Solved: Vlan trunks only passing one vlan

Shaun McCloud · ‎11-01-2013

So i have a 2921 router and a FE connection to a 3560 switch. I can configure any port on the switch and I seem to get an IP address for that vlan. but as soon as i go to the second 3560 switch (fiber connection between them) I can only use one vlan on the remote switch. I also have a third 3560 switch hangin off of one of my 3560s that can not use any vlan and get any connectivity.

Configs are attached.

core is the router

bw4 is connected to core

bw3 is connected to bw4

bw2 is connected to bw3

JohnTylerPearce · ‎11-01-2013

You can create a VTP domain name by running the following command.

'vtp domain DOMAINNAME' where DOMAINNAME is well.... The VTP domain name

If all the other switches have this domain name configured, it will propagate all vlans to all switches with that vlan.

But I suggest you read up on VTP before you implement this, so you don't accidentally take down part of your network.

I'm a big fan of Transparent mode..

View solution in original post

JohnTylerPearce · ‎11-01-2013

Each switch seems to have the below configured.

spanning-tree vlan 1,10,20,30,40,50,60,70,80,90,100 priority 4096

While this won't prevent anything from working, the root switch for these specific vlans, will be the switch with the lowest MAC.

Core

------

On the core I see all the interface vlans for all vlans, I see a default route, this all looks good

ip route 0.0.0.0 0.0.0.0 10.4.253.41

SWB2

--------

I see an etherchannel configured here, with a description going to SWB3

interface Port-channel2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90,100

switchport mode trunk

interface GigabitEthernet0/1

description COnnection to Building 3

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90,100

switchport mode trunk

fa0/1 to fa0/22 all seem to be configured for VLAN 20, with fa0/23-24 confgured for vlan 100 (wireless)

From this switch, I don't see a trunk going to the Core. There is also a default route on this switch, does it

need to be configured for ip routing? Or should this just be L2 back to the core?

ip route 0.0.0.0 0.0.0.0 10.40.0.1

SWB3

-------

I can se the trunk here going bcak to Building 2

interface GigabitEthernet0/2

description COnnection to Building 2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90,100

switchport mode trunk

And here's the port going to SWB4

interface GigabitEthernet0/1

description COnnection to Building 4

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90,100

switchport mode trunk

There is a default route here as well.

ip route 0.0.0.0 0.0.0.0 10.40.0.1

SWB4

--------

!

interface FastEthernet0/47

description Uplink to Core Router

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/48

description Uplink to Core Router

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/1

description COnnection to Building 8

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90,100

switchport mode trunk

channel-group 4 mode desirable

!

interface GigabitEthernet0/2

description COnnection to Building 3

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90,100

switchport mode trunk

channel-group 8 mode desirable

I see the connection bcak to 3 and a connection to building 8.

fa0/47 and fa0/48 seem to be a connection back to the trunk.

It looks like the reason

Granted I can't see every switch in your network, but if only the above switches have priority 4096 for those vlans, one of those is the root switch. From the core to SWB2, I don't see a trunk going back to the core, except through SWB2 and then SWB3 and then SWB4, which has fa0/47 and fa0/48 going back to the core. This is like taking a 4 mile walk to go nextdoor.

Several switches have a static default route configured. Is there a reason for this, and does it need this? Since, it's just a few vlans, I would configure L2 throughout and only have your router, doing router. The switches can have 'ip default-gateway x.x.x.x' for maangement connectivity.

Shaun McCloud · ‎11-01-2013

There is only one connection back to the core, and that is from SWB4 via fe0/48.

The wiring path on this network is a long walk. The core is in building4. SWB2 connects through SWB3 that then connects to SWB4. It is the wire path, and will not be changing.

SWB2

I will remove the ip route statement and replace with ip default-gateway 10.40.0.1

SWB3

I will remove the ip route statement and replace with ip default-gateway 10.40.0.1

SWB4

interface fast0/47 is really on shutdown leaving interface fast0/48 the only connection to the core switch.

I will remove the ip route statement and replace with ip default-gateway 10.40.0.1

You mention here that it looks like the reason. I am not sure I follow. My original statement was that I can not get vlan connectivity on SWB2 for vlan 20 or vlan 100, I also can not get vlan connectivity on SWB3 for vlan 100.

From your estimation should this command only be on SWB4:

spanning-tree vlan 1,10,20,30,40,50,60,70,80,90,100 priority 4096

or on the core switch?

JohnTylerPearce · ‎11-01-2013

From your estimation should this command only be on SWB4:

spanning-tree vlan 1,10,20,30,40,50,60,70,80,90,100 priority 4096

or on the core switch?

This is up to you, but I would make the core switch the root switch for all vlans, unless they're is a reason otherwise.

Well there is no Trunk configured from SWB2 directly to the core that saw, so I believe it's going to SWB3, and then SWB4 to get to the router.

If you connect a host to a port on SWB2, which is on vlan 20, does the link show up/up on the switch?

I don't see DHCP setup on the core, which I'm assuming is why you have a helper-address configured.

ip helper-address 10.40.8.9

Shaun McCloud · ‎11-01-2013

The device I labled core is a 2921 router...

The SWB4 is the next closest thing to a core switch.

How would I configure a trunk from SWB2 to SWB4 (passing through SWB3)?

I get a link light, just no traffic, even if i static the IP address.

The helper is the DHCP server. Is there a cleaner way to set this up?

JohnTylerPearce · ‎11-01-2013

I would configure SWB4 as the root switch then.

Well, SWB2 has a trunk passing vlans (1,10,20,30,40,50,60,70,80,90,100) to SWB3, which has a trunk passing vlans (1,10,20,30,40,50,60,70,80,90,100) to SWB4, which has a trunk passing all vlans to the router, which has an 'ip helper-address' configured to go to the DHCP server.

This should allow DHCP Discover packets to hit the DHCP server.

If you have two computers, one on port in vlan 20 on SWB2 and one on a port in VLAN 20 on SBW2, can they communicate back and forth if the have static IPs in the same network?

If you run wireshark on the DHCP server, do you see the DHCP packets coming to the DHCP server from the clients?

Shaun McCloud · ‎11-01-2013

I had one computer with a static assisgned in SWB2 on vlan 20 that could not pinng its gw address of 10.40.2.1

I can ping the 10.40.2.1 address from the SWB2 switch, but thats not the clients in the vlan.

I an not too concerned with the DHCP service atm, more the base of the network, even if i have to static this building.

JohnTylerPearce · ‎11-01-2013

If the switch can ping the address (10.40.2.1) it's probably using a source IP address of 10.40.0.2.

Can you post the output of 'show int trunk' from SWB2 on here?

Shaun McCloud · ‎11-01-2013

NCSOTASWB2#sho int trunk

Port Mode Encapsulation Status Native vlan
Po2 on 802.1q trunking 1

Port Vlans allowed on trunk
Po2 1,10,20,30,40,50,60,70,80,90,100

Port Vlans allowed and active in management domain
Po2 1,10,20,30,40,50,60,70,80,90,100

Port Vlans in spanning tree forwarding state and not pruned
Po2 1,10,20,30,40,50,60,70,80,90,100

Too bad I didn't run that before what i just did. When i did a show vlan on the SWB2 switch it only showed vlans 1, 20, 100 and no others (default ones of course but none of mine) If i did the same on SWB3 it only showed 1, 30, 100 (these are the vlans that had been asisnged ports).

So I wonder, do these other switches don't know that the vlans exist unless they are told about them? I don't think so. So I tried a dirty experament I added a ip the the int vlan 20 on SWB3 and could not ping it. Next I added vlan 20 to a port (and it said it was creating new vlan!). Next i tried to ping again and it worked! Whats the right way to propigate the vlans to all the switches as to avoid this issue? I really dont think its a good practice to pick on interface and repete the commans switchport access vlan 10 and then 20 and so on...

JohnTylerPearce · ‎11-01-2013

This depends on what VTP mode your switches are in.

You can use VTP or VTP Transparent mode.

I like using VTP Transparent mode, because you don't have to worry about, your whole network breaking because of

a VTP misconfiguration issue. You have to create each and every vlan on every switch.

Post the results of 'show vtp status' on each of these switches.

By default, a switch will run in Server mode, which means that you can create, modify, and delete vlans, and as long as the vlans are in the same VTP domain, it will propagate these vlans to the other switches. But if someone were to add another switch, in the same VTP domain, with a higher configuration revision number, and only have vlan 1, while all the other switches had lets say 50, then 49 of those vlans just get deleted.

Shaun McCloud · ‎11-01-2013

NCSOTASWB2#sho vtp status

VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 0021.1b02.5280
Configuration last modified by 10.40.0.2 at 11-1-13 17:10:15
Local updater ID is 10.40.0.2 on interface Vl1 (lowest numbered VLAN interface found)

Feature VLAN:
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 15
Configuration Revision            : 10
MD5 digest                        : 0xFE 0xA8 0xB7 0x21 0x84 0x46 0xF6 0x4F
                                    0xC8 0xB4 0x11 0xAF 0xB5 0x6A 0xBE 0xF9

JohnTylerPearce · ‎11-01-2013

You can create a VTP domain name by running the following command.

'vtp domain DOMAINNAME' where DOMAINNAME is well.... The VTP domain name

If all the other switches have this domain name configured, it will propagate all vlans to all switches with that vlan.

But I suggest you read up on VTP before you implement this, so you don't accidentally take down part of your network.

I'm a big fan of Transparent mode..

Shaun McCloud · ‎11-01-2013

Thanks for helping me out on this!

I knew the configs should of worked, but I knew i was missing something as well. VTP was the answer.

JohnTylerPearce · ‎11-01-2013

No problem, I'm just glad it's working for you.