Solved: Re: PTP trunk not passing traffic.

jdiaz · ‎12-03-2013

Hello Experts,

I have two sites (one Houston, the other Atlanta) that we have recently ordered a 200MB PTP line for. They are connected on each end to Cisco 3750 catalyst fiber switches. Per the ISP, we have to have the ports trunked as dot1Q, non negotiate interfaces (which we have). Both interfaces show up\up, yet we are not seeing any traffic go through. In the past, the sites were connected via an IPSec tunnel from one ASA to the other. We've taken down the IPSec tunnel, and as mentioned above, used the 3750 for the PTP.

The interfaces are each set to use the default vlan (1) as the the native vlan and teh access vlan. Allowed vlans are all. Here is the kick: Each switch has the same named vlans (10, 192, 172, etc...) however, since they were differen sites, they have different subnets. For example, in Houston, vlan 192 was for subnet 192.168.41.x, while in Atlanta the same vlan (192) is for subnet 192.168.40.x

How can I set up my trunk to allow communication between these? Do I have to delete and rename the vlans on one side? Is there another way to do this?

I have ensure that each switch has vlan dot1q tag native enabled, and the cdp shows that the switches can see each other.

Any suggestions would be appreciated.

Thanks,

JD

Jon Marshall · ‎12-04-2013

JD

No, you can still use routing even if the link only accepts a trunk.

Lets say the link connects directly into L3 switches at either end. If it doesn't it's not a problem you just need to configure the following on the actual L3 switches.

vlan 10 <-- this is a new vlan not used anywhere in your network

subnet 192.168.5.0/30

Atlanta L3 switch

=============

create the vlan at L2

then create a L3 interface for that vlan

int vlan 10

ip address 192.168.5.1 255.255.255.252

no shut

gi0/0 <-- this is the new connection to Houston

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10

switchport mode trunk

Houston

=======

create the L2 vlan

then create a L3 interface for that vlan

int vlan 10

ip address 192.168.5.2 255.255.255.252

no shut

gi0/1 <-- this connects to Atlanta

switchport

switchport trunk encapsulation dot1

switchport trunk allowed vlan 10

switchport mode trunk

then you would simply set up routes on each L3 switch for the remote subnets using the next hop IPs assigned to the vlan 10 L3 interface.

It is a trunk link but you are only allowing one vlan across (a new unused vlan) and you are using that vlan to route between sites.

Edit - the "switchport trunk allowed vlan 10" is very important because it stops all the other vlans from seeing each other. However you still may face a problem with vlan 1 on the trunk because you cannot stop vlan 1 from going it across it even if you wanted to. So you have two vlan 1s joining together. That is why it is better to use a routed link. If you have devices in vlan 1 then you may get problems so i would recommend moving any devices out of vlan 1 (including switch management addresses) if at all possible.

Jon

View solution in original post

Jon Marshall · ‎12-03-2013

JD

I have just answered this very same question in the LAN Switching and Routing forum -

https://supportforums.cisco.com/thread/2254770?tstart=0

Jon

jdiaz · ‎12-03-2013

Thanks Jon,

Heading that way to check it out.

jdiaz · ‎12-09-2013

I just posted on the above mentioned link, since it seems more relevant now to my situation. Hope that was the right thing to do .

Thanks,

JD

jdiaz · ‎12-03-2013

I read the options Jon explained in https://supportforums.cisco.com/thread/2254770, am I to understand that if my SP doesnt support routing, and only accepts trunk, my only options is to re-vlan one of the switches? is that correct?

Thank you.

Jon Marshall · ‎12-04-2013

JD

No, you can still use routing even if the link only accepts a trunk.

Lets say the link connects directly into L3 switches at either end. If it doesn't it's not a problem you just need to configure the following on the actual L3 switches.

vlan 10 <-- this is a new vlan not used anywhere in your network

subnet 192.168.5.0/30

Atlanta L3 switch

=============

create the vlan at L2

then create a L3 interface for that vlan

int vlan 10

ip address 192.168.5.1 255.255.255.252

no shut

gi0/0 <-- this is the new connection to Houston

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10

switchport mode trunk

Houston

=======

create the L2 vlan

then create a L3 interface for that vlan

int vlan 10

ip address 192.168.5.2 255.255.255.252

no shut

gi0/1 <-- this connects to Atlanta

switchport

switchport trunk encapsulation dot1

switchport trunk allowed vlan 10

switchport mode trunk

then you would simply set up routes on each L3 switch for the remote subnets using the next hop IPs assigned to the vlan 10 L3 interface.

It is a trunk link but you are only allowing one vlan across (a new unused vlan) and you are using that vlan to route between sites.

Edit - the "switchport trunk allowed vlan 10" is very important because it stops all the other vlans from seeing each other. However you still may face a problem with vlan 1 on the trunk because you cannot stop vlan 1 from going it across it even if you wanted to. So you have two vlan 1s joining together. That is why it is better to use a routed link. If you have devices in vlan 1 then you may get problems so i would recommend moving any devices out of vlan 1 (including switch management addresses) if at all possible.

Jon

jdiaz · ‎12-04-2013

Many thanks Jon. I've went ahead and follwed your suggestion. I apologize for bugging again, but there are still two item I am not quite clear on.

1. "then set up routes on each switch for the remote subnets using the next hop IPs assigned to the vlan 222 L3 interface." - I'm not entirely sure how I do this. Can I do this from Network assistant? or would be something like:

Config t

ip route 192.168.5.1 255.255.255.252 192.162.5.2 255.255.255.252

(and then reverse the IP's on the otehr switch)?

This may seem basic, but I'm not a cisco guy... Merely stepping for the network engineer that kind of stopped showing up.

2. The trunking Native Vlan, and the access mode vlan still show as vlan 1. Will that be a problem? I have global vlan dot1q tag native enabled on both switches, and I dont think we have any devices using native vlan. And will this allow me to ping from different subnets from one switch to the other? This is the output I see for the switchport:

garfield#sh int gi 1/0/51 switchport

Name: Gi1/0/51

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: Off

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: 222

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

garfield#

Again, many thanks for your help.

Jon Marshall · ‎12-04-2013

JD

No need to apologise.

1) Config t

ip route 192.168.5.1 255.255.255.252 192.162.5.2 255.255.255.252

I don't use Network Assistant but from the CLI. Lets say you have a subnet in Atlanta 192.168.10.0 255.255.255.0. On the Houston L3 switch you would do -

"ip route 192.168.10.0 255.255.255.0 192.168.5.1" <-- 192.168.5.1 being the Atlanta end of the link as in previous post. You need to do this for each subnet in Atlanta although you may be able to summarise the subnets. If in doubt i can help out.

You will also need to do the reverse ie. on the Atlanta switch you need routes for all subnets in Houston pointing to 192.168.5.2.

Does that make sense ?

2) From your interface config -

Administrative Mode: trunk

Operational Mode: trunk

So it is a trunk and it's only allowing vlan 222. The native vlan is vlan 1 which means that vlan does not have a vlan tag. The native vlan must match on each switch for this trunk link. This is fine. As i said previously you cannot stop vlan 1 from going across the trunk link even if you don't explicitly allow it on the trunk link. That is only concern i have. You won't have loop but STP for the whole of vlan 1 now runs between the 2 sites which is not ideal. That is why i suggested removing any devices that are in vlan 1.

In an ideal world that link would not be a trunk but it sounds like that is all the SP is giving you.

Any more questions please feel free to come back.

Jon