cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
414
Views
0
Helpful
9
Replies
Highlighted
Beginner

VLAN Traffic on 9200L Stack

Disclaimer: I know a bit about Cisco switches, but I will be the first to admit that there is a LOT that I do not know. So, please bear with me with something that may be a very long description of what ends up being a very simplistic issue.

 

I have a stack which consists of 3 C2960 switches that are being replaced with 3 C9200 switches. I have the stack configured so that both stacks are basically identical, with changes being made to the IP addresses and such to avoid any conflicts while I am migrating.

For the most part (or at least from what I can tell) everything is working as it should.  Port VLAN assignments (access mode) are working just fine, traffic is passing between VLANs without issue, etc. However, I am running into an issue when I connect a managed switch into the port I have configured for it.

The switch that I am connecting is a Netgear GS350 8-Port Managed Switch. There are 3 different VLANs set up on the switch:

  • ID 10 - Servers
  • ID 26 - Printers
  • ID 251 - Network Management

That device works exactly as intended. I can ping it, log into the network management interface, etc. The devices connected to the ports assigned as VLAN10 and 26 are working fine.  This tells me that the Netgear switch is configured properly.

That switch is connected to GI2/0/8 on the existing C2960 stack, and I have that same port configured to match on my new C9200 stack.  Here is the config for that port:

Existing Stack:

interface GigabitEthernet2/0/8
 description Managed Switch - IT Office
 switchport trunk native vlan 251
 switchport trunk allowed vlan 10,26,251
 switchport mode trunk
 spanning-tree portfast trunk
end

New Stack:

interface GigabitEthernet2/0/8
 description Managed Switch - IT Office
 switchport trunk native vlan 251
 switchport trunk allowed vlan 10,26,251
 switchport mode trunk
 spanning-tree portfast trunk
end

When I move the cable from 2/0/8 on the old/existing stack to the new stack, everything works as expected for all of the devices connected on there on VLANs 10 and 26, however I am unable to communicate with the Netgear switch on VLAN251. I know the switch is there, because I can talk to the devices beyond it.

When I look at the mac address-table for that port, it shows the devices and VLANs:

CORE-STACK#show mac address-table int Gi2/0/8
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 251    2880.88df.835b    DYNAMIC     Gi2/0/8
  10    0018.ae90.b510    DYNAMIC     Gi2/0/8
  10    f8bc.4100.485b    DYNAMIC     Gi2/0/8
  26    0017.c880.0822    DYNAMIC     Gi2/0/8
Total Mac Addresses for this criterion: 4

The device on VLAN 251 is the switch.

Looking at the VLAN config on both switches, they are also identical:

interface Vlan251
 ip address 172.16.251.50 255.255.255.0
end

It isn't that complicated of an interface :)

The ONLY thing that I can see different between the two switches is when I do a 'sh vlan'.

Old (Existing) stack:

CORE-SWITCH#sh vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi2/0/2, Gi2/0/8, Gi2/0/47
                                                Gi2/0/50, Gi3/0/49, Gi3/0/50
                                                Gi3/0/51, Gi3/0/52

New Stack:

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/40, Gi1/0/42, Te1/1/2
                                                Te1/1/3, Te1/1/4, Gi2/0/2
                                                Gi2/0/40, Gi2/0/42, Gi2/0/47
                                                Gi2/0/48, Gi2/1/1, Gi2/1/2
                                                Gi2/1/3, Gi2/1/4, Gi3/0/2
                                                Gi3/0/20, Gi3/0/40, Gi3/0/42
                                                Gi3/1/1, Gi3/1/2, Gi3/1/3
                                                Gi3/1/4

I truncated everything after VLAN 1, mainly due to the remaining VLANs having the same issue (the ports listed for each vlan are widly different between the 2 stacks)

The new stack has more interfaces in VLAN 1, even though the configuration for each interface is exactly the same on both setups. This may be because I only have 3 ports occupied on the new stack (Gi2/0/8 for the Netgear switch, GI2/0/21 for my computer, and Te1/1/1 [switchport mode trunk] for the uplink to the rest of the network). Or, it could be for a myriad of other reasons that I am not aware of.

I have attached the config for each stack to this as well, as there is a very good chance that there is something that I am simply overlooking.

Does anyone have any ideas what I may be overlooking?  I am absolutely stumped at this point.

9 REPLIES 9
Highlighted
Enthusiast

a couple of things to look at:

show log and see if anything relevant shows up

 

on the 9200, do a sho span int g2/0/8 det

 

and check the state there. I do notice in your new switch config file that on 2/0/8 the native vlan 251 is not there. 

Highlighted
Hall of Fame Expert

Looking at the configuration of the new stack. command 

switchport trunk native vlan 251 is missing. See below:
interface GigabitEthernet2/0/8
 description Managed Switch - IT Office
 switchport trunk allowed vlan 10,26,251
 switchport mode trunk
 spanning-tree portfast trunk

 HTH

Highlighted


@Reza Sharifi wrote:

Looking at the configuration of the new stack. command 

switchport trunk native vlan 251 is missing. See below:
interface GigabitEthernet2/0/8
 description Managed Switch - IT Office
 switchport trunk allowed vlan 10,26,251
 switchport mode trunk
 spanning-tree portfast trunk

 HTH


@Reza Sharifi 

I have tried it with and without the native vlan in the config on that interface. It fails each way. I did put it back in place after initially posting the message, however.

@cmarva 

show log doesn't give me anything useful (it shows the same information that I see in the console window when I bring an interface up or down)

The spanning-tree detail is as follows:

CORE-STACK#show spanning-tree interface GigabitEthernet 2/0/8 detail
 Port 104 (GigabitEthernet2/0/8) of VLAN0010 is designated forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.104.
   Designated root has priority 32768, address 2880.88df.8e49
   Designated bridge has priority 32778, address 9077.ee8b.5c80
   Designated port id is 128.104, designated path cost 8
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   The port is in the portfast mode by portfast trunk configuration
   Link type is point-to-point by default
   BPDU: sent 155, received 0

 Port 104 (GigabitEthernet2/0/8) of VLAN0026 is designated forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.104.
   Designated root has priority 32794, address 64d9.899e.9980
   Designated bridge has priority 32794, address 9077.ee8b.5c80
   Designated port id is 128.104, designated path cost 2
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   The port is in the portfast mode by portfast trunk configuration
   Link type is point-to-point by default
   BPDU: sent 155, received 0

 Port 104 (GigabitEthernet2/0/8) of VLAN0251 is designated forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.104.
   Designated root has priority 33019, address 64d9.899e.9980
   Designated bridge has priority 33019, address 9077.ee8b.5c80
   Designated port id is 128.104, designated path cost 2
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   The port is in the portfast mode by portfast trunk configuration
   Link type is point-to-point by default
   BPDU: sent 155, received 0
CORE-STACK#

 

Highlighted

Can you try this config and test:

Basically delete vlan 251 from the trunk port and leave just 10 and 26

 

interface GigabitEthernet2/0/8

description Managed Switch - IT Office

switchport trunk allowed vlan 10,26

switchport mode trunk

spanning-tree portfast trunk
swtchport trunk native vlan 251

Highlighted


@Reza Sharifi wrote:

Can you try this config and test:

Basically delete vlan 251 from the trunk port and leave just 10 and 26

 

interface GigabitEthernet2/0/8

description Managed Switch - IT Office

switchport trunk allowed vlan 10,26

switchport mode trunk

spanning-tree portfast trunk
swtchport trunk native vlan 251


I see where you are going there, and I had high hopes for it, because that is one scenario I hadn't already tested.

 

New config for that interface:

CORE-STACK#show run int Gi2/0/8
Building configuration...

Current configuration : 202 bytes
!
interface GigabitEthernet2/0/8
 description Managed Switch - IT Office
 switchport trunk native vlan 251
 switchport trunk allowed vlan 10,26
 switchport mode trunk
 spanning-tree portfast trunk
end

Then when I try to ping the netgear on the other end:

CORE-STACK#ping 172.16.251.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.251.6, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

My hopes were not high enough :)

Highlighted

interface Vlan251
 ip address 172.16.251.50 255.255.255.0

Is interface vlan 251 in up and up mode. You can see it using "sh ip int brief vlan 251"

Also, is native vlan the same (251) on the Netgear?

