Options
Strange probs with this setup
Morty3
Member Posts: 139
in CCNA & CCENT
So, I got this setup.
Here is my scenario. We had the first switch (the one with a cable to ISP, here 1.1.1.1) set up with an SVI (1.1.1.2). Default route to ISP. Everything is cool.
Then the company used up the adresses they got. 1.1.1.2 for the SVI, 1.1.1.3 for their ISA that all user traffic passes through (left out of this), 1.1.1.3-6 for VPN's.
So, they get a few more add's. 2.2.2.1/28.
I set it up like this. I removed the SVI at the first switch and instead set it up on the first switch by removing the address from the interface vlan 50, then added it to the other switch on the same interface. It worked just fine, no problems to ping over the trunk, through the first switch, to the 1.1.1.1 (isp). Also the other public ip's worked just fine, they were reachable (few servers set up there).
Then, later (5-30 minutes) it crashes. Does not work. I had already left for the evening.
My thoughts is that the arp-entry in the first switch timed out, and it didnt send a new one because it did not have a SVI.
What is the solution? Creating a SVI on both switches rly is not popular, since it eats up and public IP and it creates some trouble with the VPN's.
Here is my scenario. We had the first switch (the one with a cable to ISP, here 1.1.1.1) set up with an SVI (1.1.1.2). Default route to ISP. Everything is cool.
Then the company used up the adresses they got. 1.1.1.2 for the SVI, 1.1.1.3 for their ISA that all user traffic passes through (left out of this), 1.1.1.3-6 for VPN's.
So, they get a few more add's. 2.2.2.1/28.
I set it up like this. I removed the SVI at the first switch and instead set it up on the first switch by removing the address from the interface vlan 50, then added it to the other switch on the same interface. It worked just fine, no problems to ping over the trunk, through the first switch, to the 1.1.1.1 (isp). Also the other public ip's worked just fine, they were reachable (few servers set up there).
Then, later (5-30 minutes) it crashes. Does not work. I had already left for the evening.
My thoughts is that the arp-entry in the first switch timed out, and it didnt send a new one because it did not have a SVI.
What is the solution? Creating a SVI on both switches rly is not popular, since it eats up and public IP and it creates some trouble with the VPN's.
CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff.
Comments
-
Options
networker050184
Mod Posts: 11,962 Mod
I doubt that arp is your issue. The hosts will arp for their gateway (1.1.1.2 I'm assuming) and it should answer back as soon as you assign it the IP address. The switch without the SVI will not need an arp entry if its just forwarding at L2.
What do you mean by "it crashed"? Did the internet connectivity go out? Did you check with the ISP to see if they had issues at that time? We are going to need a little more information before we can help you out.An expert is a man who has made all the mistakes which can be made. -
OptionsMorty3
Member Posts: 139
networker050184 wrote: »I doubt that arp is your issue. The hosts will arp for their gateway (1.1.1.2 I'm assuming) and it should answer back as soon as you assign it the IP address. The switch without the SVI will not need an arp entry if its just forwarding at L2.
What do you mean by "it crashed"? Did the internet connectivity go out? Did you check with the ISP to see if they had issues at that time? We are going to need a little more information before we can help you out.
Tell me whatever info you need :=)
Yeah, ISP problems where my thought aswell, since networks generally just dont go down randomly, especially not when people are not even using it (almost everyone had left already).
But apparently it was not that... My idea was that it should not be any issues here, since it is supposed to be l2 all the way to the ISP...CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff.