The Journey of a Network Engineer

Mar 11 2011   4:57AM GMT

Troubleshoot: distribution Switch acting wierd.



Posted by: Sulaiman Syed
Tags:
3750
6509
ASA
Cisco
extended ping
Firewall
lost connection
ping
routing
server fam
switch
traceroute
vlan
WLSM

Before i Begin, Lets not talk bout how bad the design is. I know all the issues with our design, and that it is faulty in every possible way. Lets say that I still don’t have the managerial power to alter the design yet. The design will change, hopefully sooner than later. I’ll explain how the infrastructure is in detail, then i would say what is the problem in detail. I really appreciate any input, cause i just can’t figure it out.

logical Drawing

We have two Core switches 6509 that are connected with trunk links. The server farm distribution switches are 3750 are also connected with trunks. The connection is a square one. Then we have our Wireless Lan Service Modules (WLSM) connected to 6506 switches that is connected to our Server Farm Distribution. Everything is connected in Trunks. Only the Link to ASA firewalls are Access, and they are in the Server Farm Vlan.

Looking at the drawing, it is shown that the management vlan (used for us to access the devices) with 10.10.0.0/16. while the Server Farm Vlan is 10.40.0.0/16. Both Core, Server Farm Dist, and WLSM (6506) switches are running HSRP. The Server Farm Vlan is spanning to the core. Spanning tree is functioning well, without any issues.

Now, the problem is. If we shutdown the Server Farm Interface in any WLSM switch, then we lose connectivity to Firewalls (after exactly 3.30 Mins). We checked that no spanning tree issue, or routing issues. All proper ports were open (unblocked), and all the routes are showing right. We didn’t lose connectivity to any Server that is connected to the Server Farm Access switches. Only the Firewalls that are connected to our Cores.

Here is the output of traceroute, ping, extended ping to give a good idea.

C:\Documents and Settings\Administrator>Tracert 10.40.0.100

Tracing route to  10.40.0.100 over a maximum of 30 hops

1   1 ms    1 ms   1 ms    10.14.0.64
2   <1 ms <1 ms <1 ms 10.14.255.255
3   3 ms   <1 ms <1 ms  10.10.40.1
4   <1 ms <1 ms <1 ms 10.40.0.100

The reason above we see 10.14.255.255 is that the links between Building Distribution and the Cores are Routed (not trunked). so 10.14.255.255 is the interface in Core. This is normal behavior, after shutting down.

C:\Documents and Settings\Administrator>Tracert 10.40.0.100

Tracing route to  10.40.0.100 over a maximum of 30 hops

1   1 ms    1 ms   1 ms    10.14.0.64
2   <1 ms <1 ms <1 ms 10.14.255.255
3   3 ms   <1 ms <1 ms  10.10.40.1
4  *          *        *

5  *          *        *

L3CS-SF-02#ping
Protocol [ip]:
Target IP address: 10.40.0.100
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.10.40.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.40.0.100, timeout is 2 seconds:
Packet sent with a source address of 10.10.40.1
…..
Success rate is 00 percent (0/5).

L3CS-SF-02#ping
Protocol [ip]:
Target IP address: 10.40.0.100
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.40.0.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.40.0.100, timeout is 2 seconds:
Packet sent with a source address of 10.40.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
L3CS-SF-02#

What i Found is that, if the Server Farm Dist switched pinged Firewall using the management vlan, the ping will not work, while a ping from source of server farm vlan will work. My question is,why the traffic that came into the Dist switch through management vlan (routing vlan) wont propagate into the server farm vlan. After Shutting down the WLSM server farm vlan interface! (any interface from the two)

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: