11-01-2013 01:08 AM - edited 03-07-2019 04:22 PM
So i have a 2921 router and a FE connection to a 3560 switch. I can configure any port on the switch and I seem to get an IP address for that vlan. but as soon as i go to the second 3560 switch (fiber connection between them) I can only use one vlan on the remote switch. I also have a third 3560 switch hangin off of one of my 3560s that can not use any vlan and get any connectivity.
Configs are attached.
core is the router
bw4 is connected to core
bw3 is connected to bw4
bw2 is connected to bw3
Solved! Go to Solution.
11-01-2013 10:45 AM
You can create a VTP domain name by running the following command.
'vtp domain DOMAINNAME' where DOMAINNAME is well.... The VTP domain name
If all the other switches have this domain name configured, it will propagate all vlans to all switches with that vlan.
But I suggest you read up on VTP before you implement this, so you don't accidentally take down part of your network.
I'm a big fan of Transparent mode..
11-01-2013 02:46 AM
Each switch seems to have the below configured.
spanning-tree vlan 1,10,20,30,40,50,60,70,80,90,100 priority 4096
While this won't prevent anything from working, the root switch for these specific vlans, will be the switch with the lowest MAC.
Core
------
On the core I see all the interface vlans for all vlans, I see a default route, this all looks good
ip route 0.0.0.0 0.0.0.0 10.4.253.41
SWB2
--------
I see an etherchannel configured here, with a description going to SWB3
interface Port-channel2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90,100
switchport mode trunk
interface GigabitEthernet0/1
description COnnection to Building 3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90,100
switchport mode trunk
fa0/1 to fa0/22 all seem to be configured for VLAN 20, with fa0/23-24 confgured for vlan 100 (wireless)
From this switch, I don't see a trunk going to the Core. There is also a default route on this switch, does it
need to be configured for ip routing? Or should this just be L2 back to the core?
ip route 0.0.0.0 0.0.0.0 10.40.0.1
SWB3
-------
I can se the trunk here going bcak to Building 2
interface GigabitEthernet0/2
description COnnection to Building 2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90,100
switchport mode trunk
And here's the port going to SWB4
interface GigabitEthernet0/1
description COnnection to Building 4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90,100
switchport mode trunk
There is a default route here as well.
ip route 0.0.0.0 0.0.0.0 10.40.0.1
SWB4
--------
!
interface FastEthernet0/47
description Uplink to Core Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/48
description Uplink to Core Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
description COnnection to Building 8
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90,100
switchport mode trunk
channel-group 4 mode desirable
!
interface GigabitEthernet0/2
description COnnection to Building 3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90,100
switchport mode trunk
channel-group 8 mode desirable
I see the connection bcak to 3 and a connection to building 8.
fa0/47 and fa0/48 seem to be a connection back to the trunk.
It looks like the reason
Granted I can't see every switch in your network, but if only the above switches have priority 4096 for those vlans, one of those is the root switch. From the core to SWB2, I don't see a trunk going back to the core, except through SWB2 and then SWB3 and then SWB4, which has fa0/47 and fa0/48 going back to the core. This is like taking a 4 mile walk to go nextdoor.
Several switches have a static default route configured. Is there a reason for this, and does it need this? Since, it's just a few vlans, I would configure L2 throughout and only have your router, doing router. The switches can have 'ip default-gateway x.x.x.x' for maangement connectivity.
11-01-2013 08:24 AM
There is only one connection back to the core, and that is from SWB4 via fe0/48.
The wiring path on this network is a long walk. The core is in building4. SWB2 connects through SWB3 that then connects to SWB4. It is the wire path, and will not be changing.
SWB2
I will remove the ip route statement and replace with ip default-gateway 10.40.0.1
SWB3
I will remove the ip route statement and replace with ip default-gateway 10.40.0.1
SWB4
interface fast0/47 is really on shutdown leaving interface fast0/48 the only connection to the core switch.
I will remove the ip route statement and replace with ip default-gateway 10.40.0.1
You mention here that it looks like the reason. I am not sure I follow. My original statement was that I can not get vlan connectivity on SWB2 for vlan 20 or vlan 100, I also can not get vlan connectivity on SWB3 for vlan 100.
From your estimation should this command only be on SWB4:
spanning-tree vlan 1,10,20,30,40,50,60,70,80,90,100 priority 4096
or on the core switch?
11-01-2013 08:54 AM
From your estimation should this command only be on SWB4:
spanning-tree vlan 1,10,20,30,40,50,60,70,80,90,100 priority 4096
or on the core switch?
This is up to you, but I would make the core switch the root switch for all vlans, unless they're is a reason otherwise.
Well there is no Trunk configured from SWB2 directly to the core that saw, so I believe it's going to SWB3, and then SWB4 to get to the router.
If you connect a host to a port on SWB2, which is on vlan 20, does the link show up/up on the switch?
I don't see DHCP setup on the core, which I'm assuming is why you have a helper-address configured.
ip helper-address 10.40.8.9
11-01-2013 09:17 AM
The device I labled core is a 2921 router...
The SWB4 is the next closest thing to a core switch.
How would I configure a trunk from SWB2 to SWB4 (passing through SWB3)?
I get a link light, just no traffic, even if i static the IP address.
The helper is the DHCP server. Is there a cleaner way to set this up?
11-01-2013 09:35 AM
I would configure SWB4 as the root switch then.
Well, SWB2 has a trunk passing vlans (1,10,20,30,40,50,60,70,80,90,100) to SWB3, which has a trunk passing vlans (1,10,20,30,40,50,60,70,80,90,100) to SWB4, which has a trunk passing all vlans to the router, which has an 'ip helper-address' configured to go to the DHCP server.
This should allow DHCP Discover packets to hit the DHCP server.
If you have two computers, one on port in vlan 20 on SWB2 and one on a port in VLAN 20 on SBW2, can they communicate back and forth if the have static IPs in the same network?
If you run wireshark on the DHCP server, do you see the DHCP packets coming to the DHCP server from the clients?
11-01-2013 09:53 AM
I had one computer with a static assisgned in SWB2 on vlan 20 that could not pinng its gw address of 10.40.2.1
I can ping the 10.40.2.1 address from the SWB2 switch, but thats not the clients in the vlan.
I an not too concerned with the DHCP service atm, more the base of the network, even if i have to static this building.
11-01-2013 10:07 AM
If the switch can ping the address (10.40.2.1) it's probably using a source IP address of 10.40.0.2.
Can you post the output of 'show int trunk' from SWB2 on here?
11-01-2013 10:21 AM
NCSOTASWB2#sho int trunk
Port Mode Encapsulation Status Native vlan
Po2 on 802.1q trunking 1
Port Vlans allowed on trunk
Po2 1,10,20,30,40,50,60,70,80,90,100
Port Vlans allowed and active in management domain
Po2 1,10,20,30,40,50,60,70,80,90,100
Port Vlans in spanning tree forwarding state and not pruned
Po2 1,10,20,30,40,50,60,70,80,90,100
Too bad I didn't run that before what i just did. When i did a show vlan on the SWB2 switch it only showed vlans 1, 20, 100 and no others (default ones of course but none of mine) If i did the same on SWB3 it only showed 1, 30, 100 (these are the vlans that had been asisnged ports).
So I wonder, do these other switches don't know that the vlans exist unless they are told about them? I don't think so. So I tried a dirty experament I added a ip the the int vlan 20 on SWB3 and could not ping it. Next I added vlan 20 to a port (and it said it was creating new vlan!). Next i tried to ping again and it worked! Whats the right way to propigate the vlans to all the switches as to avoid this issue? I really dont think its a good practice to pick on interface and repete the commans switchport access vlan 10 and then 20 and so on...
11-01-2013 10:27 AM
This depends on what VTP mode your switches are in.
You can use VTP or VTP Transparent mode.
I like using VTP Transparent mode, because you don't have to worry about, your whole network breaking because of
a VTP misconfiguration issue. You have to create each and every vlan on every switch.
Post the results of 'show vtp status' on each of these switches.
By default, a switch will run in Server mode, which means that you can create, modify, and delete vlans, and as long as the vlans are in the same VTP domain, it will propagate these vlans to the other switches. But if someone were to add another switch, in the same VTP domain, with a higher configuration revision number, and only have vlan 1, while all the other switches had lets say 50, then 49 of those vlans just get deleted.
11-01-2013 10:34 AM
NCSOTASWB2#sho vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0021.1b02.5280
Configuration last modified by 10.40.0.2 at 11-1-13 17:10:15
Local updater ID is 10.40.0.2 on interface Vl1 (lowest numbered VLAN interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 15
Configuration Revision : 10
MD5 digest : 0xFE 0xA8 0xB7 0x21 0x84 0x46 0xF6 0x4F
0xC8 0xB4 0x11 0xAF 0xB5 0x6A 0xBE 0xF9
11-01-2013 10:45 AM
You can create a VTP domain name by running the following command.
'vtp domain DOMAINNAME' where DOMAINNAME is well.... The VTP domain name
If all the other switches have this domain name configured, it will propagate all vlans to all switches with that vlan.
But I suggest you read up on VTP before you implement this, so you don't accidentally take down part of your network.
I'm a big fan of Transparent mode..
11-01-2013 11:45 AM
Thanks for helping me out on this!
I knew the configs should of worked, but I knew i was missing something as well. VTP was the answer.
11-01-2013 12:27 PM
No problem, I'm just glad it's working for you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide