07-23-2020 08:38 AM
Disclaimer: I know a bit about Cisco switches, but I will be the first to admit that there is a LOT that I do not know. So, please bear with me with something that may be a very long description of what ends up being a very simplistic issue.
I have a stack which consists of 3 C2960 switches that are being replaced with 3 C9200 switches. I have the stack configured so that both stacks are basically identical, with changes being made to the IP addresses and such to avoid any conflicts while I am migrating.
For the most part (or at least from what I can tell) everything is working as it should. Port VLAN assignments (access mode) are working just fine, traffic is passing between VLANs without issue, etc. However, I am running into an issue when I connect a managed switch into the port I have configured for it.
The switch that I am connecting is a Netgear GS350 8-Port Managed Switch. There are 3 different VLANs set up on the switch:
That device works exactly as intended. I can ping it, log into the network management interface, etc. The devices connected to the ports assigned as VLAN10 and 26 are working fine. This tells me that the Netgear switch is configured properly.
That switch is connected to GI2/0/8 on the existing C2960 stack, and I have that same port configured to match on my new C9200 stack. Here is the config for that port:
Existing Stack:
interface GigabitEthernet2/0/8 description Managed Switch - IT Office switchport trunk native vlan 251 switchport trunk allowed vlan 10,26,251 switchport mode trunk spanning-tree portfast trunk end
New Stack:
interface GigabitEthernet2/0/8 description Managed Switch - IT Office switchport trunk native vlan 251 switchport trunk allowed vlan 10,26,251 switchport mode trunk spanning-tree portfast trunk end
When I move the cable from 2/0/8 on the old/existing stack to the new stack, everything works as expected for all of the devices connected on there on VLANs 10 and 26, however I am unable to communicate with the Netgear switch on VLAN251. I know the switch is there, because I can talk to the devices beyond it.
When I look at the mac address-table for that port, it shows the devices and VLANs:
CORE-STACK#show mac address-table int Gi2/0/8 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 251 2880.88df.835b DYNAMIC Gi2/0/8 10 0018.ae90.b510 DYNAMIC Gi2/0/8 10 f8bc.4100.485b DYNAMIC Gi2/0/8 26 0017.c880.0822 DYNAMIC Gi2/0/8 Total Mac Addresses for this criterion: 4
The device on VLAN 251 is the switch.
Looking at the VLAN config on both switches, they are also identical:
interface Vlan251 ip address 172.16.251.50 255.255.255.0 end
It isn't that complicated of an interface :)
The ONLY thing that I can see different between the two switches is when I do a 'sh vlan'.
Old (Existing) stack:
CORE-SWITCH#sh vlan br VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi2/0/2, Gi2/0/8, Gi2/0/47 Gi2/0/50, Gi3/0/49, Gi3/0/50 Gi3/0/51, Gi3/0/52
New Stack:
VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/0/40, Gi1/0/42, Te1/1/2 Te1/1/3, Te1/1/4, Gi2/0/2 Gi2/0/40, Gi2/0/42, Gi2/0/47 Gi2/0/48, Gi2/1/1, Gi2/1/2 Gi2/1/3, Gi2/1/4, Gi3/0/2 Gi3/0/20, Gi3/0/40, Gi3/0/42 Gi3/1/1, Gi3/1/2, Gi3/1/3 Gi3/1/4
I truncated everything after VLAN 1, mainly due to the remaining VLANs having the same issue (the ports listed for each vlan are widly different between the 2 stacks)
The new stack has more interfaces in VLAN 1, even though the configuration for each interface is exactly the same on both setups. This may be because I only have 3 ports occupied on the new stack (Gi2/0/8 for the Netgear switch, GI2/0/21 for my computer, and Te1/1/1 [switchport mode trunk] for the uplink to the rest of the network). Or, it could be for a myriad of other reasons that I am not aware of.
I have attached the config for each stack to this as well, as there is a very good chance that there is something that I am simply overlooking.
Does anyone have any ideas what I may be overlooking? I am absolutely stumped at this point.
07-23-2020 09:33 AM
a couple of things to look at:
show log and see if anything relevant shows up
on the 9200, do a sho span int g2/0/8 det
and check the state there. I do notice in your new switch config file that on 2/0/8 the native vlan 251 is not there.
07-23-2020 09:41 AM
Looking at the configuration of the new stack. command
switchport trunk native vlan 251 is missing. See below:
interface GigabitEthernet2/0/8
description Managed Switch - IT Office
switchport trunk allowed vlan 10,26,251
switchport mode trunk
spanning-tree portfast trunk
HTH
07-23-2020 09:51 AM
@Reza Sharifi wrote:Looking at the configuration of the new stack. command
switchport trunk native vlan 251 is missing. See below:interface GigabitEthernet2/0/8 description Managed Switch - IT Office switchport trunk allowed vlan 10,26,251 switchport mode trunk spanning-tree portfast trunkHTH
I have tried it with and without the native vlan in the config on that interface. It fails each way. I did put it back in place after initially posting the message, however.
show log doesn't give me anything useful (it shows the same information that I see in the console window when I bring an interface up or down)
The spanning-tree detail is as follows:
CORE-STACK#show spanning-tree interface GigabitEthernet 2/0/8 detail Port 104 (GigabitEthernet2/0/8) of VLAN0010 is designated forwarding Port path cost 4, Port priority 128, Port Identifier 128.104. Designated root has priority 32768, address 2880.88df.8e49 Designated bridge has priority 32778, address 9077.ee8b.5c80 Designated port id is 128.104, designated path cost 8 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 The port is in the portfast mode by portfast trunk configuration Link type is point-to-point by default BPDU: sent 155, received 0 Port 104 (GigabitEthernet2/0/8) of VLAN0026 is designated forwarding Port path cost 4, Port priority 128, Port Identifier 128.104. Designated root has priority 32794, address 64d9.899e.9980 Designated bridge has priority 32794, address 9077.ee8b.5c80 Designated port id is 128.104, designated path cost 2 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 The port is in the portfast mode by portfast trunk configuration Link type is point-to-point by default BPDU: sent 155, received 0 Port 104 (GigabitEthernet2/0/8) of VLAN0251 is designated forwarding Port path cost 4, Port priority 128, Port Identifier 128.104. Designated root has priority 33019, address 64d9.899e.9980 Designated bridge has priority 33019, address 9077.ee8b.5c80 Designated port id is 128.104, designated path cost 2 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 The port is in the portfast mode by portfast trunk configuration Link type is point-to-point by default BPDU: sent 155, received 0 CORE-STACK#
07-23-2020 10:01 AM
Can you try this config and test:
Basically delete vlan 251 from the trunk port and leave just 10 and 26
interface GigabitEthernet2/0/8
description Managed Switch - IT Office
switchport trunk allowed vlan 10,26
switchport mode trunk
spanning-tree portfast trunk
swtchport trunk native vlan 251
07-23-2020 10:14 AM
@Reza Sharifi wrote:Can you try this config and test:
Basically delete vlan 251 from the trunk port and leave just 10 and 26
interface GigabitEthernet2/0/8
description Managed Switch - IT Office
switchport trunk allowed vlan 10,26
switchport mode trunk
spanning-tree portfast trunk
swtchport trunk native vlan 251
I see where you are going there, and I had high hopes for it, because that is one scenario I hadn't already tested.
New config for that interface:
CORE-STACK#show run int Gi2/0/8 Building configuration... Current configuration : 202 bytes ! interface GigabitEthernet2/0/8 description Managed Switch - IT Office switchport trunk native vlan 251 switchport trunk allowed vlan 10,26 switchport mode trunk spanning-tree portfast trunk end
Then when I try to ping the netgear on the other end:
CORE-STACK#ping 172.16.251.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.251.6, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
My hopes were not high enough :)
07-23-2020 10:23 AM
interface Vlan251 ip address 172.16.251.50 255.255.255.0
Is interface vlan 251 in up and up mode. You can see it using "sh ip int brief vlan 251"
Also, is native vlan the same (251) on the Netgear?
Can you post the interface config?
HTH
07-23-2020 10:32 AM
@Reza Sharifi wrote:interface Vlan251 ip address 172.16.251.50 255.255.255.0Is interface vlan 251 in up and up mode. You can see it using "sh ip int brief vlan 251"
Also, is native vlan the same (251) on the Netgear?
Can you post the interface config?
HTH
CORE-STACK#sh ip int brief vlan 251 Interface IP-Address OK? Method Status Protocol Vlan251 172.16.251.50 YES NVRAM up up
The interface is up/up. And the config for it is basically what you already posted:
CORE-STACK#show run int vlan 251 Building configuration... Current configuration : 65 bytes ! interface Vlan251 ip address 172.16.251.50 255.255.255.0 end
Unless I misunderstood and there is another configuration that you are looking for.
07-23-2020 12:02 PM
From the switch, can you ping
172.16.251.6 with source of 172.16.251.50?
Also, what happens if you connect a PC to the Netgrear switch and put it in vlan 251? can you ping the switch IP?
07-24-2020 05:08 AM
@Reza Sharifi wrote:From the switch, can you ping
172.16.251.6 with source of 172.16.251.50?Also, what happens if you connect a PC to the Netgrear switch and put it in vlan 251? can you ping the switch IP?
In response to your ping question: I cannot ping .6 with a source of .50
CORE-STACK#ping Protocol [ip]: Target IP address: 172.16.251.6 ... Extended commands [n]: y Ingress ping [n]: Source address or interface: 172.16.251.50 ... Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.251.6, timeout is 2 seconds: Packet sent with a source address of 172.16.251.50 ..... Success rate is 0 percent (0/5)
So, I started to play around some more, hoping to find something that I missed.
Here are a few things I tried this morning when I arrived at the office:
interface GigabitEthernet2/0/10 switchport access vlan 251 switchport mode access spanning-tree portfast end
As soon as I take the switch out of the new stack and plug it into 2/0/8 of the old/existing stack, it works as expected, which absolutely blows my mind, considering [from what I can tell] the physical interfaces along with the vlan interfaces are set up to be nearly identical (only changing the IP of the vlan interface so it does not conflict with the other stacks)
I did reload each of the stacks a few times this morning as well, thinking maybe there was an ARP entry stuck somewhere or some routing thing that may be screwing it up. No luck though.
Any more ideas of what I could try? Is there any chance this is a bug in 16.12.3a?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide