 0.0.0.0 via 192.168.1.236 (which is the ip address of that port on my router) but that didn't work either, even toggling the trunking options. I tried configuring ospf on both the switch and router and had them all in the same area and that didn't help either.

I attached a screenshot of the topology. PCs 6, 7, 10, and 12 are on VLAN 50 and 8, 9, 11, and 13 are on VLAN 51. The group on the right I haven't setup yet as I'm trying to get traffic off my router first.

Using subinterfaces and setting my router as my default gateway (thus disabling the L3 part of my switch), everything works fine. I'm taking my CCENT next week so I am trying to get this figured out so I can continue to expand this network. I am the type of person that can't let go of something until it's fixed either.




Edit: Okay now if I try to ping the router6 from the switch, it drops every other packet but still won't let a host ping anything off of the network.

Hondabuff

Try taking the trunk port that you have from the switch that goes to the router and throw the command "no switchport" then add an IP address to it on the same subnet as the router. Use any routing protocol of your choice and it should work. Don't forget the default route on the switch to the router.

markulous

Hondabuff wrote: »

Try taking the trunk port that you have from the switch that goes to the router and throw the command "no switchport" then add an IP address to it on the same subnet as the router. Use any routing protocol of your choice and it should work. Don't forget the default route on the switch to the router.

Thank you for your help.

So now my computers can send an ICMP message off of the switch to the router, but now it won't send it back and dies at the router. I don't need subinterfaces on my router when doing this, right? Looking at the GUI, it is aware of the VLANs but it's like it has no idea what to do with any traffic unless it's the switch pinging it.

Pupil

Sounds like your router doesn't have a route back to the networks behind the switch. When I'm stuck, I like to throw Packet Tracer into simulation mode and trace the path of the packets and see what it says.

markulous

Pupil wrote: »

Sounds like your router doesn't have a route back to the networks behind the switch. When I'm stuck, I like to throw Packet Tracer into simulation mode and trace the path of the packets and see what it says.

I think you may be right. I looked at the simulation and the packet dies at the router. Since there are multiple switches with the same VLANs and subnets, how do I specify that? I thought OSPF was supposed to help with that but it doesn't seem to be doing much.

Pupil

markulous wrote: »

I think you may be right. I looked at the simulation and the packet dies at the router. Since there are multiple switches with the same VLANs and subnets, how do I specify that? I thought OSPF was supposed to help with that but it doesn't seem to be doing much.

What does running sh ip route ospf display on the router? How about sh ip ospf neighbor?

Are your layer 3 switches running OSPF? Are they advertising their networks correctly? Are all of your devices in the same OSPF area?

markulous

Pupil wrote: »

What does running sh ip route ospf display on the router? How about sh ip ospf neighbor?

Are your layer 3 switches running OSPF? Are they advertising their networks correctly? Are all of your devices in the same OSPF area?

I'll have to check when I am at work since that's where the file is. I know I setup OSPF on the layer 3 switches as well as the router and they are in the same area.

markulous

Pupil wrote: »

What does running sh ip route ospf display on the router? How about sh ip ospf neighbor?

Are your layer 3 switches running OSPF? Are they advertising their networks correctly? Are all of your devices in the same OSPF area?

Just checked and neither command shows anything. I went through the both routers and both switches and manually put in the networks to advertise and in the same area but it doesn't help.

My middle switch (Cool_Switch) can ping both routers just fine, but Switch 2 can only ping the one it is connected to, not Router6.

All computers that are connected to the same switch can still ping each other just fine.

Pupil

markulous wrote: »

Just checked and neither command shows anything. I went through the both routers and both switches and manually put in the networks to advertise and in the same area but it doesn't help.

My middle switch (Cool_Switch) can ping both routers just fine, but Switch 2 can only ping the one it is connected to, not Router6.

All computers that are connected to the same switch can still ping each other just fine.

If those show commands are not displaying anything, then it may mean your devices are failing to form an OSPF adjacency resulting in no routes to those networks. You'll need to do sh ip protocols on the affected devices and verify that the correct networks are being advertised. I don't think you modified the default hello/dead timers or set an authentication password, so that's probably not it. Make sure you don't have multiple OSPF processes running accidentally advertising different networks cause one time that was the source of similar issue I experienced. And double check if any of those interfaces have been set to not advertise updates using the passive-interface command. If you could share the ospf parts of your running-config on the affected devices, that could help us pinpoint the issue.

Hondabuff

Your router will need to advertise the 2 networks it is hosting, WAN and LAN Ip address with wildcard and area number. Your L3 switch will need all subnets with same OSPF number and area number advertised to form a neighbor relationship or packets will never route back. You also need default routes on each device to tell it where to send packets to unknown devices.

markulous

Okay I went through and turned off passive-interface and input the networks to advertise on each device. Now I see sh ip protocols as well as sh ip ospf neighbor. In my running-config it is only advertising networks that it is connected to.

I see the VLans in the show neighbor command on both routers. Any ping from switch to switch or host to host from a different switch just dies right at the device though.

I put everything on the same domain.

Here's the ospf part of the running-config on COOL_Switch:
router ospf 1
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0

Here's the same thing from Multilayer Switch2:
router ospf 1
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0

Hondabuff

oh man, you have the same networks all over the place. So Cool switch is yelling "Hey, I have the 192.168.1 network" and Switch 2 is telling the router "Hey I have the 192.168.1.0 network" Since the router is seeing two different devices advertising the same route, its gets all confused and drops the packet.

markulous

Hondabuff wrote: »

oh man, you have the same networks all over the place. So Cool switch is yelling "Hey, I have the 192.168.1 network" and Switch 2 is telling the router "Hey I have the 192.168.1.0 network" Since the router is seeing two different devices advertising the same route, its gets all confused and drops the packet.

So how do I distinguish the two? Both have computers that are on the same VLAN and same subnets. A lot of the traffic won't even get to the router.

Hondabuff

cisco hierarchical model

markulous

Hondabuff wrote: »

cisco hierarchical model

So, the topology I have won't work? If I was to segregate a network how I have it like that, I can't use the same subnets/vlans?

markulous

I'm tempted to just start over from scratch and anything on a different switch or vlan will have a different subnet.

Hondabuff

You should really only be using the L3 switches on your distribution Layer and have all of your VLAN PVID address on it and use L3 routing protocols to your router. Use Access layer switches to connect to hosts. That's the beauty of CCNA, They teach you router on a stick and once you get past CCNA they tell you to never use it ever again.

markulous

Hondabuff wrote: »

You should really only be using the L3 switches on your distribution Layer and have all of your VLAN PVID address on it and use L3 routing protocols to your router. Use Access layer switches to connect to hosts. That's the beauty of CCNA, They teach you router on a stick and once you get past CCNA they tell you to never use it ever again.

Ahhhh that makes sense. While watching the CBT Nuggets videos, I setup a router on a stick type config and everything worked fine. Then he said that everyone is using L3 on their switches so everything goes faster and doesn't have to go up the router and back to route traffic so I tried using L3 switches everywhere but maybe that's not what he was saying.

xnx

Here's a well structured topology - partial topology of my current lab and is based off the CCNP T-Shoot topology.

This is how a proper small size network should be structured

markulous

Hondabuff wrote: »

If you get bored, you can replicate this lab I have been tinkering with

Since the above suggested this also, I'm starting over and I'm going to emulate this.

Hondabuff

I would advise to start with 1 router, 1 3560 and setup a small collapsed core network. The CCNP lab has HSRP, Etherchannel and advanced Spanning tree which will send you spinning out of control. Start with the basics and build your skills from there.

Maybe an easy network with 3 VLAN's and DHCP pools on the L3 switch. Make sure every thing can ping.

markulous

I got this setup so far. Everything pings each other just fine. Multilayer Switch1 on the right hand side doesn't really do anything since the other L3 switch is the default gateway for all 3 LANs, but I think I will switch one of them over to there just to make packet flow better. I just have to figure out how to configure that etherchannel between the switches as I haven't done that before.

Hondabuff

All you need now is some HSRP on the routers, setup your root bridge and backup for the VLANs, change your spanning tree modes, add your dhcp server and enable DCHP snooping, maybe a VTP server and some storm control on your trunks, get your port channel up and your in business!