cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1513
Views
0
Helpful
6
Replies

inter-vlan routing/switching

VLAN questions. I have a fast ethernet with vlans 1, 10, 20, and 30 configured on four sub intervaces. Each switch has an IP within VLAN 1. Everything was reachable via ping. Then, I placed 12 interfaces on one swith into VLAN 10, and lost connectivity to that switch altogether. I took VLAN 10 off and regained connectivity. My running config for the router and switch are below, and this is before I change VLANs on a lower range. One important note is that I added the VLAN on a client switch in VTP rather than through the Server.

My questions:

1. Do I have to do anything else than these two configs for propper inter-vlan routing? Router and switches are both set to dot1q.

2. When I do something stupid like attempt to add a VLAN from a client of VTP, will it have any impact on the network, should I receive error messages that I was trying to use a VLAN that hadn't been created by the server?

Router:

Current configuration : 1836 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname 2610XM

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$IWKf$obdnePh/0NkKk4DKvuDOw.

!

memory-size iomem 30

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

!

!

ip domain name white.com

ip name-server 68.105.28.11

!

ip cef

!

interface FastEthernet0/0

description fast ethernet interface to access layer switches

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.1

description access layer trunk vlan

encapsulation dot1Q 1 native

ip address 10.1.91.249 255.255.255.248

no snmp trap link-status

!

interface FastEthernet0/0.10

description access layer vlan 10

encapsulation dot1Q 10

ip address 10.1.91.1 255.255.255.192

no snmp trap link-status

!

interface FastEthernet0/0.20

description access layer vlan 20

encapsulation dot1Q 20

ip address 10.1.91.65 255.255.255.192

no snmp trap link-status

!

interface FastEthernet0/0.30

description access layer vlan 30

encapsulation dot1Q 30

ip address 10.1.91.129 255.255.255.192

no snmp trap link-status

!

interface Serial1/0

description serial link to legacy test router

ip address 192.168.35.253 255.255.255.252

clockrate 128000

no fair-queue

!

interface Serial1/1

description serial link to wan gateway

ip address 192.168.35.249 255.255.255.252

clockrate 128000

!

interface Serial1/2

no ip address

shutdown

!

interface Serial1/3

no ip address

shutdown

!        

router eigrp 901

network 10.0.0.0

network 192.168.35.0

no auto-summary

!

ip http server

no ip http secure-server

ip classless

!

line con 0

line aux 0

line vty 0 4

password 7 12150415

login

line vty 5 181

password 7 12150415

login

!

!

end

Switch:

Current configuration : 1317 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 2950b

!

enable secret 5 $1$1W4N$LQm/I8xdR7O.6rMDyz0Se.

!

ip subnet-zero

!

ip domain-name white.com

ip name-server 68.105.28.11

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

interface FastEthernet0/1

!

interface FastEthernet0/2

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!        

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

switchport mode trunk

!

interface FastEthernet0/24

switchport mode trunk

!

interface Vlan1

ip address 10.1.91.250 255.255.255.248

no ip route-cache

!

ip default-gateway 10.1.91.249

ip http server

!

line con 0

line vty 0 4

password lab

login

line vty 5 15

password lab

login

!

!

end

VTP Version                     : 2

Configuration Revision          : 1

Maximum VLANs supported locally : 64

Number of existing VLANs        : 9

VTP Operating Mode              : Client

VTP Domain Name                 : white

VTP Pruning Mode                : Enabled

VTP V2 Mode                     : Enabled

VTP Traps Generation            : Disabled

MD5 digest                      : 0xF7 0xB2 0x2E 0xC1 0xAA 0xA0 0x1B 0xD4

Configuration last modified by 10.0.0.2 at 3-1-93 06:19:19

VTP statistics:

Summary advertisements received    : 145

Subset advertisements received     : 1

Request advertisements received    : 0

Summary advertisements transmitted : 278

Subset advertisements transmitted  : 0

Request advertisements transmitted : 1

Number of config revision errors   : 0

Number of config digest errors     : 0

Number of V1 summary errors        : 0

VTP pruning statistics:

Trunk            Join Transmitted Join Received    Summary advts received from

                                                   non-pruning-capable device

---------------- ---------------- ---------------- ---------------------------

Fa0/23              17451            17450            0       

Fa0/24              3748             0                0    

1 Accepted Solution

Accepted Solutions

AhmedSonba
Level 1
Level 1

Hello Johan,

Normally you can not add VLANs on a VTP clients , you can only add VLANs on Server and transparent modes.

please see the following qouit which is directly the from Cisco website "Client—VTP clients behave the same way as VTP servers, but you cannot           create, change, or delete VLANs on a VTP client."

refer to the following link

http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml#vtp_modes

Also you will get some sort of type error message like the one below if you would try to add a VLAN on vtp client mode

3500(vlan)#vlan 10

In CLIENT state, no modify attempted.

VLAN 10 added:

    Name: VLAN0010

So no worries it will not cause any troubles for your network if you tried to add a VLAN on a VTP client.

Hope it will help

Ahmed Sonba

  • View solution in original post

    6 Replies 6

    Also:

    Port        Mode         Encapsulation  Status        Native vlan

    Fa0/23      on           802.1q         trunking      1

    Fa0/24      on           802.1q         trunking      1

    Port      Vlans allowed on trunk

    Fa0/23      1-4094

    Fa0/24      1-4094

    Port        Vlans allowed and active in management domain

    Fa0/23      1-4,17

    Fa0/24      1-4,17

    Port        Vlans in spanning tree forwarding state and not pruned

    Fa0/23      none

    Fa0/24      1-4,17

    Hello John,

    First of all regarding the vlan setup on client mode, that is not supported so you should get a message like:

    VTP VLAN configuration not allowed when device is in CLIENT mode.

    I ran the exact configuration on my lab and work just fine,

    Please post the configuration not working

    Regards

    Julio Carvajal
    Senior Network Security and Core Specialist
    CCIE #42930, 2xCCNP, JNCIP-SEC

    Ahmed,

    I suspect some of my issues are stemming from my VTP setup. I am using the following three switches, here are the versions for each:

    SW1

    Cisco Internetwork Operating System Software
    IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA6, RELEASE SOFTWARE
    (fc1)
    Copyright (c) 1986-2005 by cisco Systems, Inc.
    Compiled Fri 21-Oct-05 01:59 by yenanh
    Image text-base: 0x80010000, data-base: 0x80568000

    ROM: Bootstrap program is C2950 boot loader

    2950b uptime is 1 day, 22 hours, 58 minutes
    System returned to ROM by power-on
    System image file is "flash:/2950.bin"

    cisco WS-C2950-24 (RC32300) processor (revision G0) with 21013K bytes of memory.
    Processor board ID FHK0639Z1DN
    Last reset from system-reset
    Running Standard Image
    24 FastEthernet/IEEE 802.3 interface(s)

    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 00:0B:46:11:91:80
    Motherboard assembly number: 73-5781-11
    Power supply part number: 34-0965-01
    Motherboard serial number: FOC06390HXX
    Power supply serial number: PHI063604SV
    Model revision number: G0
    Motherboard revision number: A0
    Model number: WS-C2950-24
    System serial number: FHK0639Z1DN
    Configuration register is 0xF

    SW2

    Cisco Internetwork Operating System Software
    IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA6, RELEASE SOFTWARE
    (fc1)
    Copyright (c) 1986-2005 by cisco Systems, Inc.
    Compiled Fri 21-Oct-05 01:59 by yenanh
    Image text-base: 0x80010000, data-base: 0x80568000

    ROM: Bootstrap program is C2950 boot loader

    2950a uptime is 1 day, 23 hours, 0 minutes
    System returned to ROM by power-on
    System image file is "flash:/2950.bin"

    cisco WS-C2950-24 (RC32300) processor (revision B0) with 21013K bytes of memory.
    Processor board ID FHK0617Y330
    Last reset from system-reset
    Running Standard Image
    24 FastEthernet/IEEE 802.3 interface(s)

    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 00:09:7C:FA:27:80
    Motherboard assembly number: 73-5781-10
    Power supply part number: 34-0965-01
    Motherboard serial number: FOC06170FJR
    Power supply serial number: DAB06162R4A
    Model revision number: B0
    Motherboard revision number: A0
    Model number: WS-C2950-24
    System serial number: FHK0617Y330
    Configuration register is 0xF

    SW3 (set to server)

    Cisco Internetwork Operating System Software
    IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC8, RELEASE SOFTWAR
    E (fc1)
    Copyright (c) 1986-2003 by cisco Systems, Inc.
    Compiled Thu 19-Jun-03 13:09 by antonino
    Image text-base: 0x00003000, data-base: 0x0034E2F4

    ROM: Bootstrap program is C2900XL boot loader

    2924xl uptime is 1 day, 23 hours, 1 minute
    System returned to ROM by reload
    System image file is "flash:c2900xl-c3h2s-mz.120-5.WC8.bin"


    cisco WS-C2924-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K byte
    s of memory.
    Processor board ID FAB0416Y05X, with hardware revision 0x01
    Last reset from warm-reset

    Processor is running Enterprise Edition Software
    Cluster command switch capable
    Cluster member switch capable
    24 FastEthernet/IEEE 802.3 interface(s)

    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 00:01:96:D8:35:C0
    Motherboard assembly number: 73-3382-08
    Power supply part number: 34-0834-01-B0
    Motherboard serial number: FAB041621QG
    Power supply serial number: DAB04110FRF
    Model revision number: A0
    Motherboard revision number: A0
    Model number: WS-C2924-XL-EN
    System serial number: FAB0416Y05X
    Configuration register is 0xF

    The difficulty I have been running into is if i set either 2950 to VTP server and the others to client, then the 2924 does not receive VTP updates. Also, all VLANs have to managed through the vtp database command on the 2924, something I am learning as I go when my lab commands fail on that switch.

    So, with the 2924 as the Server, here is my VTP status and sh VLAN (I have added vlan 10 to the server)

    2924xl#show vtp status

    VTP Version                     : 2

    Configuration Revision          : 2

    Maximum VLANs supported locally : 68

    Number of existing VLANs        : 6

    VTP Operating Mode              : Server

    VTP Domain Name                 : white

    VTP Pruning Mode                : Enabled

    VTP V2 Mode                     : Enabled

    VTP Traps Generation            : Disabled

    MD5 digest                      : 0xFC 0x0C 0xED 0xA8 0xA7 0x8E 0xBC 0xB2

    Configuration last modified by 10.1.91.252 at 3-2-93 10:20:23

    s9s24xl#sh vlan

    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,
                                                    Fa0/5, Fa0/6, Fa0/7, Fa0/8,
                                                    Fa0/9, Fa0/10, Fa0/11, Fa0/12,
                                                    Fa0/13, Fa0/14, Fa0/15, Fa0/16,
                                                    Fa0/17, Fa0/18, Fa0/19, Fa0/20,
                                                    Fa0/21, Fa0/22, Fa0/23, Fa0/24
    10   VLAN0010                         active
    1002 fddi-default                     active
    1003 trcrf-default                    active
    1004 fddinet-default                  active
    1005 trbrf-default                    active

    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    1    enet  100001     1500  -      -      -        -    -        0      0
    10   enet  100010     1500  -      -      -        -    -        0      0
    1002 fddi  101002     1500  -      -      -        -    -        0      0
    1003 trcrf 101003     4472  1005   3276   -        -    srb      0      0
    1004 fdnet 101004     1500  -      -      -        ieee -        0      0
    1005 trbrf 101005     4472  -      -      15       ibm  -        0      0

    VLAN AREHops STEHops Backup CRF
    ---- ------- ------- ----------
    1003 7       7       off

    But, when I go to one of the 2950 switches:

    2950b#show vtp status
    VTP Version                     : 2
    Configuration Revision          : 1
    Maximum VLANs supported locally : 64
    Number of existing VLANs        : 9
    VTP Operating Mode              : Client
    VTP Domain Name                 : white
    VTP Pruning Mode                : Enabled
    VTP V2 Mode                     : Enabled
    VTP Traps Generation            : Disabled
    MD5 digest                      : 0xF7 0xB2 0x2E 0xC1 0xAA 0xA0 0x1B 0xD4
    Configuration last modified by 10.0.0.2 at 3-1-93 06:19:19
    2950b#show vtp ?
      counters  VTP statistics
      password  VTP password
      status    VTP domain status

    2950b#show vtp counters
    VTP statistics:
    Summary advertisements received    : 247
    Subset advertisements received     : 1
    Request advertisements received    : 0
    Summary advertisements transmitted : 599
    Subset advertisements transmitted  : 0
    Request advertisements transmitted : 1
    Number of config revision errors   : 0
    Number of config digest errors     : 0
    Number of V1 summary errors        : 0


    VTP pruning statistics:

    Trunk            Join Transmitted Join Received    Summary advts received from
                                                       non-pruning-capable device
    ---------------- ---------------- ---------------- ---------------------------
    Fa0/23              28122            28122            0
    Fa0/24              14419            0                0
    2950b#show vlan

    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                    Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                    Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                    Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                    Fa0/21, Fa0/22
    2    set1                             active
    3    set2                             active
    4    set3                             active
    17   exp                              active
    1002 fddi-default                     act/unsup
    1003 trcrf-default                    act/unsup
    1004 fddinet-default                  act/unsup
    1005 trbrf-default                    act/unsup

    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    1    enet  100001     1500  -      -      -        -    -        0      0
    2    enet  100002     1500  -      -      -        -    -        0      0
    3    enet  100003     1500  -      -      -        -    -        0      0
    4    enet  100004     1500  -      -      -        -    -        0      0

    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    17   enet  100017     1500  -      -      -        -    -        0      0
    1002 fddi  101002     1500  -      -      -        -    -        0      0
    1003 trcrf 101003     4472  1005   3276   -        -    srb      0      0
    1004 fdnet 101004     1500  -      -      -        ieee -        0      0
    1005 trbrf 101005     4472  -      -      15       ibm  -        0      0


    VLAN AREHops STEHops Backup CRF
    ---- ------- ------- ----------
    1003 7       7       off

    Remote SPAN VLANs
    ------------------------------------------------------------------------------


    Primary Secondary Type              Ports
    ------- --------- ----------------- ------------------------------------------

    From here, I see that the switch is sending and receiving counters, though they don't match up -- not sure if they should. I see it's a client, and I also see it has not included vlan 10 that is present on my server switch.

    With my original problem, I was just placing a range of interfaces into a vlan that doesn't exist, and that was causing the dropped connection:

    2950b(config)#int range fa0/1 - 12
    2950b(config-if-range)#switchport access vlan 10
    2950b(config-if-range)#

    I lose connectivity to the switch after executing that command, which I understand now as being the incorrect thing to do when the VLAN doesn't exist for this switch.

    So, from my router with all the sub-interfaces, I can't reach any of the three switches after setting that previous incorrect access VLAN.

    c2621#ping 10.1.91.250

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.1.91.250, timeout is 2 seconds:
    .....
    Success rate is 0 percent (0/5)
    c2621#ping 10.1.91.251

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.1.91.251, timeout is 2 seconds:
    .....
    Success rate is 0 percent (0/5)
    c2621#ping 10.1.91.252

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.1.91.252, timeout is 2 seconds:
    .....
    Success rate is 0 percent (0/5)

    So I suppose I have two new questions:

    1. Why isn't VLAN 10 populating in my client switch

    2. Why did configuring those 12 interfaces kill the entire network when my trunk ports are 23 and 24. Is that command actually creating VLAN tags for VLAN 10, and when that doesn't exist, is that killing my VTP and trunking traffic, causing the loss of connectivity?

    Finally, I'm doing this remotely, so if I need to make any adjustements or try anything else, It will be roughly 12hrs before I can.

    Thanks again for any time and effort put in to help me understand this!

    I also see that my revision numbers don't match on VTP, and a website offered the following solution/explaination:

    VTP Status don’t show correct Configuration Revision

    by adnan on April 12, 2009

    If the configuration revision of the client switch is more than or equal to the switch from which it receives VTP advertisements, it will not update its VTP database. To reset the configuration revision, just change the VTP domain to some dummy domain and then change it back to the correct domain. This will make the configuration revision back to zero. Below snapshot explains the solution to this problem:

    I will try this tonight.

    The router trunk port was inside the range of switchports I was setting to vlan 10. I still have some work to do understanding why my 2500 won't receive VTP updates and counters aren't incrementing, but that's another topic. Thank you for your assistance. I wish I would have verified my cabling first.

    AhmedSonba
    Level 1
    Level 1

    Hello Johan,

    Normally you can not add VLANs on a VTP clients , you can only add VLANs on Server and transparent modes.

    please see the following qouit which is directly the from Cisco website "Client—VTP clients behave the same way as VTP servers, but you cannot           create, change, or delete VLANs on a VTP client."

    refer to the following link

    http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml#vtp_modes

    Also you will get some sort of type error message like the one below if you would try to add a VLAN on vtp client mode

    3500(vlan)#vlan 10

    In CLIENT state, no modify attempted.

    VLAN 10 added:

        Name: VLAN0010

    So no worries it will not cause any troubles for your network if you tried to add a VLAN on a VTP client.

    Hope it will help

    Ahmed Sonba

  • Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Innovations in Cisco Full Stack Observability - A new webinar from Cisco