Solved: Re: trunk/subinterfaces not working

bgoulet00 · ‎10-06-2020

i've configured this easily on a cat9300 connected to an isr1000 but i'm having issues getting it to work between a 2960cx and isr1841. i can ping across the native vlan but not any of the others. i'm not sure if the old 1841 needs some extra stuff setup that we take for granted in the new platforms? the 1841 is running 12.4(17)

SWITCH CONFIG

!
interface GigabitEthernet0/2

switchport trunk native vlan 62
switchport mode trunk
end

Vlan5 10.89.5.130 YES NVRAM up up

Vlan62 10.89.62.244 YES DHCP up up

ROUTER CONFIG

!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.5
encapsulation dot1Q 5
ip address 10.89.5.129 255.255.255.192
!
interface FastEthernet0/0.62
encapsulation dot1Q 62 native
ip address 10.89.62.1 255.255.255.0
ip helper-address 10.224.109.35
ip helper-address 10.224.209.25
!

Richard Burts · ‎10-10-2020

Glad that you found that post explaining that attempting to send an IP packet when there is no arp entry for the next hop mac address will result in encapsulation failure. So the question becomes why is arp failing?

The show commands from both devices indicate that both devices see it as dot1q encapsulation. But the fact that it seems that no traffic actually goes through the tagged vlan makes me wonder if one of the devices is really having problems with it. I wonder if we might get any insight if you do this on both devices:

- make sure that the logging level is set to debug

- show cdp neighbor detail

- shut the interface

- no shut the interface

- attempt to ping the neighbor address

- post any output

HTH

Rick

View solution in original post

Georg Pauwen · ‎10-06-2020

Hello,

post the full configs of both the switch and the router. If your goal is to configure a router-on-a-stick, your switch cannot have Vlan interfaces other than the native Vlan.

balaji.bandi · ‎10-06-2020

Try on the switch side and test and advise. ( by default your config should work)

interface GigabitEthernet0/2

switchport trunk native vlan 62
switchport mode trunk

switchport trunk allowed vlan 5,62 ( add any other vlan to pass)
end

still an issue post complete configuration of all devices which was part.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎10-06-2020

This is off topic a bit, but I think there is something wrong with the rating system. I sometimes get a 'Helpful' vote right after I post an answer, not from the OP, but from a user who has never contributed to anything in the past. The vote comes faster than anybody can possibly read the answer, so it looks like some sort of automated procedure...

Has anybody experienced this as well here on this forum ?

Giuseppe Larosa · ‎10-06-2020

Hello Georg,

yes I have the same impression sometimes I have got rating for a post just inserted in the forum from someone that is not the original poster.

Best Regards

Giuseppe

Georg Pauwen · ‎10-07-2020

In this day and age, the first thing that comes to mind is that these are hack attempts. Although I wonder what they would want to hack. I'll send a message to Monica, maybe she can look into it.

Richard Burts · ‎10-07-2020

It might be helpful if, in addition to the complete configs, we got the output of these commands on both devices

show ip interface brief

show ip route

show arp

HTH

Rick

bgoulet00 · ‎10-07-2020

the switch trunk already has switchport trunk allowed vlan all

the intent is not a router on a stick. this device is currently using a management ip on our user vlan. the goal is to use a management ip on vlan 5. the switch must still pass vlan 62 user traffic though. i need to prove vlan 5 and 62 are both properly passing traffic over the link before i change the default route, delete svi for vlan62, and mark both vlans as tagged, neither will be native. with a cat9300 connected to isr1000 i was able to easily do this, multiple svis and subinterfaces all capable of passing ping. this should be stupid simple but i've spent more than half my day on it.

there are no users at the site right now (covid wfh) so i don't have any users to test the user vlan after change. the device is also remote so i'm trying not to orphan it but the good news there are no users at the site so i can always recover using config archive or 'reboot in'.

sanitized configs attached. there really isn't anything relevant in them beyond what was posted. show commands are also in the files. you can see the arp doesn't even resolve over vlan5

bgoulet00 · ‎10-07-2020

also this is interesting. i'm not sure what 'other' vs IP traffic is. it doesn't show any ip traffic for vlan 5 on the router

USCPV1-F1-IR-01#show vlans

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0

Protocols Configured: Address: Received: Transmitted:
Other 0 9829

0 packets, 0 bytes input
9829 packets, 718250 bytes output

Virtual LAN ID: 5 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.5

Protocols Configured: Address: Received: Transmitted:
IP 10.89.5.129 0 0
Other 0 29

0 packets, 0 bytes input
29 packets, 1683 bytes output

Virtual LAN ID: 62 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.62

This is configured as native Vlan for the following interface(s) :
FastEthernet0/0

