Any Cisco switch/IOS Gurus here?
- Thread starter omslaw
- Start date
gsferrari
Registered
http://www.cisco.com/warp/public/473/50.shtml#configs
http://www.cisco.com/univerc....dge.htm
http://www.inf.aber.ac.uk/ns3/networking/ndt/interoperability.asp
Though you are having issues...be glad you dont have to mess with one of the worst protocols in the business - VTP
http://www.cisco.com/univerc....dge.htm
http://www.inf.aber.ac.uk/ns3/networking/ndt/interoperability.asp
Though you are having issues...be glad you dont have to mess with one of the worst protocols in the business - VTP
Agreed, VTP is pants - leave a switch about to be newly installed configured as a vtp server (as it is by default), and kiss goodbye to your current vlan configuration.Though you are having issues...be glad you dont have to mess with one of the worst protocols in the business - VTP
Its not a 3com issue per se, as your existing network is working fine.
Its how Cisco talks to 3com I reckon. It may well be worth simplifying the network for a moment.
Double check vlan 1 is configured on g0/1, and that g0/1 is configured as an access port (and nothing else).
At this point show mac-address-table on the cisco, can you see blade 1?
Also, show ip arp vlan 1 - this could be some odd arp problem, but this may be just a herring rouge.
This can further be ruled out by configuring a new arbitary vlan - vlan 20, and assigning the ip address
to that - I trust your managing the cisco using console at the moment?
Following that, just double check that g0/17 is setup to trunk, allows required vlans, and that the
the native vlan has been configured to be something other than vlan 1. Also set the encap type to dot1q
for good measure.
interface GigabitEthernet0/17
description extern1
switchport trunk allowed vlan 1-12
switchport mode trunk
spanning-tree bpdufilter enable
switchport trunk native vlan 2
switchport trunk encap dot1q
If it still doesn't work, have a look at the 3com's mac address table - is it learning any mac addresses
on vlan 1 across the trunk back to the Cisco?
Its how Cisco talks to 3com I reckon. It may well be worth simplifying the network for a moment.
Double check vlan 1 is configured on g0/1, and that g0/1 is configured as an access port (and nothing else).
At this point show mac-address-table on the cisco, can you see blade 1?
Also, show ip arp vlan 1 - this could be some odd arp problem, but this may be just a herring rouge.
This can further be ruled out by configuring a new arbitary vlan - vlan 20, and assigning the ip address
to that - I trust your managing the cisco using console at the moment?
Following that, just double check that g0/17 is setup to trunk, allows required vlans, and that the
the native vlan has been configured to be something other than vlan 1. Also set the encap type to dot1q
for good measure.
interface GigabitEthernet0/17
description extern1
switchport trunk allowed vlan 1-12
switchport mode trunk
spanning-tree bpdufilter enable
switchport trunk native vlan 2
switchport trunk encap dot1q
If it still doesn't work, have a look at the 3com's mac address table - is it learning any mac addresses
on vlan 1 across the trunk back to the Cisco?
gsferrari
Registered
Even if you leave it in "CLIENT" mode - BYE BYE network...Hello Pink Slip on Friday morning!!!Agreed, VTP is pants - leave a switch about to be newly installed configured as a vtp server (as it is by default), and kiss goodbye to your current vlan configuration.Though you are having issues...be glad you dont have to mess with one of the worst protocols in the business - VTP
Transparent mode is the only option...
omslaw, have a look at my post a couple up from here. I've been having a further look into it and I'm almost convinced now its the native vlan thing causing a problem.
Found these couple of posts -
krr (MIS) 18 Dec 02 9:01
On a Cisco VLAN trunk, all VLANs are tagged except(!) the
native VLAN (usually VLAN 1), which goes untagged.
On the 3Com side, the port connected to the Cisco trunk must be
member of VLAN 1 (untagged) and 802.1Q tagged for all other VLANs.
The rest of the ports have to be untagged members of their VLAN.
Do NOT define them as 802.1Q, because this will send tagged frames
out on the port and you won't be able to reach anything.
Yes, IEEE 802.1Q is a standard, but the philosophy of the implementation differs
a lot between vendors. And they use different words for the same thing.
Cisco has the plus of making VLANs very easy within their product range.
They try to hide much of the complexity.
Cheers *Rob
AlexxIT (IS/IT--Management) 7 Jan 03 3:40
Hi all,
Yes i agree with KRR.
Remember that 3Com Vlan1 is not the same as Cisco Vlan1.
