07-04-2020 08:02 PM
I need to connect a Cisco 4500-X series switch to an HP OfficeConnect 1950 switch.
Intended installation:
In-house Cisco 4500-X uplinks to the HP OfficeConnect 1950 switch, passing traffic to a remote HP OfficeConnect 1950 switch for offsite backups. The connection between the 2 HP OfficeConnect switches is already in place and tested, so I believe that these switches are configured correctly.
Current installation:
Due to requirements from the clients IT department, the HP OfficeConnect 1950 switches must be in VLAN 80. I've created VLAN 80 on both the HP and the Cisco switches. The HP switch is only intended for this one task, so it is VLAN 80 across all ports, and the designated port on the HP OfficeConnect is set to Trunk. I've created VLAN 80 on the Cisco switch and added the single designated port, port te2/4, to VLAN 80. I can't upload the full config for security reasons, but here are the interfaces that intend to be used:
!
vlan internal allocation policy ascending
!
vlan 10,20,40,50,80,253
!
!
interface TenGigabitEthernet2/4
switchport access vlan 80
switchport mode trunk
!
!
interface Vlan80
description Workspace Sync
ip address 10.80.10.9 255.255.255.0
!
Issues:
- I can not ping the switches across this connection.
- If I change the HP OfficeConnect port from anything but "PVID 80" and "Permit VLAN List 1", the Cisco switch blocks the port with spanning-tree
- On the Cisco, the designated port te2/4 doesn't ever seem to get added to VLAN 80 when I run "show vlan":
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
10 VLAN0010 active
20 VLAN0020 active
40 VLAN0040 active Te1/8, Te1/9, Te1/10, Te1/11
Te1/15, Te1/16, Te1/17, Te1/18
Te1/19, Te1/20, Te1/21, Te1/22
Te1/23, Te1/24, Te1/25, Te1/26
Te1/27, Te1/28, Te2/1, Te2/2
Te2/3, Te2/5, Te2/6, Te2/7
Te2/8
50 VLAN0050 active Te1/12
80 VLAN0080 active
253 VLAN0253 active
I feel like I must be missing something simple, but I've got no more time to spend at the client right now and don't have more time to troubleshoot. I'll return later in the week, but would like to have a solution in hand.
Anyone see what I'm missing? Any more info I can provide that will help find a solution?
Thank you!
Solved! Go to Solution.
07-06-2020 11:56 AM
I got it working! Even after disabling BDPU and spanning-tree on port te2/4, it wouldn't ping.
I got in touch with another Cisco engineer at my company and we found that we needed both ports to be access ports, and we needed to also disable spanning-tree on VLAN 80. After that, we were able to start pinging! Here's the config for the ports after all of that:
!
interface TenGigabitEthernet2/4
switchport access vlan 80
switchport mode access
spanning-tree portfast edge
spanning-tree bpduguard disable
!
!
interface Vlan80
description Fotokem Workspace Sync
ip address 10.80.10.9 255.255.255.0
!
Followed with:
no spanning-tree vlan 80
Thank you again for all of the helpful comments and troubleshooting ideas! Great to have such knowledgable people in the Cisco community!
07-04-2020 08:07 PM - edited 07-04-2020 08:11 PM
Because Te 2/4 is a dot1q trunk.
Can you post the complete output to the command
show interface trunk
07-04-2020 08:19 PM
Full results below.
Port Mode Encapsulation Status Native vlan
Te1/7 on 802.1q trunking 1
Te2/4 on 802.1q trunking 1
Po45 on 802.1q trunking 1
Po46 on 802.1q trunking 1
Po50 on 802.1q trunking 1
Po51 on 802.1q trunking 1
Po55 on 802.1q trunking 1
Port Vlans allowed on trunk
Te1/7 1-4094
Te2/4 1-4094
Po45 1-4094
Po46 1-4094
Po50 1-4094
Po51 1-4094
Po55 1-4094
Port Vlans allowed and active in management domain
Te1/7 1,10,20,40,50,80,253
Te2/4 1,10,20,40,50,80,253
Po45 1,10,20,40,50,80,253
Port Vlans allowed and active in management domain
Po46 1,10,20,40,50,80,253
Po50 1,10,20,40,50,80,253
Po51 1,10,20,40,50,80,253
Po55 1,10,20,40,50,80,253
Port Vlans in spanning tree forwarding state and not pruned
Te1/7 1,10,20,40,50,80,253
Te2/4 1,10,20,40,50,80,253
Po45 1,10,20,40,50,80,253
Po46 1,10,20,40,50,80,253
Po50 1,10,20,40,50,80,253
Po51 1,10,20,40,50,80,253
Po55 1,10,20,40,50,80,253
07-04-2020 10:35 PM
07-04-2020 11:28 PM
I've run no shutdown on the Cisco side and it does not show as shutdown. Same with port te2/4.
On the HP I'm seeing that the VLAN and the port are up as well.
You had mentioned the 802.1q encapsulation. I thought that this was necessary for the tagging, but is there a way to disable for testing's sake? I'm not seeing anything that has disabled 802.1q entirely.
07-05-2020 10:12 AM
You tell us about the config of the Cisco switch but very little about the config of the HP. Could you share with us some details about the config of the HP?
You tell us that there is a client requirement for vlan 80 on the HP switches. It is not clear whether there is any requirement for other vlans on the HP. So I wonder what would happen if you make the HP port an access port in vlan 80 and remove the trunk command from the Cisco interface and leave the Cisco interface as an access port in vlan 80.
I have a comment about a detail of the Cisco config which is
interface TenGigabitEthernet2/4
switchport access vlan 80
switchport mode trunk
the switchport access vlan 80 would normally make this interface an access port in vlan 80. But when switchport mode trunk is configured the the access vlan 80 command is ignored and the interface becomes a trunk. If you want the interface to be a trunk I would advocate for removing the access vlan 80 command which is not used and is visually confusing.
07-05-2020 12:56 PM
Unfortunately I do not have SSH or CLI access to the HP switch. The config is done through their WebGUI, and the config is mostly what I'd mentioned before:
- VLAN 80 across all ports
- Cisco switch uplinks to port 14 on the HP OfficeConnect, and then sends its traffic to a remote HP OfficeConnect through port 13
- The connection between the local and remote HP OfficeConnect switches has been working and tested for some time.
- VLAN 80, 10.80.10.1 255.255.255.0
- Local HP OfficeConnect 10.80.10.2/24, remote HP OfficeConnect 10.80.10.3/24
There are no other requirements for VLANs on the HP switches. They were purchased and installed for this soul purpose, and have no other connections or required VLAN configurations. They just need VLAN 80 due to the constraints of IT, and they need to pass traffic from the Cisco switch.
At first I had attempted to have the ports on both ends as access ports, but when I have the switches in this configuration, the Cisco does place te2/4 into VLAN80, but then Spanning-tree blocks the port with the following error:
%SPANTREE-7-BLOCK_PORT_TYPE: Blocking TenGigabitEthernet2/4 on VLAN0080. Inconsistent port type.
Thank you for the recommendation and explanation as to the "switchport mode trunk" negating the "switchport access vlan 80". I've removed it from the config. Please excuse me for not understanding though, how do you then specify that the trunk port as part of VLAN 80?
Thank you all for the help.
07-05-2020 02:01 PM
Thanks for the additional information. It would be nice if we could get some details of how the switch port is connected that connects to your Cisco switch. Based on statements about how the HP needs vlan 80 and not mentioning any other vlan I would assume that configuring the Cisco as an access port in vlan 80 would have been appropriate. I am surprised that doing this resulted in errors about inconsistent port type. Perhaps the output of these commands on the Cisco might shed some light:
- show spanning-tree
- show interface te2/4
- show switchport te2/4
If configuring the Cisco interface as a trunk stops that error, perhaps it is worth a try leaving the Cisco as a trunk and specifying that the native vlan is vlan 80.
When you configure a Cisco switch port as a trunk then by default all active vlans are carried on that trunk. You do not need to specifically assign vlans to the trunk. As long as vlan 80 is active and not blocked by spanning tree then the trunk port will carry vlan 80.
Sometimes you might not want the trunk to carry all vlans and so there are configuration options that allow you to specify that certain specific vlans will not be carried by the trunk or to specify that only certain specific vlans will be carried by the trunk.
07-06-2020 12:41 AM
I updated te2/4 to have native VLAN 80, but still no go. I'm also quadruple checking the HP switch side, but nothing stands out as an issue that may be causing the disconnect.
Here're the results for those requested commands:
- show spanning-tree (I only included VLAN 80. If you need others, I can send those too.)
VLAN0080
Spanning tree enabled protocol rstp
Root ID Priority 32848
Address 00be.7579.3a80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32848 (priority 32768 sys-id-ext 80)
Address 00be.7579.3a80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Te1/7 Desg FWD 2 128.7 P2p
Te2/4 Desg FWD 2 128.132 P2p
Po45 Desg FWD 1 128.1325 P2p
Po46 Desg FWD 1 128.1326 P2p
Po50 Desg FWD 1 128.1330 P2p
Po51 Desg FWD 1 128.1331 P2p
Po55 Desg FWD 1 128.1335 P2p
- show interface te2/4
TenGigabitEthernet2/4 is up, line protocol is up (connected)
Hardware is Ten Gigabit Ethernet Port, address is 7426.acf0.9c0b (bia 7426.acf 0.9c0b)
MTU 1500 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 10Gb/s, link type is auto, media type is 10GBase-SR
input flow-control is on, output flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 12:00:12, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 273000 bits/sec, 105 packets/sec
8714 packets input, 1010019 bytes, 0 no buffer
Received 8661 broadcasts (7308 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
12149599 packets output, 3891246198 bytes, 0 underruns
0 output errors, 0 collisions, 6 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
- show interface switchport module 2
Name: Te2/4
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 80 (VLAN0080)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
07-06-2020 05:16 AM
Thanks for the output. Would you change te2/4 from trunk to access port in vlan 80 and then do the show switchport te2/4.
07-06-2020 10:32 AM
Of course:
Name: Te2/4
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 80 (VLAN0080)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
07-06-2020 11:56 AM
I got it working! Even after disabling BDPU and spanning-tree on port te2/4, it wouldn't ping.
I got in touch with another Cisco engineer at my company and we found that we needed both ports to be access ports, and we needed to also disable spanning-tree on VLAN 80. After that, we were able to start pinging! Here's the config for the ports after all of that:
!
interface TenGigabitEthernet2/4
switchport access vlan 80
switchport mode access
spanning-tree portfast edge
spanning-tree bpduguard disable
!
!
interface Vlan80
description Fotokem Workspace Sync
ip address 10.80.10.9 255.255.255.0
!
Followed with:
no spanning-tree vlan 80
Thank you again for all of the helpful comments and troubleshooting ideas! Great to have such knowledgable people in the Cisco community!
07-06-2020 12:29 PM
Thanks for the update. Glad to know that you got it working. It makes much better sense to me that both switches should configure the connection as an access port in vlan 80.
07-06-2020 12:48 PM
I agree, I just wasn't sure how to get past the spanning-tree port blocking it seems. This has been a great learning experience for how to get past spanning-tree.
Funny enough, once we realized it was spanning-tree on the VLAN side, my coworker went on a small rant about how much she hates spanning-tree. :D
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide