Solved: VLAN interface down/down - Page 2

wavess · ‎03-29-2022

Hi All

First post on here. Created vlan, then vlan interface, assigned ports, and status says down/down. I'm stuck. I've read other posts on this topic. Tried recreating everything, and still the same. At one point yesterday I got it to say up/down, but now its back to down/down. It is not admin down. And it appears to be flapping. Here is output from the show log command, and from show ip int brief, and from show vlan brief. Thanks for any suggestions.

Stephen

show log:

024393: Mar 27 18:42:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down
024395: Mar 27 18:42:33: %LINK-3-UPDOWN: Interface Vlan53, changed state to up
024397: Mar 27 18:42:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to up
024399: Mar 27 21:45:12: %LINK-3-UPDOWN: Interface Vlan53, changed state to down
024401: Mar 27 21:45:13: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down
024431: Mar 28 11:28:48: %LINK-3-UPDOWN: Interface Vlan53, changed state to up
024433: Mar 28 11:28:49: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to up
024435: Mar 28 11:29:26: %LINK-3-UPDOWN: Interface Vlan53, changed state to down
024437: Mar 28 11:29:27: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down
024439: Mar 28 11:29:34: %LINK-3-UPDOWN: Interface Vlan53, changed state to up
024441: Mar 28 11:29:35: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to up
024443: Mar 28 11:30:28: %LINK-3-UPDOWN: Interface Vlan53, changed state to down
024445: Mar 28 11:30:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down
024467: Mar 28 12:04:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down
024486: Mar 28 15:53:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to up
024488: Mar 28 15:54:30: %LINK-3-UPDOWN: Interface Vlan53, changed state to down
024490: Mar 28 15:54:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down
024494: Mar 28 15:58:09: %LINK-3-UPDOWN: Interface Vlan53, changed state to up
024496: Mar 28 15:58:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to up
024498: Mar 28 15:59:03: %LINK-3-UPDOWN: Interface Vlan53, changed state to down
024500: Mar 28 15:59:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down
024514: Mar 28 16:52:08: %LINK-3-UPDOWN: Interface Vlan53, changed state to up
024516: Mar 28 16:52:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to up
024518: Mar 28 16:52:56: %LINK-3-UPDOWN: Interface Vlan53, changed state to down
024520: Mar 28 16:52:57: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down
024522: Mar 28 16:53:25: %LINK-3-UPDOWN: Interface Vlan53, changed state to up
024524: Mar 28 16:53:26: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to up
024526: Mar 28 16:53:46: %LINK-3-UPDOWN: Interface Vlan53, changed state to down
024528: Mar 28 16:53:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down
024538: Mar 28 20:24:56: %LINK-3-UPDOWN: Interface Vlan53, changed state to up
024540: Mar 28 20:24:57: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to up
024542: Mar 28 20:27:59: %LINK-3-UPDOWN: Interface Vlan53, changed state to down
024544: Mar 28 20:28:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down

show vlan brief:

53 EMS_INTERNET_ONLY active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi2/0/4

show ip int brief:

Vlan53 10.5.3.1 YES manual down down

MHM Cisco World · ‎03-29-2022

...

Richard Burts · ‎03-29-2022

As I was reading the original post and saw so many up and down messages I wondered if there might be an issue with spanning tree. But as the discussion evolved it becomes pretty clear that this is not about spanning tree.

@Jon Marshall made an excellent point about the 2 requirements for an SVI to be in the up state. If you do not want to use a trunk in your implementation then it is very important that you have at least one device connected in that vlan and running. I suggest that in working on this problem your most valuable tool will be the command show interface status, which will show the interfaces, what vlan they are assigned to, and whether at least one is in the up state.

HTH

Rick

MHM Cisco World · ‎03-29-2022

He connect pc and port immediately shut down, if he not know what make port shut down there is chance of make whole netwrok down.

He must know why port shut down first.

It may be stp or other protocol make vlan down and port down.

He can assign differnt work vlan to port and connect pc if port still up then go to troubleshoot vlan.

But he take specific track by allow vlan in trunk.

wavess · ‎03-29-2022

update:

1. went to plug a device in, still would not get an IP. interface was flapping per the log after the device got plugged in (see below).

2. added the vlan to a trunk interface that it doesn't belong on just to see what happens. result: interface vlan 53 comes up. before it was down/down.

3. pc plugged into vlan 53 gets a good ip, good dns, good default gateway (the vlan interface.)

4. pc cannot get on the internet. pc cannot be pinged. pc cannot ping default gateway.

maybe this is something with ospf? its a L3 switch with ospf running on all interfaces.

024667: Mar 29 13:54:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/45, changed state to up
024668: Mar 29 13:56:25: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: mtech] [Source: 10.4.1.10] [localport: 22] at 13:56:25 CDT Tue Mar 29 2022
024669: Mar 29 13:56:27: %SYS-6-LOGOUT: User mtech has exited tty session 2(10.4.1.10)
024670: Mar 29 13:56:57: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/45, changed state to down
024671: Mar 29 13:56:58: %LINK-3-UPDOWN: Interface Vlan53, changed state to down
024672: Mar 29 13:56:58: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/45, changed state to down
024673: Mar 29 13:56:59: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down
024674: Mar 29 13:57:05: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/45, changed state to up
024675: Mar 29 13:57:05: %LINK-3-UPDOWN: Interface Vlan53, changed state to up
024676: Mar 29 13:57:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/45, changed state to up
024677: Mar 29 13:57:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to up
024678: Mar 29 13:57:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/45, changed state to down
024679: Mar 29 13:57:18: %LINK-3-UPDOWN: Interface Vlan53, changed state to down
024680: Mar 29 13:57:18: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/45, changed state to down
024681: Mar 29 13:57:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down
024682: Mar 29 13:57:22: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/45, changed state to up
024683: Mar 29 13:57:22: %LINK-3-UPDOWN: Interface Vlan53, changed state to up
024684: Mar 29 13:57:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/45, changed state to up
024685: Mar 29 13:57:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to up
024686: Mar 29 13:57:58: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/45, changed state to down
024687: Mar 29 13:57:59: %LINK-3-UPDOWN: Interface Vlan53, changed state to down
024688: Mar 29 13:57:59: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/45, changed state to down
024689: Mar 29 13:58:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan53, changed state to down
024690: Mar 29 14:00:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/4, changed state to down
024691: Mar 29 14:00:03: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/4, changed state to down
024692: Mar 29 14:00:06: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/4, changed state to up

wavess · ‎03-29-2022

update:

I had this ACL on the interface vlan. when i removed the ACL, the user could get internet access. i thought this was the correct ACL for internet only traffic. not sure what protocol is here, do I mark this as solved and open a new question on ACLs? I want to follow protocol for the cisco community.

Extended IP access list INTERNET_ONLY
10 permit udp any any eq bootps
20 permit udp any any eq domain
30 permit tcp any any eq domain
40 permit tcp any any eq www
50 permit tcp any any eq 443

Jon Marshall · ‎03-29-2022

That acl should work.

You applied it inbound on the SVI ?

Jon

wavess · ‎03-30-2022

Jon

Yes, it is applied inbound. The pcs are getting a good ip, dns, and gateway, but no internet access. per the recommendation of Richard Burts, i'm gonna mark this issue as solved and start a new thread on the ACL.

In summary, i think this is the solution Jon was saying and Rich echoed. I didn't change any config on my end with this, but it is now working for some reason (gosh that's frustrating wish I knew why.) At any rate, will post a new topic on the ACL. thank you everyone.

SOLUTION:

create l2 vlan

creat l3 vlan interface

assign ports to vlan

a device must be on and plugged into the network so that you have an interface that is up in order for the vlan interface to come up, or the vlan must be on a trunk interface. this will get the vlan interface to come up.

Richard Burts · ‎03-30-2022

Your summary of the Solution is spot on. So +5 for that.

You say "I didn't change any config on my end with this, but it is now working for some reason (gosh that's frustrating wish I knew why.)" My best guess of the cause is that originally you did not have an active device/computer connected to a switch port that was assigned to that vlan.

I see your new post about the acl and have responded in the new discussion. I think this is a very appropriate way to go at the question.

HTH

Rick

wavess · ‎03-30-2022

Jon, thanks for your comments and helping me.

Richard Burts · ‎03-29-2022

Thanks for the update. It is interesting that when the ACL is removed that the user does have Internet access. So the ACL seems to be the issue.

The question from Jon about whether the ACL was applied inbound or outbound is a very good question. If the ACL had been applied outbound it certainly would have been a problem. Clarification of this would be appreciated.

Your question about protocols for the community is an interesting one and I am not sure that there is really a "correct" answer. There have been several parts of your problem (why is the vlan interface not going to the up status, why does a user not have Internet access) and it seems that both have been resolved. So marking the discussion as solved would certainly be appropriate. What to do with further questions about ACL is less clear. On the one hand if the question about ACL is about this situation, then there may be context in this post that would be helpful and continuing the discussion here is appropriate. On the other hand if the question about ACL is a more broad question, then starting a new discussion would be appropriate. My opinion would lean toward starting a new discussion. But the choice is your - and whatever you choose will be an appropriate decision.

HTH

Rick

wavess · ‎03-30-2022

Rich, your comments have been helpful, thank you.