cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

9355
Views
29
Helpful
69
Replies
Highlighted
Beginner

Ask the Expert: LAN Switching

I have a problem where I'm trying to add a switch at a remote location that I am connecting to over a VPN Tunnel to my main sites VTP domain. I have it configured correctly, but it won't join. Any ideas?

Main Site

VTP Version                     : running VTP1 (VTP2 capable)

Configuration Revision          : 192

Maximum VLANs supported locally : 1005

Number of existing VLANs        : 88

VTP Operating Mode              : Server

VTP Domain Name                 : vtp-ebiz

VTP Pruning Mode                : Disabled

VTP V2 Mode                     : Disabled

VTP Traps Generation            : Disabled

MD5 digest                      : 0xA8 0x13 0xA8 0x55 0x70 0xF0 0x96 0xAD

Configuration last modified by 10.1.1.2 at 3-13-12 16:47:09

Local updater ID is 10.1.1.2 on interface Vl1 (lowest numbered VLAN interface found)

Remote Site

VTP Version                     : 2

Configuration Revision          : 0

Maximum VLANs supported locally : 1005

Number of existing VLANs        : 16

VTP Operating Mode              : Client

VTP Domain Name                 : vtp-ebiz

VTP Pruning Mode                : Disabled

VTP V2 Mode                     : Disabled

VTP Traps Generation            : Disabled

MD5 digest                      : 0x8B 0xF5 0xD1 0x3C 0x6C 0x3D 0x38 0x33

Configuration last modified by 10.5.1.2 at 3-1-93 04:37:54

Cisco Employee

Ask the Expert: LAN Switching

VTP adverstisements only go out across trunk links.  Are these sites connected at layer 2?

-Matt

Beginner

Ask the Expert: LAN Switching

Hey Matt...

  I would like to ask  you a general question about Trunking which everyone has a different answer for. The question is about how you configure the native vlan in a trunk port. Here are some of the answers:

  >> Do not configure native vlan. By the default, the switch uses Vlan1 for untagged packets even when Vlan1 is shutdown for many other different reasons

  >> Configure the native vlan using your data vlan so all untagged traffic goes thru it

  >> Configure the native vlan using a vlan that is not used anywhere else. In other words, configure a dumb vlan and use it as the native vlan

  Thanks RG-

Cisco Employee

Ask the Expert: LAN Switching

Hello RG,

This is another of those questions where everyone has an opinion . In my opinion there are two ways you can setup the native vlan.  You either use it for your management vlan, or you use it for nothing and let it be a dead vlan.  Either method is acceptable, but I wouldn't use it as a regular data vlan. 

-Matt

Beginner

Ask the Expert: LAN Switching

Matt,

Thanks for the reply, these site are connected via layer 3 tunnel. Is there anyway to make it work in that environment?

Thanks

Cisco Employee

Ask the Expert: LAN Switching

You would have to setup something like L2TPv3 to tunnel the L2 over the L3.  What kind of device is handling the tunnel?

-Matt

Beginner

Ask the Expert: LAN Switching

Matt the tunnel is between two Juniper SRX firewalls. Do you know of a configuraiton guide for the L2TPv3 setup?

Thanks

Beginner

Ask the Expert: LAN Switching

Matt,

Since the firewalls don't have a L2TPv3 or like configuraiton option, is it possible to setup the l2tpv3 tunnel between the switch on either side of the tunnel?

Cisco Employee

Ask the Expert: LAN Switching

I am sorry, but the switches don't support that feature.  You would have to put a router in between if you wanted to implement that.

-Matt

Enthusiast

Ask the Expert: LAN Switching

Hello!

If I enable "spanning-tree portfast default", do I have to disable it on the trunk ports with the command "spanning-tree portfast disable" ?

And if that is the case, if I use the command "spanning-tree portfast bpduguard default" do I have to disable that on the trunk ports aswell?

Cisco Employee

Ask the Expert: LAN Switching

Hello Henrick,

Spanning-tree portfast default takes effect only on access ports.  Spanning-tree portfast bpduguard default only takes effect on ports which are in portfast mode.  So by enabling these two it won't do anything to your trunk ports. 

-Matt

Enthusiast

Ask the Expert: LAN Switching

Thank you for the reply.

I know I have read this in the CCNA but when you enable "spanning-tree portfast default" it shows a message like: "portfast enabled on all port, disable it on ports connected to switches, hubs..."

Again, thank you

Contributor

Re: Ask the Expert: LAN Switching

It should say "portfast enabled on all non-trunk ports"

Enthusiast

Re: Ask the Expert: LAN Switching

On the 3750/x and 3560/x switching platforms vlan based qos require an SVI to apply service policies to.  In addition, functions such as NTP broadcast require this as well.  I take it that if you have layer 2 only vlans with an SVI that is created but shutdown, then functions like NTP broadcasting will not work.  I'm curious if there is a list (internal or otherwise) of the functions that still operate on an SVI regardless of it's administrative shutdown state. 

Are vlan based qos service policies still applied? I would think they are, even if the SVI is shutdown?  I could lab all of the possiblities, but I would hate to do this if Cisco has it documented.  This would be very useful for design and security concerns.

Thanks

Cisco Employee

Ask the Expert: LAN Switching

Hello Matthew,

I know the NTP broadcast won't work with the SVI shutdown.  VACL's will work with the SVI shutdown, but I honestly have no idea if the qos policy is applied.  I would think it should be, but I am going to lab it up and test it out since I don't know.

-Matt

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards