01-26-2010 02:01 AM
hello guys,
I need 'send' vlan1 to virtual context, but it's not working. where is the problem?
ACE1/Admin# sh run interface
Generating configuration....
interface gigabitEthernet 1/1
description data to internet
switchport trunk allowed vlan 200
no shutdown
interface gigabitEthernet 1/2
description data to lan
switchport trunk allowed vlan 1
no shutdown
interface gigabitEthernet 1/3
description mgmt
switchport access vlan 40
no shutdown
interface gigabitEthernet 1/4
description fault-tolerance
ft-port vlan 250
no shutdown
ACE1/Admin# sh vlans
Vlans configured on physical port(s)
vlan1 vlan40 vlan200 vlan250
ACE1/Admin# sh run context
context WEB-PROXY
allocate-interface vlan 200
member RC-WEB-PROXY
ACE1/Admin# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ACE1/Admin(config)# context WEB-PROXY
ACE1/Admin(config-context)# allocate-interface vlan ?
<WORD> Enter a vlan id or a range of vlans (Max Size - 20)
ACE1/Admin(config-context)# allocate-interface vlan 1
Error: Invalid vlan id
ACE1/Admin(config-context)#
ACE1/Admin#
why is 1 invalid vlan id?
sh ver:
Software
loader: Version 0.95.1
system: Version A3(2.0) [build 3.0(0)A3(2.0) adbuild_17:35:22-2008/10/01_/auto/adbu-rel4/rel_a3_2_0_dev_build/REL_3_0_0_A3_2_0]
system image file: (hd0,1)/c4710ace-mz.A3_2_0.bin
Device Manager version 1.1 (0) 20080805:0415
installed license: ACE-AP-01-LIC ACE-AP-C-500-LIC ACE-AP-OPT-50-K9 ACE-AP-SSL-05K-K9
Solved! Go to Solution.
01-26-2010 01:53 PM
Hi Martin,
I do not believe the information I provided regarding the internal use of VLAN 1 is published in the ACE documentation, however, that is not because we keep it a secret.
I have checked our documentation and can see in two areas of the Configuration Guides that we have it correct (2-4094). However, as you pointed out, it is incorrect in the Command Reference. Indeed, the only VLANs you can use are 2-4094. Thank you for pointing that out. I will reach out to our documentation team to have that addressed.
ace-appliance-15/Admin(config-context)# allocate-interface vlan 1
Error: Invalid vlan id
ace-appliance-15/Admin(config-context)# allocate-interface vlan 2
ace-appliance-15/Admin(config-context)# allocate-interface vlan 4094
ace-appliance-15/Admin(config-context)# allocate-interface vlan 4095
Error: Invalid vlan id
ace-appliance-15/Admin(config-context)# allocate-interface vlan 4096
Error: Invalid vlan id
As for the ACE module, VLAN 1 is the native VLAN on the trunk that exists between the service module and the 6500, and as such it's untagged. The 802.3 driver on our services modules expect tagged frames so it can't do anything with VLAN 1. This is common on most (if not all) of the service modules on the Catalyst 6500.
Have a nice day.
Sean
01-26-2010 05:34 AM
Hi,
VLAN 1 is not supported:
The syntax of this command is as follows:
allocate-interface vlan number1
For the number argument, enter the number of an existing VLAN or a range of VLANs that you want to assign to the context as integers from 2 to 4094.
See config guide for virtual configurations.
HTH,
Dario
01-26-2010 01:29 PM
01-26-2010 12:01 PM
Hello,
You may notice that, even without configuring VLAN 1 on the ACE, VLAN 1 shows up on the following command output:
ace-appliance-14/Admin# sho service-policy det
Policy-map : CLIENT_VIPS
Status : ACTIVE
Description: -----------------------------------------
Interface: vlan 1 2
service-policy: CLIENT_VIPS
:
:
This is because, while you cannot manually configure VLAN 1, the ACE 4710 actually is already using VLAN 1 internally. This is what prevents you from using it in your configurtion.
Hope this helps clear it up.
Thanks,
Sean
01-26-2010 01:33 PM
hello sean,
can you show me in documentation for ace 4700, where is this information (internaly usage of vlan 1) described? I didn't find this information. even though, thank you for description. it's clear for me now. can you tell me, if the same problem is for ace module?
martin
01-26-2010 01:53 PM
Hi Martin,
I do not believe the information I provided regarding the internal use of VLAN 1 is published in the ACE documentation, however, that is not because we keep it a secret.
I have checked our documentation and can see in two areas of the Configuration Guides that we have it correct (2-4094). However, as you pointed out, it is incorrect in the Command Reference. Indeed, the only VLANs you can use are 2-4094. Thank you for pointing that out. I will reach out to our documentation team to have that addressed.
ace-appliance-15/Admin(config-context)# allocate-interface vlan 1
Error: Invalid vlan id
ace-appliance-15/Admin(config-context)# allocate-interface vlan 2
ace-appliance-15/Admin(config-context)# allocate-interface vlan 4094
ace-appliance-15/Admin(config-context)# allocate-interface vlan 4095
Error: Invalid vlan id
ace-appliance-15/Admin(config-context)# allocate-interface vlan 4096
Error: Invalid vlan id
As for the ACE module, VLAN 1 is the native VLAN on the trunk that exists between the service module and the 6500, and as such it's untagged. The 802.3 driver on our services modules expect tagged frames so it can't do anything with VLAN 1. This is common on most (if not all) of the service modules on the Catalyst 6500.
Have a nice day.
Sean
01-29-2010 05:28 AM
Hi Martin,
Just wanted to let you know that the Command Reference for both ACE Module and ACE Appliance has been updated on Cisco.com to reflect the proper VLANs that can be allocated to a context: 2-4094.
Thanks for bringing it to our attention and have a nice day.
Sean
01-31-2010 02:12 AM
Workaround:
If you can't have the customer migrate into a different VLAN, you need to trick a bit, as VLAN1 is not usable on the ACE.
Pick a VLAN number that you will use inside the ACE for the outer VLAN1. Say, VLAN101.
If you have an access port connecting to the server segment, just set it to 101:
switchport access vlan 101
If you connect via a trunk, set your native VLAN to 101:
switchport trunk native vlan 101
01-31-2010 11:49 PM
peter,
we did the same workaround .
martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide