Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Enabling ALL VLANs on a trunk link causes downstream hosts to intermittently fall off the network

In an effort to begin collapsing switches, I began to configure our two 3750g Core switches to Allow all VLANs to trunk to a downstream 6500.

The cores are HSRP-configured and are the root bridge priorities are set to match the HSRP active router correctly.

The trunk link that currently existed between the 3750 and the 6500 allowed only about 8 vlans, and the other day I removed the restriction to allow ALL VLANs 1-4096.

Then the next day, people started noticing servers not accessible and I investigated and noticed that they were intermittently failing ping replies. These servers were DOWNSTREAM from the 6500 two switches deep using trunk links as well.

One troubleshooting step I did was I pinged one of the HSRP IPs for the subnet the inaccessible server was on, got a reply from the gateway, and then I pinged the server again, and it replied!

Another behavior I noticed was that I was starting to have trouble telneting in to the the two switches downstream from the 6500. Sometimes I could telnet to one of them, other times I couldn't. These downstream switches are the ones that had the server ports for the servers that were intermittnetly dropping off the network. So at a time when I could session into one of these downstream switches I could ping the servers from there. THen their MACs would show up in the table and then I could ping them from anywhere. I would wait for five minutes for the MACs to age out and then low-and-behold the servers were no longer accessible from the user locations until pinged them from the switches they were on.

So, I gave up trying to fix, rolled back my trunk link betwen the 3750 and the 6500 to the few VLANs allowed as before, and then everything was happy again. I could ping all the servers, I could session in to all the downstream switches from the 6500.

Network topology: [3750-core]---TrunkLinkAllowedAll---[6500chassis]---trunklink---[3750-3-switchStack]----trunklink---[3750]

Any insights would be greatly appreciated

Thanks!

Everyone's tags (1)
5 REPLIES

Hi, On 3750 LAN switch uplink

Hi,

 

On 3750 LAN switch uplink you should trunk all the VLAN's created in the switch.

On 3750 Stack Switch - Downlink connected to 3750 LAN switch should have the same trunk configs as 3750 LAN SW.

 

on 3750 Stack Switches uplink you should have all the local VLAN's and trunked vLAN's from LAN Switch to be trunked to connecting port of 6500 Series... and so on till you have the core sw uplink connectviity.....

 

Hope you have the vtp set as transparent and spanning-tree as pvst....

 

Regards

Karthik

New Member

Thanks nkarthikeyan. VTP

Thanks nkarthikeyan.

VTP transparent mode and pvst+ was definitely in place. I went ahead and did exactly what you said; the only thing that was different from what you said to do was the way I had allowing ALL VLANs on the trunk from Core to the 6500. I allowed only the needed VLANs on that trunk and all seems to be fine.

I still want to know why setting the trunk to allow 1-4094 would cause hosts to fall off the network and switch flooding to not work right. I did read some articles on the effects asymmetric routing can have on unicast flooding and perhaps that's the issue, since my core 3750 is configured with another core switch in an HSRP pair.

 

Hello.During the issue I

Hello.

During the issue I would suggest to check interface utilization to make sure the problem was related to flood (sh int summ). If it was a flood, I think it might be caused by some VLAN unaware of STP (on some port[s]).

But really, flood may be caused by any "smart" user looping network (filtering BPDU). In this case you should protect your network with "storm-control" feature (per port) - and it's a best practice.

Please share your diagram of switch interconnections, list all the VLANs you use, and STP type you run (per switch).

PS: intermittent connectivity might also be caused by permanent root switch re-election (means you have some issue with STP).

Silver

I had a similar case when a

I had a similar case when a remote SPAN VLAN was unblocked on some trunk links and a capture flood spread to several unnecessary segments. Place a capturing laptop onto the segment and watch for a multicast/broadcast/unknownunicast flood.

New Member

Here you go Vasilii...

Here you go Vasilii...

155
Views
0
Helpful
5
Replies