×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

3550 VLAN problem

Unanswered Question
Jul 28th, 2006
User Badges:

I have a mostly Cisco network with a 3750 being the primary head before the 7200 router access to the DS3. On that 3750 I have VTP server enabled with 12 VLANs. On the 3750 root switch in the new building and all the 3550s there I have setup for VTP client.


My problem is after I assign more than 12 FE ports to a specific VLAN the next one I add to any VLAN on the same switch I lose all connectivity on the FE ports.


I have not setup interfaces for the VLANs since I'm running static IP for all of the end node machines. I haven't read where that is a problem at least so far.


I don't know a whole lot about VLAN setup other than reading most of what's here on the subject so at this point I'm hoping someone else has experienced the same problem.


Also if configs would help I'll be glad to post them.


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (6 ratings)
Loading.
gpulos Fri, 07/28/2006 - 11:03
User Badges:
  • Blue, 1500 points or more

post configs please...always a big help for us.



frankmiller Fri, 07/28/2006 - 11:24
User Badges:

Here is the snippet config for the 3750 that's acting as the VTP server.


!

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree vlan 1-12 priority 24576

!

vlan internal allocation policy ascending

!

interface GigabitEthernet1/0/1

description Riedl Hall Uplink Port

!

interface GigabitEthernet1/0/2

description PAC Uplink Port

!

interface GigabitEthernet1/0/3

description Eisenhower Hall Uplink Port

!

interface GigabitEthernet1/0/4

description Schuttera Service Center Uplink Port

!

interface GigabitEthernet1/0/5

description Bromfield Hall Uplink Port

!

interface GigabitEthernet1/0/6

description 4th Floor Ovalwood Hall Uplink Port

!

interface GigabitEthernet1/0/7

description 3rd Floor Ovalwood Hall Uplink Port

!

interface GigabitEthernet1/0/8

description 2nd Floor Ovalwood Hall Uplink Port

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

macro description cisco-switch

auto qos voip trust

spanning-tree link-type point-to-point

!

interface GigabitEthernet1/0/9

description 1st Floor Ovalwood Hall Uplink Port

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

description Ovalwood Switch Room Uplink Port

switchport trunk encapsulation dot1q

switchport mode trunk

speed nonegotiate

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

macro description cisco-switch

auto qos voip trust

spanning-tree link-type point-to-point

!

interface GigabitEthernet1/0/12

description Primary Uplink to Cisco 7200

speed nonegotiate

!

interface Vlan1

ip address xxx.xxx.xxx.xxx 255.255.255.0

!

ip default-gateway xxx.xxx.xxx.1

ip classless

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.1

ip http server

!

control-plane

!

!

end

balajitvk Fri, 07/28/2006 - 11:14
User Badges:
  • Silver, 250 points or more

Hi frank,


While ur saying connectivity thro. FE ports got down, pls. see the show spanning-tree command and show interface command to ascertain whehter interface status is down or the spanning-tree blocks the ports and will be helpful if u can attach the config along with above commands o/p including show vtp status at that point of time.


Rgs,


frankmiller Fri, 07/28/2006 - 11:33
User Badges:

here is show spanning-tree for vlan 11, interface status of port 1, my test port, and show vtp status.


VLAN0011

Spanning tree enabled protocol ieee

Root ID Priority 24587

Address 0014.a9d7.a100

Cost 8

Port 25 (GigabitEthernet0/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec


Bridge ID Priority 32779 (priority 32768 sys-id-ext 11)

Address 0016.4666.b500

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300


Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p

Fa0/2 Desg FWD 19 128.2 P2p

Fa0/3 Desg FWD 19 128.3 P2p

Fa0/4 Desg FWD 19 128.4 P2p

Fa0/5 Desg FWD 19 128.5 P2p

Fa0/6 Desg FWD 19 128.6 P2p

Fa0/7 Desg FWD 19 128.7 P2p

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------


Fa0/8 Desg FWD 19 128.8 P2p

Fa0/9 Desg FWD 19 128.9 P2p

Fa0/10 Desg FWD 19 128.10 P2p

Fa0/11 Desg FWD 19 128.11 P2p

Fa0/12 Desg FWD 19 128.12 P2p

Fa0/13 Desg FWD 19 128.13 P2p

Gi0/1 Root FWD 4 128.25 P2p

Gi0/2 Desg FWD 4 128.26 P2p

FastEthernet0/1 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 0016.4666.b501 (bia 0016.4666.b501)

Description: Riedl Hall Room 135 port

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is 10/100BaseTX

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:01, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts (0 multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 0 multicast, 0 pause input

0 input packets with dribble condition detected

1472964 packets output, 154703503 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

VTP Version : 2

Configuration Revision : 22

Maximum VLANs supported locally : 1005

Number of existing VLANs : 16

VTP Operating Mode : Client

VTP Domain Name : xxxxxxxxx

VTP Pruning Mode : Enabled

VTP V2 Mode : Enabled

VTP Traps Generation : Disabled

MD5 digest : 0xBB 0x87 0xCA 0xAB 0xCE 0x76 0xAF 0x5A

frankmiller Fri, 07/28/2006 - 11:38
User Badges:

here is the config snippet for the 3550 as well. I've done a physical check and no access from any machine in VLAN 11.


!

ip subnet-zero

ip domain-list xxx.edu

ip domain-name xxx.edu

ip name-server x.x.x.x

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/2

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/3

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/4

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/5

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/6

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/7

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/8

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/9

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/10

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/11

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/12

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/13

description Riedl Hall Room 135 port

switchport access vlan 11

switchport mode access

!

interface FastEthernet0/14

description Riedl Hall Room 135 port

switchport mode access

!

interface FastEthernet0/15

description Riedl Hall Room 135 port

switchport mode access

!

interface FastEthernet0/16

description Riedl Hall Room 135 port

switchport mode access

!

interface FastEthernet0/17

description Riedl Hall Room 135 port

switchport mode access

!

interface FastEthernet0/18

description Riedl Hall Room 135 port

switchport mode access

!

interface FastEthernet0/19

description Riedl Hall Room 135 port

switchport mode access

!

interface FastEthernet0/20

description Riedl Hall Room 135 port

switchport mode access

!

interface FastEthernet0/21

description Riedl Hall Room 135 port

switchport mode access

!

interface FastEthernet0/22

description Riedl Hall Room 135 port

switchport mode access

!

interface FastEthernet0/23

description Riedl Hall Room 135 port

switchport mode access

!

interface FastEthernet0/24

description Riedl Hall Room 135 port

switchport mode access

!

interface GigabitEthernet0/1

switchport trunk encapsulation isl

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport trunk encapsulation isl

switchport mode dynamic auto

!

interface Vlan1

ip address xxx.xxx.xxx.245 255.255.255.0

!

ip default-gateway xxx.xxx.xxx.1

ip classless

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.1

ip http server

!


globalnettech Fri, 07/28/2006 - 12:17
User Badges:
  • Silver, 250 points or more

Hello,


one more question: where is your VLAN 11 interface defined, that is, where does your Layer 3 routing take place ? Can you post the full configs of your 3550, as well as the 3750 ?


Regards,


GNT

frankmiller Fri, 07/28/2006 - 17:32
User Badges:

Hi,


VLAN 11 is defined by the VTP server on the 3750 and I believe that's where Layer 3 routing takes place as well... Maybe I need to config that part correctly.


I have posted full configs in the thread and any help from all of you who are responding is greatly appreciated... I am in Ohio and on Dialup at home so it may take a while for a reply but I'll keep checking in over the weekend.

Roberto Salazar Fri, 07/28/2006 - 12:23
User Badges:
  • Gold, 750 points or more

This is how I understand your issue:

1. You configured a 13th port on a switch and immediately that particular port loses connectivity? or do you lose connecitivity on ALL the ports?

2. How is lost connectivity on that device or all the ports verified? ping test? show interface?

3. You mentioned that the devices are configured with static ip, are they all in the same subnet, at least for the ones that are in the same vlan should be in the same vlan.


something does not sound right, assigning an access port to a vlan should not affect the rest of the port.

frankmiller Fri, 07/28/2006 - 12:40
User Badges:

answer to 1: all ports lose connectivity.


answer to 2: ping test from local and remote fail. show interface displays the interface as "up."


answer to 3: I meant the actual pc's themselves and yes they are all in the same subnet.


I believe I may over the weekend blow out the configs on both the 3750 and the 3550. or pick up one of our new units and run a test with fresh units.

Roberto Salazar Fri, 07/28/2006 - 12:46
User Badges:
  • Gold, 750 points or more

answer to 1: all ports lose connectivity.

>>>Before the 13th port is assigned to any vlan all is okay?


answer to 2: ping test from local and remote fail. show interface displays the interface as "up."

>>> how about ping from pc1 in, say fa 0/1, to pc2 in fa 0/2 on the same switch. This is confirm if the switch is not passing traffic at all and if the issue is l2 or l3. If you can ping between two switches, can the PC themselves ping their default gateway. This is assuming that the PCs are in the same vlan and same subnet. Oh BTW, can you elaborate on local ping test, like which device is the source of the ping and the destination of this ping? From the 3550 itself to the PC's connected to it? and are we talking about the PC's in vlan 11?


answer to 3: I meant the actual pc's themselves and yes they are all in the same subnet.

>>> okay, see number 2 for isolating the issue.


Please rate helpful posts.

frankmiller Fri, 07/28/2006 - 17:24
User Badges:

Reply to question 1: Yes, before the 13th port is assigned to any vlan all is well.


Reply to question 2: Ping from pc in f0/1 to f0/2 fail.


PC's cannot ping default gateway or any gateway/DNS.


PC's are on same VLAN and subnet for the f0/1 to f0/2 test.


Local ping test comes from 3 places: My workstation outside the VLAN on a different subnet, the VTP server switch(cisco 3750) on a different subnet, and the 3550 itself on the same subnet. I ran over to the new building and checked PC to PC in same switch/VLAN after you suggested it.


We are talking about all PC's connected to that switch when the 13th port is added.


I am attaching the configs for both the 3750 and the 3550. At one time it looks as if someone in the department was playing with the 3750 as there are lines of code I have no clue about nor know what they do.


Also, I will look into the option of setting up some of the upgrade equipment for another building in the prep area to see if I can also figure out the problem.


Just in case it is config issue. Is there an easy way to restart from default config?


BTW thanks for the hint on ping from PC to PC I overlooked that completely.... brain is getting a little melted over this one.



Attachment: 
Roberto Salazar Fri, 07/28/2006 - 22:27
User Badges:
  • Gold, 750 points or more

the 3550 itself on the same subnet.

>>> I looked at teh 3550's configuration, it only has one interface vlan which is interface vlan 1 and it ahs the following:

interface Vlan1

ip address 128.146.200.245 255.255.255.0


What vlan are you assigning the ports (the 12 ports and then the 13th port)? If you are assigning those ports to any other vlan besides vlan 1, you will not be able to ping whatever is connected on those port from the 3550 switch. I hope you see that and know why. currently, I do not see any vlan assign to any port, so they all belong to vlan 1. can these PC's in 3550 able to ping 128.146.200.245? If the PC are all in 128.146.200.0/24 network they should be able to.



I ran over to the new building and checked PC to PC in same switch/VLAN after you suggested it.


We are talking about all PC's connected to that switch when the 13th port is added.


>>> I am not sure, if you said PC to PC on this 3550 are able to ping one another, are they able to ping one another? If they are then the problem is not the switch or layer 2 since you are able to pass traffic between ports that are in the same vlan.


Just in case it is config issue. Is there an easy way to restart from default config?

>>> write erase then reload when asked to save do not save. If you are going to do this via telnet be prepared to walk over there, you will lose telnet.


BTW thanks for the hint on ping from PC to PC I overlooked that completely.... brain is getting a little melted over this one.

>>> I'm confused, you said:

"Reply to question 2: Ping from pc in f0/1 to f0/2 fail.


PC's cannot ping default gateway or any gateway/DNS.


PC's are on same VLAN and subnet for the f0/1 to f0/2 test."


Isn't that PC on fa 0/1 to PC in fa 0/2? Can you explain what kind of test the above failed? If it failed then you did not overlook it. Just trying to be clear coz, it is strange that all is well between PCs in the same switch then suddenly after the 13th port nothing works.


Please rate helpful posts.


frankmiller Mon, 07/31/2006 - 05:34
User Badges:

I was assigning the 12 ports and 13th port to VLAN 2.


At the time the config was pulled I had to reset all the vlan configs to the default VLAN(vlan 1).


The ping test was conducted with 2 PCs in VLAN 2 with 13 ports in that vlan. And they were not able to talk back and forth to each other.


All the ping tests failed when I had the ports fa0/1-13 in vlan 2.


Another caveat to this is there a problem since there is yet another 3750 between the VTP server 3750 and the 3550 I'm trying to vlan. The other 3750 is set for VTP client mode and has not been modified at all just all ports set to dynamic desirable.


Another possible problem for my whole project is does each VLAN need it's own unique subnet? If that's the case then it's kinda moot since we only have 4 class B subnets and need close to 11 VLANs.


I think at this point I'm going to get everything back to factory settings and start over. This weekend I learned a lot from the forums and can see that there are a multitude of things I can be doing wrong.

frankmiller Mon, 07/31/2006 - 20:23
User Badges:

Ok, now after blowing out the config and changing things around I have finally got fe0/1 and fe0/2 to be able to ping each other, the vlan 2 interface, and the subsequent vlan 2 interfaces on the 3750 switches.


Now my problem is getting access to the outside world, ie. getting access to websites, mail servers, etc.. These are lab units and need that type of access to be able to function as they did before the vlan was put in place to isolate them.


I am attaching the new configs in order to hopefully shed some more light on the new development.



Thanks for your all your help!



frankmiller Thu, 08/03/2006 - 07:35
User Badges:

Figured out the problem. It lies with the way our DS3 is connected. Our Main campus provides our connectivity and had grouped the subnet on their end negating all I was doing. I have since broke the subnet out of the group and all is well.


Thanks for all the help


Actions

This Discussion