Solved: Re: 3750-2960 Vlans Issue via Port Channel

Corneliu Paunescu · ‎01-03-2014

Im trying to get all my vlans to pass thru to my 2960 user level switches, from my 3750 stack.

Each one of my 2960 stack is connected to my 3750 via port channel. Here is my port setup.

I have Vlans 1,210,214,216,220,306,406 on my 3750 stack. I cannot see those vlans on my 2960 stack. Why is that? What am I missing from the config?

Thanks...

3750 ports:

interface GigabitEthernet1/0/41

description Uplink to ETHSW03

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,210,214,216,220,306,406

switchport mode trunk

snmp trap mac-notification change added

snmp trap mac-notification change removed

spanning-tree guard loop

channel-protocol lacp

channel-group 7 mode active

interface GigabitEthernet1/0/42

description Uplink to ETHSW03

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,210,214,216,220,306,406

switchport mode trunk

snmp trap mac-notification change added

snmp trap mac-notification change removed

spanning-tree guard loop

channel-protocol lacp

channel-group 7 mode active

interface Port-channel7

description Uplink to ETHSW03

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,210,214,216,220,306,406

switchport mode trunk

snmp trap mac-notification change added

snmp trap mac-notification change removed

spanning-tree guard loop

Here are my 2960 ports setup:

interface GigabitEthernet1/0/47
description Uplink to CORE01
switchport trunk allowed vlan 1,210,214,216,220,306,406
switchport mode trunk
snmp trap mac-notification change added
snmp trap mac-notification change removed
spanning-tree guard loop
channel-protocol lacp
channel-group 1 mode active

interface GigabitEthernet1/0/48
description Uplink to CORE01
switchport trunk allowed vlan 1,210,214,216,220,306,406
switchport mode trunk
snmp trap mac-notification change added
snmp trap mac-notification change removed
spanning-tree guard loop
channel-protocol lacp
channel-group 1 mode active

interface Port-channel1
description Uplink to CORE01
switchport trunk allowed vlan 1,210,214,216,220,306,406
switchport mode trunk
snmp trap mac-notification change added
snmp trap mac-notification change removed
spanning-tree guard loop

Rolf Fischer · ‎01-03-2014

We are connected to our datacenter via private ethernet line, and thats where most of our vlans and servers reside.

If this connection is a layer-2 trunk, you should be very careful with VTP!

I'd recommend to check the VTP config there as well to avoid unwanted deletion of VLANs! You really don't want to experience that, believe me!

To make use of VTP at your site, only a few steps are neccesary.

On all switches:

vtp domain

Optional (recommended):

vtp password

On the core-switch(es):

vtp mode server

On the others:

vtp mode client

If the vlan infromation is not synchronized, just rename one of the vlans on a VTP server:

vlan xxx

name yyy

This change increases the configuration revision and vlan information should be synchronized.

HTH

Rolf

View solution in original post

Rolf Fischer · ‎01-03-2014

How is it that vlans 306 and 406 were pushed to my 2960s (from my 3750 stack), but not the 210, 220, 214 vlans?

Actually I don't know, but they they cannot been learned from the 3750, as it is configured VTP transparent.

Perhaps from another Switch which is VTP Client or Server and already had those VLANs configured locally?

The datacenter network stack is set to transparent, and im afraid, if I  set our site to server, it might delete the vlans in our datacenter,  which will create a major major issue.

When they are transpartent, they will ignore VTP information from your side, but they might act as "relays" for this messages.

The use of a VTP password provides additional safety.

Finally it's your decision, but with that small number of switches you can also configure the VLANs locally I think (without using VTP).

HTH

Rolf

View solution in original post

Rolf Fischer · ‎01-03-2014

If my datacenter network is set to transparent, I should be able to set one of my sites to server, and create a specific domain ONLY for that site.

Is that correct?

Yes. And use a password, just to be be on the safe side ;-)

View solution in original post

Rolf Fischer · ‎01-03-2014

Hi,

I cannot see those vlans on my 2960 stack

do you use VTP for VLAN distribution?

If not, do you have those VLANs manually configured on the 2960?

Could you post the output of "show vlan brief", "show etherchannel 1 summary" and "show interface po1 trunk" from your 2960?

Regards

Rolf

Corneliu Paunescu · ‎01-03-2014

VTP mode on my 3750

vtp mode transparent

spanning tree info on the 3750

spanning-tree extend system-id

spanning-tree vlan 1-305,307-405,407-4094 priority 4096

spanning-tree vlan 306,406 priority 49152

spanning-tree extend system-id
spanning-tree vlan 1-305,307-405,407-4094 priority 4096
spanning-tree vlan 306,406 priority 49152

2960 info...

Showing the show vlan br will bring vlans

1

306

406

1002

1003

1004

1005

P-ETHSW03-20.4#show etherchannel 1 summary
Flags: D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------------

1 Po1(SU) LACP Gi1/0/47(P) Gi1/0/48(P)

P-ETHSW03-20.4#sh int po1 trunk

Port Mode Encapsulation Status Native vlan
Po1 on 802.1q trunking 1

Port Vlans allowed on trunk
Po1 1,210,214,216,220,306,406

Port Vlans allowed and active in management domain
Po1 1,306,406

Port Vlans in spanning tree forwarding state and not pruned
Po1 1,306,406

Rolf Fischer · ‎01-03-2014

So apart from the default VLANs only VLANs 306 and 406 exist on the switch and they seem to work at a first glance.

