Adding VLAN to Po-Group and OSPF routing what is the correct way

ITAdmin777 · ‎03-03-2014

Hi Community,

I recently had an issue that brought down the links between a couple of switches...luckily this was done after hours and I did not save the config so was able to revert back.

The basic scope of my project is:

We are running out of IP's on the 192.168.1.0/24 sunbnet so wanted to create a seperate VLAN/Subnet for physical workstations.

He is what I orginally did;

1) On our core switch; (Switch1)

Create the VLAN,

VLAN interface,

DHCP pool,

excluded address'

2) On second switch (Switch 2)

Add VLAN name, no interface

3) I then updated the PO-group on Switch1 with new VLAN (this brought down the link before I was able to finish my config)

Therefore I was not able to complete the following:

add vlan to spanning-tree or updated OSPF routing

______________________________________________

Here is what I assume to be the correct order?

1) On Core Switch (Switch 1)

Create VLAN

VLAN interface

DHCP pool

excluded address'

add vlan to spanning-tree

add vlan (passive interface) and sunbet to OSPF routing

2) On Switch 2

Add vlan name/interfaces with no ip

3) Update PO groups after the above has been configured

Add new VLAN to Po-Group on Switch 2

Add new VLAN to Po-Group on Switch 1

4) Last steps

Updated specific access ports with new VLAN and test

upon completion of testing, update all other access ports connected ot workstations with new VLAN

_____________________________________________

Questions:

Did my links go down because I added new VLAN to Po-group BEFORE updating spanning-tree and OSPF routing?

Can anyone verify the order as outlined in the section "Here is what I assume to be the correct order"

Jon Marshall · ‎03-03-2014

Did my links go down because I added new VLAN to Po-group BEFORE updating spanning-tree and OSPF routing?

OSPF no, STP probably not assuming you are running PVST+ or rapid PVST+ on your switches.

This is the way i would do it -

1) create new vlan and SVI on core switch

2) set STP priority for that vlan on core switch

3) if you are running VTP transparent create the vlan on the second switch

3) open windows to both switches and have a cut and paste config to add the vlan to the port group

then when all that has been done add the OSPF configuration.

Jon

ITAdmin777 · ‎03-04-2014

Hello jon....thanks for te advise.

Can you review my config:

To Summarize

Step 1 - On Switch1 - Create VLAN, interface, DHCP scope, excluded address'

On Switch 2 - Create the VLAN and I nterface with no ip

Step 2 - Set STP priority

Step 3 - Update PO-groups on Switch2 and Switch 1

Step 4 - Add new VLANs to OSPF as passive interface

__________________________________________________________________

So therefore , something like this

FYI: We are running in VTP transparent MODE

Step 1 - Create the VLAN, interface, DHCP scope, excluded address list

On SWITCH1 (core)

Task: Add new VLAN's (40 & 41)

RESULT:

vlan 40

name vDesktops(192.168.40.0/24)

vlan 41

name WRKSTNs(192.168.41.0/24)

________

TASK: Assign IP to VLAN (40 & 41) interfaces

RESULT:

interface Vlan40

ip address 192.168.40.254 255.255.255.0

interface Vlan41

ip address 192.168.41.254 255.255.255.0

_______

TASK: Create the DHCP scope for the new VLANs

RESULT:

ip dhcp pool VLAN40

network 192.168.40.0 255.255.255.0

default-router 192.168.40.254

domain-name myDomain.com

dns-server 192.168.1.44 192.168.1.45

ip dhcp pool VLAN41

network 192.168.41.0 255.255.255.0

default-router 192.168.41.254

domain-namemyDomain.com

dns-server 192.168.1.44 192.168.1.45

________

TASK: Exclude a block of IP's for VLAN (40 & 41), just in case we require some static IP's

RESULT:

ip dhcp excluded-address 192.168.40.1 192.168.40.20

ip dhcp excluded-address 192.168.41.1 192.168.41.20

---------

On Switch 2

TASK: Add new VLAN names for VLAN (40 & 41)

RESULT:

vlan 40

name vDesktops(192.168.40.0/24)

vlan 41

name WRKSTNs(192.168.41.0/24)

_______

TASK: Add VLAN (40 & 41) interfaces with no ip address

RESULT:

interface Vlan40

no ip address

!

interface Vlan41

no ip address

______________________________________________

_______________________________________________

Step 2 - Set STP Priority

ON SWITCH 1 (core)

TASK: Add new VLANs to spanning-tree

On our SWITCH1 (core), we have this line of code,

spanning-tree vlan 3,10,20,50,900,999 priority 24576

config t

spanning-tree vlan 3,10,20,50,40,41,900,999 priority 24576

RESULT:

spanning-tree vlan 3,10,20,50,40,41,900,999 priority 24576

Note: vlan 40 and 41 now added.

