Re: vlan pruning issue

davegibelli · ‎07-05-2011

I have a 3750 connected to a 2960 with 43 vlans but it is vlan 70 that has an issue. The 3750 is the root bridge using rstp and the 2960 has the 3750 as the root via port g0/1. But the 2960 has pruned vlan 70 from the trunk to the 3750!

Why would a switch prune a vlan from a trunk port with the root bridge on it, it does not make sense.

Antonio Knox · ‎07-05-2011

post the output of the following from the 3750:

sh spanning vl 70 | i VLAN|Root|the root

And on the 2960:

sh spanning vl 70 | i VLAN|Root|the root

sh int trunk

sh vl br

sh run int gi0/1

sh vtp status

Thotsaphon Lueangwattanaphong · ‎07-05-2011

Hi,

Please post the output of "show vlan" on C2960. Does C2960 assign VLAN-70 to any ports? Does C2960 have VLAN-70 pass through any trunk ports? Please post the output of "show interface trunk" on C2960.

HTH,

Toshi

davegibelli · ‎07-05-2011

3750

CAT3750G-F2-CORE#sh sp vl 70 | i VLAN|Root|the root

VLAN0070

Root ID Priority 4166

This bridge is the root

2960

CAT2960-PBX-01#sh int trun

Port Mode Encapsulation Status Native vlan

Gi0/1 on 802.1q trunking 1

Gi0/3 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi0/1 1-4094

Gi0/3 1-4094

Port Vlans allowed and active in management domain

Gi0/1 1-2,5,14,17,20,56,70,73,76,98-101,107,110-113,121,123-124,130,140-14

3,150-153,160-163,172,180-183,212

Gi0/3 1-2,5,14,17,20,56,70,73,76,98-101,107,110-113,121,123-124,130,140-14

3,150-153,160-163,172,180-183,212

Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1-2,5,14,20,73,76,99-101,107,110-113,121,123-124,130,140-143,150-153

,160-163,172,180-183

Gi0/3 1,5,70,73,76,100,130,140-141

CAT2960-PBX-01#sh vl id 70

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

70 VLAN0070 active Gi0/1, Gi0/3

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

70 enet 100070 1500 - - - - - 0 0

Remote SPAN VLAN

----------------

Disabled

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

CAT2960-PBX-01#sh span vl 70 | i VLAN|Root|the root

VLAN0070

Root ID Priority 4166

Gi0/1 Root FWD 4 128.49 P2p

CAT2960-PBX-01#sh vl br

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi0/2, Gi0/4

2 VLAN0002 active

5 VLAN0005 active Fa0/23

14 VLAN0014 active

17 VLAN0017 active

20 VLAN0020 active

56 VLAN0056 active

70 VLAN0070 active

73 VLAN0073 active

76 VLAN0076 active

98 VLAN0098 active

99 VLAN0099 active

100 Printers active Fa0/4, Fa0/15, Fa0/29, Fa0/40

101 Printers-1 active Fa0/44

107 VLAN0107 active

110 Printers-1stfloor active

111 Printers-1st active

112 VLAN0112 active

113 printers-1st-floor active

121 Printers-2ndfloor active

123 printers-2nd active

124 Printers-2nd active

130 VLAN0130 active Fa0/16

140 Grnd-Fl-Data active Fa0/1, Fa0/2, Fa0/3, Fa0/5

Fa0/6, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Fa0/11, Fa0/12, Fa0/13

Fa0/14, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/21, Fa0/22, Fa0/24

Fa0/25, Fa0/26, Fa0/27, Fa0/28

Fa0/30, Fa0/31, Fa0/32, Fa0/33

Fa0/34, Fa0/35, Fa0/36, Fa0/37

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

Fa0/38, Fa0/39, Fa0/41, Fa0/42

Fa0/43, Fa0/45, Fa0/46, Fa0/47

Fa0/48

141 Grnd-Fl-Voice active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/17

Fa0/18, Fa0/19, Fa0/20, Fa0/21

Fa0/22, Fa0/23, Fa0/24, Fa0/25

Fa0/26, Fa0/27, Fa0/28, Fa0/29

Fa0/30, Fa0/31, Fa0/32, Fa0/33

Fa0/34, Fa0/35, Fa0/36, Fa0/37

Fa0/38, Fa0/39, Fa0/40, Fa0/41

Fa0/42, Fa0/43, Fa0/44, Fa0/45

Fa0/46, Fa0/47, Fa0/48

142 Grnd-Fl-Wireless active

143 Grnd-Fl-GWireless active

150 1st-Fl-Data active

151 1st-Fl-Voice active

152 1st-Fl-Wireless active

153 1st-Fl-GWireless active

160 2nd-Fl-Data active

161 2nd-Fl-Voice active

162 2nd-Fl-Wireless active

163 2nd-Fl-GWireless active

172 VLAN0172 active

180 Unit4-6-Data active

181 Unit4-6-Voice active

182 Unit4-6-Wireless active

183 Unit4-6-GWireless active

212 VLAN0212 active

1002 fddi-default act/unsup

1003 trcrf-default act/unsup

1004 fddinet-default act/unsup

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1005 trbrf-default act/unsup

CAT2960-PBX-01#sh run int g0/1

Building configuration...

Current configuration : 255 bytes

!

interface GigabitEthernet0/1

description 1Gbps Link to 2nd Floor Core switch CAT3750G-F2-CORE G2/0/50

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

queue-set 2

priority-queue out

mls qos trust cos

auto qos voip trust

end

CAT2960-PBX-01#sh vtp stat

VTP Version capable : 1 to 3

VTP version running : 3

VTP Domain Name : BDC-VTP-Domain

VTP Pruning Mode : Enabled

VTP Traps Generation : Disabled

Device ID : b414.89c9.5f00

Feature VLAN:

--------------

VTP Operating Mode : Client

Number of existing VLANs : 45

Number of existing extended VLANs : 0

Configuration Revision : 42

Primary ID : ecc8.8221.2180

Primary Description : CAT3750G-F2-CORE

MD5 digest : 0x7D 0xB1 0x94 0xDA 0xA0 0xFC 0x7C 0x0F

0x76 0x25 0xE0 0x7B 0x97 0x2E 0x12 0x9C

Feature MST:

--------------

VTP Operating Mode : Transparent

Feature UNKNOWN:

--------------

VTP Operating Mode : Transparent

Thotsaphon Lueangwattanaphong · ‎07-05-2011

Hi,

Please post "show cdp neighbor" and "show run int g0/3" on C2960. I just want to know which devices are connecing to C2960. not just C3750. And That device has used VLAN-70 or not.

Toshi

davegibelli · ‎07-05-2011

CAT2960-PBX-01#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID

CAT2960-PBX-02

Gig 0/3 176 S I WS-C2960- Gig 0/3

SEPe05fb9c4b086 Fas 0/13 130 H P M IP Phone Port 1

SEPc471fe43a13b Fas 0/37 141 H P M IP Phone Port 1

SEPe05fb9c4a960 Fas 0/19 124 H P M IP Phone Port 1

SEPe05fb9c4a824 Fas 0/14 165 H P M IP Phone Port 1

SEPe05fb9c4a944 Fas 0/23 134 H P M IP Phone Port 1

SEPe05fb9c4a946 Fas 0/27 165 H P M IP Phone Port 1

SEPe05fb9c4a821 Fas 0/7 143 H P M IP Phone Port 1

SEPe05fb9c4ac4b Fas 0/2 174 H P M IP Phone Port 1

SEP588d09724f5e Fas 0/34 164 H P M IP Phone Port 1

SEPe05fb9c4ac3f Fas 0/9 174 H P M IP Phone Port 1

SEPc471fe43a19a Fas 0/18 159 H P M IP Phone Port 1

SEPe05fb9c4ad1d Fas 0/10 142 H P M IP Phone Port 1

SEPe05fb9c4ab4e Fas 0/22 121 H P M IP Phone Port 1

SEP588d09724db7 Fas 0/30 177 H P M IP Phone Port 1

SEPe05fb9c4ae08 Fas 0/21 140 H P M IP Phone Port 1

SEPe05fb9c4a78e Fas 0/33 177 H P M IP Phone Port 1

SEPe05fb9c4ac40 Fas 0/12 120 H P M IP Phone Port 1

SEPe05fb9c4aefd Fas 0/5 134 H P M IP Phone Port 1

SEPc471fe4379e2 Fas 0/17 144 H P M IP Phone Port 1

SEPe05fb9c4ad31 Fas 0/8 166 H P M IP Phone Port 1

SEPc471fe43748e Fas 0/31 154 H P M IP Phone Port 1

SEPe05fb9c4ae07 Fas 0/24 158 H P M IP Phone Port 1

SEPe05fb9c4aefa Fas 0/11 137 H P M IP Phone Port 1

CAT3750G-F2-CORE

Gig 0/1 144 R S I WS-C3750G Gig 2/0/50

CAT2960-PBX-01#sh run int g0/3

Building configuration...

Current configuration : 252 bytes

!

interface GigabitEthernet0/3

description 1Gbps Link to Gnd Floor Access switch CAT2960-PBX-02 G0/3

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

queue-set 2

priority-queue out

mls qos trust cos

auto qos voip trust

end

Thotsaphon Lueangwattanaphong · ‎07-05-2011

Hi,

Okay CAT2960-PBX-01 has not assigned VLAN-70 to any active ports. Time to check CAT2960-PBX-02. It's the same thing. If CAT2960-PBX-02 has not assigned VLAN-70 to any active ports and no VLAN-70 passed through trunk ports. CAT3750G-F2-CORE should prune VLAN-70 on G0/1.

Please post "show vlan" , "show cdp neighbor" , "show vtp status" and "show interface trunk" on CAT2960-PBX-02.

I have to do this because I want to make sure that pruning is working correctly or not.

Toshi

Antonio Knox · ‎07-06-2011

I noticed that in your vtp status (2960) you have pruning enabled. This feature is inherited from the VTP server.

VTP Pruning Mode : Enabled

If you connect a host on a Vlan 70 assigned access port vlan 70 will no longer be pruned on the trunk(s). This is actually the way that pruning is supposed to work. If there are no ports associated with a particular vlan on the switch that vlan will be pruned on the trunk. If you notice in the 'show int trunk' output vlan 70 is only missing in the 'Vlans in spanning tree forwarding state and not pruned' section.

More on VTP Pruning:

http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml#vtp_pruning

Hope that helps.

davegibelli · ‎07-06-2011

thotsaphon/Antonio

You can see that the next switch has not pruned vlan 70

I cannot believe a switch should prune a vlan if it does not have any access port in a vlan but a trunk passing through does have mac addresses in vlan 70.

Either I am missing something obvious or this is a bug in the version of ios or the 2960 hardware!

Pruning is only supposed to stop unknown traffic from being broadcast down a trunk that has NO mac addresses as the next switch has no active ports in the vlan. This is not the case here.

CAT2960-PBX-02#sh int trun

Port Mode Encapsulation Status Native vlan

Gi0/1 on 802.1q trunking 1

Gi0/3 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi0/1 1-4094

Gi0/3 1-4094

Port Vlans allowed and active in management domain

Gi0/1 1-2,5,14,17,20,56,70,73,76,98-101,107,110-113,121,123-124,130,140-14

3,150-153,160-163,172,180-183,212

Gi0/3 1-2,5,14,17,20,56,70,73,76,98-101,107,110-113,121,123-124,130,140-14

3,150-153,160-163,172,180-183,212

Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1-2,5,14,17,20,56,70,73,76,98-101,107,110-113,121,123-124,130,140-14

3,150-153,160-163,172,180-183,212

Gi0/3 1-2,5,14,17,20,56,70,73,76,98-101,107,110-113,121,123-124,130,140-14

3,150-153,160-163,172,180-183,212

davegibelli · ‎07-06-2011

This is very odd, the switch is a client but it has a different setting for pruning to all the others in the vtp domain - why?

CAT2960-PBX-02#sh vtp stat

VTP Version capable : 1 to 3

VTP version running : 3

VTP Domain Name : BDC-VTP-Domain

VTP Pruning Mode : Disabled <---------------------------------------------

VTP Traps Generation : Disabled

Device ID : f025.72de.2a80

Feature VLAN:

--------------

VTP Operating Mode : Client <-----------------------------------------------

Number of existing VLANs : 45

Number of existing extended VLANs : 0

Configuration Revision : 42

Primary ID : ecc8.8221.2180

Primary Description : CAT3750G-F2-CORE

MD5 digest : 0x7D 0xB1 0x94 0xDA 0xA0 0xFC 0x7C 0x0F

0x76 0x25 0xE0 0x7B 0x97 0x2E 0x12 0x9C

Feature MST:

--------------

VTP Operating Mode : Transparent

Feature UNKNOWN:

--------------

VTP Operating Mode : Transparent

lgijssel · ‎07-06-2011

You should check the config revison and the number of vlans on the vtp server and other clients to see if they are the same.

Then create a dummy vlan and delete it again on the vtp server. The config rev should now increase on all clients.

If not, there may be an incorrect vtp password on switch CAT2960-PBX-02 which will prevent it from receiving updates.

The command: "sh vtp passw" will show the current password if any.

regards,

Leo