Network Management

So I'm in the process of upgrading my network core from a non-Aruba switch pair to a CX8325 VSX pair. Downstream I'll have a mix of CX01K pairs, CX6300M stacks, my main corporate external facing firewall and NAS arrays attached directly to the core pair. I have to go with "old fashion" VLANs and vlan gateways as I can't use OSPF configuration (it's not an option per my vendor's tech person helping with the implementation). On our old core we currently have 35 VLANs each with their own gateway IP address and each switch has an virtual interface IP address on each VLAN. I've configured the new CX8325 VSX pair with 33 VLANs for now (like example config below, I've anonymized the VLAN number, IP address, active-gateway ip mac and active-gateway ip, so you get the gist). I've setup a simple network (see diagram below) with the CX8325 core VSX pair, CX10K VSX pair, one CX6300M with one laptop.  The physical ports that the ISL configured on each switch in the CX8325 pair has an IP, the VSX configuration has an system-mac assigned to it. I've used AFC where possible to configure.

My issue is this: I'm using two ports on the CX6300M switch to test connectivity. I've configured one port with one VLAN an the second port with another VLAN. I set my laptop IP to be one corresponding with the switch port VLAN. When I'm testing network pings to all 33 configured VLAN gateways I get the following results:

• I only see replies from 21 of the gateways (10.10.10x.1),
  • I get the following mesg from one of the core switch's virtual IP address on my laptops VLAN "Reply from 10.10.10x.3: Destination net unreachable.
• But I'm able to ping both of the virtual interface IP addresses on 29 of the VLANs
  • Except for from two VLANS I'm able to ping the gateway and from two VLANs I'm not able to ping the gateway.
• When I change the switch port to one of the VLANS where I'm not able to ping the gateway, I'm still not able to ping the gateway, but I can ping the two switches virtual vlan IP interfaces, additionally I'm not able to ping any other VLAN nor the switches' VLAN virtual IP addresses.

In reading the Active gateway over VSX - AOS-CX 10.13  guide I see that you can only have 16 VMACS so I'm using the same active-gateway ip mac for all my VLANs. Also in the Active gateway over VSX documentation for AOS-CX 10.13 I read that with IP multinetting you can only have a max of 32 IPv4 active gateways, but on the IP multinetting over VSX section is states "The maximum number of supported active gateways per switch is 4,000. Since a maximum of 31 secondary IPv4 addresses can be configured on an SVI, 32 IPv4 active gateways (along with the primary IPv4 address) can be configured per SVI with IP multinetting support. This support is also the same for IPv6 addresses."

So what is it am I limited to 32 or 4000 active gateways with dedicated gateway IP address on each of my VLANs on my switch? And why can't I ping across all of my VLANs' gateways I've configured, but can hit the individual switch's interface VLAN virtual IP address? Is there something I need to enable or change?

Same format of VLAN interface config across the VLANs (only thing identical is the VMAC):

interface vlan 101

    description Servers

    vsx shutdown-on-split

    ip mtu 9198

    ip address 10.10.101.2/23

    active-gateway ip mac 10:00:00:00:00:01

    active-gateway ip 10.10.101.1

Simple diagram design of my testing my core and VLANs

------------------------------
Thank you.
Dave
he who throws the kitchen sink at IT... when needed. :-)
------------------------------

So I'm in the process of upgrading my network core from a non-Aruba switch pair to a CX8325 VSX pair. Downstream I'll have a mix of CX01K pairs, CX6300M stacks, my main corporate external facing firewall and NAS arrays attached directly to the core pair. I have to go with "old fashion" VLANs and vlan gateways as I can't use OSPF configuration (it's not an option per my vendor's tech person helping with the implementation). On our old core we currently have 35 VLANs each with their own gateway IP address and each switch has an virtual interface IP address on each VLAN. I've configured the new CX8325 VSX pair with 33 VLANs for now (like example config below, I've anonymized the VLAN number, IP address, active-gateway ip mac and active-gateway ip, so you get the gist). I've setup a simple network (see diagram below) with the CX8325 core VSX pair, CX10K VSX pair, one CX6300M with one laptop.  The physical ports that the ISL configured on each switch in the CX8325 pair has an IP, the VSX configuration has an system-mac assigned to it. I've used AFC where possible to configure.

My issue is this: I'm using two ports on the CX6300M switch to test connectivity. I've configured one port with one VLAN an the second port with another VLAN. I set my laptop IP to be one corresponding with the switch port VLAN. When I'm testing network pings to all 33 configured VLAN gateways I get the following results:

• I only see replies from 21 of the gateways (10.10.10x.1),
  • I get the following mesg from one of the core switch's virtual IP address on my laptops VLAN "Reply from 10.10.10x.3: Destination net unreachable.
• But I'm able to ping both of the virtual interface IP addresses on 29 of the VLANs
  • Except for from two VLANS I'm able to ping the gateway and from two VLANs I'm not able to ping the gateway.
• When I change the switch port to one of the VLANS where I'm not able to ping the gateway, I'm still not able to ping the gateway, but I can ping the two switches virtual vlan IP interfaces, additionally I'm not able to ping any other VLAN nor the switches' VLAN virtual IP addresses.

In reading the Active gateway over VSX - AOS-CX 10.13  guide I see that you can only have 16 VMACS so I'm using the same active-gateway ip mac for all my VLANs. Also in the Active gateway over VSX documentation for AOS-CX 10.13 I read that with IP multinetting you can only have a max of 32 IPv4 active gateways, but on the IP multinetting over VSX section is states "The maximum number of supported active gateways per switch is 4,000. Since a maximum of 31 secondary IPv4 addresses can be configured on an SVI, 32 IPv4 active gateways (along with the primary IPv4 address) can be configured per SVI with IP multinetting support. This support is also the same for IPv6 addresses."

So what is it am I limited to 32 or 4000 active gateways with dedicated gateway IP address on each of my VLANs on my switch? And why can't I ping across all of my VLANs' gateways I've configured, but can hit the individual switch's interface VLAN virtual IP address? Is there something I need to enable or change?

Same format of VLAN interface config across the VLANs (only thing identical is the VMAC):

interface vlan 101

    description Servers

    vsx shutdown-on-split

    ip mtu 9198

    ip address 10.10.101.2/23

    active-gateway ip mac 10:00:00:00:00:01

    active-gateway ip 10.10.101.1

Simple diagram design of my testing my core and VLANs

------------------------------
Thank you.
Dave
he who throws the kitchen sink at IT... when needed. :-)
------------------------------

Okay, this is weird. Now it suddenly is working fine. As  a test I was able to continue adding new VLANS with their own unique IPv4 gateway address. Well, lets chuck this up to the rabbling of an IT guy that should listen to his own advice. Have you rebooted it? It truly solves like 95% of all IT issues.

So I'm in the process of upgrading my network core from a non-Aruba switch pair to a CX8325 VSX pair. Downstream I'll have a mix of CX01K pairs, CX6300M stacks, my main corporate external facing firewall and NAS arrays attached directly to the core pair. I have to go with "old fashion" VLANs and vlan gateways as I can't use OSPF configuration (it's not an option per my vendor's tech person helping with the implementation). On our old core we currently have 35 VLANs each with their own gateway IP address and each switch has an virtual interface IP address on each VLAN. I've configured the new CX8325 VSX pair with 33 VLANs for now (like example config below, I've anonymized the VLAN number, IP address, active-gateway ip mac and active-gateway ip, so you get the gist). I've setup a simple network (see diagram below) with the CX8325 core VSX pair, CX10K VSX pair, one CX6300M with one laptop.  The physical ports that the ISL configured on each switch in the CX8325 pair has an IP, the VSX configuration has an system-mac assigned to it. I've used AFC where possible to configure.

My issue is this: I'm using two ports on the CX6300M switch to test connectivity. I've configured one port with one VLAN an the second port with another VLAN. I set my laptop IP to be one corresponding with the switch port VLAN. When I'm testing network pings to all 33 configured VLAN gateways I get the following results:

• I only see replies from 21 of the gateways (10.10.10x.1),
  • I get the following mesg from one of the core switch's virtual IP address on my laptops VLAN "Reply from 10.10.10x.3: Destination net unreachable.
• But I'm able to ping both of the virtual interface IP addresses on 29 of the VLANs
  • Except for from two VLANS I'm able to ping the gateway and from two VLANs I'm not able to ping the gateway.
• When I change the switch port to one of the VLANS where I'm not able to ping the gateway, I'm still not able to ping the gateway, but I can ping the two switches virtual vlan IP interfaces, additionally I'm not able to ping any other VLAN nor the switches' VLAN virtual IP addresses.

In reading the Active gateway over VSX - AOS-CX 10.13  guide I see that you can only have 16 VMACS so I'm using the same active-gateway ip mac for all my VLANs. Also in the Active gateway over VSX documentation for AOS-CX 10.13 I read that with IP multinetting you can only have a max of 32 IPv4 active gateways, but on the IP multinetting over VSX section is states "The maximum number of supported active gateways per switch is 4,000. Since a maximum of 31 secondary IPv4 addresses can be configured on an SVI, 32 IPv4 active gateways (along with the primary IPv4 address) can be configured per SVI with IP multinetting support. This support is also the same for IPv6 addresses."

So what is it am I limited to 32 or 4000 active gateways with dedicated gateway IP address on each of my VLANs on my switch? And why can't I ping across all of my VLANs' gateways I've configured, but can hit the individual switch's interface VLAN virtual IP address? Is there something I need to enable or change?

Same format of VLAN interface config across the VLANs (only thing identical is the VMAC):

interface vlan 101

    description Servers

    vsx shutdown-on-split

    ip mtu 9198

    ip address 10.10.101.2/23

    active-gateway ip mac 10:00:00:00:00:01

    active-gateway ip 10.10.101.1

Simple diagram design of my testing my core and VLANs

------------------------------
Thank you.
Dave
he who throws the kitchen sink at IT... when needed. :-)
------------------------------