Multiple VLAN over Cisco 1300 Bridge

sadiqallawati · ‎10-26-2011

Hi,

I'm connecting two building with Cisco 1300 bridge as secondary (backup link). My primary link is fiber.

I manage to configure the root bridge and non root bridge successfully and the traffic is flowing. However only the Native vlan (127) is flowing between the two bridges whereas I have other 5 extra VLANs. I tried a lot to make the traffic for these VLANs to pass through the bridge but useless.

Here my configuration:

SW_ROOT

interface GigabitEthernet0/24

description ***Connected to Root Bridge***

switchport trunk encapsulation dot1q

switchport trunk native vlan 127

switchport trunk allowed vlan 50,60,70,127,184,185

switchport mode trunk

ip arp inspection trust

storm-control broadcast level 10.00

storm-control multicast level 10.00

storm-control action trap

spanning-tree port-priority 0

--------------------------

----------

-----

SW_NONROOT

interface GigabitEthernet0/24

description **Connected to NON ROOT BRIDGE**

switchport trunk encapsulation dot1q

switchport trunk native vlan 127

switchport trunk allowed vlan 50,60,70,127,184,185

switchport mode trunk

ip arp inspection trust

storm-control broadcast level 1.00

storm-control multicast level 1.00

storm-control action trap

--------------------------

----------

------

ROOT_BRIDGE

!

hostname Root_Bridge

!

dot11 vlan-name ELC1 vlan 185

dot11 vlan-name ELC2 vlan 184

dot11 vlan-name management vlan 127

dot11 vlan-name student vlan 50

dot11 vlan-name teacher vlan 60

dot11 vlan-name wirent vlan 70

!

dot11 ssid WiFi-Admin

vlan 127

authentication open

guest-mode

infrastructure-ssid

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid WiFi-Admin

!

station-role root bridge

distance 1

world-mode dot11d country x both

infrastructure-client

!

interface Dot11Radio0.50

encapsulation dot1Q 50

no ip route-cache

bridge-group 50

bridge-group 50 port-protected

bridge-group 50 spanning-disabled

!

interface Dot11Radio0.60

encapsulation dot1Q 60

no ip route-cache

bridge-group 60

bridge-group 60 port-protected

bridge-group 60 spanning-disabled

!

interface Dot11Radio0.70

encapsulation dot1Q 70

no ip route-cache

bridge-group 70

bridge-group 70 port-protected

bridge-group 70 spanning-disabled

!

interface Dot11Radio0.127

encapsulation dot1Q 127 native

no ip route-cache

bridge-group 1

bridge-group 1 port-protected

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.184

encapsulation dot1Q 184

no ip route-cache

bridge-group 184

bridge-group 184 port-protected

bridge-group 184 spanning-disabled

!

interface Dot11Radio0.185

encapsulation dot1Q 185

no ip route-cache

bridge-group 185

bridge-group 185 port-protected

bridge-group 185 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

!

interface FastEthernet0.50

encapsulation dot1Q 50

no ip route-cache

bridge-group 50

bridge-group 50 spanning-disabled

!

interface FastEthernet0.60

encapsulation dot1Q 60

no ip route-cache

bridge-group 60

bridge-group 60 spanning-disabled

!

interface FastEthernet0.70

encapsulation dot1Q 70

no ip route-cache

bridge-group 70

bridge-group 70 spanning-disabled

!

interface FastEthernet0.127

encapsulation dot1Q 127 native

no ip route-cache

bridge-group 1

!

interface FastEthernet0.184

encapsulation dot1Q 184

no ip route-cache

bridge-group 184

bridge-group 184 spanning-disabled

!

interface FastEthernet0.185

encapsulation dot1Q 185

no ip route-cache

bridge-group 185

bridge-group 185 spanning-disabled

!

interface BVI1

ip address 192.168.x.x 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.x.x

ip http server

bridge 1 priority 65535

bridge 1 protocol ieee

bridge 1 route ip

bridge 50 priority 65535

bridge 50 protocol ieee

bridge 60 priority 65535

bridge 60 protocol ieee

bridge 70 priority 65535

bridge 70 protocol ieee

bridge 184 priority 65535

bridge 184 protocol ieee

bridge 185 priority 65535

bridge 185 protocol ieee

!

line con 0

line vty 0 4

!

end

--------------------------

----------

---

NON_ROOTBRIDGE

hostname NON_ROOT_BRIDGE

!

dot11 vlan-name ELC1 vlan 185

dot11 vlan-name ELC2 vlan 184

dot11 vlan-name management vlan 127

dot11 vlan-name student vlan 50

dot11 vlan-name teacher vlan 60

dot11 vlan-name wirent vlan 70

!

dot11 ssid WiFi-Admin

vlan 127

authentication open

guest-mode

infrastructure-ssid

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid WiFi-Admin

!

station-role non-root bridge

world-mode dot11d country X both

!

interface Dot11Radio0.50

encapsulation dot1Q 50

no ip route-cache

bridge-group 50

bridge-group 50 port-protected

bridge-group 50 spanning-disabled

!

interface Dot11Radio0.60

encapsulation dot1Q 60

no ip route-cache

bridge-group 60

bridge-group 60 port-protected

bridge-group 60 spanning-disabled

!

interface Dot11Radio0.70

encapsulation dot1Q 70

no ip route-cache

bridge-group 70

bridge-group 70 port-protected

bridge-group 70 spanning-disabled

!

interface Dot11Radio0.127

encapsulation dot1Q 127 native

no ip route-cache

bridge-group 1

bridge-group 1 port-protected

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.184

encapsulation dot1Q 184

no ip route-cache

bridge-group 184

bridge-group 184 port-protected

bridge-group 184 spanning-disabled

!

interface Dot11Radio0.185

encapsulation dot1Q 185

no ip route-cache

bridge-group 185

bridge-group 185 port-protected

bridge-group 185 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

!

interface FastEthernet0.50

encapsulation dot1Q 50

no ip route-cache

bridge-group 50

bridge-group 50 spanning-disabled

!

interface FastEthernet0.60

encapsulation dot1Q 60

no ip route-cache

bridge-group 60

bridge-group 60 spanning-disabled

!

interface FastEthernet0.70

encapsulation dot1Q 70

no ip route-cache

bridge-group 70

bridge-group 70 spanning-disabled

!

interface FastEthernet0.127

encapsulation dot1Q 127 native

no ip route-cache

bridge-group 1

bridge-group 1 spanning-disabled

!

interface FastEthernet0.184

encapsulation dot1Q 184

no ip route-cache

bridge-group 184

bridge-group 184 spanning-disabled

!

interface FastEthernet0.185

encapsulation dot1Q 185

no ip route-cache

bridge-group 185

bridge-group 185 spanning-disabled

!

interface BVI1

ip address 192.168.x.x 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.x.x

ip http server

no ip http secure-server

bridge 1 priority 65535

bridge 1 protocol ieee

bridge 1 route ip

bridge 50 priority 65535

bridge 50 protocol ieee

bridge 60 priority 65535

bridge 60 protocol ieee

bridge 70 priority 65535

bridge 70 protocol ieee

bridge 184 priority 65535

bridge 184 protocol ieee

bridge 185 priority 65535

bridge 185 protocol ieee

!

line con 0

line vty 0 4

login local

!

end

--------------------------

---

Appreciate your support.

Stephen Rodriguez · ‎10-26-2011

Are you able to remove the 'ip arp inspection trust' from the switchports and test?

HTH,

Steve

----------------------------------------------------------------------------------------------------------

Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

sadiqallawati · ‎10-29-2011

Hi Stephen,

I tried what you suggested but did not work and tried the no negotiate as well.

Actually I facing a new issue now. My setup is as following:

SW1 --> Root Bridge --> NON Root Bridge -- SW2

I cannot ping Root Bridge and NON Root Bridge from SW1, however I can reach both of them from SW2. I checked the spanning tree from SW1 and all ports are in FWD state.

abukuru95 · ‎10-26-2011

hi, you may also try switchport no negotiate on both the trunk ports.To avoid any negotiation.

rate if this helps

sadiqallawati · ‎10-27-2011

Thank you Steve and abukuru95, I will give a try for both suggestion and will update you.

