Solved: dot1q trunk on 6509 w/ catos to a 2621 router with 12x IOS

mccmhtac1 · ‎10-26-2011

I need to setup a vlan between the 6509 and 2621 router. This needs to be a VLAN (200) the runs between the devices that uses DOT1Q trunking. The end result is all the networks (vlans) on the 6509 can talk to the LAN on the 2600 (10.133.22.0 / 23) and visa versa.

Device 1

6509 with CatOS / IOS

Config I did on the MSFC:

Interface Vlan 200

ip address 10.10.10.1 255.255.255.248

Config I did on the switch:

set vtp domain mccmh

set vlan 200 7/37

set port speed 7/37 100

clear trunk 7/37 1-199,201-699,701-1005,1025-4094

set trunk 7/37 on dot1q 200,700,1006-1024

et spantree portfast 7/37 enable trunk

Device 2:

Config I did on the 2600 Router:

interface FastEthernet0/0

description OPTEMAN ERS Interface

no ip address

speed 100

half-duplex

!

interface FastEthernet0/0.100

bandwidth 10000

encapsulation dot1Q 200

ip address 10.10.10.2 255.255.255.248

The interfaces who connected (currently using a cat5 cable for testing) and CDP nei shows the other side.

I cannot ping in either direction to a ip in the vlan 200 (10.10.10.1-2) from either device.

What am I missing?

Debuggin logs:

On the 6509 here are the sh logs:

show port capabilities 7/37

Model WS-X6148-GE-TX

Port 7/37

Type 10/100/1000

Speed auto,10,100,1000,auto-10-100

Duplex half,full

Trunk encap type 802.1Q

Trunk mode on,off,desirable,auto,nonegotiate

Channel yes

Broadcast suppression no

Flow control receive-(off,on,desired),send-(off,on,desired)

Security yes

Dot1x yes

Membership static,dynamic

Fast start yes

QOS scheduling rx-(1q2t),tx-(1p2q2t)

CoS rewrite yes

ToS rewrite DSCP

UDLD yes

Inline power no

AuxiliaryVlan 1..1000,1025..4094,untagged,dot1p,none

SPAN source,destination

COPS port group 7/25-48

Link debounce timer yes

Dot1q-all-tagged yes

Auto MDIX yes

Jumbo frames no

sh port 7/37

* = Configured MAC Address

# = 802.1X Authenticated Port Name.

Port Name Status Vlan Duplex Speed Type

----- -------------------- ---------- ---------- ------ ----------- ------------

7/37 connected trunk half 100 10/100/1000

sh trunk

* - indicates vtp domain mismatch

# - indicates dot1q-all-tagged enabled on the port

$ - indicates non-default dot1q-ethertype value

Port Mode Encapsulation Status Native vlan

-------- ----------- ------------- ------------ -----------

7/37 on dot1q trunking 200

15/1 nonegotiate isl trunking 1

16/1 nonegotiate isl trunking 1

Port Vlans allowed on trunk

-------- ---------------------------------------------------------------------

7/37 200,700,1006-1024

15/1 1-4094

16/1 1-4094

Port Vlans allowed and active in management domain

-------- ---------------------------------------------------------------------

7/37 200

15/1 10,20,30,100-101,200

16/1

Port Vlans in spanning tree forwarding state and not pruned

-------- ---------------------------------------------------------------------

7/37 200

15/1 10,20,30,100-101,200

16/1

-----------and on the 2600 ------------------------

CCESSRTR1#sh int fa0/0.100

FastEthernet0/0.100 is up, line protocol is up

Hardware is AmdFE, address is 0007.851b.d540 (bia 0007.851b.d540)

Internet address is 10.10.10.2/29

MTU 1500 bytes, BW 10000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation 802.1Q Virtual LAN, Vlan ID 200.

ARP type: ARPA, ARP Timeout 04:00:00

Thanks

glen.grant · ‎10-26-2011

The trunk does not appear to be configured correctly . On the 6500 you have set the 7/37 as native 200 when you did a set vlan 200 on 7/37 . The router port setup is set as native vlan 1 because you did not specify a native vlan on the 2600 side , the easiest way to fix this would be on the 2600 side change your subinterface config to "

encapsulation dot1Q 200 native" or you can set the 6500 side to vlan 1 , "set vlan 1 7/37" and leave your subinterface config as is . . The trunk will not work correctly unless your native vlans match. Also you need to fix your port setups as I see the 6500 is half/100 , which is a duplex mismatch. Also if there is a subnet on the 2600 that you need to reach from the 6500 if you are not running dynamic routing protocols you will need static routes pointing to the subnet from the 6500 . If you need to reach all vlans on the 6500 from the 2600 then you will need a static route on the 2600 for each subnet on the 6500 you are trying to reach from the 2600 .

View solution in original post

Richard Burts · ‎10-27-2011

Brian

Given what AT&T seems to be provisioning PTP between the sites is not feasible (with 3 sites it would take at least 3 PTP links to get it all connected, and AT&T is giving you just 1). But logically it could be set up as a single routed subnet between the sites. You could think of it as a really big Ethernet with 3 layer 3 routers. On the 2600 router you would just configure the FastEthernet interface with an IP address (no subinterfaces). On the 3560 you could configure the connection as a routed port (no switchport). On the 6509 you would need to configure the port as an access port and assign it to a VLAN and then configure interface vlan 99 and apply the IP address. All three interfaces would have IP addresses within the subnet. At site 2 and site 3 you would need to configure connectivity for the end stations at each site and you would need to configure routing so that the end stations at site 2 and site 3 would have connectivity to the services and resources that they need at HQ. And services and resources at HQ would have to have routing logic back to the end station subnets at site 2 and site 3.

What I describe can be done. But whether it would work well for your environment is something that you would need to assess (and we do not have enough information about your environment to give much advice). You say that site 2 and site 3 need Voip calls, applications, and files from HQ. Would these Voip calls and applications work with routed remote subnets, or are there any requirements in any of the applications or services that resources at 2 sites would need to appear to be local?

HTH

Rick

HTH

Rick

View solution in original post

Leo Laohoo · ‎10-26-2011

set vlan 200 7/37

set trunk 7/37 on dot1q 200,700,1006-1024

Forgive me here because I haven't touched CatOS for years.

Here's what I understand of the two lines above:

1. First line sets port Gi 7/37 to a VLAN access port of 200; and

2. Second line set port Gi 7/37 to from an access port of VLAN 200 to a trunk port which allows VLAN 200.

So my question is, do you have an access port connected to an active port and configured as VLAN 200?

Kishore Chennupati · ‎10-26-2011

Hi,

When you do a " sh port status" do you see the Vlan 200 interface up/up or up/down?

HTH

Regards

Kishore

mccmhtac1 · ‎10-26-2011

It is up..

glen.grant · ‎10-26-2011

The trunk does not appear to be configured correctly . On the 6500 you have set the 7/37 as native 200 when you did a set vlan 200 on 7/37 . The router port setup is set as native vlan 1 because you did not specify a native vlan on the 2600 side , the easiest way to fix this would be on the 2600 side change your subinterface config to "

encapsulation dot1Q 200 native" or you can set the 6500 side to vlan 1 , "set vlan 1 7/37" and leave your subinterface config as is . . The trunk will not work correctly unless your native vlans match. Also you need to fix your port setups as I see the 6500 is half/100 , which is a duplex mismatch. Also if there is a subnet on the 2600 that you need to reach from the 6500 if you are not running dynamic routing protocols you will need static routes pointing to the subnet from the 6500 . If you need to reach all vlans on the 6500 from the 2600 then you will need a static route on the 2600 for each subnet on the 6500 you are trying to reach from the 2600 .

Kishore Chennupati · ‎10-26-2011

Nice one glen

mccmhtac1 · ‎10-26-2011

Glenn,

Here is the entire story:

AT&T is installing thier OPTEMAN at 3 off our locations.

LOcation 1 is the 6509 and is the 'HQ' office withe call routing, data access, Internet access, etc.

Site 2 is the 2600 - they need thier Voip calls, applications, and files, from the 6509.

Site 3 has the same needs as the 2600, but is a 3560.

AT&T is giving me a single 20Mbs Ethernet handoff at the 6500, the 2600, and 3560. This is a layer2/3 technology and the told me I need to create a VLAN and use dot1q between the 3 sites. The 6509 will originate the VLAN on the MSFC.

I am very famliar with PTP WAN configs, an to be honest I am at a loss. I thought I could create a VLAN and trunk the three site togther.

I am open to suggestions.

mccmhtac1 · ‎10-26-2011

Glenn,

Here is the entire story:

AT&T is installing thier OPTEMAN at 3 off our locations.

LOcation 1 is the 6509 and is the 'HQ' office withe call routing, data access, Internet access, etc.

Site 2 is the 2600 - they need thier Voip calls, applications, and files, from the 6509.

Site 3 has the same needs as the 2600, but is a 3560.

AT&T is giving me a single 20Mbs Ethernet handoff at the 6500, the 2600, and 3560. This is a layer2/3 technology and the told me I need to create a VLAN and use dot1q between the 3 sites. The 6509 will originate the VLAN on the MSFC. Any of the three sites can access each other, but the LANs on the MSFC are where the resources exist.

I am very famliar with PTP WAN configs, an to be honest I am at a loss. I thought I could create a VLAN and trunk the three site togther.

I am open to suggestions.

Kishore Chennupati · ‎10-26-2011

Hi Brian,

your network should look something like this if I ma not mistaken.

So, put it this way you use Vlans on site and then use a point to point layer3 link between the 6509 and the 2621

Site A:

This wil have a 2621 router and a layer 2 switch behind for the users.. You just create vlans . Its good to use a format

for eg: 10.VLAN.Site.0/24.

so 10.200.34.0/24 ---- For Marketing users

10.201.34.0/24 - For Engineering users etc.

Then create a trunk between the router and the switch onsite using the encapsulation dot1q on the subinterface etc.

Now on the WAN side of the 2621 just configure a /30 ip address like say 172.21.1.1/30 and on the 6509 port change it to a routed port and put the IP adress 172.21.1.2/30. This will act like a point to point.

and then you can run a routing protocol like EIGRP and advertise the local networks.

2621 config

int fa0/1.200

ip add 10.200.34.254 255.255.255.0

encap dot1q 200

int fa0/0

ip address 172.21.1.1 255.255.255.252

router eigrp 10

network 172.21.1.1 0.0.0.0

network 10.200.34.0 0.0.255

no auto

6509 config

int < your interface>

no switchport

ip address 172.21.1.2 255.255.255.252

router eigrp 10

networ 172.21.1.2 0.0.0.0

no auto

This is how you can set up the site to site with what you have. Let me know if you need more info

HTH

Regards,

Please rate igf helps

Richard Burts · ‎10-27-2011

Brian

Glen has correctlyl identified the immediate problem as a mismatch between the switch and the router. The switch has VLAN 200 as the native VLAN so it sends frames in VLAN 200 as untagged. But the router has it as a VLAN and the default native VLAN is 1. So the router is expecting tagged frames on VLAN 200. You either need to make the VLAN not the native VLAN on the switch or you need to specify it as the native VLAN on the router. You need to fix that before you try to do other things over this connection.

Once you get that working you can figure out whether the various applications and types of data that you mention should all go accross one VLAN between devices or whether there should be multile VLANs carried on the connection.

HTH

Rick

HTH

Rick

mccmhtac1 · ‎10-27-2011

Rick thank you for the response.

Actually My network is simpler and more complicated and yes I would

prefer to do ptp layer 3 between them all.

At the 6509 (HQ) AT&T is only giving me 'one' Ethernet hand-off to use

for both Site A (2621) and Site B (3560).

The HQ Site has all the resources site A&B need to access.

Site A, has only one subnet there, no vlans, 10.133.22.0/ 23

Site B is a headend which two subnets will originate on the 3560 (two

SFP fiber connections going to Sites C and D, 10.133.24 &26.0 / 23).

So really no vlans are needed at all. Just basic network routing. The

entire dot1q idea came from the AT&T engineer. My area of expertise runs

out when connecting 3 site via FA ports using Layer 3 configs.

Hope this clears it up a little and think you so much for you help.

Richard Burts · ‎10-27-2011

Brian

Given what AT&T seems to be provisioning PTP between the sites is not feasible (with 3 sites it would take at least 3 PTP links to get it all connected, and AT&T is giving you just 1). But logically it could be set up as a single routed subnet between the sites. You could think of it as a really big Ethernet with 3 layer 3 routers. On the 2600 router you would just configure the FastEthernet interface with an IP address (no subinterfaces). On the 3560 you could configure the connection as a routed port (no switchport). On the 6509 you would need to configure the port as an access port and assign it to a VLAN and then configure interface vlan 99 and apply the IP address. All three interfaces would have IP addresses within the subnet. At site 2 and site 3 you would need to configure connectivity for the end stations at each site and you would need to configure routing so that the end stations at site 2 and site 3 would have connectivity to the services and resources that they need at HQ. And services and resources at HQ would have to have routing logic back to the end station subnets at site 2 and site 3.

What I describe can be done. But whether it would work well for your environment is something that you would need to assess (and we do not have enough information about your environment to give much advice). You say that site 2 and site 3 need Voip calls, applications, and files from HQ. Would these Voip calls and applications work with routed remote subnets, or are there any requirements in any of the applications or services that resources at 2 sites would need to appear to be local?

HTH

Rick

HTH

Rick

mccmhtac1 · ‎10-28-2011

Rick,

Thank you for the comprehensive response. I felt I had a grasp of this,

but the AT&T guys explanation made this more complicated than it is.

MY environment is very simple. I already route the services required

(VOIP, File, Internet, etc.) to sites 2 and 3 through a MLPS wan over

T1s using static and EIGRP. So non need to emulate being at the HQ.

I think your solution is best. A single subnet between the 3 locations,

then use basic routing for connectivity.

This brings my last question: how do your remove commands on the 6509

that has CATOS? The 'clear' command just adds a line to the sh config.

Thank you

Richard Burts · ‎10-29-2011

Brian

I am glad that my response was helpful. Thank you for using the rating system to mark it as a correct answer (and thanks for the points). It looks like AT&T did not have a good understanding of your true requirements and was suggesting something that they thought would meet your needs to support several different trypes of traffic. But it looks like you do not need anything as complex as what they suggested.

It has been a while since I have done much in CatOS but what happens if you try these to remove unwanted config commands:

clear trunk 7/37

set spantree portfast 7/37

HTH

Rick

HTH

Rick