I have tryed it with a Cisco 4006 and 3Com 3300
You must not tag the trunk port on the 3Com all other vlans yo can tag.
And to correct Krr Cisco vlan1 is always standard TAG'd if it is a trunk.
Have fun
Alex
Found these couple of posts -
krr (MIS) 18 Dec 02 9:01
On a Cisco VLAN trunk, all VLANs are tagged except(!) the
native VLAN (usually VLAN 1), which goes untagged.
On the 3Com side, the port connected to the Cisco trunk must be
member of VLAN 1 (untagged) and 802.1Q tagged for all other VLANs.
The rest of the ports have to be untagged members of their VLAN.
Do NOT define them as 802.1Q, because this will send tagged frames
out on the port and you won't be able to reach anything.
Yes, IEEE 802.1Q is a standard, but the philosophy of the implementation differs
a lot between vendors. And they use different words for the same thing.
Cisco has the plus of making VLANs very easy within their product range.
They try to hide much of the complexity.
Cheers *Rob
AlexxIT (IS/IT--Management) 7 Jan 03 3:40
Hi all,
Yes i agree with KRR.
Remember that 3Com Vlan1 is not the same as Cisco Vlan1.
I have tryed it with a Cisco 4006 and 3Com 3300
You must not tag the trunk port on the 3Com all other vlans yo can tag.
And to correct Krr Cisco vlan1 is always standard TAG'd if it is a trunk.
Have fun
Alex
We are Brainstorming!!
I had a face-to-face interview yesterday, now I have to do a conference call, tech interview today for a contract job writing security plans.
I'll try to do some research on 3Com VLAN tags while brushing up on some security stuff for this phone interview.
I had a face-to-face interview yesterday, now I have to do a conference call, tech interview today for a contract job writing security plans.
I'll try to do some research on 3Com VLAN tags while brushing up on some security stuff for this phone interview.
got it from some old tech forum, look how old the messages are. I'm guessing someone has been down this road before.
I hear ya, bro! I'll have friends at my house...when they see my basement, a lot just shake their head...cuz I have more stuff than their IT department! I now need to add another server rack just to get the other crap off the floor!I love my job, its almost a hobby. Like playing with a giant train set. Yes, I should get out more, but its raining outside.
A/C bill sux in the summer...but it stays nice and warm in the winter!
OK, here's what I've now tried:
3Com - untagged on vlan1, tagged all others
cisco - blade1, 'switchport mode access', 'switchport access vlan 1'. gi0/17, 'switchport mode trunk', 'switchport trunk native vlan 1'
Results: Blade 1 *can* access production network (vlan1)!! Blade 1 *can* access other vlans (if config is changed to: switchport mode access vlan xx)
THIS IS GOOD!
NOW....
Blade 2, is setup for VMware...THE *OS* will add the VLAN tags...so:
again, 3com is untagged vlan1, tagged all others
Cisco - gi0/2, 'switchport mode trunk', 'switchport trunk native vlan 1'
Results: With OS tagging packets...all VLANS *EXECPT* vlan 1 pass traffic!
*sigh* I'm pretty much back to square one!
3Com - untagged on vlan1, tagged all others
cisco - blade1, 'switchport mode access', 'switchport access vlan 1'. gi0/17, 'switchport mode trunk', 'switchport trunk native vlan 1'
Results: Blade 1 *can* access production network (vlan1)!! Blade 1 *can* access other vlans (if config is changed to: switchport mode access vlan xx)
THIS IS GOOD!
NOW....
Blade 2, is setup for VMware...THE *OS* will add the VLAN tags...so:
again, 3com is untagged vlan1, tagged all others
Cisco - gi0/2, 'switchport mode trunk', 'switchport trunk native vlan 1'
Results: With OS tagging packets...all VLANS *EXECPT* vlan 1 pass traffic!
*sigh* I'm pretty much back to square one!
Try doing a "Show switchport trunk allowed" command to see if VLAN 1 is a member.
Also check "show switchport trunk pruning vlan" list to see if VLAN1 is a member.
Defining the Allowed VLANs on a Trunk
By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs are allowed
on each trunk. However, you can remove VLANs from the allowed list, preventing traffic from those
VLANs from passing over the trunk. To restrict the traffic a trunk carries, use the switchport trunk
allowed vlan remove vlan-list interface configuration command to remove specific VLANs from the
allowed list.
To reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any individual VLAN
trunk port by removing VLAN 1 from the allowed list. This is known as VLAN 1 minimization. VLAN 1
minimization disables VLAN 1 (the default VLAN on all Cisco switch trunk ports) on an individual
VLAN trunk link. As a result, no user traffic, including spanning-tree advertisements, is sent or received
on VLAN 1.
When you remove VLAN 1 from a trunk port, the interface continues to send and receive management
traffic, for example, Cisco Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), Link
Aggregation Control Protocol (LACP), Dynamic Trunking Protocol (DTP), and VLAN Trunking
Protocol (VTP) in VLAN 1.
If a trunk port with VLAN 1 disabled is converted to a nontrunk port, it is added to the access VLAN. If
the access VLAN is set to 1, the port is added to VLAN 1, regardless of the switchport trunk allowed
setting. The same is true for any VLAN that has been disabled on the port.
A trunk port can become a member of a VLAN if the VLAN is enabled, if VTP knows of the VLAN,
and if the VLAN is in the allowed list for the port. When VTP detects a newly enabled VLAN and the
VLAN is in the allowed list for a trunk port, the trunk port automatically becomes a member of the
enabled VLAN. When VTP detects a new VLAN and the VLAN is not in the allowed list for a trunk
port, the trunk port does not become a member of the new VLAN.
Beginning in privileged EXEC mode, follow these steps to modify the allowed list of an IEEE
802.1Q trunk:
To return to the default allowed VLAN list of all VLANs, use the no switchport trunk allowed vlan
interface configuration command.
Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 interface interface-id Enter interface configuration mode and the port to be configured.
Step 3 switchport mode trunk Configure the interface as a VLAN trunk port.
Step 4 switchport trunk allowed vlan {add |
all | except | remove} vlan-list
(Optional) Configure the list of VLANs allowed on the trunk.
For explanations about using the add, all, except, and remove keywords,
see the command reference for this release.
The vlan-list parameter is either a single VLAN number from 1 to 4094
or a range of VLANs described by two VLAN numbers, the lower one
first, separated by a hyphen. Do not enter any spaces between
comma-separated VLAN parameters or in hyphen-specified ranges.
All VLANs are allowed by default.
Step 5 end Return to privileged EXEC mode.
Step 6 show interfaces interface-id switchport Verify your entries in the Trunking VLANs Enabled field of the display.
Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file.[/QUOTE]
<!--EDIT|Sane_man
Reason for Edit: None given...|1130270544 -->
Also check "show switchport trunk pruning vlan" list to see if VLAN1 is a member.
Defining the Allowed VLANs on a Trunk
By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs are allowed
on each trunk. However, you can remove VLANs from the allowed list, preventing traffic from those
VLANs from passing over the trunk. To restrict the traffic a trunk carries, use the switchport trunk
allowed vlan remove vlan-list interface configuration command to remove specific VLANs from the
allowed list.
To reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any individual VLAN
trunk port by removing VLAN 1 from the allowed list. This is known as VLAN 1 minimization. VLAN 1
minimization disables VLAN 1 (the default VLAN on all Cisco switch trunk ports) on an individual
VLAN trunk link. As a result, no user traffic, including spanning-tree advertisements, is sent or received
on VLAN 1.
When you remove VLAN 1 from a trunk port, the interface continues to send and receive management
traffic, for example, Cisco Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), Link
Aggregation Control Protocol (LACP), Dynamic Trunking Protocol (DTP), and VLAN Trunking
Protocol (VTP) in VLAN 1.
If a trunk port with VLAN 1 disabled is converted to a nontrunk port, it is added to the access VLAN. If
the access VLAN is set to 1, the port is added to VLAN 1, regardless of the switchport trunk allowed
setting. The same is true for any VLAN that has been disabled on the port.
A trunk port can become a member of a VLAN if the VLAN is enabled, if VTP knows of the VLAN,
and if the VLAN is in the allowed list for the port. When VTP detects a newly enabled VLAN and the
VLAN is in the allowed list for a trunk port, the trunk port automatically becomes a member of the
enabled VLAN. When VTP detects a new VLAN and the VLAN is not in the allowed list for a trunk
port, the trunk port does not become a member of the new VLAN.
Beginning in privileged EXEC mode, follow these steps to modify the allowed list of an IEEE
802.1Q trunk:
To return to the default allowed VLAN list of all VLANs, use the no switchport trunk allowed vlan
interface configuration command.
Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 interface interface-id Enter interface configuration mode and the port to be configured.
Step 3 switchport mode trunk Configure the interface as a VLAN trunk port.
Step 4 switchport trunk allowed vlan {add |
all | except | remove} vlan-list
(Optional) Configure the list of VLANs allowed on the trunk.
For explanations about using the add, all, except, and remove keywords,
see the command reference for this release.
The vlan-list parameter is either a single VLAN number from 1 to 4094
or a range of VLANs described by two VLAN numbers, the lower one
first, separated by a hyphen. Do not enter any spaces between
comma-separated VLAN parameters or in hyphen-specified ranges.
All VLANs are allowed by default.
Step 5 end Return to privileged EXEC mode.
Step 6 show interfaces interface-id switchport Verify your entries in the Trunking VLANs Enabled field of the display.
Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file.[/QUOTE]
<!--EDIT|Sane_man
Reason for Edit: None given...|1130270544 -->
Here's anther thing to look at.
With GigaStack GBICs, dynamic trunking is only supported when two switches are connected by a
single GigaStack GBIC link. If trunking is required when more than two switches in a stack are
connected by GigaStack GBIC links, you must manually configure trunking in this manner:
– Manually shut down the GigaStack port by using the shutdown interface configuration
command.
– Manually configure trunk mode on the GigaStack port by using the switchport mode trunk
interface configuration command on both GBIC interfaces to cause the interfaces to become
trunks.
– Use the no shutdown interface configuration command to bring up the GigaStack port.[/QUOTE]
Configuring the Native VLAN for Untagged Traffic
A trunk port configured with IEEE 802.1Q tagging can receive both tagged and untagged traffic. By
default, the switch forwards untagged traffic in the native VLAN configured for the port. The native
VLAN is VLAN 1 by default.
Note The native VLAN can be assigned any VLAN ID; it is not dependent on the management VLAN.
Beginning in privileged EXEC mode, follow these steps to configure the native VLAN on an IEEE
802.1Q trunk:
Step 1 configure terminal Enter global configuration mode.
Step 2 interface interface-id Enter interface configuration mode, and define the interface that is
configured as the IEEE 802.1Q trunk.
Step 3 switchport trunk native vlan vlan-id Configure the VLAN that is sending and receiving untagged traffic
on the trunk port.
For vlan-id, the range is 1 to 4094.
Step 4 end Return to privileged EXEC mode.
Step 5 show interfaces interface-id switchport Verify your entries in the Trunking Native Mode VLAN field.
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file.
To return to the default native VLAN, VLAN 1, use the no switchport trunk native vlan interface
configuration command.
If a packet has a VLAN ID that is the same as the outgoing port native VLAN ID, the packet is sent
untagged; otherwise, the switch sends the packet with a tag.[/QUOTE]
<!--EDIT|Sane_man
Reason for Edit: None given...|1130271130 -->
With GigaStack GBICs, dynamic trunking is only supported when two switches are connected by a
single GigaStack GBIC link. If trunking is required when more than two switches in a stack are
connected by GigaStack GBIC links, you must manually configure trunking in this manner:
– Manually shut down the GigaStack port by using the shutdown interface configuration
command.
– Manually configure trunk mode on the GigaStack port by using the switchport mode trunk
interface configuration command on both GBIC interfaces to cause the interfaces to become
trunks.
– Use the no shutdown interface configuration command to bring up the GigaStack port.[/QUOTE]
Configuring the Native VLAN for Untagged Traffic
A trunk port configured with IEEE 802.1Q tagging can receive both tagged and untagged traffic. By
default, the switch forwards untagged traffic in the native VLAN configured for the port. The native
VLAN is VLAN 1 by default.
Note The native VLAN can be assigned any VLAN ID; it is not dependent on the management VLAN.
Beginning in privileged EXEC mode, follow these steps to configure the native VLAN on an IEEE
802.1Q trunk:
Step 1 configure terminal Enter global configuration mode.
Step 2 interface interface-id Enter interface configuration mode, and define the interface that is
configured as the IEEE 802.1Q trunk.
Step 3 switchport trunk native vlan vlan-id Configure the VLAN that is sending and receiving untagged traffic
on the trunk port.
For vlan-id, the range is 1 to 4094.
Step 4 end Return to privileged EXEC mode.
Step 5 show interfaces interface-id switchport Verify your entries in the Trunking Native Mode VLAN field.
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file.
To return to the default native VLAN, VLAN 1, use the no switchport trunk native vlan interface
configuration command.
If a packet has a VLAN ID that is the same as the outgoing port native VLAN ID, the packet is sent
untagged; otherwise, the switch sends the packet with a tag.[/QUOTE]
<!--EDIT|Sane_man
Reason for Edit: None given...|1130271130 -->
Similar threads
