Layer 2 Switch Issue

Hi,

I was wondering if anyone could help with a switch issue I'm experiencing.

My manager is currently setting up a bunch of servers at our datacentre. They are all Dell machines (2970s I believe) and connect to a Cisco Catalyst 2950 Layer 2 switch.

The problem he has is thus:

1 server hosts 2 IP addresses on a single NIC. The rest host only a single IP address. Pings from any of these servers to the default IP address on the "double IP" server are all successful. Pings to the secondary address all fail.

Now, as this is only a layer 2 switch, this would seem to make sense. I realse it doesn't have any concept of IPs and I assume that any ARP is done elsewhere. It there anything we can do to make this secondary IP address visible? Basically we want to know how to "assign" 2 IPs to a single MAC (without purchasing a layer 3 switch!)  

Am I on the correct train of thought? :-)

Many thanks for any help,

Olly
ollygdAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

from_expCommented:
hi there!

you can configure 2 ip addresses on one interface and the will work perfectly, unless the second ip address on the different subnet.
for example:
pc1 - 192.168.1.1/24
pc2 - 192.168.1.2/24
pc3 (dual ip) 192.168.1.3/24 192.168.1.4/24 - both ips will be visible and pingable
but
pc5 - 192.168.1.5/24, 192.168.2.5/24 - second ip will be visible only via routing. so pc1 to ping 2.5 will go to it's default gw.
if your previous switch was configured as L3 and did routing for that pc5, then you have to implement routing somewhere else, because, your're right 2950 is L2 switch
0
ollygdAuthor Commented:
Thank you very much for your quick reply!

I can confirm the two IP addresses on the duel NIC (thats 2 IP addresses, 1 RJ45 port, 1 MAC for clarity!) *are* in the same subnet. The interface on the switch is configured as an ACCESS port.

According to what you have said, both the IPs should be pingable? As it stands, it is still just the default IP that can be reached.

I apologise as I am early days CCNA! As I recall, if a server wishes to discover the MAC address associated with this secondary IP, then is will send and ARP broadcast on this subnet. The server should reply with the same MAC address regardless of the IP which is sought correct? So as you have stated, the IP address can definitely be either, as they both resolve to the same MAC (I am assuming that Windows Server 2003 allows multiple IPs on a single ARP entry)

My boss has just yelled over to me stating that we had these servers were working fine a few days ago :-) The ARP tables on all the servers check out OK, but for some reason this secondary IP cannot be pinged anymore.

It's as if the switch isn't allowing the ping through. (Again, pings on the primary IP are fine)

Sorry I wasn't more specific last time!

Many thanks,

Olly  
0
from_expCommented:
hi!
i suppose you should open cmd on your server(with dual ips) and type ipconfig /all
if the second ip is not pingable, it either is not configured (ipconfig /all will show 0.0.0.0 instead of the second ip), either not allowed by firewall (in this case second server from which you are trying to ping should receive arp reply and arp -a should show mac address for that second ip. and, yes, mac address will be the same as for primary ip)
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

ollygdAuthor Commented:
Hi there,

An ipconfig /all command shows the two interfaces as live. They both have valid Ip addresses in the same subnet and can ping themselves. There is no firewall running on any machine connected to this switch.

Thank you!

Olly
0
ollygdAuthor Commented:
Sorry - the ARP also checks out fine
0
from_expCommented:
please clarify, how many NICs (interfaces) do you have in your dual ip server?
your prev post sound confusing.
if you shouldn't have two NICs in one server within one subnet, imho.
0
ollygdAuthor Commented:
Just the 1 NIC, hosting 2 ip addresses on 1 MAC
0
ollygdAuthor Commented:
I should also mention it is a single port NIC. Ie 1 patch cable to the switch
0
from_expCommented:
try to remove first ip address from your server. does second and the only pingable?
if yes, add the second ip
0
ollygdAuthor Commented:
OK, we'll try that. I'll have to wait an hour or two before I can take them down, as they are production servers. I very much appreciate your time - perhaps we'll speak tomorrow!

Thanks

Olly
0
from_expCommented:
you're welcome!
i'll wait for your update
0
ollygdAuthor Commented:
Morning!

Well, we took your advice and removed the working IP address. The other one still failed! Anyhow, since we were on our time at that point (we can take down our production servers at 6.00pm every day) we reinstated the other IP as it was before, and restarted the switch. Guess what? It worked!

It's a strange one, as we have had this problem intermittently in some of our other cabinets with a similar configuration. I just don't understand how a layer 2 switch can be the problem - especially as the arp checked out backwards and forwards for all IP addresses. That said, perhaps restarting the switch caused the servers to wake up? Im not sure!

Anyway, if you have the time and any thoughts, they would be most appreciated.

Many thanks,

Olly

P.S One possibly important point to mention would be that this "un-pingable" IP address WAS visible from the internet, albiet through several layers of translation. Once my boss is in, I'll try and get some more details out of him. (And I'll notch up the points for you if you crack it!)
0
from_expCommented:
hi!
the switch was not an issue to my mind (if the configuration was saved before restart)
i suppose interface of server going down and up solved your problem. so your server's tcp/ip stack reseted and initialized from the config.
and if the server was accessible from outside, but wasn't pingable, also points to the server's tcp/ip stack issue, but not to the switch
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ollygdAuthor Commented:
OK, we'll reset the NICs tonight and see if we can find anything. I'll keep you posted!
0
ollygdAuthor Commented:
I believe it was the TCP/IP stack after all. Many thanks for your help! We'll have to keep an eye on things.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.