Not able to add vlan (SVI) on a 6500

Unanswered Question
Oct 14th, 2009
User Badges:

Hello all,


I am having an issue while trying to create a VLAN/SVI interface on my 6500 Metro Ethernet Aggregator.


I am receiving an error message that I cannot create an SVI without having the vlan added on the L2 vlan database, but the issue is that the vlan is already created there:


1. I created the vlan on the database:


CAT_6k_MT#conf t

Enter configuration commands, one per line. End with CNTL/Z.

CAT_6k_MT(config)#vlan 1241

CAT_6k_MT(config-vlan)#name test

CAT_6k_MT(config-vlan)#exit

% Applying VLAN changes may take few minutes. Please wait...


2. Trying to add the SVI interface for that vlan


CAT_6k_MT(config)#int vlan 1241

CAT_6k_MT(config-if)#no shut

CAT_6k_MT(config-if)#

Oct 14 10:11:04.241 CST: %PM-4-SVI_ADD_CORRESPONDING_L2_VLAN: Vlan 1241 must be added to L2 database in order to be used, do <vlan 1241> from config mode.

Oct 14 10:11:04.257 CST: %LINK-3-UPDOWN: Interface Vlan1241, changed state to down


Then I checked the vlan 1241 is created on the database:


CAT_6k_MT#sh vlan id 1241


VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1241 VLAN1241 active Po11, Po61


VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1241 enet 101241 1500 - - - - - 0 0


Remote SPAN VLAN

----------------

Disabled


Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------


CAT_6k_MT#sh run int vlan 1241

Building configuration...


Current configuration : 41 bytes

!

interface Vlan1241

no ip address

end


But when I look at the interface vlan is always down/down:


CAT_6k_MT(config-if)#do sh int vlan 1241

Vlan1241 is down, line protocol is down

Hardware is EtherSVI, address is 0016.9c7b.d7c0 (bia 0016.9c7b.d7c0)

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive not supported

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output never, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo


Any ideas reagrding this?


Thanks for your help!

Alex

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kschleppenbach Wed, 10/14/2009 - 09:11
User Badges:

You need a switch port assigned to that vlan or that vlan allowed on a trunk.

aretsu Wed, 10/14/2009 - 09:15
User Badges:

Thanks for your reply.


That vlan is allowed on two trunks, you can see it on the show vlan command attached previously (port-channel 11 and port-channel 61) and both interfaces are up/up.


Regards!

Alex

Lucien Avramov Wed, 10/14/2009 - 09:22
User Badges:
  • Red, 2250 points or more

You are using a vlan number over 1000.

Make sure you have Spanning-tree extend system-id enabled.


Contrary to what was said earlier, you dont need to assign it to a switchport to add it properly in the db.



aretsu Wed, 10/14/2009 - 09:27
User Badges:

Thanks for your response!


I checked the box and it has the command you mentioned:


spanning-tree extend system-id


Now,I tried to create a vlan using other vlan number (vlan 22 - not extended vlan) but I had the same error.


Do you know about any vlan limitation on this box? As a comment I am using VTP version 3.


Regards!

Alex

Lucien Avramov Wed, 10/14/2009 - 10:17
User Badges:
  • Red, 2250 points or more

ok so i do see the vlan 22 to be created and active ( show vlans).


Can you try creating another vlan, example vlan 23 and see if it works?


I dont find any bug on this software, it may be a new defect.

How about disabling and re enabling the spanning-tree extend system-id and try again?



jfraasch Wed, 10/14/2009 - 10:06
User Badges:

Do you have VLAN Database setup? You still need to put VLAN in VLAN Database to enable virtual interface. From enable can you go to VLAN D and see if it exists there?

aretsu Wed, 10/14/2009 - 10:10
User Badges:

Yes, the vlan exists in the vlan database (status active), here it is:

CAT_6k_MT#sh vlan id 1241


VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1241 VLAN1241 active Po11, Po61


VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1241 enet 101241 1500 - - - - - 0 0


Remote SPAN VLAN

----------------

Disabled


Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------


Thanks!

Alex

jfraasch Wed, 10/14/2009 - 10:29
User Badges:

The issue is that it is not being accepted as a valid L2 VLAN:

Error Message %PM-4-SVI_ADD_CORRESPONDING_L2_VLAN: Vlan [dec] must be added to L2

database in order to be used, do from config mode.


Explanation When a switch virtual interface (SVI) is created, the corresponding Layer 2 VLAN is not automatically created in the Layer 2 database.


Recommended Action Create a Layer 2 VLAN before the switch virtual interface (SVI) is created


But according to what you said, you already created the Layer 2 VLAN before adding the SVI.


Sounds like a bug or what the other gentleman said about there being a duplicate name.


Odd one.


James

Edison Ortiz Wed, 10/14/2009 - 10:21
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

"% Applying VLAN changes may take few minutes. Please wait.."


This is not normal.


Do you have another Vlan with the name 'test'? You can't have duplicate Vlan names, try creating the Vlan again and name it something else or just don't name it at all.


Regards,


Edison

aretsu Wed, 10/14/2009 - 12:40
User Badges:

Thanks to all for your responses!


I tried to create a new VLAN and do not name it to avoid a duplicate name, but the behavior is the same. See below:



CAT_6k_MT(config)#vlan 23

CAT_6k_MT(config-vlan)#exit

% Applying VLAN changes may take few minutes. Please wait...


CAT_6k_MT(config)#

CAT_6k_MT(config)#int vlan 23

CAT_6k_MT(config-if)#no shut

CAT_6k_MT(config-if)#

Oct 14 15:34:57.613 CST: %PM-4-SVI_ADD_CORRESPONDING_L2_VLAN: Vlan 23 must be added to L2 database in order to be used, do from config mode.

Oct 14 15:34:57.629 CST: %LINK-3-UPDOWN: Interface Vlan23, changed state to down


CAT_6k_MT#sh vlan id 23


VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

23 VLAN0023 active Gi1/2, Po11, Po61


VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

23 enet 100023 1500 - - - - - 0 0


Remote SPAN VLAN

----------------

Disabled


Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------


CAT_6k_MT#sh int vlan 23

Vlan23 is down, line protocol is down

Hardware is EtherSVI, address is 0016.9c7b.d7c0 (bia 0016.9c7b.d7c0)



So, I can not make this SVI interface to come up and still getting that error message.


Can it be a bug?


Regards!

Alex

jfraasch Wed, 10/14/2009 - 12:42
User Badges:

Could be an odd bug I guess. Did you try deleting the VLAN from the VLAN database then re-adding it?


That's all I can think of. Is there anything funny showing in the log when you get this message?


James

Edison Ortiz Wed, 10/14/2009 - 12:45
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

It sounds like you have a corrupted Vlan Database. Is this a lab or production environment? Are you running VTP transparent of server/client mode?


Regards


Edison

aretsu Wed, 10/14/2009 - 12:52
User Badges:

This a production environment. it is running VTP server mode.


I also tried to delete the vlan and recreated but it does not work either.


Here is the VTP status output:


CAT_6k_MT>en

Password:

CAT_6k_MT#sh vtp sta

CAT_6k_MT#sh vtp status

VTP Version : 3 (capable)

VTP version running : 3

VTP Domain Name : TELUM

VTP Pruning Mode : Enabled

VTP Traps Generation : Enabled

Device ID : 0016.9c7b.d7c0


Feature VLAN:

--------------

VTP Operating Mode : Primary Server

Number of existing VLANs : 682

Number of existing extended VLANs : 189

Configuration Revision : 528

Primary ID : 0016.9c7b.d7c0

Primary Description : CAT_6k_MT

MD5 digest : 0xBA 0x6F 0x2C 0xFA 0xE8 0xAD 0x76 0xCD

0x5C 0x47 0x05 0xD8 0x5D 0xD8 0x0C 0xFA



Feature MST:

--------------

VTP Operating Mode : Primary Server

Configuration Revision : 1

Primary ID : 0016.9c7b.d7c0

Primary Description : CAT_6k_MT

MD5 digest : 0x7A 0x16 0x11 0x7F 0x4B 0x1F 0x36 0x1E

0x9A 0x0D 0x19 0x80 0xC4 0x02 0xBB 0x7F


Regards!

Alex


jfraasch Fri, 10/16/2009 - 09:10
User Badges:

I am guessing you also had a TAC case open on this. Can you post a resolution? I am curious to see what the issue was.


James

aretsu Tue, 10/20/2009 - 08:19
User Badges:

Here is the response from TAC, we will try this later this week, I'll let you know the result.


---------


We really have 2 choices here. And we have to be careful because we

might lose the vlan database. It has been locked since April.


We should try to force a supervisor failover and then see if we can add

a new vlan:


Redundancy force-switchover


Then try to see if the interface vlan639 comes up after configuring it

again


Conf t

Vlan 639

Interface vlan 639

Ip address 4.4.4.4 255.255.255.0

Interface fas6/15

Switchport access vlan 639

End


Check with the command


Show ip interface brief | incl 639


If the above does not work, we need to have someone on-site in case the

cat6k erases its vlan configuration and loses its configuration

completely.


You need to have a vlan configuration from a show running output of

another switch in the VTP domain. If it has the vlans in its output,

then we can use this to recover the switch.


Also, if the vlans are erased, we need to make sure this switch does not

push that information out to the network. The correct way to do this is

to use the interface range command and shut down all of the ports. Then

reboot the switch and if it comes up with all of the vlans, to then "no

shut" the ports and allow it to communicate with the rest of the

switches in the VTP domain.


If you don't shut down all of the ports, the switch may propagate its

erased vlan configuration across the network to the other VTP switches

and erase the configuration on the entire network.



Actions

This Discussion