What about 210,214,216,220?

Corneliu Paunescu · ‎01-03-2014

Correct,

The other vlans (besides 306, 406) do not show up on my 2960.

210,214,216, etc, does not show up...

Rolf Fischer · ‎01-03-2014

Correct,

The other vlans (besides 306, 406) do not show up on my 2960.

210,214,216, etc, does not show up...

... and that's the problem you want to fix?

conf t

vlan 210,214,216,220

Or you could use VTP for an automated VLAN-distribution.

Depends on how often you change the VLAN-config and how many switches you have in your domain.

Corneliu Paunescu · ‎01-03-2014

I want my 2960 to learn the vlans from my 3750 stack. I want the 3750 stack to send out the vlans to my 2960.

Is that not possible? Just like the 306/406 vlans....

Rolf Fischer · ‎01-03-2014

That's of course possible, but then you'll have to change the VTP mode from Transparent to Server and perhaps some more VTP config (domain, password, etc.).

Is this a production network?

Corneliu Paunescu · ‎01-03-2014

Yes its production at the moment, but I could get away with some problems if they arrise lol.

We only have about 8 people at the moment, with 100 coming VERY soon. So I want to fix this before the rest move to this building.

How would I fix this issue? I can see now its via vtp, but this is what I have for VTP config in my 3750

spanning-tree vlan 1-305,307-405,407-4094 priority 4096

spanning-tree vlan 306,406 priority 49152

spanning-tree vlan 1-305,307-405,407-4094 priority 4096

spanning-tree vlan 306,406 priority 49152

Rolf Fischer · ‎01-03-2014

How many other Cisco switches do you have in that layer-2 domain?

Could you post the output of "show vtp status" from both stacks?

Corneliu Paunescu · ‎01-03-2014

I have 1 stack of 3750, connected with flex technology.

I have 3 stacks of 4-2960s, connected with flex technology.

Then, each 2960 stack is connected to my 3750 stack via port channels (gig ports x2).

Now, this is a second office site. We are connected to our datacenter via private ethernet line, and thats where most of our vlans and servers reside.

Output from 3750

P-DB-CORE01#sh vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : NULL
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 6c41.6a9c.a280
Configuration last modified by 10.2.20.1 at 3-3-93 23:43:55

Feature VLAN:
--------------
VTP Operating Mode                : Transparent
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 19
Configuration Revision            : 0
MD5 digest                        : 0x3D 0x05 0x4D 0x8C 0x31 0x07 0x34 0xDA
                                    0x2F 0x60 0xE8 0x24 0xA6 0x27 0x59 0x24

Output from 2960

P-ETHSW03-20.4#sh vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : NULL
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : c07b.bcb2.9a80
Configuration last modified by 10.2.20.2 at 1-3-14 13:02:15
Local updater ID is 10.2.20.4 on interface Vl1 (lowest numbered VLAN interface found)

Feature VLAN:
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 255
Number of existing VLANs          : 7
Configuration Revision            : 5
MD5 digest                        : 0x89 0x91 0xBA 0xE3 0x12 0x1B 0xDB 0x1D
                                    0x75 0x43 0x7F 0x8D 0x62 0x5A 0x09 0x70

Rolf Fischer · ‎01-03-2014

We are connected to our datacenter via private ethernet line, and thats where most of our vlans and servers reside.

If this connection is a layer-2 trunk, you should be very careful with VTP!

I'd recommend to check the VTP config there as well to avoid unwanted deletion of VLANs! You really don't want to experience that, believe me!

To make use of VTP at your site, only a few steps are neccesary.

On all switches:

vtp domain

Optional (recommended):

vtp password

On the core-switch(es):

vtp mode server

On the others:

vtp mode client

If the vlan infromation is not synchronized, just rename one of the vlans on a VTP server:

vlan xxx

name yyy

This change increases the configuration revision and vlan information should be synchronized.

HTH

Rolf

Corneliu Paunescu · ‎01-03-2014

I figured you might say that. I was researching while you were replying to me.

We have a bunch of vlans in our datacenter. The datacenter network stack is set to transparent, and im afraid, if I set our site to server, it might delete the vlans in our datacenter, which will create a major major issue.

Is there any other way to push the vlans?

How is it that vlans 306 and 406 were pushed to my 2960s (from my 3750 stack), but not the 210, 220, 214 vlans?

Thanks...

Rolf Fischer · ‎01-03-2014

How is it that vlans 306 and 406 were pushed to my 2960s (from my 3750 stack), but not the 210, 220, 214 vlans?

Actually I don't know, but they they cannot been learned from the 3750, as it is configured VTP transparent.

Perhaps from another Switch which is VTP Client or Server and already had those VLANs configured locally?

The datacenter network stack is set to transparent, and im afraid, if I  set our site to server, it might delete the vlans in our datacenter,  which will create a major major issue.

When they are transpartent, they will ignore VTP information from your side, but they might act as "relays" for this messages.

The use of a VTP password provides additional safety.

Finally it's your decision, but with that small number of switches you can also configure the VLANs locally I think (without using VTP).

HTH

Rolf

Corneliu Paunescu · ‎01-03-2014

If my datacenter network is set to transparent, I should be able to set one of my sites to server, and create a specific domain ONLY for that site.

Is that correct?

I just checked and both my datacenters are set to transparent, therefore, it should NOT get any vlan info from my main hq, even if its connected via trunk....