08-28-2020 01:20 AM
Hello guys.
I am working on a switch migration from an old ZTE distribution to new Cisco C9500 switch and since my existing core switch is Cisco switch (which is stack wised), I wanted to connect the new distribution switch and the VSL core switches with port channel, but the thing is, in the old ZTE switch there were two separate trunk links with different native vlans going to each VSL links. but now, I want to connect them in one port-channel link. below is the old and new planned configurations. Please help me do this right! thanks!
OLD ZTE distribution SW Config
!
!
interface gei_1/13
out_index 15
description Uplink-to-Core1 (which implies to VSL 1)
negotiation auto
switchport mode trunk
switchport trunk native vlan 101
switchport trunk vlan 101
switchport trunk vlan 201
switchport trunk vlan 400
switchport trunk vlan 412
switchport trunk vlan 417
switchport trunk vlan 429
switchport trunk vlan 1040
switchport qinq normal
ip dhcp snooping trust
!
interface gei_1/14
out_index 16
description Uplink-to-Core2 (which implies to VSL 2)
negotiation auto
switchport mode trunk
switchport trunk native vlan 201
switchport trunk vlan 101
switchport trunk vlan 201
switchport trunk vlan 400
switchport trunk vlan 417
switchport trunk vlan 429
switchport trunk vlan 1040
switchport qinq normal
ip dhcp snooping trust
OLD VSL Core SW Config
!
!
interface TenGigabitEthernet1/0/1
description To-office-Tower-Gnd-Floor-Bridge1-Gei_1/13
switchport trunk native vlan 101
switchport trunk allowed vlan 101,102,400,412,417,429,1040
switchport mode trunk
!
interface TenGigabitEthernet2/0/1
description To-office-Tower-Gnd-Floor-Bridge1-Gei_1/14
switchport trunk native vlan 201
switchport trunk allowed vlan 101,201,400,1040
switchport mode trunk
New Cisco distribution SW Config
Interface range Tengig1/1/13-14
switchport trunk encapsulation dot1q
#switchport mode trunk
#switchport trunk native VLAN 101 VLAN 201
#switchport trunk allowed VLAN 101,201,400,412,417,429,1040
#Channel-group 31 mode on
#exit
!
#interface Port-channel 31
#description Connected to Core-SW
#switchport trunk encapsulation dot1q
#switchport mode trunk
#switchport trunk native VLAN 101 VLAN 201
#switchport trunk allowed VLAN 101,201,400,412,417,429,1040
New VSL Core SW Config
!
!
int TenGig1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 101 Vlan 201
switchport trunk allowed vlan 101,102,201,202,400,412,417,429,1040
channel-group 31 mode on
exit
!
int TenGig2/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 101 Vlan 201
switchport trunk allowed vlan 101,102,201,202,400,412,417,429,1040
channel-group 31 mode on
exit
!
int port-channel 31
description TO GND floor Distribution SW
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 101 Vlan 201
switchport trunk allowed vlan 101,102,201,202,400,412,417,429,1040
I would SO MUCH appreciate your kind help!
Solved! Go to Solution.
08-28-2020 02:06 AM
Hello @YetinayetBitew87488 ,
you cannot have two native vlans on the same switchport . This is wrong at conceptual level.
I think that @pieterh is right in his explanation of why two different native Vlans were used with the ZTE switch: if the ZTE switch interacts with the core switch only on the native VLAN using two different native Vlans on the two uplinks was a way to have both of them not blocked by PVST on Core switch.
With new switch you can run PVST or Rapid PVST so you don't need anymore this strange setup and if you build an an etherchannel the two links become only one logical one as noted by @balaji.bandi .
So use a single native Vlan on the member links of the new port channel.
Hope to help
Giuseppe
08-28-2020 01:30 AM
Hi there,
The purpose of the native vlan statement is to take an untagged frame and place it in the specified VLAN. The idea of having two native VLANs on a trunk link doesn't make sense in that respect.
Was the purpose of the native VLAN a security measure to prevent double tagging? If so, just specifying one VLAN is sufficient.
cheers,
Seb.
08-28-2020 01:34 AM
no you cannot assing multiple native vlans to a switchport, but I don't think you need to
my guess is :
with the old switch, spanning-tree was only stable/possible with assigning different native vlan to the different uplinks.
with the new setup and an etherchannel this problem does not occur
-> chose any vlan as the native vlan , and put all necessary vlans in the allowed list
08-28-2020 01:43 AM
i do not believe you need 2 or more native VLAN, native VLAN for where untagged packets, if you need more why not have seperate VLAN to TAG?
not sure what is the use case here.
08-28-2020 02:06 AM
Hello @YetinayetBitew87488 ,
you cannot have two native vlans on the same switchport . This is wrong at conceptual level.
I think that @pieterh is right in his explanation of why two different native Vlans were used with the ZTE switch: if the ZTE switch interacts with the core switch only on the native VLAN using two different native Vlans on the two uplinks was a way to have both of them not blocked by PVST on Core switch.
With new switch you can run PVST or Rapid PVST so you don't need anymore this strange setup and if you build an an etherchannel the two links become only one logical one as noted by @balaji.bandi .
So use a single native Vlan on the member links of the new port channel.
Hope to help
Giuseppe
08-28-2020 02:37 AM
Hey guys!
Thank you very much for your quick and clear response!
I have decided to use the same setup as previous one, since my job is migration and don't want to take any risk since its a very big Enterprise. Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide