cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7296
Views
0
Helpful
42
Replies
samador382
Beginner

VLAN is being blocked

Hi there,

I have little experience with Cisco equipment. As of right now I am trying to connect (trunk I believe) two switches together. The main switch is a 3560 and the other is a catalyst 2950. Someone setup a VLAN on port 48 of the 3560. I want to connect a switch to that port so I can have multiple devices plugged in. First off, is this even possible? Secondly, if it is,how do I go about successfully connecting the two switches?

This is what I have done so far. 

On switch 3560 (main switch) the VLAN is 30. (This was created by someone else)

I created VLAN 30 on the 2950 with the range of all ports (1-24) in that VLAN.

Then I set fa0/1 to trunk mode. When the line came back up I got this error.

21:34:39: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan i       d 30 on FastEthernet0/1 VLAN1.

21:34:39: %SPANTREE-2-BLOCK_PVID_PEER: Blocking FastEthernet0/1 on VLAN0030. Inc       onsistent peer vlan.

21:34:39: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/1 on VLAN0001. In       consistent local vlan.

MYSWITCH#

Again, I have no clue what this is and I would really appreciate some help.

Thanks for looking!

-SA

42 REPLIES 42
casanavep
Participant

what is the "native" VLAN on each end?  Can you send us a "show run interface" for each switch's port used for this interconnect (i.e. show run interface f0/1)?

One moment please. That will take a few minutes. Thank you for looking.

No problem.  I ask for the show run interface because other configuration lines needed to appropriately "trunk" between these two switches may also be missing.

On the 2950

MYSWITCH#show running-config interface fa0/1

Building configuration...

 

Current configuration : 98 bytes

!

interface FastEthernet0/1

 switchport access vlan 30

 switchport mode trunk

 no ip address

end

 

MYSWITCH#

ON THE (main switch) 3560

#show run interface fa0/48

Building configuration...

 

Current configuration : 323 bytes

!

interface FastEthernet0/48

 description Data and Voice

 switchport access vlan 30

 switchport mode access

 switchport voice vlan 2

 srr-queue bandwidth share 10 10 60 20

 srr-queue bandwidth shape  10  0  0  0

 mls qos trust device cisco-phone

 mls qos trust cos

 auto qos voip cisco-phone

 spanning-tree portfast

end

Thanks again

Ok, so first notice two issues on "THE (main switch) 3560"

- switchport mode access    <-- manually set to access, not a trunk

- spanning-tree portfast       <-- portfast enabled, which disabled spanning-tree n the port, never want this on a trunk as it creates a LAN loop friendly environment.  Try the following on both switches:

On "MYSWITCH"  / 2950, paste the following:

   conf t

   int FastEthernet0/1

     desc Trunked Uplink to 3560 Port 48

     no switchport access vlan 30

   end

   wr mem

On "(main switch) 3560", paste the following:

  conf t

  interface FastEthernet0/48

   shut

   description Trunked Downlink to 2950 port 48

   no  auto qos voip cisco-phone

   no switchport access vlan 30

   switchport encapsulation dot1q

   switchport mode trunk

   no switchport voice vlan 2

   auto qos trust

   no spanning-tree portfast

   no shut

  end

  wr mem

!

Ah! Ok. 

Does this part disable the ability to plug in phones to the  2950 switch and have them "work"?

"no  auto qos voip cisco-phone"

That just tells the port to not put best practice QoS features on the individual port for cisco-phones (if a phone is discovered on the port via CDP).  Since this port will now be a trunk, you want to "trust" the QoS markings and use best practice QoS policies if you want to use the "auto qos" feature.    So, the port goes from having "auto qos voip cisco-phone" to using "auto qos voip trust", sorry think I left off the voip on my config recommendation.  Did these configurations resolve your issues and please let me know if there is anything else I can help you understand on the scripts. 

Please ensure none of your switch to switch links have that "spanning-tree portfast" command, as that definitely can make life very painful for you.  You also may want to look at using the "spanning-tree bpduguard enable" command on ports going to users, since you are using the portfast command.  Now, you want to ensure this is only used on ports directly connecting to your users PCs or phones, as this will shutdown ports if someone plugs in a rouge switch. 

When I pasted the script into the main switch I got the error that it was being blocked. When I pasted the script into the 2nd switch I got no error. It said OK.

on both switches, you can now do a "show interface trunk" command.  in the first section, you want to see that both switches show their ports in "trunking" status.  In the last section (Vlans in spanning tree forwarding state and not pruned), you want to see that the VLANs you need are being actively forwarded between the switches.  

Switch2

#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-4094

Port Vlans allowed and active in management domain
Fa0/1 1,30

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,30

Main switch

#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Fa0/45 on 802.1q trunking 16
Gi0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/45 1-4094
Gi0/1 1-4094

Port Vlans allowed and active in management domain
Fa0/45 1-3,10,12,14,16-18,26,30
Gi0/1 1-3,10,12,14,16-18,26,30

Port Vlans in spanning tree forwarding state and not pruned
Fa0/45 1-3,10,12,14,16-18,26,30
Gi0/1 1-3,10,12,14,16-18,26,30

can you send an updated "show interface  fa#/#" and "show run interface  fa#/#" for each port from each switch, with the #/# being the port specific to this link on each switch?

I will. Just a few minutes.

Enter

Switchport trunk encapsulation dot1q
auto qos voip trust
switchport mode trunk

Rather than the commands:

switchport encapsulation dot1q
auto qos trust
switchport mode trunk



Should get you where you want to go.  Now, here's the rub - this will allow you to pass VLANs between the two switches - but you'll still have to examine the configuration of the rest of the switch ports on the 2950 to make sure that the endpoint devices are being associated with the right VLAN(s).

So is this the command I am running altogether?

conf t

  interface FastEthernet0/48

   shut

   description Trunked Downlink to 2950 port 48

   no  auto qos voip cisco-phone

   no switchport access vlan 30

  Switchport trunk encapsulation dot1q

  switchport mode trunk

   no switchport voice vlan 2

   auto qos voip trust

   no spanning-tree portfast

   no shut

  end

  wr mem

 -----OR ONLY----------

Switchport trunk encapsulation dot1q
auto qos voip trust
switchport mode trunk