Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
552
Views
0
Helpful
5
Replies

New VLAN breaks connectivity

surgebot
Level 1
Level 1

ā€Ž08-01-2022 05:34 PM

Hello!

I ran into something strange today. I have to reconfigure these old 2960's to carry a different vlan. 

For the sake of keeping things simple I'll say we have 4 vlans to work with. Currently the switch has vlan 1 (switch network), vlan 2 (server network) and vlan 3 ( old individual network which talks to the server network). What I'm trying to do is change vlan 3 to vlan 4 (new individual network that will talk to the server network). Both vlan 3 and 4 are networks that are already in use and have been for a very long time and both talk to vlan 2.

I added the new vlan 4 to the switch. Then I added the vlan to the existing switch uplink by running the command: switchport trunk allowed vlan add 4. When its done being configured it looks like this. 

Int Gi0/1

switchport trunk native vlan 1 

switchport trunk allowed vlan 1, 2, 3, 4

switchport mode trunk

spanning-tree guard loop

I have the IP on continuous ping. Once I add vlan 4 to the existing uplink port Gi0/1 I immediately lose connectivity. I've never experienced this before. I would totally understand if I removed the switch management vlan but I've added vlans to trunk ports many times before without issue. Can someone help me figure out why this is happening and more importantly how to add the new vlan without losing connectivity? Normally what I do is modify the config file in my TFTP server and copy the config to the running config but for some reason this time it's not working. 

Thanks!

Labels:
0 Helpful
5 Replies 5

David Ruess
VIP
VIP

ā€Ž08-01-2022 06:09 PM

Hello,

 

Do you lose connectivity indefinitely or does it come back after some time. It could be a result of spanning tree running through its calculations. Is this on a live or test network and can you provide a diagram and configs?

 

-David

0 Helpful

surgebot
Level 1
Level 1
In response to David Ruess

ā€Ž08-01-2022 06:42 PM

This is on a live network. I thought it might have been spanning tree as well but I let that run for 30+ minutes without getting a single ping back. If I remember correctly when I removed the vlan it took a minute but it did start pinging again. I use these config templates and all the other switches I've configured have worked fine. I ran out of time before I left today to do any more testing. I have about 15 more to do. What I have been doing is making copies of working configs and loading them onto the running config (after I change the name and IP of course) and everything has been fine with the exception of this one switch.

0 Helpful

Jitendra Kumar
Spotlight
Spotlight

ā€Ž08-01-2022 10:07 PM

Allowed VLANs on a Trunk
By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs, 1 to 4094, are
allowed on each trunk. However, you can remove VLANs from the allowed list, preventing traffic from those
VLANs from passing over the trunk.
To reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any individual VLAN trunk
port by removing VLAN 1 from the allowed list. When you remove VLAN 1 from a trunk port, the interface

continues to send and receive management traffic, for example, Cisco Discovery Protocol (CDP), Port
Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), DTP, and VTP in VLAN 1.
If a trunk port with VLAN 1 disabled is converted to a nontrunk port, it is added to the access VLAN. If the
access VLAN is set to 1, the port will be added to VLAN 1, regardless of the switchport trunk allowed
setting. The same is true for any VLAN that has been disabled on the port.
A trunk port can become a member of a VLAN if the VLAN is enabled, if VTP knows of the VLAN, and if
the VLAN is in the allowed list for the port. When VTP detects a newly enabled VLAN and the VLAN is in
the allowed list for a trunk port, the trunk port automatically becomes a member of the enabled VLAN. When
VTP detects a new VLAN and the VLAN is not in the allowed list for a trunk port, the trunk port does not
become a member of the new VLAN.

Thanks,
Jitendra
0 Helpful

MHM Cisco World
VIP
VIP

ā€Ž08-02-2022 01:28 AM - edited ā€Ž08-02-2022 07:07 AM

spanning-tree guard loop <<- that meaning that SW's have special config 
if you run PVST 
then go to root SW and adjust the priority of VLAN to force the SW to be root for also this new VLAN, otherwise the Loop guard will disconnect your SW.
to make sure this is issue here

check the root SW for all VLAN it must point to same SW.

0 Helpful

surgebot
Level 1
Level 1
In response to MHM Cisco World

ā€Ž08-02-2022 06:05 PM

Hello! 

I think you're right about it having something to do with spanning tree but it seems to have something to do with the uplink port config. What I wound up doing was defaulting the port and then reconfiguring it and it worked. Thanks for the reply!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card