cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
265
Views
0
Helpful
4
Replies

How to Determine if the "Switchport Trunk Allowed VLAN 123" Command Is Active

rtmiles24
Beginner
Beginner

Scenario:

 

You only have visibility into the access devices and can't get the traffic to route on a newly created VLAN. It works for other access devices on different floors, but not on this particular floor. There are no "switchport trunk allowed vlan 123" commands on any of the access devices and the device/port configs for these access devices all match.

 

How can you troubleshoot this situation, from the access device only, in a way that points to the "switchport trunk allowed vlan 123" command being configured on the Core Device ports?

 

In hindsight, I found that the trunk port from the devices on this one floor to the core device were configured with the "switchport trunk allowed vlan 123" command ON THE CORE DEVICE CONNECTION ONLY! This is a one off config for the access device core connections, that will soon be replicated throughout our network.

 

Thanks for your time and take care.

1 Accepted Solution

Accepted Solutions

Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend

If the trunk port on the access device is showing as up and forwarding then you can't really because there are just too many variables.eg. the L3 vlan interface might not have been created on the core switch, an acl might be applied to that interface etc.

So how do you troubleshoot this ?

Talk to the people who do have visibility of the core devices or ask them for a print off of the running configuration.

I'm not trying to be difficult but sometimes the easiest solution is simply to communicate.

Jon

View solution in original post

4 Replies 4

Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend

If the trunk port on the access device is showing as up and forwarding then you can't really because there are just too many variables.eg. the L3 vlan interface might not have been created on the core switch, an acl might be applied to that interface etc.

So how do you troubleshoot this ?

Talk to the people who do have visibility of the core devices or ask them for a print off of the running configuration.

I'm not trying to be difficult but sometimes the easiest solution is simply to communicate.

Jon

Thanks Jon.

 

I am new to this company and made the faulty assumption that all the connections to the core device were set up the same. I had no issues with 4 other floors and 12 connected copiers, so I thought the problem was with the copier or my local devices config.

 

I focused all my time on the local access device vs. digging into the core device end of the connection. I could ping the core SVI, the local vlan showed "active", and the port was up/up.

 

A previous network engineer had configured just this floor's core device connections with the "switchport trunk allowed vlan" command. Luckily a coworker was aware of this and pointed me to the fix.

 

So, a combination of my false assumptions, poor troubleshooting, and focus on only 1 end of the connection caused my frustrations. Hence, my questions regarding any indications of this command being implemented while looking from the access end. Worst part of all, I have full access to the core devices on this network and should have figured it out.

 

It was a good learning experience and I plan on standardizing this configuration throughout our network for performance, security and consistency reasons.

 

Thanks again for your time and take care.

 

Rich

Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend

Rich

If I had a pound for every assumption I have made like that one I would be retired by now :-)

I had another think about this after I replied and the only other thing that occurred was STP ie. if you did -

"sh spanning-tree vlan <new vlan>"

on the access switch and it showed as root for that vlan then it might suggest traffic is not passing for that vlan on the trunk. But to be sure of that you would still need to know -

a) that the vlan had been created on the core switch (which if other access switches were working it would be)

and

b) that the core switch had been explicitly setup to be STP root for all vlans

That's the best you could do I think.

Being able to ping the L3 SVI as you found doesn't really help because the traffic simply uses another vlan to get to it across the trunk although it does rule out an SVI not being created.

Standardising throughout the network is definitely the way to go as it makes troubleshooting so much easier.

Jon

 

Jon,

 

Thanks again for giving something to think on! I was the guy who set up the svi's, the vlan, made all the port changes on the access devices and was pretty proud of myself until this floor gave me a problem!

 

I do really appreciate your time and responses. I have been in IT for a long time and recently began to focus on the network side of things. I wish I had done it sooner as I absolutely love this work. Having a place to ask questions of more experienced people like yourself makes the learning curve less severe!

 

Rich

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers