Inner Vlan Comunication problems

Unanswered Question
Oct 22nd, 2013
User Badges:

HI, i have decide to ask because i have no more ideas. I come here to ask for your help.


im having the fallowing issues:


Vlan x used for clients on a location:

  • Can receive DHCP in all zones of the distribution network
  • In some zones you get DHCP but cant ping GW and CAN browse and ping other networks
  • In other zones you can ping GW ( no problem  here)


I did sniff some packs but i did not detect any Man in The Middle attack, no mac or arp floods etc



Vlan y used for Switches management vlan and some servers:

  • Nagios: can ping all segments of the network
  • Cant ping some Switches on the same vlan y (those sw that it cannot ping are the same access sw that use vlan x for users)


I have checked cam table, it all seams to be OK , no incomplete entries or wrong MAC address




I have also check ARP table



Im also having the message popup i have search this notification and everybody says that it means an native vlan mismatch or encapsulation configuration, but my sw have the same native vlan on all sides (Vlan0060). Don't rly know why is Vlan1 being mention its not used as native.



%SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet0/25 on VLAN0001. Inconsistent peer vlan.

%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/25 on VLAN0060. Inconsistent local vlan


Now for the structure



We have the core in our Data center and from there is distributed to the sectors of my work place


Core= 3750 -3560

Access= CE500


CoreSw>Data center SW >>Servers

|

Location1 Core

|                      |               |

Access Sw    Acces Sw   Acess Sw

                                          |

                                         Access Sw



Like that(but its abigger scnario), there is no redundancy in the location 1 core so its hard for a SPT loop to form. its all downstream



Any thing else you woul like to ask. Please Ask.



Regards



A little Mouse


***********************Wont let me post reply so ill update from here**********************************

sure. posting the hole interface config and swicthport status


Distribution side

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport trunk native vlan 60

switchport mode trunk

spanning-tree guard loop


interface GigabitEthernet1/0/2

switchport trunk encapsulation dot1q

switchport trunk native vlan 60

switchport mode trunk

spanning-tree guard loop


interface GigabitEthernet1/0/3

switchport trunk encapsulation dot1q

switchport trunk native vlan 60

switchport mode trunk

spanning-tree guard loop


interface GigabitEthernet1/0/4

switchport trunk encapsulation dot1q

switchport trunk native vlan 60

switchport mode trunk

spanning-tree guard loop


interface GigabitEthernet1/0/5

switchport trunk encapsulation dot1q

switchport trunk native vlan 60

switchport mode trunk

spanning-tree guard loop


interface GigabitEthernet1/0/6

switchport trunk encapsulation dot1q

switchport trunk native vlan 60

switchport mode trunk

spanning-tree guard loop


nterface GigabitEthernet1/0/8

switchport trunk encapsulation dot1q

switchport trunk native vlan 60

switchport mode trunk

spanning-tree guard loop


interface GigabitEthernet1/0/9

description To_SW_FUN_PRI_DR09

switchport trunk encapsulation dot1q

switchport trunk native vlan 60

switchport mode trunk

spanning-tree guard loop


interface GigabitEthernet1/0/10

switchport trunk encapsulation dot1q

switchport trunk native vlan 60

switchport mode trunk

spanning-tree guard loop



interface GigabitEthernet1/0/11

switchport trunk encapsulation dot1q

switchport trunk native vlan 60

switchport mode trunk

spanning-tree guard loop


this goes the same for all interfaces

sh interfaces gigabitEthernet 1/0/1 switchport

Name: Gi1/0/1

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 60 (Interswitches)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk private VLANs: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL


Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none


Access Side

To G1/0/1

interface GigabitEthernet1

description To distribution g1/0/1

switchport trunk native vlan 60

switchport mode trunk

ip arp inspection trust

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

udld port aggressive

mls qos trust cos

macro description cisco-switch

spanning-tree link-type point-to-point

ip dhcp snooping trust


TO G1/0/2

interface GigabitEthernet1

switchport trunk native vlan 60

switchport mode trunk

ip arp inspection trust

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

mls qos trust cos

macro description cisco-switch

spanning-tree link-type point-to-point

ip dhcp snooping trust


TO G1/0/3

interface GigabitEthernet1

switchport trunk native vlan 60

switchport mode trunk

ip arp inspection trust

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

mls qos trust cos

macro description cisco-switch

spanning-tree link-type point-to-point

ip dhcp snooping trust


TO G1/0/4

interface GigabitEthernet1

switchport trunk native vlan 60

switchport mode trunk

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

udld port aggressive

mls qos trust cos

macro description cisco-switch

spanning-tree link-type point-to-point

ip dhcp snooping trust


TO G1/0/5

interface GigabitEthernet1

switchport trunk native vlan 60

switchport mode trunk

ip arp inspection trust

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

mls qos trust cos

macro description cisco-switch

spanning-tree link-type point-to-point

ip dhcp snooping trust


TO G1/0/6

interface GigabitEthernet1

switchport trunk native vlan 60

switchport mode trunk

ip arp inspection trust

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

mls qos trust cos

macro description cisco-switch

spanning-tree link-type point-to-point

ip dhcp snooping trust


TO G1/0/8

interface GigabitEthernet1

switchport trunk native vlan 60

switchport mode trunk

ip arp inspection trust

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

mls qos trust cos

macro description cisco-switch

spanning-tree link-type point-to-point

ip dhcp snooping trust


TO G1/0/9

interface GigabitEthernet1

switchport trunk native vlan 60

switchport mode trunk

ip arp inspection trust

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

mls qos trust cos

macro description cisco-switch

spanning-tree link-type point-to-point

ip dhcp snooping trust


TO G1/0/10

interface GigabitEthernet1

switchport trunk native vlan 60

switchport mode trunk

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

udld port aggressive

mls qos trust cos

macro description cisco-switch

spanning-tree link-type point-to-point

ip dhcp snooping trust


TO G1/0/11

interface GigabitEthernet1

switchport trunk native vlan 60

switchport mode trunk

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

udld port aggressive

mls qos trust cos

macro description cisco-switch

spanning-tree link-type point-to-point

ip dhcp snooping trust


And this goes the same for the access sw

Name: Gi1

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 60 (Interswitches)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk private VLANs: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL


Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rfalconer.sffcu Tue, 10/22/2013 - 15:14
User Badges:
  • Bronze, 100 points or more

Can you post the trunk configurations on each switch?

Actions

This Discussion

Related Content