Any other suggestions ?

abukuru95 · ‎10-31-2011

Hi sadiqallawati, Can you show us a sample topology of this implementation?

To which Switch are the bridges connected? It may be a lot easier to troubleshoot.

sadiqallawati · ‎10-31-2011

Hi abukuru95,

I'm having two building (Main Building and Remote Office Building). Each side I'm having 3560 switch. The topology is exactly as this:

SW1 --> Root Bridge --> NON Bridge --> SW2

Please find below the configuration for both Switches:

Main Office - SW1

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname corerack_switch_1

!

ip routing

no ip domain-lookup

!

ip dhcp pool WiFi-Admin

network 192.168.50.0 255.255.255.0

default-router 192.168.50.1

!

ip dhcp snooping vlan 50,60,70,127

ip arp inspection vlan 50,60,70,127

ip arp inspection log-buffer entries 10

ip arp inspection log-buffer logs 1 interval 86400

!

spanning-tree mode mst

spanning-tree loopguard default

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

spanning-tree mst configuration

name COLLEGEIBRA

revision 1

instance 1 vlan 50

instance 2 vlan 60

instance 3 vlan 70

instance 4 vlan 127

!

spanning-tree mst 0-15 priority 0

spanning-tree vlan 1-4094 priority 24576

!

vlan internal allocation policy ascending

!

vlan 50

name VLAN_50

--More-- !

vlan 51

!

vlan 60

name VLAN_60

!

vlan 61

!

vlan 70

name VLAN_70

!

vlan 127

name VLAN_127

!

vlan 178

!

vlan 188

name WIRELESS

!

vlan 190

!

interface GigabitEthernet0/24

description ***RootBridge***

--More-- switchport trunk encapsulation dot1q

switchport trunk native vlan 127

switchport trunk allowed vlan 50,60,70,127,184,185

switchport mode trunk

spanning-tree port-priority 0

interface Vlan1

no ip address

shutdown

!

interface Vlan127

description *** Management Vlan ***

ip address 192.168.x.x 255.255.255.0

!

interface Vlan177

no ip address

!

interface Vlan178

no ip address

!

interface Vlan188

ip address 10.153.x.x 255.255.254.0

!

interface Vlan190

no ip address

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.x.1

ip http server

!

--------------------------------------------

Remote Office - SW2

Current configuration : 17722 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

ip dhcp snooping vlan 50,60,70,127

ip arp inspection vlan 50,60,70,127

ip arp inspection log-buffer entries 10

ip arp inspection log-buffer logs 1 interval 86400

!

spanning-tree mode mst

spanning-tree loopguard default

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

spanning-tree mst configuration

name COLLEGEIBRA

revision 1

instance 1 vlan 50

instance 2 vlan 60

instance 3 vlan 70

instance 4 vlan 127

!

spanning-tree mst 0-15 priority 0

spanning-tree vlan 1-4094 priority 24576

--More-- !

vlan internal allocation policy ascending

vlan dot1q tag native

!

vlan 11

name DMZ

!

vlan 12-18

!

vlan 50

name VLAN_50

!

vlan 60

name VLAN_60

!

vlan 70

name VLAN_70

!

vlan 127

name VLAN_127

!

vlan 177-178,180,182,184,188,190,255

!

interface GigabitEthernet0/24

description **Connected to EL303AP(BRIDGE)**

switchport trunk encapsulation dot1q

switchport trunk native vlan 127

switchport trunk allowed vlan 50,60,70,127,184,185

switchport mode trunk

interface Vlan1

no ip address

shutdown

!

interface Vlan127

description *** Management Vlan ***

ip address 192.168.x.27 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.x.1

ip http server

!

abukuru95 · ‎10-31-2011

Hi Sadiqallawati,

try to do a traceroute to your destination IP and you will see on which IP address it fails so that you can troubleshoot further.you may also do a debug ip icmp and then ping the IP to see if there is anything blockig the traffic as access list or whatever.success

do not forget to rate if this helps!!