Can you post the interface config? 

HTH

Highlighted


@Reza Sharifi wrote:
interface Vlan251
 ip address 172.16.251.50 255.255.255.0

Is interface vlan 251 in up and up mode. You can see it using "sh ip int brief vlan 251"

Also, is native vlan the same (251) on the Netgear?

Can you post the interface config? 

HTH


@Reza Sharifi 

CORE-STACK#sh ip int brief vlan 251
Interface              IP-Address      OK? Method Status                Protocol
Vlan251                172.16.251.50   YES NVRAM  up                    up

The interface is up/up. And the config for it is basically what you already posted:

CORE-STACK#show run int vlan 251
Building configuration...

Current configuration : 65 bytes
!
interface Vlan251
 ip address 172.16.251.50 255.255.255.0
end

Unless I misunderstood and there is another configuration that you are looking for.

Highlighted

From the switch, can you ping 

172.16.251.6 with source of 172.16.251.50?

 Also, what happens if you connect a PC to the Netgrear switch and put it in vlan 251? can you ping the switch IP?

Highlighted


@Reza Sharifi wrote:

From the switch, can you ping 

172.16.251.6 with source of 172.16.251.50?

 Also, what happens if you connect a PC to the Netgrear switch and put it in vlan 251? can you ping the switch IP?


@Reza Sharifi 

In response to your ping question: I cannot ping .6 with a source of .50

CORE-STACK#ping
Protocol [ip]:
Target IP address: 172.16.251.6
...
Extended commands [n]: y
Ingress ping [n]:
Source address or interface: 172.16.251.50
...
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.251.6, timeout is 2 seconds:
Packet sent with a source address of 172.16.251.50
.....
Success rate is 0 percent (0/5)

So, I started to play around some more, hoping to find something that I missed.

Here are a few things I tried this morning when I arrived at the office:

  • I set up Gi2/0/10 as follows:
    interface GigabitEthernet2/0/10
     switchport access vlan 251
     switchport mode access
     spanning-tree portfast
    end
  • I connected my workstation to that port and received an IP from my DHCP server on 172.16.10.15
  • I sent out a few pings from my workstation, and this is the result
    • ping 172.16.251.1 (VLAN Gateway)
      • Success
    • ping 172.16.251.50 (VLAN IP on Cisco Stack)
      • Success
    • ping 172.16.251.6 (Netgear Switch on port Gi2/0/8)
      • Fail
    • ping 172.16.26.4 (Printer connected to port 3 of the Netgear Switch, assigned to VLAN26)
      • Success
  • Now I connected my workstation to port 8 of the Netgear switch (set up as VLAN251)
    • Fail to get address from DHCP Server
    • Set IP Manually to 172.16.251.199 255.255.255.0 gw 172.16.251.1
      • ping 172.16.251.1 (VLAN Gateway)
        • Success
      • ping 172.16.251.50 (VLAN IP on Cisco Stack)
        • Success
      • ping 172.16.251.6 (Netgear Switch on port Gi2/0/8)
        • Fail
      • ping 172.16.26.4 (Printer connected to port 3 of the Netgear Switch, assigned to VLAN26)
        • Success
  • Now I connected my workstation to port 7 of the Netgear switch (set up as VLAN21)
    • ping 172.16.251.1 (VLAN Gateway)
      • Success
    • ping 172.16.251.50 (VLAN IP on Cisco Stack)
      • Success
    • ping 172.16.251.6 (Netgear Switch on port Gi2/0/8)
      • Fail
    • ping 172.16.26.4 (Printer connected to port 3 of the Netgear Switch, assigned to VLAN26)
      • Success

As soon as I take the switch out of the new stack and plug it into 2/0/8 of the old/existing stack, it works as expected, which absolutely blows my mind, considering [from what I can tell] the physical interfaces along with the vlan interfaces are set up to be nearly identical (only changing the IP of the vlan interface so it does not conflict with the other stacks)

I did reload each of the stacks a few times this morning as well, thinking maybe there was an ARP entry stuck somewhere or some routing thing that may be screwing it up.  No luck though.

Any more ideas of what I could try? Is there any chance this is a bug in 16.12.3a?

Content for Community-Ad