Solved: Layer Three Inter-VLAN Routing

"How do I ensure..." - let's start earlier: "did you configure?"

What supervisor do you have?
What software is running on the supervisor?
Do you have a PFC on the supervisor?
Do you have an MSFC on the supervisor?
If you have an MSFC, what software is running on the MSFC?

bbanis2k

ASKER

How do I answer all of these questions....with a sh version?

Also, it is configured and working properly. I just want to ensure that L3 routing is working in between the VLANs.

pjtemplin

sh mod, sh ver.

sh ip route?

What is it you're looking for?

bbanis2k

ASKER

That L3 routing is working....you tell me.

bbanis2k

ASKER

S1NSI03545#sh ver
Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-PK9SV-M), Version 12.2(17d)SXB10, RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Thu 11-Aug-05 14:15 by kellythw
Image text-base: 0x40020FBC, data-base: 0x41F20000

ROM: System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)
BOOTLDR: s72033_rp Software (s72033_rp-PK9SV-M), Version 12.2(17d)SXB10, RELEASE
SOFTWARE (fc1)

S1NSI03545 uptime is 46 weeks, 1 day, 18 hours, 7 minutes
Time since S1NSI03545 switched to active is 46 weeks, 1 day, 18 hours, 11 minute
s
System returned to ROM by reload at 23:35:34 UTC Thu Nov 10 2005 (SP by power-on
)
System restarted at 14:49:27 CST Sat Dec 10 2005
System image file is "sup-bootflash:s72033-pk9sv-mz.122-17d.SXB10.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C6509 (R7000) processor (revision 3.0) with 458752K/65536K bytes of mem
ory.
Processor board ID SMG0641A03E
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from power-on
X.25 software, Version 3.0.0.
Bridging software.
1 FlexWAN controller (4 Serial).
4 Virtual Ethernet/IEEE 802.3 interface(s)
144 FastEthernet/IEEE 802.3 interface(s)
34 Gigabit Ethernet/IEEE 802.3 interface(s)
4 Serial network interface(s)
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.

65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102

bbanis2k

ASKER

S1NSI03545#sh mod
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
3 16 16 port GE RJ45 WS-X6316-GE-TX SAD063804CL
4 16 16 port GE RJ45 WS-X6316-GE-TX SAD063704DD
5 2 Supervisor Engine 720 (Active) WS-SUP720-BASE SAL09232MHY
6 48 48-port 10/100 mb RJ45 WS-X6148-RJ45V SAL0752RJR3
7 48 48-port 10/100 mb RJ45 WS-X6148-RJ45V SAL063038BH
8 48 48-port 10/100 mb RJ45 WS-X6148-RJ45V SAL06303889
9 0 2 port adapter FlexWAN WS-X6182-2PA SAD04320GD3

Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
3 0002.7e39.7d58 to 0002.7e39.7d67 1.3 5.4(2) 8.3(0.110)TE Ok
4 0002.7e39.6d4e to 0002.7e39.6d5d 1.3 5.4(2) 8.3(0.110)TE Ok
5 0012.dae4.6a50 to 0012.dae4.6a53 3.3 8.1(3) 12.2(17d)SXB Ok
6 000e.d73c.2d80 to 000e.d73c.2daf 1.5 5.4(2) 8.3(0.110)TE Ok
7 0005.7486.2368 to 0005.7486.2397 1.0 5.4(2) 8.3(0.110)TE Ok
8 000a.8a6a.d538 to 000a.8a6a.d567 1.0 5.4(2) 8.3(0.110)TE Ok
9 00d0.d3a7.d936 to 00d0.d3a7.d975 1.3 12.2(17d)SXB 12.2(17d)SXB Ok

Mod Sub-Module Model Serial Hw Status
--- --------------------------- ------------------ ------------ ------- -------
5 Policy Feature Card 3 WS-F6K-PFC3A SAL09232L2A 2.5 Ok
5 MSFC3 Daughterboard WS-SUP720 SAL09243DRF 2.5 Ok
6 Inline Power Module WS-F6K-PWR 2.0 Ok
7 Inline Power Module WS-F6K-PWR 1.0 Ok
8 Inline Power Module WS-F6K-PWR 1.0 Ok

Mod Online Diag Status
--- -------------------
3 Pass
4 Pass
5 Pass
6 Pass
7 Pass
8 Pass
9 Pass

bbanis2k

ASKER

S1NSI03545#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 214.1.123.1 to network 0.0.0.0

B 137.209.0.0/16 [109/0] via 214.1.123.1, 2d21h
159.133.0.0/16 is variably subnetted, 8 subnets, 2 masks
O E2 159.133.18.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O IA 159.133.12.0/24 [110/67] via 192.168.250.185, 2d12h, Serial9/0/0
O IA 159.133.13.0/24 [110/67] via 192.168.250.185, 2d12h, Serial9/0/0
O IA 159.133.0.0/16 [110/66] via 192.168.250.185, 2d12h, Serial9/0/0
O IA 159.133.1.0/24 [110/67] via 192.168.250.185, 2d12h, Serial9/0/0
O IA 159.133.106.0/24 [110/67] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 159.133.191.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 159.133.193.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
172.16.0.0/24 is subnetted, 4 subnets
S 172.16.206.0 [1/0] via 10.106.255.1
S 172.16.106.0 [1/0] via 10.106.255.1
S 172.16.76.0 [1/0] via 10.106.255.1
S 172.16.66.0 [1/0] via 10.106.255.1
S 214.1.123.0/24 [1/0] via 10.106.255.1
192.168.250.0/24 is variably subnetted, 11 subnets, 2 masks
O 192.168.250.176/29 [110/128] via 192.168.250.185, 2d12h, Serial9/0/0
C 192.168.250.184/29 is directly connected, Serial9/0/0
O 192.168.250.160/29 [110/66] via 192.168.250.185, 2d12h, Serial9/0/0
O 192.168.250.168/29 [110/65] via 192.168.250.185, 2d12h, Serial9/0/0
O 192.168.250.208/29 [110/66] via 192.168.250.185, 2d12h, Serial9/0/0
O 192.168.250.216/29 [110/66] via 192.168.250.185, 2d12h, Serial9/0/0
O 192.168.250.192/29 [110/65] via 192.168.250.185, 2d12h, Serial9/0/0
O 192.168.250.240/29 [110/128] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 192.168.250.224/29 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 192.168.250.232/29 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 192.168.250.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
10.0.0.0/8 is variably subnetted, 22 subnets, 3 masks
S 10.1.1.0/24 [1/0] via 192.168.250.185
C 10.0.253.232/29 is directly connected, Loopback0
O E2 10.107.70.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 10.107.80.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 10.107.40.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 10.107.50.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 10.107.60.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O 10.106.0.0/16 is a summary, 2d12h, Null0
O IA 10.107.0.0/16 [110/129] via 192.168.250.185, 2d12h, Serial9/0/0
C 10.106.1.0/24 is directly connected, Vlan1
O E2 10.108.0.0/16 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
C 10.106.10.0/24 is directly connected, Vlan10
C 10.106.15.0/24 is directly connected, Vlan15
C 10.106.25.0/24 is directly connected, Vlan25
O E2 10.108.255.16/29 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 10.108.255.8/29 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 10.108.255.0/29 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 10.107.252.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
C 10.106.255.0/24 is directly connected, FastEthernet6/48
O E2 10.2.200.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O IA 10.0.254.0/24 [110/65] via 192.168.250.185, 2d12h, Serial9/0/0
O 10.0.253.0/24 is a summary, 2d12h, Null0
199.211.84.0/24 is variably subnetted, 6 subnets, 4 masks
O E2 199.211.84.64/27 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 199.211.84.0/29 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 199.211.84.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 199.211.84.8/30 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 199.211.84.12/30 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 199.211.84.32/27 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
199.208.0.0/24 is variably subnetted, 6 subnets, 3 masks
O E2 199.208.0.0/25 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 199.208.0.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 199.208.0.128/27 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 199.208.0.160/27 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 199.208.0.192/27 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 199.208.0.224/27 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 199.211.83.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
164.65.0.0/16 is variably subnetted, 53 subnets, 3 masks
O E2 164.65.231.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.232.1/32 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.232.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.240.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.217.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.165.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.164.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.167.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.161.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.160.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.163.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.162.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.173.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.172.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.175.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.169.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.168.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.171.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.170.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.176.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.132.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.135.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.134.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.129.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.128.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.131.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.130.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.141.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.140.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.143.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.142.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.137.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.136.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.139.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.138.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.149.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.148.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.151.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.150.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.145.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.144.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.147.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.146.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.157.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.156.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.159.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.158.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.153.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.152.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.155.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.154.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.1.0/24 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
O E2 164.65.0.0/16 [110/20] via 192.168.250.185, 2d12h, Serial9/0/0
B* 0.0.0.0/0 [109/0] via 214.1.123.1, 2d21h

bbanis2k

ASKER

My VLANs are as below:

Servers: 10.106.10.x
Printers: 10.106.15.x
Workstations: 10.106.25.x

Don Johnston

substitute x, y and z with your vlan numbers

conf t
int vlan x
ip address 10.106.10.? 255.255.255.0
no shut
int vlan y
ip address 10.106.15.? 255.255.255.0
no shut
int vlan z
ip address 10.106.10.? 255.255.255.0
no shut
end

pjtemplin

He already has that; that's why the connected routes are appearing the routing table.

rsivanandan

Why not just do a ping and you should be able to find out immediately right ?

From one of the workstations, ping one of the server, you'll know if routing is happening. Is there anything I'm missing here ? I mean, that seems to be the easiest for me.

Cheers,
Rajesh

Don Johnston

>He already has that; that's why the connected routes are appearing the routing table.

Oh yeah. My bad. I didn't see it in all output. ;-)

bbanis2k

ASKER

So the fact that ping is working between VLANs tells me that it's working fine? That's good to know...

I have an application that resides on the server VLAN and now from the workstation VLAN there seems to be some latency in the connection. It seems as though some timeouts are occuring. That's why I wanted to verfiy routing was occruing at L3.

Any suggestions about the latency?

Thanks,
BBanis2K

pjtemplin

Let's see a 'sh int stat'. Chances are the latency is NOT from the MSFC, but perhaps you've got something tweaked causing software forwarding. How much traffic are you passing through this box?

bbanis2k

ASKER

Not a great deal of traffic. We're not even maxed out on blades and have plenty of ports open...

S1NSI03545#sh int stat
Vlan1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 55199 5119796 2394729 185655228
Route cache 120 11376 1 40
Distributed cache 17149835 3119998598 14053181 3819862352
Total 17205154 3125129770 16447911 4005517620
Vlan10
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 68836991 6204845376 90928370 8770723326
Route cache 2138266 2652033958 4653 687870
Distributed cache 423371880 130647297152 458340924 293294485735
Total 494347137 139504176486 549273947 302065896931
Vlan15
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 305415 28540488 665049 51817622
Route cache 28 2268 97 8088
Distributed cache 5926782 3188359975 3549962 350256432
Total 6232225 3216902731 4215108 402082142
Vlan25
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 333256 27434611 407834 30816798
Route cache 5602 776311 44754 4195891
Distributed cache 18677929 3386880262 32428868 21169309605
Total 19016787 3415091184 32881456 21204322294

pjtemplin

What's configured on int vlan10? You have a reasonable percentage of processor-switched traffic, and at least a higher percentage of fast-switched (i.e. non-CEF) traffic than your other interfaces.

If you have ports open, you're probably OK, but you are technically oversubscribed given the hardware you have.

bbanis2k

ASKER

VLAN 10 is all of my servers....but only 8 total.

bbanis2k

ASKER

I wanted to add that before the change, VLAN 10 once contained everything (printers, workstations, servers) Now it only contains the servers so I'm not sure how accurate those stats are.

pjtemplin

Then 'clear count'.

bbanis2k

ASKER

Done...

When do you want me to post the output again?

pjtemplin

An hour, a day, whenever.

bbanis2k

ASKER

S1NSI03545#sh int stat
Vlan1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 47 4388 499 39532
Route cache 0 0 0 0
Distributed cache 2755 515771 2213 551338
Total 2802 520159 2712 590870
Vlan10
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 1107 93270 20451 1993050
Route cache 0 0 53 8963
Distributed cache 1243499 602687268 789553 439946254
Total 1244606 602780538 810057 441948267
Vlan15
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 303 19392 1113 77440
Route cache 3 174 0 0
Distributed cache 801 51298 10467 6130638
Total 1107 70864 11580 6208078
Vlan25
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 14357 1242684 2042 144521
Route cache 124 29196 0 0
Distributed cache 834637 393622825 1315339 698033632
Total 849118 394894705 1317381 698178153

pjtemplin

OK, from what you've shown, I don't believe the latency would be caused by this swouter.

bbanis2k

ASKER

10/4 ~ I guess it's this crap application we're using... Thanks

Don Johnston

I'd go with rsivanandan. After re-reading the initial question, all they asked was "How do I ensure that Layer three inter-VLAN routing is working?"

A ping certainly would have done that!

pjtemplin

I put a bunch of time, effort, and typing into answering this person's questions.

A ping could answer whether routing is working, but it takes more than that to confirm that the routing is working locally on the box and not somewhere else in the network. His original descriptions were rather vague; I'm tired of guessing at what people want, so I ask for more detail.

But if you think the lucky early guess is it, that's fine with me.

rsivanandan

>>I just implemented separate VLANs for all workstations, printers and servers on my Catalyst 6509. How do I ensure that Layer three inter-VLAN routing is working?

Still a 'ping' would be the best and easiest method as for as the networking knowledge I have! To make sure that, I don't need to see a bunch of output commands before even doing that.

It AIN'T a guess! It is basic troubleshooting and that is the reason that 'thing' is there and it doesn't provide you *anything* more that that.

Cheers,
Rajesh

pjtemplin

He had one VLAN, he now has several. It's a production network. He'd know if it was or wasn't working.

Give the points to Rajesh.

Somebody please tell me why I come here and try.

Don Johnston

>Somebody please tell me why I come here and try.

Since that's a question so you'll need to post it as a new question.

;-)

pjtemplin

I can't give you credit for that comment since you didn't tell me what category to put the question in.

Keith Alabaster

I just make a recommendation; don't shoot the messnger. If you think it should be a split then that's what I'll put in although I believe a ping would have answered the question. I stated what I would be recommending initially......

Keith :)

pjtemplin

Give the points to rajesh please.

bbanis2k

ASKER

I accepted pjtemplin's answer because he was correct. The routes existed in the routing table and I was able to communicate between VLANs.

I should have awarded him the points a long time ago.

rsivanandan

Great. Have a nice day.

Cheers,
Rajesh