Connecting Foundry to a 3560 - STP issue?

Answered Question
Jan 26th, 2009

Trying to connect a Catalyst 3560 to a Foundry SX1600.

If I put port Fa 0/1 in VLAN 10 (Cisco) and unttag eth 1/1 to VLAN 101 (Foundry we get VLAN 101 blocked with inconsistent port type errors on the 3560. This setup puts both ports as access ports.

We got around that blocking issue by trunking Fa 0/1 with a trunk native VLAN 10 and allowed VLANs of 1 & 10. On the Foundry side eth 1/1 is tagged in VLAN 101. STP is not blocking anything.

The problem is that we can not ping the VLAN 10 interfaces on the 3560.

Any ideas?

I have this problem too.
0 votes
Correct Answer by Roberto Salazar about 7 years 10 months ago

this is clearly a mismatch of native vlan in cisco terms. the cisco device is expecting untagged packets to be packets destined to vlan 10 and sending out untagged packets that came from vlan 10 and when the Foundry rx'd this untagged packet it will not send those packet out to vlan 10 thus vlan 10 is not working. If you are only interested in making this work, make the natvie vlan in 3550 to be anything else otehr than vlan 10, preferrably a non-working vlan or dummy vlan, for example vlan 99. Try it let me know if you are able to ping in vlan 10 between the foundry and the cisco.

Correct Answer by Yudong Wu about 7 years 10 months ago

In that case, cisco switch won't tag packet in vlan 10 since it's native vlan. If Foundry does tag packet in vlan 10, it could be a issue. Could you please try this:

1. make sure both sides permit the same vlan set.

2. Change the native vlan on cisco side to the vlan other than vlan 10 so that Cisco will tag the packet in vlan10.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Yudong Wu Mon, 01/26/2009 - 21:22

In general, "Inconsistent port type" indicates that one side of the link is in "trunk" mode" and the other is in "access" mode.

Use "show interface fa x/y switchport" to check which mode(trunk or access) it is. Did you add "switchport mode access" under the interface?

Also make sure that the port on Foundry switch has the same mode.

justin.gerharte... Tue, 01/27/2009 - 07:16

Why wouldn't I be able to ping the VLAN 10 interface on the 3560? The two ports are trunked now with VLAN 101 as an allowed VLAN so it should be layer two across that trunk. But I still can't reach the IP address for VLAN 10.

Thanks for your reply.

Yudong Wu Tue, 01/27/2009 - 07:51

If you configured port as trunk on both sides, what's the native vlan? By default, Cisco switch won't tag native vlan in trunk. Did you permit vlan 10 on the trunk? Is your ping across vlan or just within one vlan?

justin.gerharte... Tue, 01/27/2009 - 07:55

On the Cisco side VLAN 1 & 10 are allowed across the trunk. On Foundry VLAN 10 is allowed in the trunk. I learned this morning that tagging (Foundry trunk term) doesn't apply to the default VLAN and now I just learned it doesn't apply to the default VLAN in Cisco either.

This ping request is sourcing from a VLAN 10 interface.

Yudong Wu Tue, 01/27/2009 - 07:59

Can you please post the related configuration from both Cisco and Foundry switch?

justin.gerharte... Tue, 01/27/2009 - 08:03

Cisco:

Int Fa 0/1

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport trunk allowed vlan 1,10

switchport mode trunk

no ip address

Foundry:

VLAN 10

tag eth 0/1

Yudong Wu Tue, 01/27/2009 - 08:25

Is vlan 1 included in trunk on Foundry switch by default? What's the output of "show interface trunk"? I am not sure how Foundry configure it's native vlan on the trunk.

Can you ping your vlan 10 interface locally on both sides?

justin.gerharte... Tue, 01/27/2009 - 08:35

Foundry does not allow you to tag/trunk the default VLAN...VLAN 1 in this case.

Yes, I can ping the VLAN 10 interface locally on both switches.

Port Mode Encapsulation Status Native vlan

Fa0/1 auto 802.1q trunking 10

Port Vlans allowed on trunk

Fa0/1 1,10

Port Vlans allowed and active in management domain

Fa0/1 1,10

Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1,10

Yudong Wu Tue, 01/27/2009 - 10:54

Can you confirm with Foundry engineer that vlan 10 won't be tagged if it is configured by your way. I am suspecting that vlan 10 packet is tagged by Foundry switch.

justin.gerharte... Tue, 01/27/2009 - 11:02

I am the Foundry guy as well.

tag eth 0/1 puts the dot1q tag on the the traffic, thus creating a "trunk" in Cisco terms.

We have a 4507 connected to this same switch using the same setup and it works. The only minute difference is that we don't have VLAN 1 as an allowed VLAN.

Correct Answer
Yudong Wu Tue, 01/27/2009 - 11:08

In that case, cisco switch won't tag packet in vlan 10 since it's native vlan. If Foundry does tag packet in vlan 10, it could be a issue. Could you please try this:

1. make sure both sides permit the same vlan set.

2. Change the native vlan on cisco side to the vlan other than vlan 10 so that Cisco will tag the packet in vlan10.

Correct Answer
Roberto Salazar Tue, 01/27/2009 - 11:17

this is clearly a mismatch of native vlan in cisco terms. the cisco device is expecting untagged packets to be packets destined to vlan 10 and sending out untagged packets that came from vlan 10 and when the Foundry rx'd this untagged packet it will not send those packet out to vlan 10 thus vlan 10 is not working. If you are only interested in making this work, make the natvie vlan in 3550 to be anything else otehr than vlan 10, preferrably a non-working vlan or dummy vlan, for example vlan 99. Try it let me know if you are able to ping in vlan 10 between the foundry and the cisco.

justin.gerharte... Tue, 01/27/2009 - 15:07

Okay...in my next change window I will address and this and report back in a couple of days. It makes complete sense now that I know it.

Thanks for your help.

Actions

This Discussion