____________________________________________

Step 3 - Update Po-Groups on Switch 2 and Switch 1 (core)

Putty into both and copy/past

Switch 2 - Port-channel1

Switch 1 - Port-channel2

TASK: ADD new vlans to Po-Groups

Config t

HARV-RHO-SW2(config)#interface Port-channel1

HARV-RHO-SW2(config-if)# switchport trunk allowed vlan add 40,41

HARV-RHO-SW2(config-if)#exit

HARV-RHO-SW2(config)#

HARV-RHO-SW1(config)#interface Port-channel2

HARV-RHO-SW1(config-if)# switchport trunk allowed vlan add 40,41

HARV-RHO-SW1(config-if)#exit

HARV-RHO-SW1(config)#

___________________________________________________

____________________________________________________

Step 4- Add new VLANs to OSPF as passive interface

On Switch 1 (core)

We have this line of code

router ospf 100

router-id 192.168.1.10

log-adjacency-changes

passive-interface Vlan10

passive-interface Vlan30

passive-interface Vlan50

passive-interface Vlan500

network 192.168.0.2 0.0.0.0 area 0

network 192.168.1.10 0.0.0.0 area 0

network 192.168.30.254 0.0.0.0 area 0

network 192.168.33.254 0.0.0.0 area 0

network 192.168.51.254 0.0.0.0 area 0

network 192.168.99.5 0.0.0.0 area 0

network 192.168.200.254 0.0.0.0 area 0

TASK: OSPF - Add new VLANs(40 & 41) to OSPF as Passive Interface

******* Begin Here *********

config t

router ospf 100

passive-interface vlan40

passive-interface vlan41

!Not sure about these lines of code, I do not think required as I am mirroing VLAN 10 (old vlan) so new vlan 40, 41 should be similar

network 192.168.40.254 0.0.0.0 area 0

network 192.168.41.254 0.0.0.0 area 0

******* End Here *********

RESULT:

router ospf 100

router-id 192.168.1.10

log-adjacency-changes

passive-interface Vlan10

passive-interface Vlan30

passive-interface Vlan40

passive-interface Vlan41

passive-interface Vlan50

passive-interface Vlan500

network 192.168.0.2 0.0.0.0 area 0

network 192.168.1.10 0.0.0.0 area 0

network 192.168.30.254 0.0.0.0 area 0

network 192.168.33.254 0.0.0.0 area 0

network 192.168.51.254 0.0.0.0 area 0

network 192.168.99.5 0.0.0.0 area 0

network 192.168.200.254 0.0.0.0 area 0

Hope order is correct so I do not bring down my trunk links the next go around. Please correct task order if you don't mind.

Much appreciated!

Jon Marshall · ‎03-04-2014

Looks fine except for a few points -

1) you do not need SVIs on the other switch if it is not routing. So you are creating them with no IP address assigned. But you don't actually need to do this

2) you do need to add those "network ..." entries under the OSPF configuration but you should still make them passive interfaces.

Adding a vlan to the port channel on both ends should not bring the link down.

That said i always do these sort of things out of core hours just in case.

Hope it goes well when you implement the changes.

Jon

ITAdmin777 · ‎03-04-2014

So the order in which to apply TASKS is correct?

also just to clarify the following TASK based on your comments.

Step 4- Add new VLANs to OSPF as passive interface

On Switch 1 (core)

We have this line of code

router ospf 100

router-id 192.168.1.10

log-adjacency-changes

passive-interface Vlan10

passive-interface Vlan30

passive-interface Vlan50

passive-interface Vlan500

network 192.168.0.2 0.0.0.0 area 0

network 192.168.1.10 0.0.0.0 area 0

network 192.168.30.254 0.0.0.0 area 0

network 192.168.33.254 0.0.0.0 area 0

network 192.168.51.254 0.0.0.0 area 0

network 192.168.99.5 0.0.0.0 area 0

network 192.168.200.254 0.0.0.0 area 0

TASK: OSPF - Add new VLANs(40 & 41) to OSPF as Passive Interface

******* Begin Here *********

config t

router ospf 100

passive-interface vlan40

passive-interface vlan41

!WE SHOULD ADD THIS LINE OF CODE

network 192.168.40.254 0.0.0.0 area 0

network 192.168.41.254 0.0.0.0 area 0

******* End Here *********

RESULT:

router ospf 100

router-id 192.168.1.10

log-adjacency-changes

passive-interface Vlan10

passive-interface Vlan30

passive-interface Vlan40

passive-interface Vlan41

passive-interface Vlan50

passive-interface Vlan500

network 192.168.0.2 0.0.0.0 area 0

network 192.168.1.10 0.0.0.0 area 0

network 192.168.30.254 0.0.0.0 area 0

network 192.168.33.254 0.0.0.0 area 0

network 192.168.40.254 0.0.0.0 area 0

network 192.168.41.254 0.0.0.0 area 0

network 192.168.51.254 0.0.0.0 area 0

network 192.168.99.5 0.0.0.0 area 0

network 192.168.200.254 0.0.0.0 area 0

Better??

Again thanks...your feedback have been a tremendous help!

Jon Marshall · ‎03-04-2014

Yes, better for the OSPF configuration.

The only sligtht change i would make to the order is as soon as you create the new vlans then assign the STP priority to them before creating the SVIs and configuring the DHCP.

Apart from that it all looks good.

Jon

Adding VLAN to Po-Group and OSPF routing what is the correct way?