Protocols Configured: Address: Received: Transmitted:
IP 10.89.62.1 408853 418417
Other 0 5965

416085 packets, 122688079 bytes input
424382 packets, 203588282 bytes output

on the switch it shows outgoing from my ping attempts

USCPV1-F1-AS-01#show int vlan5
Vlan5 is up, line protocol is up
Hardware is EtherSVI, address is 0cd0.f8ca.4b41 (bia 0cd0.f8ca.4b41)
Internet address is 10.89.5.130/26
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 01:57:55, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
13 packets output, 895 bytes, 0 underruns
0 output errors, 3 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

Richard Burts · ‎10-07-2020

Thanks for the additional information. Not sure about the "other" traffic, but several possibilities come to mind:

- perhaps it is trunk negotiation frames

- perhaps it is spanning tree frames

I do not see any obvious issues in the posted configs that would explain why vlan5 is not working. I note that ip routing is enabled on the switch so both vlans should be able to operate at the same time. But something is not right. Would you post the output of these commands on the switch:

show interface status

show interface trunk

HTH

Rick

bgoulet00 · ‎10-07-2020

USCPV1-F1-AS-01#show int status

Port Name Status Vlan Duplex Speed Type
Gi0/1 notconnect 62 auto auto 10/100/1000BaseTX
Gi0/2 USCPV1-F1-IR-01 connected trunk a-full a-100 10/100/1000BaseTX
Gi0/3 notconnect 62 auto auto 10/100/1000BaseTX
Gi0/4 notconnect 62 auto auto 10/100/1000BaseTX
Gi0/5 notconnect 62 auto auto 10/100/1000BaseTX
Gi0/6 notconnect 62 auto auto 10/100/1000BaseTX
Gi0/7 notconnect 62 auto auto 10/100/1000BaseTX
Gi0/8 notconnect 62 auto auto 10/100/1000BaseTX
Gi0/9 notconnect 62 auto auto 10/100/1000BaseTX
Gi0/10 notconnect 62 auto auto 10/100/1000BaseTX
Gi0/11 notconnect 62 auto auto Not Present
Gi0/12 notconnect 62 auto auto Not Present
USCPV1-F1-AS-01#show int trunk

Port Mode Encapsulation Status Native vlan
Gi0/2 on 802.1q trunking 62

Port Vlans allowed on trunk
Gi0/2 1-4094

Port Vlans allowed and active in management domain
Gi0/2 1,5,62

Port Vlans in spanning tree forwarding state and not pruned
Gi0/2 1,5,62

Richard Burts · ‎10-07-2020

Thanks for the additional output. From what we are seeing I would expect it to work. But it is not working. would you configure one of the switch interfaces to be an access port in vlan 5 and see if that makes any difference.

HTH

Rick

bgoulet00 · ‎10-07-2020

still no go. very puzzling. i was really hoping someone on here was going to be like 'oh, on those old routers you also have to do blah blah blah...'

i did try going into vlan database mode and create the vlans but that didn't help. at one point i also created a subinterface that was tied to a bridge group and then configured a bvi interface but that didn't work. despite ip routing being enabled on the switch i did try shutting 62 down to see if 5 worked then but it does not, so long as it is set as tagged. i can only get whatever vlan is set as native to work

Richard Burts · ‎10-07-2020

can you post show interface for router main int and subinerfaces

HTH

Rick

bgoulet00 · ‎10-07-2020

USCPV1-F1-IR-01#show int fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is Gt96k FE, address is 0014.f2a9.4b46 (bia 0014.f2a9.4b46)
Description: Cape Canaveral MOCC LAN
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:24, output 00:00:00, output hang never
Last clearing of "show interface" counters 1d01h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 23000 bits/sec, 19 packets/sec
5 minute output rate 24000 bits/sec, 19 packets/sec
471269 packets input, 139857365 bytes
Received 8364 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
493916 packets output, 228346204 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
461621 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

USCPV1-F1-IR-01#show int fa0/0.5
FastEthernet0/0.5 is up, line protocol is up
Hardware is Gt96k FE, address is 0014.f2a9.4b46 (bia 0014.f2a9.4b46)
Internet address is 10.89.5.129/26
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 5.
ARP type: ARPA, ARP Timeout 04:00:00
Last clearing of "show interface" counters never

USCPV1-F1-IR-01#show int fa0/0.62
FastEthernet0/0.62 is up, line protocol is up
Hardware is Gt96k FE, address is 0014.f2a9.4b46 (bia 0014.f2a9.4b46)
Internet address is 10.89.62.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 62.
ARP type: ARPA, ARP Timeout 04:00:00
Last clearing of "show interface" counters never