07-22-2012 02:44 PM
B"H
Okay, I'm going to cry uncle and ask the cisco community for help here...here's what i'm looking to accomplish. I have two cabinets in a datacenter with four available cross connect cables. I would like to set up two LAGs between the two switches each of which will carry one vlan across to the other. My default vlan contains all of my servers on it (10.0.0.0/8), and my backup vlan (192.168.200.0/24) will only be used for iscsi traffic and data backups. At the moment, I have one cable connecting the two switches and it works fine for the default vlan. When I add in a second cable and set it to vlan 200, no matter what settings I try it just doesn't pass traffic. I'm sure i'm doing something stupidly wrong, but hey, i never claimed to be a networking expert, so that's why I'm here asking for help!
I've made several attempts to get the second connection working, tagged, untagged, trunk, access, etc. Can someone either tell me what the real solution is, or point me at the proper documentation so I can solve this issue?
Thanks in advance!
Solved! Go to Solution.
07-25-2012 03:13 PM
Hello Yitz,
The SG 200 switch does not support MSTP or PVST, PVST+. None of the small business products at this time support any proprietary protocol that is not IEEE or equivalant. The exception to this idea is CDP which was added about 18 months ago in the MRv 1.1 releases to better integrate with the voice solutions, onplus and interoperate with enterprise networks.
The work around that we have discussed yetserday within your case is to globally disable spanning tree and set the bpdu to filtering.
07-22-2012 02:57 PM
Hello Yitz,
After creating the lags, all you should have to do is set the lag to the appropriate vlan as untagged. It is no different than running 2 seperate wires to a respective vlan.
07-22-2012 04:53 PM
B"H
Hi Thomas,
Thanks for the quick reply. oddly enough, that was the first thing I tried and it just didn't work. is it stp that's getting in the way? here's my port vlan membership tables for both switches. the wires (at the moment) are between ports 1 and 1 for the first connect, and 26 and 26 for the second connect. If I can get them working, i'll then go ahead and try to combine them into a LAG and have two each...at the moment, I cannot ping anything on the other side, only on the same side of the switch.
07-22-2012 06:11 PM
This is correct, you will not have access to anything on the other side. The traffic from the vlan 1 will talk to only vlan 1, the same said for vlan 200.
The router must understand both subnets to have the intervlan routing. Otherwise it will be 100% seperate. If your router can't understand the vlans or multiple subnet, you will require a layer 3 switch. That will get the intervlan communication up, then your router would need to support a static route to be able to get the other subnet to communicate with the internet correctly.
07-22-2012 06:25 PM
B"H
Ah, that's just it though, I *don't* need inter-vlan traffic whatsoever! The idea is to separate the two switches into four pretty much. My backups vlan is to be completely separate from the main vlan and never the twain shall meet. Vlan 200 will never see any traffic whatsoever except for specific hosts on that subnet (same servers, but separate nics on each). I know I have the servers networking set up correctly, since I can ping from one to the other over the backup vlan...just *can't* get traffic from one switch to the other....
ugh, this is frustrating...did I forget to click the 'don't do stupid things' checkbox somewhere in the settings?
Thanks again for your help here!
07-22-2012 10:41 PM
Hello Yitz,
I'm not clear if your question is answered so I will clarify to ensure we have good understanding. The challenge I feel you're facing or will be facing is as such;
This means when you need to create both LAG before having a physical connection, otherwise spanning tree will knock one of them down
VLAN Management > Port to VLAN, from here you choose the port or LAG and click GO. Specify the LAG to which VLAN you need
07-23-2012 05:15 AM
B"H
Okay, I think that may solve the issue.
This means when you need to create both LAG before having a physical connection, otherwise spanning tree will knock one of them down
I've been trying to make changes and assign vlans while the cables were already in place....silly me, what was I thinking? Oddly enough, I suspected that stp was killing off the second connection in the first place. I have to run up to the colo and pull some cables, but i'll let you know how it works out later today.
Thanks again!
07-23-2012 12:57 PM
B"H
Nope, no love here so far. Cleaned everything up, set one LAG to the default vlan, one LAG to vlan 200 (with the cables out of course) fired them up, but no go. it looks like everything is configured properly, there's just no traffic across the 200 LAG/vlan. well, each individual switch has traffic from one machine to another on the separate vlans, no problem, and vlan 1 can pass traffic from one switch to another...but vlan 200 will not allow anything through from one switch to another.
Any ideas how to debug/diagnose this?
Thanks in advance!
07-23-2012 01:32 PM
Yitz, give the SBSC a call
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
If you like, you can request the case assigned to me. Make sure to have your Cisco ID, device serial number and this community post link for the agent that answers the phone.
07-23-2012 05:05 PM
Yitz, I have labbed your topology.
I have a SG300 switch acting as a router with 2 vlan interfaces.
I also have 2 SG200 switches.
Port 1 from SG300 to port 1 of SG200 = vlan 1 access ports
Port 48 from SG300 to port 48 of SG200 = vlan 200 access ports
SG200#1 has LAG #1 port 2,3
SG200#1 has LAG #2 port 4,5
SG200#2 has LAG #1 port 2,3
SG200#2 has LAG #2 port 4,5
LAG #1 = vlan 1
LAG #2 = vlan 2
Oddly enough, spanning tree put my connections in vlan 200 in to discarding state, for both the lag and individual connection. This is very odd behavior for me as it is pretty common practice to separate networks in this manner especially if you have 2 gateways, but it is also not rare to have a single router with 2 distinct interfaces. Additionally, on the spanning-tree pages, the status will record "N/A" for the LAG ports.
07-23-2012 06:04 PM
B"H
Hi Thomas,
So, does that mean it worked in your lab setup? On mine, the RSTP Port role says disabled for the LAG on vlan 200. My router has no knowledge of vlan 200 at all, as there is no need for my backup/iscsi traffic to ever go beyond the vlan. it's just weird...i'm able to reach machines on either side of the LAG, but nothing passes between the two switches over vlan 200/LAG. I know they're connected, as I get green lights on them, so it's not the cables...it's got to be something set incorrectly in the switch(es).
Sorry for my n00bness, i'm just trying to get something to work that should 'just work'(tm), but it just isn't.
07-23-2012 06:08 PM
No, it means spanning tree is misbehaving and it shouldn't be. For whatever reason, the spanning tree is viewing both LAG as a redundant link, when it fact, it shouldn't be.
A simplified example:
Switch #1
Port 1 untagged, access, vlan 1
Port 2 untagged, access vlan 2
Switch #2
Port 1 untagged, access vlan 1
Port 2 untagged, access vlan 2
Spanning tree should not put any port in to discarding state as it is 2 separate lan segments. If you would like to persue this issue, I implore you to call the SBSC as mentioned in my above post then request the service request to be assigned to me.
07-23-2012 06:30 PM
B"H
yah, I was planning on calling in the morning... can't do it now.
Thanks! i'm sure we'll get to the bottom of this!
07-25-2012 03:13 PM
Hello Yitz,
The SG 200 switch does not support MSTP or PVST, PVST+. None of the small business products at this time support any proprietary protocol that is not IEEE or equivalant. The exception to this idea is CDP which was added about 18 months ago in the MRv 1.1 releases to better integrate with the voice solutions, onplus and interoperate with enterprise networks.
The work around that we have discussed yetserday within your case is to globally disable spanning tree and set the bpdu to filtering.
09-06-2013 10:45 AM
Hi Yitz,
I'm trying to accomplish a similar thing that you mention on your post.
I have two SG200 switches which I want to divide into 2 totally independent VLANs.
My guess was that I could create a VLAN #2 and assign ports 1- 24 to VLAN #1 (default) and ports 25-48 to VLAN #2.
Do the same thing with the second switch.
And finally connect a cable from port 1 on switch 1 to port 1 on switch 2 and
another cable from port 25 on switch 1 to port 25 on switch 2.
For some reason, devices can bee "pinged" on the same vlan ports on switch 1 but cannot reach the devices on switch 2.
Did you manage to solve this issue?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide