Re: Integrating Catalyst 2960's with Juniper core & vlans

trickcyclist · ‎03-08-2012

Good morning, first post here - so hello to everyone and thank you in advance for your time. I hope I can return any forthcoming favours in the future. Please forgive me if I write too much or don't phrase things in a very technical way - it's the way I think, and right now I figure simple and obvious is good.

I've just started a new job after a couple of years not touching cisco gear and been pitched in... My new employer has a network that's Juniper based. We've inherited a load of Cisco switches as part of the deal for hosting matches during the Rugby world cup (plus a load of Aruba wireless gear that promises to be my very own special millstone, but that's bye the bye.)

My task is to hang these catalyst 2960's onto our existing infrastructure via fibre connections.

On the Juniper switch, there are four vlans being pushed to the port the cisco's hooked into:

Vlan 15 pp_data

Vlan 52 nw_mgmt

Vlan 65 adsl_internet

Vlan 254 bldg_mgmt

I am pretty sure these are trunked using dot1q, which I also understand is the only encapsulation available on the catalyst 2960's.

So, on the catalyst I've done the following:

from the vlan database mode I've recreated the above vlans
assigned ports to vlans - for exampl: config-if>switchport access vlan 15, apply, etc
I understand there's also issues with the default config of STP, so have run spanning-tree pathcost method long to bring that into line with the Juniper gear
On the interface that's holding the connection to the Juniper core (gi1/0/25) I've run no ip address and set switchport mode trunk

At the moment I have no link - what am I missing? Am I right in thinking that running switchport trunk allowed vlan 15,52,65,254 should be unneccesary - it should be transparent?

Thank you very much again for any help.

Simon

John Blakley · ‎03-08-2012

When you mean you have 'no link', do you mean the links aren't coming up on the Cisco switch at all? Make sure the port isn't shut (no shut). Can you post 'sh int '?

Another thing that I see is that you're allowing certain vlans over the trunk but you didn't specify a native vlan. The native, when not specified, is vlan 1. Is the Juniper switch native vlan 1 also? If not, you'll need to add:

switchport trunk native vlan

Even if the native's don't match, you'll get a physical link but not be able to pass traffic.

HTH, John *** Please rate all useful posts ***

trickcyclist · ‎03-08-2012

By no link - sorry, I shall elaborate: if I go into the cisco web interface and get the port statistics I'm only seeing 4 packets received. On the Juniper switch for that interface I'm getting a BPDU error detected. My presumption is that this is due to an error on the Cisco side, but also have a colleague looking into the impact of disabling BPDU on the juniper..

I will have a dig into the native vlans.

Thank you!

John Blakley · ‎03-08-2012

Can you post 'sh spanning-tree interface '?

I wouldn't disable bpdus if you can help it. How is stp configured on your juniper? Cisco supports a CST where it will lump all Vlans down the native vlan if it negotiates with a non-Cisco switch. If your natives don't match, that could be your problem.

Actually, it sends it down vlan 1 so I'm not 100% if it will deviate from that. I have dell switches and had to allow vlan 1 over the trunk because the dell edge switch thought it was the root. The native on that switch was different than vlan 1, but adding 1 to the trunk fixed the issue.

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

trickcyclist · ‎03-08-2012

I think I understand you - we do have a vlan 1 on the Juniper that isn't assigned to anything, so if we add that to the trunk that might be a step in the right direction? I'll also look into native juniper vlans.

I will get back to you on the STP on the juniper...

The output from show spanning-tree interface gi1/0/26 was that there was no spanning tree info on the interface. I presumed that the spanning tree pathcost method long applied switch-wide?

I shall keep digging - thank you very much again for your help.

trickcyclist · ‎03-08-2012

For future ref I found this http://kb.juniper.net/InfoCenter/index?page=content&id=KB5506 that seems to indicate I shouldn't change the default vlan on the cisco switch, albeit this applies to juniper firewalls and not switches. I am going to try adding vlan 1 on the juniper side to the port, and take it from there.

darren.g · ‎03-08-2012

Simon Bishop wrote:

For future ref I found this http://kb.juniper.net/InfoCenter/index?page=content&id=KB5506 that seems to indicate I shouldn't change the default vlan on the cisco switch, albeit this applies to juniper firewalls and not switches. I am going to try adding vlan 1 on the juniper side to the port, and take it from there.

Junipers differ from Cisco's in that they don't have a default "native" VLAN - you have to manually specify one for each switch/port.

It's possible that the link is not coming up because the Cisco is doing its BDPU stuff on VLAN1 (the native, untagged VLAN on a Cisco switch), and the Juniper is not recognising them because it's not in the list of trunked VLAN's.

Have your Juniper guy set the Native VLAN on the trunk port to VLAN1 and see if that makes a difference.

Cheers.

trickcyclist · ‎03-08-2012

One problem found and solved. Spanning tree mode on the juniper wasn't point-to-point as I'd assumed. We changed that over and it looks good - link state is up and I'm able to get an IP address via dhcp through the switch from a server on the vlan assigned to the port (if you follow!)

So we are looking good. I will finish testing exactly what resources are available on Monday and report back.

Thank you very much everyone for your help and input.

Simon