CISCO 6509 VLANS

Unanswered Question

I have created three vlans


VLAN 100

VLAN 200

VLAN 300


The cisco 3550 are configure with each respective vlan 100, 200, and 300.


As soon as I plug the switch on the fiber module, I notices the switch been added to the proper VLAN. I have execute the command sh vlan 100, and it shows the switches configure for vlan 100. The same thing for vlan 200 and 300.


However, I notices some switches were added to the wrong vlans. Is there a command or configuration that I am doing that is causing this issue?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
Jerry Ye Wed, 07/08/2009 - 18:05

Hi Pedro,


What do you mean by "some switches were added to the wrong vlans"?


What is your topology? And what VTP mode are you using on all the switches?


Regards,

jerry

Yes, the vlans are configure as this:


VLAN 100 172.31.181.128/26

VLAN 200 172.31.181.192/26

VLAN 300 172.31.13.0/24


Each switch,from the different networks, connect to the core router thru fiber connection.


I have been creating the vlans on the

cisco switches using the script. Follow, I have included a sample configuration for each of the vlan configuration (VLAN 100, 200, and 300)


---------------------------

VLAN 100

---------------------------

ip domain-name lv.psu.edu

ip ssh version 2

!

int range f0/1 - 24

description academic

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet0/1

description Trunk to Cisco6509 router

switchport trunk encapsulation dot1q

switchport mode trunk

no shut

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

ip address 172.31.181.194 255.255.255.192

no shut

!

interface Vlan100

description Academic

no ip address

no ip route-cache

no shut


--------------------------------

VLAN 200

--------------------------------

ip domain-name lv.psu.edu

ip ssh version 2

!

int range f0/1 - 24

description Administrative

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet0/1

description Trunk to Cisco6509 router

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

no shut

!

interface Vlan1

no shut

!

interface Vlan200

description Administrative

ip address 172.31.181.130 255.255.255.192

no shut



ip classless

ip http server

ip http secure-server


--------------------------------

VLAN 300

--------------------------------

ip domain-name lv.psu.edu

ip ssh version 2

!

int range f0/1 - 24

description Wireless

switchport access vlan 300

switchport mode access

no shut

!

interface GigabitEthernet0/1

description Trunk to Cisco6509 router

switchport trunk encapsulation dot1q

switchport mode trunk

no shut

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport mode trunk

no shut

!

interface Vlan1

ip address 172.31.13.3 255.255.255.0

no shut

!

interface Vlan300

description Academic

no ip address

no ip route-cache

no shut

!

ip classless


But, I'm not sure if it would work better to use vtp at each switch, or after configuring vtp server on cisco 6509, every switch will self join the appropiate vlan.

Jerry Ye Wed, 07/08/2009 - 18:36

Hi Pedro,


I see that you are using Vlan 1 for management and not going configure IP addresses on interface Vlan100, Vlan200, and Vlan300. If this is the case, there is not need for interface Vlan100, etc on these switches.


So which switch is getting the wrong Vlan? Which command give you that impression, can you post the output of that also? Also, if you would post the output of the following three (3) commands on all the 3550's and the 6500's, it will be great:


show vtp status

show vlan

show int trunk


Regards,

jerry

Jerry,


I will be doing this as soon as I get to work this morning.


1) DO you recommend using Manual VLAN script or creating them on each switch VTP Database?


2) As far switch vlan adding themselves to VLANS on CISCO 6509, when running the command sh vlan 100, it shows the vlan number and on the right hand, a list of fiber ports that I'm assumming are switches with pre-configure vlans.


Is this assumption correct?


Thanks

Jerry Ye Thu, 07/09/2009 - 04:58

Hi Pedro,


It is upto you which method you prefer, as long as they are correct.


From you description of the output, sound like the ports are assigned to the VLAN someone configured before. The only pre-configurated VLAN is really VLAN1 where it cannot be deleted.


HTH,

jerry

Jerry,


As you can see, I am including the information you have requested.


One issue we are having with the cisco 6509, the vlan are been set to native vlan 1. However, the switches are configured with 100,200 and 300, respectively.


How can I set on cisco 6509 to put this vlan 100,200 and 300 in the correct native vlan, instead of cisco deciding to pu them on native vlan 1?


Thanks




CISCO 6509 --- Server



Console> (enable) sh vtp domain

Domain Name Domain Index VTP Version Local Mode


Password

-------------------------------- ------------ ----------- ----------- --


--------

lv.psu.edu 1 2 server -


Vlan-count Max-vlan-storage Config Revision Notifications

---------- ---------------- --------------- -------------

8 1023 0 disabled


Last Updater V2 Mode Pruning PruneEligible on Vlans

--------------- -------- -------- -------------------------

0.0.0.0 disabled disabled 2-1000

Console> (enable) sh vtp statistics

VTP statistics:

summary advts received 109

subset advts received 58

request advts received 0

summary advts transmitted 1320

subset advts transmitted 200

request advts transmitted 51

No of config revision errors 0

No of config digest errors 51



VTP pruning statistics:


Trunk Join Transmitted Join Received Summary advts received from GVRP


PDU

non-pruning-capable device


Received

-------- ---------------- ------------- --------------------------- ----


------

3/4 0 0 0 0

3/6 0 0 0 0

4/4 0 0 0 0

15/1 0 0 0 0

16/1 0 0 0 0

Console> (enable)


Console> (enable) sh vlan

VLAN Name Status IfIndex Mod/Ports, Vlans

---- -------------------------------- --------- ------- ----------------


--------

1 default active 199 1/1-2

2/1-2

3/1-3

4/2-3,4/5-16

6/1-8,6/10,6/15-


48

7/1-32,7/34-48

100 academic active 205 3/5,3/7-16

200 admin active 204 7/33

300 wireless active 206 4/1

6/9,6/11-14

1002 fddi-default active 200

1003 token-ring-default active 203

1004 fddinet-default active 201

1005 trnet-default active 202



VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1


Trans2

---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ --


----

1 enet 100001 1500 - - - - - 0 0

100 enet 100100 1500 - - - - - 0 0

200 enet 100200 1500 - - - - - 0 0

300 enet 100300 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0

1003 trcrf 101003 1500 - - - - - 0 0

1004 fdnet 101004 1500 - - - - - 0 0

1005 trbrf 101005 1500 - - - ibm - 0 0



VLAN MISTP-Inst DynCreated RSPAN

---- ---------- ---------- --------

1 - static disabled

100 - static disabled

200 - static disabled

300 - static disabled

1002 - static disabled

1003 - static disabled

1004 - static disabled

1005 - static disabled



VLAN AREHops STEHops Backup CRF 1q VLAN

---- ------- ------- ---------- -------

1003 7 7 off

Console> (enable)


-------------------------

CISCO 6509- Router

-------------------------


SRVRM-6509-MSFC1#sh run

Building configuration...


Current configuration : 3547 bytes

!

! Last configuration change at 08:52:47 EDT Thu Jul 9 2009

! NVRAM config last updated at 17:08:29 EDT Wed Jul 8 2009

!

version 12.1

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname SRVRM-6509-MSFC1

!

boot system bootflash:c6msfc2-psv-mz.121-13.E3.bin

boot bootldr bootflash:c6msfc2-boot-mz.121-13.E3.bin

no logging console

enable secret 5 $1$k3j8$vSFg2vXjmUMrtU/pxlCTX/

enable password 7 08121C430B0B0005424A

!

clock timezone EST -5

clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

clock calendar-valid

ip subnet-zero

!

!

!

!

!

!

interface Loopback0

ip address 10.5.12.1 255.255.255.255

!

interface Vlan1

description Management VLAN

ip address 172.31.181.189 255.255.255.192

no ip redirects

standby 1 ip 172.31.181.129

standby 1 priority 120

standby 1 preempt

!

interface Vlan100

description Lab 214 VLAN

ip address 146.186.50.253 255.255.255.0

no ip redirects

standby 1 ip 146.186.50.1

standby 1 priority 120

standby 1 preempt

!

interface Vlan200

description LAB 200 VLAN

ip address 146.186.27.253 255.255.255.0

ip helper-address 146.186.27.3

no ip redirects

standby 1 ip 146.186.27.1

standby 1 priority 120

standby 1 preempt

!

interface Vlan300

description Wireless Lan

ip address 172.31.13.254 255.255.255.0

no ip redirects

standby 1 ip 172.31.13.1

standby 1 priority 120

standby 1 preempt


Console> (enable) sh vlan 1

VLAN Name Status IfIndex Mod/Ports, Vlans

---- -------------------------------- --------- ------- ------------------------

1 default active 199 1/1-2

2/1-2

3/1-3

4/2-16

6/1-8,6/10,6/15-48

7/1-32,7/34-48

15/1

16/1



VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0



VLAN MISTP-Inst DynCreated RSPAN

---- ---------- ---------- --------

1 - static disabled




Console> (enable) sh trunk

* - indicates vtp domain mismatch

Port Mode Encapsulation Status Native vlan

-------- ----------- ------------- ------------ -----------

3/2 auto n-dot1q trunking 1

3/3 auto dot1q trunking 1

4/3 auto n-dot1q trunking 1

4/4 auto n-dot1q trunking 300

4/6 auto dot1q trunking 200

15/1 nonegotiate isl trunking 1

16/1 nonegotiate isl trunking 1


Port Vlans allowed on trunk

-------- ---------------------------------------------------------------------

3/2 1-1005,1025-4094

3/3 1-1005,1025-4094

4/3 1-1005,1025-4094

4/4 1-1005,1025-4094

4/6 1-1005,1025-4094

15/1 1-1005,1025-4094

16/1 1-1005,1025-4094


Port Vlans allowed and active in management domain

-------- ---------------------------------------------------------------------


Console> (enable) sh trunk

* - indicates vtp domain mismatch

Port Mode Encapsulation Status Native vlan

-------- ----------- ------------- ------------ -----------

3/2 auto n-dot1q trunking 1

3/3 auto dot1q trunking 1

4/3 auto n-dot1q trunking 1

4/4 auto n-dot1q trunking 300

4/6 auto dot1q trunking 200

15/1 nonegotiate isl trunking 1

16/1 nonegotiate isl trunking 1


Port Vlans allowed on trunk

-------- ---------------------------------------------------------------------

3/2 1-1005,1025-4094

3/3 1-1005,1025-4094

4/3 1-1005,1025-4094

4/4 1-1005,1025-4094

4/6 1-1005,1025-4094

15/1 1-1005,1025-4094

16/1 1-1005,1025-4094


Port Vlans allowed and active in management domain


-----------------------------------

CISCO 3550

___________________________________


Cisco 3550

-----------------


LV-126B-AD-181-130#sh vtp

% Incomplete command.


LV-126B-AD-181-130#sh vtp st

LV-126B-AD-181-130#sh vtp status

VTP Version : 2

Configuration Revision : 10

Maximum VLANs supported locally : 1005

Number of existing VLANs : 8

VTP Operating Mode : Client

VTP Domain Name : lv.psu.edu

VTP Pruning Mode : Enabled

VTP V2 Mode : Enabled

VTP Traps Generation : Disabled

MD5 digest : 0xD2 0xD9 0xE9 0xBA 0xA1 0x35 0xF7 0xBE

Configuration last modified by 172.31.13.4 at 3-1-93 00:07:39

LV-126B-AD-181-130#sh trunk

^

% Invalid input detected at '^' marker.


LV-126B-AD-181-130#sh vlan


VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi0/2

100 academic active

200 administrative active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/17, Fa0/18, Fa0/19, Fa0/20

Fa0/21, Fa0/22, Fa0/23, Fa0/24

300 wireless active

1002 fddi-default act/unsup

1003 trcrf-default act/unsup

1004 fddinet-default act/unsup

1005 trbrf-default act/unsup


VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0

100 enet 100100 1500 - - - - - 0 0

200 enet 100200 1500 - - - - - 0 0

300 enet 100300 1500 - - - - - 0 0


VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1002 fddi 101002 1500 - - - - - 0 0

1003 trcrf 101003 4472 1005 3276 - - srb 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trbrf 101005 4472 - - 15 ibm - 0 0



VLAN AREHops STEHops Backup CRF

---- ------- ------- ----------

1003 0 0 off


Remote SPAN VLANs

------------------------------------------------------------------------------



Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------


LV-126B-AD-181-130#sh int trunk


Port Mode Encapsulation Status Native vlan

Gi0/1 on 802.1q trunking 200


Port Vlans allowed on trunk

Gi0/1 1-4094


Port Vlans allowed and active in management domain

Gi0/1 1,100,200,300


Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1,100,200,300

LV-126B-AD-181-130#


Jerry Ye Thu, 07/09/2009 - 10:19

Hi Pedro,


This is my observation:


1) Your 6500 is running as VTP server, and you've configured SVI for Inter-VLAN routing

2) Your 3550's are running as VTP client and L2


When you have VTP clients and attaching them to the VTP server, VTP server will copy its VLAN database into the clients when the revision number of the server is higher than the clients. (Just a side note, when the client's revision number is higher than the server, it will override the server's VLAN database, be careful with this!!!).


So I am assuming your concern is you don't want, example, VLAN 100 and 300 apprear on your switch - LV-126B-AD-181-130's VLAN database? If this is the case, you have to make all the switches as VTP transparent mode and configure each VLAN manually, and prune them manually. There is another solution, you might want to consider, where you can turn on VTP pruning, just use the command set vtp prun on you VTP server, 6500's CatOS. It will prune the traffic out of the trunk link.


HTH,

jerry

Jerry,


How come the vlans are showing, on the server, as native vlan 1.


How can I change this information?


Console> (enable) sh trunk

* - indicates vtp domain mismatch

Port Mode Encapsulation Status Native vlan

-------- ----------- ------------- ------------ -----------

3/2 auto n-dot1q trunking 1

3/3 auto dot1q trunking 1

4/3 auto n-dot1q trunking 1

4/4 auto n-dot1q trunking 300

4/6 auto dot1q trunking 200

15/1 nonegotiate isl trunking 1

16/1 nonegotiate isl trunking 1




Jerry Ye Thu, 07/09/2009 - 11:14

Hi Pedro,


That is the native VLAN for the trunk port, default is VLAN 1. You can change it by using set trunk x/x 100 where x/x is your port and 100 is your VLAN number. You have to change both side of the trunk to match, otherwise the switches will complain about native VLAN mismatch. You have to be careful when you are changing this, native VLAN mismatch can cause a spanning tree loop.


HTH,

jerry

Jerry Ye Thu, 07/09/2009 - 11:44

HI Pedro,


I don't have any switches with CatOS handy, but the configuration is very similar (with the set command):


C6500


vlan 100

vlan 200

interface FastEthernet3/1

description TO_3550_1

switchport trunk encapsulation dot1q

switchport trunk native vlan 100

switchport mode trunk

interface FastEthernet3/2

description TO_3550_2

switchport trunk encapsulation dot1q

switchport trunk native vlan 100

switchport mode trunk

interface Vlan100

ip address 10.1.100.1 255.255.255.0

interface Vlan200

ip address 10.1.200.1 255.255.255.0


3550_1

interface FastEthernet0/1

description TO_C6500 3/1

switchport trunk encapsulation dot1q

switchport trunk native vlan 100

switchport mode trunk

interface range FastEthernet 0/2 - 24

switchport access vlan 100

switchport mode access

interface Vlan100

description 3550_1 management

ip address 10.1.100.4 255.255.255.0


3550_2

interface FastEthernet0/1

description TO_C6500 3/2

switchport trunk encapsulation dot1q

switchport trunk native vlan 200

switchport mode trunk

interface range FastEthernet 0/2 - 24

switchport access vlan 200

switchport mode access

interface Vlan100

description 3550_2 management

ip address 10.1.200.4 255.255.255.0


HTH,

jerry

I think my configuration match to this configuration. We are able to have two switches working with the cisco 6509. Howeve, other switches on difeferent vlans 100 and 200 will not talk to the router.


The switches complaint the vlan mistmatch configuration. Therefore, on the router, the native vlan is set to 1 when it should be set to either 100 or 200 or even 300.


I'm not sure how the router can work fine with two swtiches but not the other switches. It is the same configuration on the rest of the switches.


My thinking is that there is something in the router that will not allow the other switches to work correctly.


Can you explain?

Jerry Ye Thu, 07/09/2009 - 12:06

Hi Pedro,


You have to fix the native vlan mismatch first. This is can cause spanning tree loop which can lead to a network outage.


I saw your configuration has HSRP configured, do you have a 2nd pair of 6500? Also, Can your 3550's ping the default gateway? If not, make sure you have the following commands if the 3550's will be doing L2 only:


no ip routing

ip default-gateway x.x.x.1


HTH,

jerry

Jerry Ye Thu, 07/09/2009 - 17:15

Hi Pedro,


The ip default-gateway command is for the switch management.


I don't suggest you to put the 3550's into server mode. You can leave them on client. If you've decided to changed the VTP mode to client from transparent, please make sure revision number is lower than the server.


Regards,

jerry

Jerry Ye Thu, 07/09/2009 - 17:38

Hi Pedro,


ip default-gateway is for the switch management. It has nothing to do with the host.


For example, when a host on VLAN100 is attached to the 3550, traffic will trunked to your 6500, if it wants to access anything outside VLAN100. It will use the ip address on the 6500's interface vlan 100 as its default router.


Regards,

jerry

ok, let's start with my basic switch configuration. Can you critic or say if this is correct?


en

vlan database

vtp transparent

apply

exit

Config t

hostname LV-126B-AC-181-194

!

enable secret 5 $1$27ar$DnvrYBhnNW5eyTF2JgHIe.

enable password 7 0307585A5E5A744058

!

username admin password 7 1414115A54517F2732

!no aaa new-model

!ip subnet-zero

!

ip domain-name lv.psu.edu

ip ssh version 2

!

int range f0/1 - 24

description academic

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet0/1

description Trunk to Cisco6509 router

switchport trunk encapsulation dot1q

switchport mode trunk

no shut

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

no shut

!

interface Vlan100

description Academic

ip address 172.31.181.194 255.255.255.192

ip default-gateway 172.31.181.193

no shut


ip classless

ip http server

ip http secure-server

!

!

!

banner motd #

*****************************************************

*****************************************************

** **

** WARNING: Unauthorized access to this system **

** is forbidden and will be prosecuted by law. **

** By accessing this system, you agree that your **

** actions may be monitored if unauthorized usage **

** is suspected. Only authorized Penn State **

** Lehigh Valley Campus **

*****************************************************

*****************************************************

#

!

line con 0

exec-timeout 0 0

line vty 0 4

password 7 1511085D5C7F7E283E

login local

transport input telnet ssh

line vty 5 15

password 7 094F4D584150421E1D

no login

!

end

wr

Jerry Ye Thu, 07/09/2009 - 17:51

!

interface Vlan100

description Academic

ip address 172.31.181.194 255.255.255.192

no shut

!

ip default-gateway 172.31.181.193

no ip routing

As far the cisco router, the OS version use set commands and not the latest cisco IOS. what do I need to eliminated or add to this configuration?


SRVRM-6509-MSFC1#sh run

Building configuration...


Current configuration : 3547 bytes

!

! Last configuration change at 08:52:47 EDT Thu Jul 9 2009

! NVRAM config last updated at 17:08:29 EDT Wed Jul 8 2009

!

version 12.1

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname SRVRM-6509-MSFC1

!

boot system bootflash:c6msfc2-psv-mz.121-13.E3.bin

boot bootldr bootflash:c6msfc2-boot-mz.121-13.E3.bin

no logging console

enable secret 5 $1$k3j8$vSFg2vXjmUMrtU/pxlCTX/

enable password 7 08121C430B0B0005424A

!

clock timezone EST -5

clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

clock calendar-valid

ip subnet-zero

!

!

!

!

!

!

interface Loopback0

ip address 10.5.12.1 255.255.255.255

!

interface Vlan1

description Management VLAN

ip address 172.31.181.189 255.255.255.192

no ip redirects

standby 1 ip 172.31.181.129

standby 1 priority 120

standby 1 preempt

!

interface Vlan100

description Lab 214 VLAN

ip address 146.186.50.253 255.255.255.0

no ip redirects

standby 1 ip 146.186.50.1

standby 1 priority 120

standby 1 preempt

!

interface Vlan200

description LAB 200 VLAN

ip address 146.186.27.253 255.255.255.0

ip helper-address 146.186.27.3

no ip redirects

standby 1 ip 146.186.27.1

standby 1 priority 120

standby 1 preempt

!

interface Vlan300

description Wireless Lan

ip address 172.31.13.254 255.255.255.0

no ip redirects

standby 1 ip 172.31.13.1

standby 1 priority 120

standby 1 preempt

!

ip classless

ip route 146.186.27.0 255.255.255.0 172.31.181.129

ip route 146.186.50.0 255.255.255.0 172.31.181.193

ip route 172.31.13.0 255.255.255.0 172.31.13.1

no ip http server

!

!

access-list 101 permit ip 146.186.27.0 0.0.0.255 0.0.0.0 255.255.255.0

access-list 102 permit ip 146.186.27.0 0.0.0.255 0.0.0.0 255.255.255.0

access-list 103 permit ip 146.186.27.0 0.0.0.255 0.0.0.0 255.255.255.0

access-list 105 permit ip 146.186.27.0 0.0.0.255 host 172.31.181.131

access-list 106 permit ip 146.186.27.0 0.0.0.255 host 172.31.13.10

access-list 107 permit ip 146.186.27.0 0.0.0.255 0.0.0.0 255.255.255.192

access-list 121 permit ip 172.31.181.0 0.0.0.255 172.31.13.0 0.0.0.255

snmp-server community BR0WSE RO

snmp-server community b0wl1ng RW

snmp-server community private RW

snmp-server community BROWSE RO

snmp-server enable traps snmp authentication warmstart

snmp-server enable traps slb real virtual csrp

snmp-server enable traps flash insertion removal

snmp-server enable traps hsrp

snmp-server enable traps config

snmp-server enable traps entity

snmp-server enable traps fru-ctrl

snmp-server enable traps bgp

snmp-server enable traps rsvp

snmp-server enable traps frame-relay

snmp-server enable traps rtr

snmp-server enable traps isdn call-information

snmp-server enable traps isdn layer2

snmp-server enable traps dlsw

snmp-server host 10.5.1.163 2

!

tacacs-server host 10.0.13.110

tacacs-server timeout 10

tacacs-server key 1cecacseng1key1



ntp clock-period 17179855

ntp source Loopback0

ntp master 2

ntp update-calendar

end



Jerry Ye Thu, 07/09/2009 - 18:09

Hi Pedro,


I finally see what is the problem. On your 3550 LV-126B-AC-181-194, you cannot assign Vlan100 with the IP address of 172.31.181.194. The reason is this Vlan100 is the same Vlan100 on your 6500, they cannot be o different IP subnet. Also, which is your default gateway for management Vlan? Which router is 172.31.181.193? I can only see your default to be 172.31.181.129.


To get the 3550 to work, this is what you can do:


no interface vlan100

!

interface Vlan1

description Academic

ip address 172.31.181.194 255.255.255.192

no shut

!

ip default-gateway 172.31.181.129


HTH,

jerry

Hi Jerry


I was assigned three subnets to manage the administrative switches, academic switches and the wireless switches.


Administrative switches 172.31.181.128/26

Academic Switches 172.31.181.128/26

Wireless Switches and APs 172.31.13.0/24


Do I use one address of the three subnets, or do I need to have a separate subnet for the router. And/or all network switches needs to be under one single subnet?


Thanks

Jerry Ye Thu, 07/09/2009 - 18:28

Hi Pedro,


Okay, let's talk about design. Since your Administrative switches and your Acadamic switches are in the same subnet, 172.31.181.128/26, they need to be on the same VLAN.


Since Wireless Switches and AP's are in 172.31.13.0/24, this need to be on a different VLAN.


I am assuming this is for management devices.


HTH,

jerry

Jerry Ye Thu, 07/09/2009 - 18:46

Hi Pedro,


"172.31.181.128/26 and 172.31.181.192/26 needs to be let's say VLAN 200", these are two (2) different networks and they need to be on two (2) different VLAN, let's say 200 VLAN 201 and VLAN 202.


On your current 6500 configuration -


!

interface Vlan100

description Lab 214 VLAN

ip address 146.186.50.253 255.255.255.0

no ip redirects

standby 1 ip 146.186.50.1

standby 1 priority 120

standby 1 preempt

!

interface Vlan200

description LAB 200 VLAN

ip address 146.186.27.253 255.255.255.0

ip helper-address 146.186.27.3

no ip redirects

standby 1 ip 146.186.27.1

standby 1 priority 120

standby 1 preempt

!

interface Vlan300

description Wireless Lan

ip address 172.31.13.254 255.255.255.0

no ip redirects

standby 1 ip 172.31.13.1

standby 1 priority 120

standby 1 preempt

!


You are using VLAN100 for Lab 214 and VLAN 200 for Lab 200. You cannot reuse this VLAN ID for other address, this is the reason why the two (2) 3550's (VLAN100 and VLAN200) cannot take the the default gateway. VLAN300 is correct by comparing from the information you gave me.


HTH,

jerry

ok I think this is start making sense.


The vlans 100 - 200 - 300 on the cisco switch 3550's are configure differently than the Cisco 6509.


So, in order to fix this issue, I should have for example,


172.31.181.128/26 on vlan 400

172.31.181.192/26 on vlan 401

172.31.13.0/24 on vlan 402


Then, at the cisco router have the vlans created as follow


interface Vlan400

description Academic Switches

ip address 172.31.181.189 255.255.255.192

no ip redirects

standby 1 ip 172.31.181.129

standby 1 priority 120

standby 1 preempt

!

interface Vlan401

description Administrative switches

ip address 172.31.181.246

standby 1 ip 172.31.181.193

standby 1 priority 120

standby 1 preempt

!

interface Vlan402

description Wireless Lan Switches

ip address 172.31.13.254 255.255.255.0

no ip redirects

standby 1 ip 172.31.13.1

standby 1 priority 120

standby 1 preempt

!


Jerry Ye Thu, 07/09/2009 - 19:20

Hi Pedro,


Good enough so far. You've forgot the network mask for Vlan401. So on the 6500's CatOS, you have to create Vlan 400, 401, and 402 also. Do the following command in CatOS


set vlan 400

set vlan 401

set vlan 402


This should do it. Also, You can leave your 3550's in VTP Client mode.


HTH,

jerry

!

interface Vlan1

description Management VLAN

no ip address

!

interface Vlan400

description Academic Network

ip address 146.186.50.253 255.255.255.0

no ip redirects

standby 1 ip 146.186.50.1

standby 1 priority 120

standby 1 preempt

!

interface Vlan401

description Administrative Network

ip address 146.186.27.253 255.255.255.0

ip helper-address 146.186.27.3

no ip redirects

standby 1 ip 146.186.27.1

standby 1 priority 120

standby 1 preempt

!

interface Vlan402

description Wireless Lan

ip address 172.31.13.254 255.255.255.0

no ip redirects

standby 1 ip 172.31.13.1

standby 1 priority 120

standby 1 preempt

!

interface Vlan100

description Academic Switches

ip address 172.31.181.189 255.255.255.192

no ip redirects

standby 1 ip 172.31.181.129

standby 1 priority 120

standby 1 preempt

!

interface Vlan200

description Administrative switches

ip address 172.31.181.246 255.255.255.192

standby 1 ip 172.31.181.193

standby 1 priority 120

standby 1 preempt

!

interface Vlan300

description Wireless Lan Switches

ip address 172.31.13.254 255.255.255.0

no ip redirects

standby 1 ip 172.31.13.1

standby 1 priority 120

standby 1 preempt

!


!

ip classless

ip route 146.186.27.0 255.255.255.0 172.31.181.129

ip route 146.186.50.0 255.255.255.0 172.31.181.193

ip route 172.31.13.0 255.255.255.0 172.31.13.1

no ip http server

!

!

access-list 101 permit ip 146.186.27.0 0.0.0.255 0.0.0.0 255.255.255.0

access-list 102 permit ip 146.186.27.0 0.0.0.255 0.0.0.0 255.255.255.0

access-list 103 permit ip 146.186.27.0 0.0.0.255 0.0.0.0 255.255.255.0

access-list 105 permit ip 146.186.27.0 0.0.0.255 host 172.31.181.131

access-list 106 permit ip 146.186.27.0 0.0.0.255 host 172.31.13.10

access-list 107 permit ip 146.186.27.0 0.0.0.255 0.0.0.0 255.255.255.192

access-list 121 permit ip 172.31.181.0 0.0.0.255 172.31.13.0 0.0.0.255

!

ntp clock-period 17179855

ntp source Loopback0

ntp master 2

ntp update-calendar

end

Jerry Ye Thu, 07/09/2009 - 19:26

Hi Pedro,


How come this is different from the script you gave me before?


Did you change Vlan400 to 146.186.50.253 255.255.255.0, Vlan401 to 146.186.27.253 255.255.255.0. Also, Vlan402 and Vlan300 has the same IP address.


Regards,

jerry

ok, this is a better look..


!

interface Vlan1

description Management VLAN

no ip address

!

interface Vlan400

description Academic Network

ip address 146.186.50.253 255.255.255.0

no ip redirects

standby 1 ip 146.186.50.1

standby 1 priority 120

standby 1 preempt

!

interface Vlan401

description Administrative Network

ip address 146.186.27.253 255.255.255.0

ip helper-address 146.186.27.3

no ip redirects

standby 1 ip 146.186.27.1

standby 1 priority 120

standby 1 preempt

!

interface Vlan100

description Academic Switches

ip address 172.31.181.189 255.255.255.192

no ip redirects

standby 1 ip 172.31.181.129

standby 1 priority 120

standby 1 preempt

!

interface Vlan200

description Administrative switches

ip address 172.31.181.246 255.255.255.192

standby 1 ip 172.31.181.193

standby 1 priority 120

standby 1 preempt

!

interface Vlan300

description Wireless Lan Switches

ip address 172.31.13.254 255.255.255.0

no ip redirects

standby 1 ip 172.31.13.1

standby 1 priority 120

standby 1 preempt

!


!

ip classless

ip route 146.186.27.0 255.255.255.0 172.31.181.129

ip route 146.186.50.0 255.255.255.0 172.31.181.193

ip route 172.31.13.0 255.255.255.0 172.31.13.1

no ip http server

!

!

access-list 101 permit ip 146.186.27.0 0.0.0.255 0.0.0.0 255.255.255.0

access-list 102 permit ip 146.186.27.0 0.0.0.255 0.0.0.0 255.255.255.0

access-list 103 permit ip 146.186.27.0 0.0.0.255 0.0.0.0 255.255.255.0

access-list 105 permit ip 146.186.27.0 0.0.0.255 host 172.31.181.131

access-list 106 permit ip 146.186.27.0 0.0.0.255 host 172.31.13.10

access-list 107 permit ip 146.186.27.0 0.0.0.255 0.0.0.0 255.255.255.192

access-list 121 permit ip 172.31.181.0 0.0.0.255 172.31.13.0 0.0.0.255

!

ntp clock-period 17179855

ntp source Loopback0

ntp master 2

ntp update-calendar

end


Jerry Ye Thu, 07/09/2009 - 20:08

Hi Pedro,


You are adding these new address blocks into the network, just create new VLAN's. Less downtime anyway.


HTH,

jerry

Hi jerry,


Now that I feel confortable with the MSFC1 configuration, moving to the other area of the router (console). After making the changes on the switches and the MSFC1, this session should start getting fix. Or, do you think there is something to be fixed?


Console> (enable) sh trunk

* - indicates vtp domain mismatch

Port Mode Encapsulation Status Native vlan

-------- ----------- ------------- ------------ -----------

3/2 auto n-dot1q trunking 1

3/3 auto dot1q trunking 1

4/3 auto n-dot1q trunking 1

4/4 auto n-dot1q trunking 300

4/6 auto dot1q trunking 200

15/1 nonegotiate isl trunking 1

16/1 nonegotiate isl trunking 1


Port Vlans allowed on trunk

-------- ---------------------------------------------------------------------

3/2 1-1005,1025-4094

3/3 1-1005,1025-4094

4/3 1-1005,1025-4094

4/4 1-1005,1025-4094

4/6 1-1005,1025-4094

15/1 1-1005,1025-4094

16/1 1-1005,1025-4094


Port Vlans allowed and active in management domain



Jerry,

Before I forget, the command entered in the switch for each of the port


int range f0/1 - 24

switchport access vlan 100


Because this command affects the hosts connecting to the port, then, it should be change to reflect the vlan the hosts have access.


In my router configuration vlan 100 is the subnet use to manage the switch.


The hosts are on a different subnet. Therefore, the swichtport mode access vlan 400 is the correct vlan for the all hosts pluggin to the switch.


thanks



Jerry Ye Fri, 07/10/2009 - 05:12

Hi Pedro,


switchport access vlan 100 is for hosts.


In response to your previous email, port 4/4 and 4/6 are assigned to native vlan 200 and 300, I think you want this in VLAN100 since you said this is your management VLAN.


4/4 auto n-dot1q trunking 300

4/6 auto dot1q trunking 200


If you changed these two (2) ports to VLAN100, both side of the trunk should be matched to avoide native VLAN mismatch.


HTH,

jerry

Hi Jerry,


I have made good progress. Must of the network seems to be working.


Now, a few switches with the correct information and at the router they are configure with the correct native vlan, they are not able to ping the router or the router can't ping them.


Do you think spanning tree is causing any trouble?


Console> (enable) sh config

This command shows non-default configurations only.

Use 'show config all' to show both default and non-default configurations.


begin

!

# ***** NON-DEFAULT CONFIGURATION *****

!

!

#time: Fri Jul 10 2009, 18:22:34

!

#version 7.3(1)

!


!

#!

#vtp

set vtp domain lv.psu.edu

set vtp v2 enable

set vtp pruning enable

set vlan 1 name default type ethernet mtu 1500 said 100001 state active

set vlan 100 name academic type ethernet mtu 1500 said 100100 state active

set vlan 200 name administrative type ethernet mtu 1500 said 100200 state active

set vlan 400 name academic-network type ethernet mtu 1500 said 100400 state active

set vlan 401 name administrative-network type ethernet mtu 1500 said 100401 state active

set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active

set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active bridge 0x0 stp ieee

set vlan 1005 name trbrf-default type trbrf mtu 4472 said 101005 state active bridge 0xf stp ibm

set vlan 300

set vlan 1003 name trcrf-default type trcrf mtu 4472 said 101003 state active parent 1005 ring 0xccc mode srb aremaxhop 0 stemaxhop 0 backupcrf off

!

#set boot command

set boot config-register 0x2

set boot system flash bootflash:cat6000-sup2k8.7-3-1.bin

!

# default port status is enable

!

!

#module 1 : 2-port 1000BaseX Supervisor

!

#module 2 : 2-port 1000BaseX Supervisor

!

#module 3 : 16-port 1000BaseX Ethernet

set vlan 100 3/4-5,3/7-8,3/12-16

set vlan 200 3/2-3,3/9-11

set vlan 300 3/6

set udld enable 3/5

set trunk 3/3 auto dot1q 1-1005,1025-4094

clear trunk 3/13 100

set trunk 3/13 auto negotiate 1-99,101-1005,1025-4094

!

#module 4 : 16-port 1000BaseX Ethernet

set vlan 100 4/16

set vlan 200 4/6

set vlan 300 4/1,4/3-4,4/12

set udld enable 4/7-10

set trunk 4/1 auto dot1q 1-1005,1025-4094

clear trunk 4/6 300

set trunk 4/6 auto dot1q 1-299,301-1005,1025-4094

!

#module 5 : 0-port Switch Fabric Module

!

#module 6 : 48-port 10/100BaseTX Ethernet

set vlan 300 6/9,6/11-14

!

#module 7 : 48-port 10/100BaseTX Ethernet

set vlan 401 7/33

!

#module 8 empty

!

#module 9 empty

!

#module 15 : 1-port Multilayer Switch Feature Card

!

#module 16 : 1-port Multilayer Switch Feature Card

end

Console> (enable)

Jerry Ye Fri, 07/10/2009 - 10:44

Hi Pedro,


Just make sure your native VLAN on the trunks is correct. Check your IP address. And lastly, check your configuration of ip default-gateway.


HTH,

jerry

Jerry Ye Fri, 07/10/2009 - 10:56

Hi Pedro,


I am not familiar with the HP switch configuration. However, to interop with Cisco switch, as long as you are using open standard protocol for your trunk, 802.1q trunk, you should be fine.


HTH,

jerry

Jerry Ye Fri, 07/10/2009 - 13:11

Hi Pedro,


You need to leave spanning tree on, otherwise you will have loop and it can cause outage to your network.


HTH,

jerry

Jerry Ye Fri, 07/10/2009 - 19:14

Hi Pedro,


Sorry, I don't have experience with the wireless product, you can try the Wireless - Mobility group for more info.


Regards,

jerry

Actions

This Discussion