VLAN confusion

andrewrocks · ‎10-20-2011

Hi All,

Due to some unexpected changes I've had to migrate a link onto a different trunk port of my cisco 3560. However, when I connected the link I had allocated VLANs 18,19,46,2010 to the trunk but I had not actually defined VLAN 18.

All VLANs work on the port, except (obviously) 18. I have now defined VLAN 18, and compared everything I can think of, but traffic just will not flow over VLAN 18 through this trunk port.

Do I need to do anything to make the port "see" the "new" VLAN?

Thanks

Andrew

cadet alain · ‎10-20-2011

Hi,

Can you post output from sh vlan br and sh int trunk and sh interface switchport for the port you have problem with.

Regards.

Alain.

Don't forget to rate helpful posts.

andrewrocks · ‎10-20-2011

Hi Alain,

Thanks for this, the output is:

ERSCoreSwitch>sh vlan br

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi0/1, Gi0/2, Gi0/3, Gi0/36, Gi0/37, Gi0/38, Gi0/39, Gi0/40

18 UKS_WAN active

19 UKS_LAN active

30 ERS_Public_WiFi active

46 ERS_Legacy active Gi0/6, Gi0/11, Gi0/28, Gi0/43

101 Telewest_WAN active Gi0/45, Gi0/46, Gi0/47, Gi0/48

130 iSCSI active Gi0/4, Gi0/5

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

2000 Config active Gi0/41

2001 ERS_Gateways active Gi0/25, Gi0/26, Gi0/27

2010 ERS_Servers active Gi0/35

2016 ERS_Network_Devices active

2018 ERS_Telephone_Ctrl active Gi0/13, Gi0/14, Gi0/15, Gi0/16, Gi0/17, Gi0/18, Gi0/19, Gi0/20, Gi0/21, Gi0/22, Gi0/23, Gi0/24, Gi0/42

2020 ERS_VServers active

2051 ERS_TV_Studio_1 active Gi0/8

2052 ERS_TV_Studio_2 active Gi0/9

2053 ERS_TV_Studio_3 active Gi0/10

2055 ERS_TV_Matrix active

2056 ERS_TV_CAR active Gi0/7

2070 ERS_Desktops active

2210 Unit43 active

ERSCoreSwitch>sh int trunk

Port Mode Encapsulation Status Native vlan

Gi0/12 on 802.1q trunking 46

Gi0/29 on 802.1q trunking 46

Gi0/30 on 802.1q trunking 46

Gi0/31 on 802.1q trunking 46

Gi0/32 on 802.1q trunking 46

Gi0/33 on 802.1q trunking 46

Gi0/34 on 802.1q trunking 46

Gi0/44 on 802.1q trunking 46

Port Vlans allowed on trunk

Gi0/12 1-4094

Gi0/29 1-4094

Gi0/30 1-4094

Gi0/31 1-4094

Gi0/32 1-4094

Gi0/33 1-4094

Gi0/34 1-4094

Gi0/44 18-19,46,130

Port Vlans allowed and active in management domain

Gi0/12 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/29 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/30 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/31 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/32 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/33 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/34 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/44 18-19,46,130

Port Vlans in spanning tree forwarding state and not pruned

Gi0/12 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/29 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/30 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/31 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/32 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/33 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/34 1,18-19,30,46,101,130,2000-2001,2010,2016,2018,2020,2051-2053,2055-2056,2070,2210

Gi0/44 18-19,46,130

ERSCoreSwitch>sh int gi0/44 switchport

Name: Gi0/44

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 46 (ERS_Legacy)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: 18,19,46,130

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

ERSCoreSwitch>sh int gi0/12 switchport

Name: Gi0/12

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 46 (ERS_Legacy)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

ERSCoreSwitch>

Thanks for looking at this.

Andrew.

cadet alain · ‎10-20-2011

Hi,

can you post sh span vlan 18 .

Alain.

Don't forget to rate helpful posts.

andrewrocks · ‎10-20-2011

ERSCoreSwitch>sh span vlan 18

VLAN0018

Spanning tree enabled protocol ieee

Root ID Priority 32786

Address 0007.7d79.b800

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32786 (priority 32768 sys-id-ext 18)

Address 0007.7d79.b800

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/12 Desg FWD 4 128.12 P2p

Gi0/29 Desg FWD 4 128.29 P2p

Gi0/30 Desg FWD 4 128.30 P2p

Gi0/31 Desg FWD 4 128.31 P2p

Gi0/32 Desg FWD 4 128.32 P2p

Gi0/33 Desg FWD 4 128.33 P2p

Gi0/34 Desg FWD 4 128.34 P2p

Gi0/44 Desg FWD 4 128.44 P2p

ERSCoreSwitch>

cadet alain · ‎10-20-2011

Hi,

everything seems ok. what can't you achieve exactly?

Regards.

Alain.

Don't forget to rate helpful posts.

andrewrocks · ‎10-20-2011

Hi Alain,

I have a Xenserver plugged into the cisco running on trunk ports and a Netgear connected to the switch at the other end of the link on port 44. If I have a VM on VLAN 19 then I can ping a VM on VLAN 19 at the other end. However, adding a NIC to both VMs on VLAN 18 doesn't work, the traffic is unrouteable, whereas when I was running this link through a netgear it was routeable.

As I defined the VLAN after I'd added it to the port do I need to "re-add" it to the port? If I remove the VLAN from the port and then add it again will this interupt traffic flow?

Regards

Andrew.

cadet alain · ‎10-20-2011

Hi,

no need to readd it to port unless you are using VTP and want it to be advertised to another switch.

if you remove/add the VLAN then you'll have STP reconvergence which may cause interruption for about 1 min.

Regards.

Alain.

Don't forget to rate helpful posts.

andrewrocks · ‎10-20-2011

Hi Alain,

I've plugged my laptop into the netgear and setup a VM on the Cisco, I can ping from one to the other on this VLAN. The only difference between this port and the one going over the link to the other switch is that the port that works just allows all VLANs.

I think I'm going to have to change the VLAN settings which will likely cause dropout (gulp).

Do you have anything else I could check first? If not I'll make the change.

Is it recommended to have "all" VLANs or just limit it?

Regards

Andrew.

cadet alain · ‎10-20-2011

Hi,

if your switch is a transit switch for this VLAN or has hosts in this VLAN then yes this switch must have the VLAN.

on trunk ports you can only allow outbound the VLANS you need.

Can you provide output of sh int pruning to see if this VLAN is not pruned and also sh vtp status.

Also I see you are tagging the native VLAN, is this VLAN 18 native on the VM?

Regards.

Alain.

Don't forget to rate helpful posts.

andrewrocks · ‎10-20-2011

Hi Alain,

I'm not quite sure what you mean about "native on the VM". When you add a NIC to a VM on Xenserver you specify which VLAN it's on. This is being set and it working correctly as I can ping this from a VLAN18 port on a different trunk port.

Basically I can ping machines on VLAN 19 and 130 on either side of the link, I can ping VLAN 18 machines on one side of the building OR the other but not across the link.

Does "shutdown" and then "no shutdown" rebuild the spanning tree for the port?

Output as requested:

ERSCoreSwitch>sh int pruning

Pruning not currently enabled in this device's VTP administrative domain.

ERSCoreSwitch>sh vtp status

VTP Version capable : 1 to 3

VTP version running : 1

VTP Domain Name :

VTP Pruning Mode : Disabled

VTP Traps Generation : Disabled

Device ID : 0007.7d79.b800

Configuration last modified by 172.19.0.1 at 0-0-00 00:00:00

Feature VLAN:

--------------

VTP Operating Mode : Transparent

Maximum VLANs supported locally : 1005

Number of existing VLANs : 11

Configuration Revision : 0

MD5 digest : 0x10 0x0E 0xB5 0x94 0x1A 0x2E 0xC2 0x60

0xAC 0xB1 0x9B 0xB0 0x38 0x98 0x96 0xA9

ERSCoreSwitch>