02-26-2008 12:06 AM - edited 03-05-2019 09:22 PM
Hi, all
When I set up a switch topology as below:
SwA---SwB
\ /
\ /
SwC
I configure the 3 interconnect link to Trunk, and all native vlan is vlan 99, I found on SwA,B,C, STP cann't block native vlan 99, that is, on SwA,B,C, all the vlan 99's STP status is forwarding; So I decide block this with the command " swicth trunk allow vlan ***", my question is: does this method is effective?
when Iãdesign a big campus LAN, how to design native vlan's deployment, such as the following topology?
SwA---SwB Core Layer
| |
| |
SwC---SwD Dist Layer
\ \ /\
\ \/ \
\ / \ \
SwE SwF Access Layer
all interconnect link is trunk, how to design native vlan?
Thanks
02-26-2008 12:13 AM
02-26-2008 12:19 AM
Hi
Are you sure that STP is not blocking on any of your switches. Could you post
"sh spanning-tree vlan 99" (IOS)
or
"sh spantree 99" (CatOS)
from all 3 switches.
Edit - In answer to your question if you if do not allow a vlan across a trunk link then it will stop STP from running across that trunk link for that vlan. But STP should be blocking on one it's ports for vlan 99.
Jon
02-26-2008 12:36 AM
Just to add to what Jon said, you can disallow the native VLAN. But beware a nasty bug in all CatOS and early versions of IOS. In those versions, if you disallow the native VLAN on the trunk, then it also blocks Spanning-Tree BPDUs on VLAN 1. That can cause a network meltdown on VLAN 1, depending on your topology. Believe me ... it happens!
But I agree with Jon: it is very strange if all your switches are forwarding VLAN 99 on all trunks. That itself would normally lead to a meltdown. Just to confirm, are you using PVST+?
Please also check you do not have bdpufilter on your trunks. bpdufilter is one of the most dangerous and most abused commands I know. It should be used only when absolutely necessary.
Kevin Dorrell
Luxembourg
02-26-2008 01:41 AM
Thanks Jon and kevin.
I didn't limit native vlan specifically. the configuration is as belowï¼
one side is an IOS Switch:
interface GigabitEthernet0/52
description ---To JC-6506-5/2---
switchport trunk encapsulation dot1q
switchport trunk native vlan 900
switchport trunk allowed vlan 12,22,28
switchport mode trunk
switchport nonegotiate
KS-3560-P# sh spanning-tree vl 900
VLAN0900
Spanning tree enabled protocol ieee
Root ID Priority 33668
Address 001b.5440.3480
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33668 (priority 32768 sys-id-ext 900)
Address 001b.5440.3480
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/47 Desg FWD 4 128.47 P2p
Gi0/48 Desg FWD 4 128.48 P2p
Gi0/49 Desg FWD 4 128.49 P2p
Gi0/50 Desg FWD 4 128.50 P2p
Gi0/51 Desg FWD 4 128.51 P2p
------------------
another side is a catOS
------------------
Cat6509> (enable) sh trunk 5/2
* - indicates vtp domain mismatch
Port Mode Encapsulation Status Native vlan
-------- ----------- ------------- ------------ -----------
5/2 on dot1q trunking 900
Port Vlans allowed on trunk
-------- ---------------------------------------------------------------------
5/2 12,22,28
Port Vlans allowed and active in management domain
-------- ---------------------------------------------------------------------
5/2 12,22,28
Port Vlans in spanning tree forwarding state and not pruned
-------- ---------------------------------------------------------------------
5/2 12,22,28
Cat6509> (enable) sh spantree 5/2
Port Vlan Port-State Cost Prio Portfast Channel_id
------------------------ ---- ------------- --------- ---- -------- ----------
5/2 12 forwarding 4 32 disabled 0
5/2 22 forwarding 4 32 disabled 0
5/2 28 forwarding 4 32 disabled 0
---------------------
Does it mean IOS switch can't block native vlan forwarding, but CatOS switch block native vlan forwarding
Since native vlan is not used in real world, maybe it didn't produce bad effort.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: