Any Cisco switch/IOS Gurus here?

[kod3001]

and its not even late there (yet)

 

[omslaw]

Do a "show vlan" and post the results.

Switch#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/1, Gi0/16
2 DMZ VLAN active Gi0/3, Gi0/4, Gi0/5, Gi0/6
Gi0/7, Gi0/8, Gi0/9, Gi0/10
Gi0/11, Gi0/12, Gi0/13, Gi0/14
Gi0/18, Gi0/19, Gi0/20
3 INET VLAN active
4 PS INT VLAN active
5 PS EXT VLAN active
6 INET2 VLAN active
7 INET3 VLAN active
8 DSL VLAN active
9 TEST VLAN active
10 SURF VLAN active Gi0/2
11 SAP VLAN active
12 RR VLAN active
13 MM VLAN active
14 DEV VLAN active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1005 trnet-default act/unsup
4000 VLAN 4000 active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
8 enet 100008 1500 - - - - - 0 0
9 enet 100009 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
11 enet 100011 1500 - - - - - 0 0
12 enet 100012 1500 - - - - - 0 0
13 enet 100013 1500 - - - - - 0 0
14 enet 100014 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
4000 enet 104000 1500 - - - - - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

 

[omslaw]

Sorry omslaw, can you clarify...

dhcp server is on vlan 1 ?
blade 1 is also on vlan 1 ? and can get dhcp?

but then you mention you cannot get request/replies on vlan 1 ?

I don't really know VMware, are you configuring virtual interfaces on the blade/s ?

are you trunking to blade 1?
on blade 2 assuming then that you want to trunk to this one, have you tried setting the switchport mode trunk ?

Yes, DHCP server is on VLAN1

Yes, Blade1 is on VLAN1

NO, cannot get DHCP **NOR** can it access VLAN1

VMware make server virtualization software. Their enterprise-class product, ESX Server has a 'virtual switch' that requires a trunk port... ESX server will 'tag' the packet on it's way out.

I *was* trunking to blade1, but when I couldn't get that to work, I switched it to access.

 

[kod3001]

tell me how you've done it on 3com and I'll translate to Cisco if I can.

Odd one, you should be able to trunk straight up, you may want to set the encap to dot1q to be sure thats not causing the problem, I'll have a look on our network here to see if we can debug

 

[kod3001]

show int trunk and tell me what you see when you've set g0/2 for trunking

 

[omslaw]

Here's the sh int trunk. I had to shutdown blade2...let me see what I can do...


Switch#sh int trunk

Port Mode Encapsulation Status Native vlan
Gi0/15 on 802.1q trunking 1
Gi0/17 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/15 1
Gi0/17 1-12

Port Vlans allowed and active in management domain
Gi0/15 1
Gi0/17 1-12

Port Vlans in spanning tree forwarding state and not pruned
Gi0/15 1
Gi0/17 1-12

 

[Sane_man]

Nope still no luck. I've created a kludged work-around to get to VLAN1, but it's not what I want. Basically, I've inserted a cross-over cable, on one of my 3com switches, between VLAN1 and VLAN10.

You'll see in the Config that Blade1 is set to VLAN10...and *WILL* pull a DHCP address and I *CAN* access my production network (cuz of my work-around).

However, Blade2, *WILL NOT* pull DHCP and WILL NOT talk to the network cuz it's on VLAN1.

I don't get it...

PS - MOST of this is the DEFAULT config from IBM/Cisco. I've added names for the VLANs (desparate attempt to get something to work). And I've modified a couple of ports.

Specifically, I changed Gi0/1 and 2 for the blades and Gi0/17 to attach to my 3com. everything else is 'stock'.

Why do you need VLAN1 and VLAN10 to talk to each other? If it is just for DHCP, you can forward DHCP broadcasts. If it is for traffic, then you can't do it unless you setup routing. Using a cross-over cable is a kludgy way to get traffic talking between two VLAN's, which means you either need to reconfigure your network to put devices on the same VLAN, use an external router instead of the cross-over cable, or get a switch with routing capabilities.

You don't have Gi0/17 connected to any VLAN's, only Gi0/1 and Gi0/16 are on VLAN1.

Trunking will just allow all of your VLAN's from your switch to pass through a single port, it doesn't give you the ability to allow those multiple VLAN's to communicate with each other. If you think along those lines you can figure out if what you are trying to do will work.

 

[kod3001]

Nope still no luck.  I've created a kludged work-around to get to VLAN1, but it's not what I want.  Basically, I've inserted a cross-over cable, on one of my 3com switches, between VLAN1 and VLAN10.

You'll see in the Config that Blade1 is set to VLAN10...and *WILL* pull a DHCP address and I *CAN* access my production network (cuz of my work-around).

However, Blade2, *WILL NOT* pull DHCP and WILL NOT talk to the network cuz it's on VLAN1.

I don't get it...

PS -  MOST of this is the DEFAULT config from IBM/Cisco.  I've added names for the VLANs (desparate attempt to get something to work).  And I've modified a couple of ports.

Specifically, I changed Gi0/1 and 2 for the blades and Gi0/17 to attach to my 3com.  everything else is 'stock'.

Why do you need VLAN1 and VLAN10 to talk to each other?  If it is just for DHCP, you can forward DHCP broadcasts.  If it is for traffic, then you can't do it unless you setup routing.  Using a cross-over cable is a kludgy way to get traffic talking between two VLAN's, which means you either need to reconfigure your network to put devices on the same VLAN, use an external router instead of the cross-over cable, or get a switch with routing capabilities.

You don't have Gi0/17 connected to any VLAN's, only Gi0/1 and Gi0/16 are on VLAN1.

Trunking will just allow all of your VLAN's from your switch to pass through a single port, it doesn't give you the ability to allow those multiple VLAN's to communicate with each other.  If you think along those lines you can figure out if what you are trying to do will work.

saneman
g0/17 is trunking so it won't appear with show vlan, this will only show access ports.

 

[omslaw]

I don't need VLAN1 and VLAN10 talking to each other...in fact, I don't want them talking (except thru a router).

Problem is, this is the only way I've been able to get DHCP to work...

 

[kod3001]

so you've just got one big broadcast domain between vlan 1 and 10.

Give me the 3com config - have you got some blades attached to the 3com in the way you're trying to do it with the Cisco?

3com and Cisco deal with the native vlan differently, could be another avenue to pursue.

 

[omslaw]

Lemme login to the 3com. No, i don't have any blades on a 3com. Only Nortel and Cisco make a switch for the IBM BladeCenter.

Had a 3com been made...i would have been all over it!

I'm still not sure what a native VLAN is...3Com doesn't have anything called that. I either set the port to be Tagged or UNtagged.

stand by...

 

[omslaw]

Here's the 3Com config for the port that is attached to the Cisco switch: (again, VLAN 1 is the only one NOT working)

As you can see, it's pretty straight-forward...tagged or untagged

----------------------------

Select menu option: br po det 1:30
Unit 1, Port 30 Detailed Information

StpState: Enabled fwdTransitions: 25
StpCost: 20000 BroadcastStormControl: Enabled
DefaultPriority: 0
LACP State: Disabled
LACP PartnerID: LACP disabled

VLAN ID VLAN Name Tagging Mode Spanning Tree
-------------------------------------------------------------------------
1 VLAN 1 Tagged Forwarding
2 DMZ VLAN Tagged Forwarding
3 INET VLAN Tagged Forwarding
4 PS INT VLAN Tagged Forwarding
5 PS EXT VLAN Tagged Forwarding
6 INET2 VLAN Tagged Forwarding
7 INET3 VLAN Tagged Forwarding
8 DSL VLAN Tagged Forwarding
9 TEST VLAN Tagged Forwarding
10 SURF VLAN Tagged Forwarding
11 SAP VLAN Tagged Forwarding
12 RR VLAN Tagged Forwarding
4000 VLAN 4000 Untagged Forwarding



<!--EDIT|omslaw
Reason for Edit: None given...|1130184021 -->

 

[kod3001]

a native vlan goes hand in hand with 802.1q. Frames in the native vlan are not encapsulated with tagging info.

If a PC or whatever is connected to a trunk, it'll only be able to understand the native VLAN frames - unless its setup right - like vmware esx. I only brought it up as you have some native vlan config in the cisco config that you posted.

 

[gsferrari]

this is interesting for a network n00b like me...

* VLAN1 is usually the native VLAN right?
* Dot1Q does not tag the frames on the native VLAN?
* How does VTP work between Cisco and Non-Cisco switches? I notice you have the Cisco switch in "Transparent" mode. I am thinking in terms of "Domain" name...just nudge me in the right direction...

Does Dot1Q work differently on Cisco and 3Com as far as tagging native vlan frames are concerned??

The reason I am asking is - VLAN1 seems to be tagged on the 3COM but I am sure that VLAN1 is not tagged on Cisco...(or maybe I am more of a n00b than I should be...).



<!--EDIT|gsferrari
Reason for Edit: None given...|1130184330 -->

 

[omslaw]

a native vlan goes hand in hand with 802.1q. Frames in the native vlan are not encapsulated with tagging info.

If a PC or whatever is connected to a trunk, it'll only be able to understand the native VLAN frames - unless its setup right - like vmware esx. I only brought it up as you have some native vlan config in the cisco config that you posted.

I just took the default config and modified it from there...they had 'switchport trunk native vlan 2' set by default...so I changed it.

 

[kod3001]

* VLAN1 is usually the native VLAN right? yep
* Dot1Q does not tag the frames on the native VLAN? yep
* How does VTP work between Cisco and Non-Cisco switches? it doesn't, vtp is cisco proprietary, but set to transparent mode to future proof.

Does Dot1Q work differently on Cisco and 3Com as far as tagging native vlan frames are concerned??

I think it does.

Still thinking here omslaw

 

[kod3001]

omslaw? just give me the symptoms again.

Everything but vlan 1 is working as it should right?
What is on vlan1? blade 1, wanting to talk to the rest of the network. The DHCP server, does that live on the 3com?

 

[omslaw]

Probably. Ideally, one shouldn't have untagged frames in a tagged environment, right?

 

[kod3001]

the frames will get picked up somewhere, for example, take a device connected to your 3com switch. When the device transmits the frame isn't tagged, the 3com may choose to tag the frame (if its configured that way) when it sends it over a trunk. If the 3com switches it straight to another interface it won't need to tag it.

 

[omslaw]

Everything but vlan 1 is working as it should right?
What is on vlan1? blade 1, wanting to talk to the rest of the network. The DHCP server, does that live on the 3com?

Correct, everything but VLAN1 is working. If I type:
'switchport access vlan 2' that blade WILL be on my DMZ or 'switchport access vlan 8' that blade WILL be on my DSL link.

Entire Production INTERNAL network is on VLAN1, DHCP, Intranet, mail, file/print, etc.

My entire switched network infrastructure is 3Com...except this Cisco switch.