03-08-2012 02:50 PM - edited 03-07-2019 05:27 AM
Good morning, first post here - so hello to everyone and thank you in advance for your time. I hope I can return any forthcoming favours in the future. Please forgive me if I write too much or don't phrase things in a very technical way - it's the way I think, and right now I figure simple and obvious is good.
I've just started a new job after a couple of years not touching cisco gear and been pitched in... My new employer has a network that's Juniper based. We've inherited a load of Cisco switches as part of the deal for hosting matches during the Rugby world cup (plus a load of Aruba wireless gear that promises to be my very own special millstone, but that's bye the bye.)
My task is to hang these catalyst 2960's onto our existing infrastructure via fibre connections.
On the Juniper switch, there are four vlans being pushed to the port the cisco's hooked into:
Vlan 15 pp_data
Vlan 52 nw_mgmt
Vlan 65 adsl_internet
Vlan 254 bldg_mgmt
I am pretty sure these are trunked using dot1q, which I also understand is the only encapsulation available on the catalyst 2960's.
So, on the catalyst I've done the following:
At the moment I have no link - what am I missing? Am I right in thinking that running switchport trunk allowed vlan 15,52,65,254 should be unneccesary - it should be transparent?
Thank you very much again for any help.
Simon
03-08-2012 02:56 PM
When you mean you have 'no link', do you mean the links aren't coming up on the Cisco switch at all? Make sure the port isn't shut (no shut). Can you post 'sh int
Another thing that I see is that you're allowing certain vlans over the trunk but you didn't specify a native vlan. The native, when not specified, is vlan 1. Is the Juniper switch native vlan 1 also? If not, you'll need to add:
switchport trunk native vlan
Even if the native's don't match, you'll get a physical link but not be able to pass traffic.
03-08-2012 03:04 PM
By no link - sorry, I shall elaborate: if I go into the cisco web interface and get the port statistics I'm only seeing 4 packets received. On the Juniper switch for that interface I'm getting a BPDU error detected. My presumption is that this is due to an error on the Cisco side, but also have a colleague looking into the impact of disabling BPDU on the juniper..
I will have a dig into the native vlans.
Thank you!
03-08-2012 03:15 PM
Can you post 'sh spanning-tree interface '?
I wouldn't disable bpdus if you can help it. How is stp configured on your juniper? Cisco supports a CST where it will lump all Vlans down the native vlan if it negotiates with a non-Cisco switch. If your natives don't match, that could be your problem.
Actually, it sends it down vlan 1 so I'm not 100% if it will deviate from that. I have dell switches and had to allow vlan 1 over the trunk because the dell edge switch thought it was the root. The native on that switch was different than vlan 1, but adding 1 to the trunk fixed the issue.
Sent from Cisco Technical Support iPhone App
03-08-2012 03:57 PM
I think I understand you - we do have a vlan 1 on the Juniper that isn't assigned to anything, so if we add that to the trunk that might be a step in the right direction? I'll also look into native juniper vlans.
I will get back to you on the STP on the juniper...
The output from show spanning-tree interface gi1/0/26 was that there was no spanning tree info on the interface. I presumed that the spanning tree pathcost method long applied switch-wide?
I shall keep digging - thank you very much again for your help.
03-08-2012 04:00 PM
For future ref I found this http://kb.juniper.net/InfoCenter/index?page=content&id=KB5506 that seems to indicate I shouldn't change the default vlan on the cisco switch, albeit this applies to juniper firewalls and not switches. I am going to try adding vlan 1 on the juniper side to the port, and take it from there.
03-08-2012 04:53 PM
Simon Bishop wrote:
For future ref I found this http://kb.juniper.net/InfoCenter/index?page=content&id=KB5506 that seems to indicate I shouldn't change the default vlan on the cisco switch, albeit this applies to juniper firewalls and not switches. I am going to try adding vlan 1 on the juniper side to the port, and take it from there.
Junipers differ from Cisco's in that they don't have a default "native" VLAN - you have to manually specify one for each switch/port.
It's possible that the link is not coming up because the Cisco is doing its BDPU stuff on VLAN1 (the native, untagged VLAN on a Cisco switch), and the Juniper is not recognising them because it's not in the list of trunked VLAN's.
Have your Juniper guy set the Native VLAN on the trunk port to VLAN1 and see if that makes a difference.
Cheers.
03-08-2012 05:10 PM
One problem found and solved. Spanning tree mode on the juniper wasn't point-to-point as I'd assumed. We changed that over and it looks good - link state is up and I'm able to get an IP address via dhcp through the switch from a server on the vlan assigned to the port (if you follow!)
So we are looking good. I will finish testing exactly what resources are available on Monday and report back.
Thank you very much everyone for your help and input.
Simon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide