Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5042
Views
0
Helpful
7
Replies

vlan tagging issue on Cisco1000

Go to solution
axiamilos
Level 1
Level 1

‎09-02-2020 08:34 AM

I'm stumped and I'm hoping someone can point me to something obvious that I'm missing. 

 

I'm adding a C1000-8P-E-2G-L to an existing network. The network is composed of two segments, VLAN 1 (native) for general network activity and internet, VLAN 10 is the multicast lab. I have a C3560CG as the core switch. The ports are configured as access (vlan 1) when connected to phone or PCs. Other ports are configured as trunk and native VLAN 10 for connections to multicast devices that include unmanaged switch (embedded systems). A port is configured as a simple trunk (no pruning or altering the native vlan) and this goes to an old cisco 2960 on a lab bench. For years I have successfully had access to VLAN 1 or VLAN 10 on the 2960. I'm adding a new lab area with the C1000 and configured the ports just as I have for the 2960. When trying to access a VLAN 10 device from the PC on VLAN 1, the TCP connection fails. In troubleshooting, I've discovered that VLAN tagging is partially absent with the C1000. IGMP reports from a device get tagged (802.1q encapsulated) but everything else is not tagged.

  • Trying to ping the 3560 from a VLAN 10 device results in unanswered ARP requests as the packets are not tagged and I'm assuming never make it to the LVAN 10 interface of the 3560.
  • Attempting to ping from the 3560 to a VLAN 10 device also results in unresolved ARP requests but the packets are tagged as they enter into the C1000 but never make it to the VLAN 10 device.
  • Pinging the 3560 from the C1000 results in similar findings. The C1000 has no ARP entry for the 3560 and sends out ARP packets with no tagging. 
  • The 3560 has an ARP entry for the C1000 and pings to the VLAN 10 interface on the C1000 are unanswered. The IGMP packets are tagged leaving the 3560, but what the C1000 does with these is not known. 

So what am I missing? What did I do wrong?

 

3560 port to the C1000

interface GigabitEthernet0/6
 description **cisco1000 link**
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport voice vlan dot1p
 srr-queue bandwidth share 30 20 25 25
 srr-queue bandwidth shape  0 0 0 0
 priority-queue out
 mls qos trust cos
end

The C1000 corresponding port

interface GigabitEthernet1/0/8
switchport mode trunk
switchport voice vlan dot1p
no power efficient-ethernet
mls qos trust cos
no ip igmp snooping tcn flood
end

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
axiamilos
Level 1
Level 1

‎09-08-2020 09:13 PM

Upgrading from 15.2(7)E1 to 15.2(7)E2 resolved the issue. 

I couldn't find any release notes, just that the software was available. 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-02-2020 10:27 AM

If you looking to Build Trunk between Cat 3560 and C1000

 

Just make trunk port is good enough  : example :

 

interface GigabitEthernet0/6
 description **cisco1000 link**
 switchport mode trunk
end

interface GigabitEthernet1/0/8
switchport mode trunk
end

 

On the edge port or access port

 

Switchport mode access
Switchport voice vlan XX should work for you

 

Hope this makes sense or i misunderstood your requirement?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
axiamilos
Level 1
Level 1
In response to balaji.bandi

‎09-03-2020 06:02 AM

balaji.bandi

The trunk port lines were present and the other items are for QOS oriented issues. Either way, I simplified the configuration per your post. The 3560 supports ISL encapsulation and thus requires the dot1q call out where the C1000 only supports dot1q. 

 

Either way, the fundamental issue remains. I can not ping the VLAN 10 interface of the 3560 from the C1000. Through the use of a TAP, I can see that the C1000 is not tagging the packets.

C1000 configuration

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1000
!
boot-start-marker
boot-end-marker
!
no aaa new-model
switch 1 provision c1000-8p-e-2g-l
system mtu routing 1500
!
interface GigabitEthernet1/0/10
 description **TRUNK TO 3960**
 switchport mode trunk
!
interface Vlan1
 ip address 192.168.11.21 255.255.255.0
!
interface Vlan10
 ip address 192.168.101.2 255.255.255.0

3560 configuration

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 3560_OFFICE-1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
ip routing
!
interface GigabitEthernet0/6
 description **cisco1000 link**
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 ip address 192.168.11.20 255.255.255.0
!
interface Vlan10
 ip address 192.168.101.1 255.255.255.0
!
ip default-gateway 192.168.11.1
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 192.168.11.1

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to axiamilos

‎09-03-2020 09:52 AM

You have shown us only very abbreviated configurations. In particular you have not shown us that the c1000 has configured vlan 10 (the vlan itself and not the vlan interface - which you do show us). Perhaps the output of these commands might be helpful

show interface status

show interface trunk

HTH

Rick
0 Helpful

Go to solution
axiamilos
Level 1
Level 1
In response to Richard Burts

‎09-03-2020 11:36 AM

Richard: 

That is a fair request. Take note that I've simplify the deployment for now because I'm trying to reduce variables and validate basics. The end goal is that I can access a device on VLAN 10 connected to C1000 from a PC on VLAN 1 of the 3560. I'm not trying that now and simply wish to prove that VLAN tagging is working. So my goal for now is to ping the VLAN interface of the 3560 from the C1000. After that I will move onto other milestones.

 

cisco1000#show interface status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi1/0/1                      disabled     1            auto   auto 10/100/1000BaseTX
Gi1/0/2                      disabled     1            auto   auto 10/100/1000BaseTX
Gi1/0/3                      disabled     1            auto   auto 10/100/1000BaseTX
Gi1/0/4                      disabled     12           auto   auto 10/100/1000BaseTX
Gi1/0/5                      disabled     1            auto   auto 10/100/1000BaseTX
Gi1/0/6                      disabled     1            auto   auto 10/100/1000BaseTX
Gi1/0/7                      connected    10         a-full a-1000 10/100/1000BaseTX
Gi1/0/8                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/9                      notconnect   12           auto   auto Not Present
Gi1/0/10  **TRUNK TO 3960**  connected    trunk      a-full a-1000 10/100/1000BaseTX
cisco1000#show interface trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/10    on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi1/0/10    1-4094

Port        Vlans allowed and active in management domain
Gi1/0/10    1,10-12

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/10    1,10-12
3560_OFFICE-1#show interface status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/1     **Desk Phone**     connected    1          a-full a-1000 10/100/1000BaseTX
Gi0/2     **WorkBench switch connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi0/3     **PC**  notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/4     **WiFi MikroTik**  connected    1          a-full  a-100 10/100/1000BaseTX
Gi0/5     SMARTTHINGS        connected    1          a-full  a-100 10/100/1000BaseTX
Gi0/6     **cisco1000 link** connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi0/7     Device_A           notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/8     Device_B           notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/9     Device_C           notconnect   1            auto   auto Not Present
Gi0/10    **ISP LINK**       connected    trunk      a-full a-1000 10/100/1000BaseTX
3560_OFFICE-1#show interface trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/2       on               802.1q         trunking      1
Gi0/6       on               802.1q         trunking      1
Gi0/10      on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/2       1-4094
Gi0/6       1-4094
Gi0/10      1-4094

Port        Vlans allowed and active in management domain
Gi0/2       1,10-12
Gi0/6       1,10-12
Gi0/10      1,10-12

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/2       1,10,12
Gi0/6       1,10,12
Gi0/10      1,10-12
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to axiamilos

‎09-03-2020 11:56 AM

Thank you for the additional information. It does show that the 1000 does have a device connected in vlan 10 and does show that the trunk form the 1000 is carrying vlan 10. On the 3560 it does show that the 3 trunk interfaces are carrying vlan 10. I do not see a connected device in vlan 10 (but that might not matter). Could you provide some additional information. 

On each switch the output of 

show cdp neighbor

show ip interface brief

Also can you clarify whether you are attempting ping from the 1000 itself or from the device connected on G1/0/7?

And would you post the output of ipconfig from the device on G1/0/7 (or other appropriate command if not a Windows machine)?

HTH

Rick
0 Helpful

Go to solution
axiamilos
Level 1
Level 1
In response to Richard Burts

‎09-04-2020 01:19 PM 

cisco1000#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
3560_OFFICE-1     Gig 1/0/10        133             R S I  WS-C3560C Gig 0/6

Total cdp entries displayed : 1
cisco1000#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  192.168.11.21   YES manual up                    up
Vlan10                 192.168.101.2   YES manual up                    up
GigabitEthernet1/0/1   unassigned      YES unset  administratively down down
GigabitEthernet1/0/2   unassigned      YES unset  administratively down down
GigabitEthernet1/0/3   unassigned      YES unset  administratively down down
GigabitEthernet1/0/4   unassigned      YES unset  administratively down down
GigabitEthernet1/0/5   unassigned      YES unset  administratively down down
GigabitEthernet1/0/6   unassigned      YES unset  administratively down down
GigabitEthernet1/0/7   unassigned      YES unset  up                    up
GigabitEthernet1/0/8   unassigned      YES unset  down                  down
GigabitEthernet1/0/9   unassigned      YES unset  down                  down
GigabitEthernet1/0/10  unassigned      YES unset  up                    up
cisco1000#
3560_OFFICE-1#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
464Router        Gig 0/10          76                R    MikroTik  bridge1/ether3
2960_8P          Gig 0/2           145              S I   WS-C2960- Gig 0/1
88f07758d5d9     Gig 0/10          171             R S I  SF302-08P gi2
cisco1000        Gig 0/6           141              S I   C1000-8P- Gig 1/0/10

Total cdp entries displayed : 4
3560_OFFICE-1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  192.168.11.20   YES NVRAM  up                    up
Vlan10                 192.168.101.1   YES NVRAM  up                    up
Vlan12                 192.168.12.30   YES manual up                    down
GigabitEthernet0/1     unassigned      YES unset  up                    up
GigabitEthernet0/2     unassigned      YES unset  up                    up
GigabitEthernet0/3     unassigned      YES unset  down                  down
GigabitEthernet0/4     unassigned      YES unset  up                    up
GigabitEthernet0/5     unassigned      YES unset  up                    up
GigabitEthernet0/6     unassigned      YES unset  up                    up
GigabitEthernet0/7     unassigned      YES unset  up                    up
GigabitEthernet0/8     unassigned      YES unset  down                  down
GigabitEthernet0/9     unassigned      YES unset  down                  down
GigabitEthernet0/10    unassigned      YES unset  up                    up

I'm attempting to ping from either the embedded device on port 7 and the two switches to collect data. 

With a USB (serial) connection from the office PC to the cisco1000

I ping from the c1000 to the 3560 vlan 10 interface and the result is an ARP request traveling the trunk link (egress from the c1000 towards the 3560) and the 5 packets have no tagging. 

With the above connection to the c1000, I telnet to the vlan 1 interface of the 3560. 

I ping from the 3560 to the c1000 vlan 10 interface and the result is 5 ICMP packets traversing the trunk which are VLAN 10 tagged. The 3560 has the MAC value of the C1000 by some other means so no ARP is required. The 5 ICMP packets see no response over the trunk cable. 

With the above connection to the 3560

I ping the embedded device at port 7 of the c1000. The 3560 sends ARP request through the trunk cable and these packets are tagged VLAN10.

The same ARP requests are sent out port 7 of the c1000 with no tag (expected)

The device at port 7 responds with a MAC value (seen on the wire leaving the device)

The same responses from the device are seen on the trunk egress (leaving the c1000) but these are not tagged VLAN 10. There is no tagging. 

 

The embedded device:

[user@deviceA ~]$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.101.209  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::3019:aff:fe19:ad84  prefixlen 64  scopeid 0x20<link>
        ether 32:19:0a:19:ad:84  txqueuelen 1000  (Ethernet)
        RX packets 1087669  bytes 137580663 (131.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 19378  bytes 1217717 (1.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 681652  bytes 691683968 (659.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 681652  bytes 691683968 (659.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

0 Helpful

Go to solution
axiamilos
Level 1
Level 1

‎09-08-2020 09:13 PM

Upgrading from 15.2(7)E1 to 15.2(7)E2 resolved the issue. 

I couldn't find any release notes, just that the software was available. 

0 Helpful
Customers Also Viewed These Support Documents