Solved: vlan traffic not traversing fiber link

simon.howard · ‎10-05-2016

Hi, got a problem thats driving my nuts so need some advise. I have two office spaces (call them Office-A and Office-B) about 150 feet apart. Office-A has 5 x c3650-48tq switches stacked via stacking module with 3 x Meraki MR18 AP's coming off them. Theres about 8 vlans working on this stack with vlan2 allocated to internet access on a dedicated firewall port. The MR18's are configured to connect to this vlan so wifi traffic is segregated from network traffic for security reasons.

This stack is connected to Office-B which has 2 x c3650-48tq's and 1 x MR18, via a 10gigabit fibre line. Normal network traffic works fine, users can login without a problem. The issue is I cant get vlan2 to appear on the Office-B switch stack so the MR18 can make use of it. Wifi traffic is miggling with vlan1 traffic which I dont want.

I've set both ends of the fibre line to trunk ports but everytime I try adding the AP's interface to vlan2, (command below) it drops off the network and shutsdown. There isnt a managemtn ip on Office-B's stack yet but I dont think that would be the issue so what am I missing?

Interface gig 2/0/47

Switchport mode access

Switchport access vlan 2

aegirgylfa · ‎10-05-2016

Did you advertise the Vlan via VTP? if so are the domain and password correct?

View solution in original post

aegirgylfa · ‎10-05-2016

Did you advertise the Vlan via VTP? if so are the domain and password correct?

simon.howard · ‎10-06-2016

Hi, seems the Office-A stack has not been configured (previous engineers work) with a VTP domain or password. Apart from the rest of the config it's got an ip address (192.168.85.160 255.255.254.0) assigned to vlan1 and thats it.

So I theorize that to correct it I would need to run this on Office-A:

vtp mode server

Set vtp domain-name name

Then this on Office-B:

vtp mode transparent - (to make sure the revision number is lower than the master switch)

vtp mode client

interface Vlan1

ip address 192.168.85.161 255.255.254.0

My only worry is by setting the domain up and making sure the active switch is a server am I running a risk of wiping out the existing vlan information on a second switch underneath it? It's a close mirror of the master switch with some slight differences on vlan assignment. I do have the vlans mapped but i'd rather get it right first time than put ports back into vlans and then deal with errors from lose of connectivity to services.

aegirgylfa · ‎10-06-2016

Hi,

if you want Office A to be the server and distribute the vlans to Office B, then make sure the"Configuration Revision" number is higher on Office A and lower on Office B.

if the number is higher on office B then change the domain name to .e.g. temp and change it again. Then the Revision number should be 0.

to get a higher number on Office A, you have to create fake vlans.

e.g.

# vlan 10

# int vlan 10

# ip addr 10.10.10.1 255.0.0.0

#no vlan 10

do this a couple of time, then you should see the revision number rise.

simon.howard · ‎10-06-2016

here are the configs for you

Georg Pauwen · ‎10-07-2016

On a side note, and in addition to all the other useful posts, make sure the VTP version on all switches matches:

Switch#show vtp status

simon.howard · ‎10-11-2016

ok i've attached some screen grabs of when i tried to modify the vtp version, which didnt go so well :(

Georg Pauwen · ‎10-11-2016

Hello,

in order to change the VTP version, change it to server or transparent mode first:

Switch#conf t

Switch(config)#vtp mode transparent OR vtp mode server

Switch(config)#vtp version 2

simon.howard · ‎10-11-2016

sorry tried it, didnt work, (ive attached screen grabs). Im starting to think that for some dumb reason its insisting on a vtp domain name being present. Setting one up isnt a problem on the server switch, im just concerned that theres a risk of vlan information on the 1st client switch will get wiped out. Is there that risk present?

Georg Pauwen · ‎10-11-2016

Hello,

VTP version 2 is sufficient, as you don't need extended VLANs (or a domain), or even VTP version 1. The important thing is that all switches run the same version. Changing the VTP version to 1 or 2 on the switches doesn't work either after putting the switches in transparent mode first ?

simon.howard · ‎10-11-2016

no it doesn't. I've double checked and everything is running vtp version 2 now.

Georg Pauwen · ‎10-11-2016

Hello Simon,

if all VTP versions on all switches are the same, provided the up and downlink ports are configured correctly as well, as 'sh vtp status' should show, in theory, the same amount of VLANs on all switches.

Can you post the configs of all three switches, and mark the uplink and downlink ports ?

simon.howard · ‎10-11-2016

here you go. I've highlighted the trunking ports in red

Richard Burts · ‎10-11-2016

Thank you for posting this output. It does clearly point to the problem. In office b the only vlan that exists is vlan 1. That is the problem.

There are at least two ways that you can fix this problem. You could figure out why vtp is not propagating the vlans. Or you can manually configure the vlans on office b. My personal opinion would favor manually configuring the vlans but you are welcome to take the vtp route if you prefer that. For an environment that has only two switch stacks I consider vtp to not be worth the effort. But you are welcome to choose whichever path you choose for correcting the problem.

HTH

Rick

HTH

Rick

simon.howard · ‎10-11-2016

I know vlan1 is the only vlan present as its the default vlan. the problem is that vlan information isnt traversing the fiber link and manually creating vlans in Office-B wouldnt fix the problem. data from the wifi ap needs to flow in a dedicated vlan back to Office-A so it can go out the firewall seperately from production traffic, with no firewall in Office-B creating a vlan2 on that end isnt an option.