vlan trunking between switches

Answered Question
Apr 30th, 2008
User Badges:

Hi everyone,


I need expert help with this scenario. Switch A is CAT 3560E PoE and switch B is CAT 3750 PoE. Connectivity between these swithces are 10gb fiber and is set to trunking so vlan1 can be access on both switches. I have a firewall dzm interface that i would like to bring in to switch A port # 48 and create a vlan 2 dmz there. Then on switch B, port #48, i configure it as a vlan2. Then when I connect my laptop, i could get an IP address from DHCP on the firewall dmz interface. So, looks like trunking between switch A and B carries all vlans. So, i have a Cisco CAT 3500XL that i would like to connect to port #48 on switch B so that i could add more workstations here. However, when i connect CAT 3500xl to port #48 of CAT 3570, port number #48 is disabled. Then, I set it up as trunk port but i am no longer have access to vlan2.


Here is the worse part, while trying to troubleshoot this, suddenly all VoIP phones and connectivities were down. I do not know if me adding the 3500xl would cause this problem but it seems we had a brownout while i was troubleshooting.


Please help since this is something i've never done before.


Thanks

Correct Answer by t814687 about 9 years 3 weeks ago

Mixa,

From what you describe it looks like a spanning tree issue. For how long the network was down? STP re-convergence should not last more than 50 sec otherwise it's a loop. VTP transparent should be set on _all_ the switches unless you using it for global dynamic VLAN management. If after you disconnected the "bad" switch everything went back to normal and you did not have to re-create your vlans on existing switches then it was not a VTP related issue.

On your network you should pick and hardcode the spanning tree root bridge otherwise addition of a switch could cause STP re-convergence and sub-optimal L2 paths. Before connecting your 3500xl check it's STP bridge priorities for all the VLANS and make sure it's not lower than your new root. In this case the addition of this switch should be safe.


hope that helps.

-serg

Correct Answer by t814687 about 9 years 3 weeks ago

Hi Mixa,

To understand if you are creating loop or not we need to know if your topology has redundant L2 connections between the switches. From what you describe it sounds to me that the switches are just daisy-chained to each other. Can you give us little more information on your network as it's not clear what do you mean you have connectivity down... is the internet connectivity down, or local within the office etc? when the connectivity was lost were you able to type on the console of the switches with no delay? If the spanning tree loop happens the CPU of the switches normally goes 100% so you should notice this at the console.

From what I see in your reply and unless it's needed the VTP mode should be set to transparent to eliminate issues with lost vlans when you plug in swicth with higher revision #. VTP transparent should be set on all of your switches.

It would be helpful if you can attach configurations of the switches to your post so we can analyze more what's going on here.


Thanks

-serg


Hi,


Just a few questions:-


Which of switch A or B is the spanningtree root?


Have you configured VTP?


Have you configured portfast on the port 48 trunking port on any of the switches?


Have you configured spanningtree BPDUportfast guard/filter anywhere?


I "sounds" like you are creating a switching loop when you connect the 3500XL to port 48 in the switch.


How long did the VoIP phones go down for - as this could have been due to a spanngtree recalculation.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (4 ratings)
Loading.
Correct Answer

Hi,


Just a few questions:-


Which of switch A or B is the spanningtree root?


Have you configured VTP?


Have you configured portfast on the port 48 trunking port on any of the switches?


Have you configured spanningtree BPDUportfast guard/filter anywhere?


I "sounds" like you are creating a switching loop when you connect the 3500XL to port 48 in the switch.


How long did the VoIP phones go down for - as this could have been due to a spanngtree recalculation.



speedingwolfids Thu, 05/01/2008 - 08:58
User Badges:

Hi Andrew,


Thank you very much for your reply. I did not set these switches so I will try to answers your questions.


1.Which of switch A or B is the spanningtree root?


I did a show spanning root and not sure which one is root


SwitchA#show spanning root


Root Hello Max Fwd

Vlan Root ID Cost Time Age Dly Root Port

---------------- -------------------- --------- ----- --- --- ------------

VLAN0001 32768 0008.2175.8fc0 21 2 20 15 Te0/1

VLAN0173 32941 001a.a199.1880 4 2 20 15 Gi0/24

VLAN0175 32768 0008.2175.8fc1 21 2 20 15 Te0/1

VLAN0176 32768 0008.2175.8fc2 21 2 20 15 Te0/1


SwitchB#show spanning root


Root Hello Max Fwd

Vlan Root ID Cost Time Age Dly Root Port

---------------- -------------------- --------- ----- --- --- -----------

VLAN0001 32768 0008.2175.8fc0 19 2 20 15 Gi1/0/47

VLAN0173 32941 001a.a199.1880 6 2 20 15 Te1/0/1

VLAN0175 32768 0008.2175.8fc1 19 2 20 15 Gi1/0/47

VLAN0176 32768 0008.2175.8fc2 19 2 20 15 Gi1/0/47


2. Have you configured VTP?



RedSwitchA#show vtp status

VTP Version : 2

Configuration Revision : 3

Maximum VLANs supported locally : 1005

Number of existing VLANs : 8

VTP Operating Mode : Server

VTP Domain Name :

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x35 0x07 0xA3 0x4B 0x8F 0xE9 0x95 0x08


SwitchB#show vtp status

VTP Version : 2

Configuration Revision : 5

Maximum VLANs supported locally : 1005

Number of existing VLANs : 8

VTP Operating Mode : Server

VTP Domain Name :

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0xB1 0x41 0xBA 0x44 0xB0 0x1D 0xB7 0xAF


3. Have you configured portfast on the port 48 trunking port on any of the switches?


I am not sure on this one.


When i plugged the CAT 3500xl port #1 to port#48 of SwitchB, on the GUI interface of switchB, i saw the port error and gave me the orange color, and it disabled the port. SwitchB is a CAT 3570 and it has some features on this port to setup as Desktop and phone, Switch, router or none. I think it was default to Destop+Phone. So, while trying to take a look then the network was down, it seems that all VoiP was down for 10 minutes and also no computer access. I unplugged the CAT3500XL.


Could you please explain how switching loop is created in this case?


Thanks


Correct Answer
t814687 Thu, 05/01/2008 - 10:53
User Badges:

Hi Mixa,

To understand if you are creating loop or not we need to know if your topology has redundant L2 connections between the switches. From what you describe it sounds to me that the switches are just daisy-chained to each other. Can you give us little more information on your network as it's not clear what do you mean you have connectivity down... is the internet connectivity down, or local within the office etc? when the connectivity was lost were you able to type on the console of the switches with no delay? If the spanning tree loop happens the CPU of the switches normally goes 100% so you should notice this at the console.

From what I see in your reply and unless it's needed the VTP mode should be set to transparent to eliminate issues with lost vlans when you plug in swicth with higher revision #. VTP transparent should be set on all of your switches.

It would be helpful if you can attach configurations of the switches to your post so we can analyze more what's going on here.


Thanks

-serg


speedingwolfids Fri, 05/02/2008 - 14:43
User Badges:

Hi Serg,


Thank you very much for your respond. I talked to cisco TAC and confirmed that the CAT3500 XL was older model and it has lower priority and MAC than the other switches so it could promote itself to become root and caused STP convergence.


The whole network was down, i could see the switches flashing rapidly and i could not ping other servers. Then i also noticed CPU was high on the new switches. I see all our switches VTP mode is set as server.


We are planning to install UPS for our switches and I'm not sure if power them up will cause the same problem. I will setup the CAT3500XL as VTP transparent then.


Thank you for your time and everyone.

Correct Answer
t814687 Fri, 05/02/2008 - 15:53
User Badges:

Mixa,

From what you describe it looks like a spanning tree issue. For how long the network was down? STP re-convergence should not last more than 50 sec otherwise it's a loop. VTP transparent should be set on _all_ the switches unless you using it for global dynamic VLAN management. If after you disconnected the "bad" switch everything went back to normal and you did not have to re-create your vlans on existing switches then it was not a VTP related issue.

On your network you should pick and hardcode the spanning tree root bridge otherwise addition of a switch could cause STP re-convergence and sub-optimal L2 paths. Before connecting your 3500xl check it's STP bridge priorities for all the VLANS and make sure it's not lower than your new root. In this case the addition of this switch should be safe.


hope that helps.

-serg

speedingwolfids Fri, 05/02/2008 - 19:26
User Badges:

the strange part is that when i put the switch in, network did not go down right away. I think i played around with the port on the CAT3570 because it was disabled. I think i force noshutdown on it which caused a loop?


The network was down for about 1-3 minutes and it seems forever. All vlans were there. so it is spanning tree problem. Cisco TAC told me the cat3500xl is old and might promoted itself to a root which cause this problem. I noticed all the lights on the switches were flashing flash after 3 minutes.


Thanks


mounir.mohamed Sat, 05/03/2008 - 00:40
User Badges:
  • Gold, 750 points or more

Dear speedingwolfids,


As far as i understand, you have 3 switches forming your switched network, If you can provide the connectivity between this switches i will be grateful.


But for the time being let's clarify that no switching loops can be happen if your switches connected via single link and trunks are formed correctly between each other, so if a bridging loops happen this may be due to redundant links or some STP features applied to the trunk ports (Root Guard, Loop Guard, BPDU Guard ..etc) or at least the new switch doesn't from trunk and win the root for default VALN (1) so a part of your network get down (rest of VLANs)


So if you get us simple topology diagram with port configurations will speed up to solve your problem.


Actions

This Discussion