cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9752
Views
0
Helpful
15
Replies

SVI line up / protocol down using trunks

anaxagoras
Level 1
Level 1

switch is a 3750x running ipbase Version 15.2(4)E7

 

I'm having the classic problem with line up, protocol down on every SVI except vlan 1.  I'm a total newb to managed networking gear.

 

Now this is a test lab, All active ports are trunked.  i have 2 esxi servers, a couple of ubiquiti AP's that also support vlan tagging, and a router.  Currently we're in "router on a stick" mode which i'd like to change to layer 3 routing for performance. 

 

So right now i'm just going to work with vlan 300.

 

Now as i understand with autostate:

The router VLAN interfaces have to fulfill the following general conditions to be up/up:

  • VLAN exists and is in active status on the switch VLAN database.

    • show vlan
      300 VLAN300-SecureWifi active

  • VLAN interface exists on the router and is not administratively down.

    • show interfaces vlan 300
      Vlan300 is up, line protocol is down

 

  • At least one L2 (access port or trunk) port exists and has a link up on this VLAN. The latest implementation of the autostate feature allows synchronization to Spanning-Tree Protocol (STP) port status.

    • I have multiple trunks that are active and carry this vlan, and i can ping from host to host

 

  • At least one L2 (access port or trunk) port is in spanning-tree forwarding state on the VLAN.

    • c3750x#show spanning-tree vlan 300

      VLAN0300
      Spanning tree enabled protocol ieee
      Root ID Priority 33068
      Address 6073.5c21.0780
      This bridge is the root
      Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

      Bridge ID Priority 33068 (priority 32768 sys-id-ext 300)
      Address 6073.5c21.0780
      Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
      Aging Time 300 sec

      Interface Role Sts Cost Prio.Nbr Type
      ------------------- ---- --- --------- -------- --------------------------------
      Gi1/0/1 Desg FWD 4 128.1 P2p
      Gi1/0/11 Desg FWD 4 128.11 P2p
      Gi1/0/29 Desg FWD 4 128.29 P2p
      Gi1/0/33 Desg FWD 4 128.33 P2p
      Gi1/0/48 Desg FWD 4 128.48 P2p

 

So what the heck am i doing wrong because as far as i can tell i meet all the paramaters?  I have also tried issuing shut/no shut to the vlan interface with no results.

 

1 Accepted Solution

Accepted Solutions

it appears to be working now and all svi's seem to be comming up after passing some traffic across the vlan.

 

in exec mode i had to run

vtp primary vlan

View solution in original post

15 Replies 15

Reza Sharifi
Hall of Fame
Hall of Fame

In order for the vlan interface to come up, you need to have an access port configured in vlan 300 and connect a host to it or the vlan needs to be part of a trunk interface. Can you post the output of "sh run"?

HTH 

c3750x#sh run
Building configuration...

Current configuration : 5256 bytes
!
! Last configuration change at 02:17:02 UTC Thu Jan 5 2006
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname c3750x
!
boot-start-marker
boot-end-marker
!

!
no aaa new-model
switch 1 provision ws-c3750x-48p
system mtu routing 1500
!
!
!
!
ip routing
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
switchport access vlan 301
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
description UpLink-To-PFSense
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
ip address 192.168.102.5 255.255.255.0
!
interface Vlan100
ip address 10.10.0.1 255.255.255.0
!
interface Vlan300
ip address 10.30.0.2 255.255.255.0
ip helper-address 10.10.0.2
!
interface Vlan301
ip address 10.30.1.2 255.255.255.0
ip helper-address 10.10.0.2
!
ip forward-protocol nd
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.102.1
!

!
ip sla enable reaction-alerts
!
!
!
!
end

Can you add an interface to vlan 300 and connect a PC/laptop to it and give it an ip 10.30.0.0 subnet and see if the svi interface for vlan 300 comes up

example

config t

interface g1/0/2

switchport

switchport mode access

switch access vlan 300

 

now connect a laptop to this port, give it a ip and see if you can ping the SVI for vlan 300

Also, can you post the output of "sh vlan summ" after this config?

HTH

 

I can't, when i plug into the port as vlan1 it can see that vlan no problem.  I configured the switchport for vlan 300 and it couldn't access anything.


c3750x#sh interfaces status

c3750x#sh interfaces Gi1/0/9 status

Port Name Status Vlan Duplex Speed Type
Gi1/0/9 inactive 300 a-full a-1000 10/100/1000BaseTX

 

 

c3750x#sh vlan summ
Number of existing VLANs : 13
Number of existing VTP VLANs : 13
Number of existing extended VLANS : 0

Can you post the output of below command to see if vlan 300 is configured correctly?

sh vlan brief  or sh vlan

sh run int g1/0/9

 

c3750x#sh vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/10, Gi1/0/12, Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27, Gi1/0/28, Gi1/0/30, Gi1/0/31, Gi1/0/32
Gi1/0/34, Gi1/0/35, Gi1/0/36, Gi1/0/37, Gi1/0/38, Gi1/0/40, Gi1/0/41, Gi1/0/42, Gi1/0/43, Gi1/0/44, Gi1/0/45, Gi1/0/46, Gi1/0/47, Gi1/1/1
Gi1/1/2, Gi1/1/3, Gi1/1/4, Te1/1/1, Te1/1/2
100 VLAN100-General active 
150 VLAN150-Storage active
200 VLAN200-VOIP active
201 VLAN201-Cameras active
300 VLAN300-SecureWifi active Gi1/0/8, Gi1/0/9
301 VLAN301-InSecureWifi active Gi1/0/39
302 VLAN302-Guest active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

 

c3750x#sh run int g1/0/9
Building configuration...

Current configuration : 90 bytes
!
interface GigabitEthernet1/0/9
switchport access vlan 300
switchport mode access
end

 

 

The config looks correct. if you add a laptop to port 1/0/9 and give it ip  say10.30.0.5 255.255.255.0 you should be able to ping 10.30.0.2 (SVI) or from the switch ping 10.30.0.5 (laptop)

Also, at that time the svi should be up.  check with "sh int vlan 300"

 

i manually configured an IP on the laptop, and it can't ping anything, however devices on the trunked ports can ping each other acrosss the switch in vlan300

 

c3750x#sh int vlan 300
Vlan300 is up, line protocol is down
Hardware is EtherSVI, address is 6073.5c21.07c2 (bia 6073.5c21.07c2)
Internet address is 10.30.0.2/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:44:40, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
99403 packets input, 5964180 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
6 packets output, 453 bytes, 0 underruns
0 output errors, 3 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

When you connect the laptop, does interface g1/0/9 go to up and up mode? you can check with  command sh ip int bri g1/0/9

Also, do you see the mac address of the laptop use "sh mac address-table vlan 300" to see it.

Sometimes the laptops have firewall software installed that block icmp. 

Can you ping the laptop from the switch?

c3750x#sh ip int bri g1/0/9
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1/0/9 unassigned YES unset up up

 

sh mac address-table vlan 300 does not show the mac address for the laptop.

 

Firewall on the laptop is off, i plugged the laptop into an unconfigured port (vlan 1), set it up for dhcp and it worked fine and shows connected vs inactive in a sh int status.

 

Can you post a "sh int trunk"

 

Jon

c3750x#sh int trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 300
Gi1/0/11 on 802.1q trunking 1
Gi1/0/29 on 802.1q trunking 1
Gi1/0/33 on 802.1q trunking 1
Gi1/0/48 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi1/0/1 1-4094
Gi1/0/11 1-4094
Gi1/0/29 1-4094
Gi1/0/33 1-4094
Gi1/0/48 1-4094

Port Vlans allowed and active in management domain
Gi1/0/1 1,100,150,190,200-201,300-302
Gi1/0/11 1,100,150,190,200-201,300-302
Gi1/0/29 1,100,150,190,200-201,300-302
Gi1/0/33 1,100,150,190,200-201,300-302
Gi1/0/48 1,100,150,190,200-201,300-302

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 1,100,150,190,200-201,300-302
Gi1/0/11 1,100,150,190,200-201,300-302
Gi1/0/29 1,100,150,190,200-201,300-302
Gi1/0/33 1,100,150,190,200-201,300-302
Gi1/0/48 1,100,150,190,200-201,300-302

Dear anaxagoras,
Your configurations its ok, but there a feature that dont show on running-config

could you provide output from: show vtp status?
Jaderson Pessoa
*** Rate All Helpful Responses ***

I noticed that this vtp status was not set to primary server, so i changed it and set it to primary.  vlan300 is now in an up/up status, but why are my other vlans not up even though they are active via trunks?

 

 

 

c3750x#show vtp status
VTP Version capable : 1 to 3
VTP version running : 3
VTP Domain Name : oakley_grp
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 6073.5c21.0780

Feature VLAN:
--------------
VTP Operating Mode : Primary Server
Number of existing VLANs : 13
Number of existing extended VLANs : 0
Maximum VLANs supported locally : 1005
Configuration Revision : 1
Primary ID : 6073.5c21.0780
Primary Description : c3750x
MD5 digest : 0xD0 0xB5 0xFC 0x20 0x98 0x76 0xFB 0xC6
0x8D 0x19 0x8A 0xC1 0x62 0xBD 0x01 0x65


Feature MST:
--------------
VTP Operating Mode : Transparent


Feature UNKNOWN:
--------------
VTP Operating Mode : Transparent

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: