Extreme device to Cisco device issue....

jimmysands73_2 · ‎07-07-2012

Odd case at worksite, power outage, when devices came back up, all Cisco management IPs were offline, but end users reported no issues (DHCP is working/verified), so its was limited to management vlan (11 in this case). Topology is this:

LAN Router Extreme (X450a-24t XOS) port 24 ---directly connected----- Cisco 3524 int gi0/1

(very old IOS:

0389-SW-Training-01#sh ver

Cisco Internetwork Operating System Software

IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5.1)XW, MAINTENANCE INTERIM SOFTWARE

System image file is "flash:c3500XL-c3h2s-mz-120.5.1-XW.bin")

Should be simple enough.

User vlan is 19, management is 11

We are unable to ping management IP of 3524 from LAN router side or ping extreme from Cisco side).

Tagged on Extreme side:

On Extreme side:

0389-RTR-01.8 # sh vlan "Manage"

VLAN Interface with name Manage created by user

Admin State: Enabled Tagging: 802.1Q Tag 11

Virtual router: VR-Default

Primary IP : 10.169.48.6/24

IPv6: None

STPD: None

Protocol: Match all unfiltered protocols

Loopback: Disabled

NetLogin: Disabled

QosProfile: None configured

Egress Rate Limit Designated Port: None configured

Flood Rate Limit QosProfile: None configured

Ports: 15. (Number of active ports=13)

Untag: *3(WController),*4(WController)

Tag: *2(RM136-Voice),*6(SW-ER-02),*7(SW-ER-03),*8(SW-ER-04),*9(SW-ER-05),*10(SW-ER-06)

*21(Server),*22(Server),*23(Server),*24(LAB-3548), 25, 26

Tagged for management port 24.

Cisco side:

Vlan 11 (management) is up and active:

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active

10 VLAN0010 active

11 VLAN0011 active

Cisco port config gi0/1:

switchport trunk encapsulation dot1q
switchport mode trunk
end

Ports up:

Interface IP-Address OK? Method Status Protocol

VLAN1 unassigned YES NVRAM up down

VLAN11 10.169.48.1 YES NVRAM up up

GW is correct:

0389-SW-Training-01#sh run | inc gate

ip default-gateway 10.169.48.6

Mind you, this is an odd IP assignment, I have changed it...for standards are LAN rtr is .6, while this sw was .1, its has since been reip'd, but that has no bearing here. When I have the above config I can not ping the Extreme from the Cisco or ping the Cisco from the Extreme side. The Cisco is pinging nothing past the LAN router (only tried private, did not try public).

The odd part is that spanning tree is blocking vlan 1 and 11:

On Cisco sw we get this error in logs:

*Feb 28 16:04:30.982: %SPANTREE-2-RECV_PVID_ERR:

Received BPDU with inconsistent peer vlan id 1 on GigabitEthernet0/1 on vlan 11.

*Feb 28 16:04:30.982: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet0/1 on vlan 1.

Inconsistent peer vlan.

*Feb 28 16:04:31.000: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/1 on vlan 11.

Inconsistent local vlan

To me this means a native vlan mismatch..maybe. But on the extreme side the default vlan is disabled/not on any ports.

0389-RTR-01.3 # sh vlan "Default"

VLAN Interface with name Default created by user

Admin State: Enabled Tagging: 802.1Q Tag 1

Ports: 0. (Number of active ports=0)

To fix I tried various items on both extreme and cisco side, the ONLY way I could get comms re-establish on management vlan was:

On Extreme side : untag vlan 19 on port 24 AND

On Cisco side: add to gi0/1 sw tr na vl 19

OR

On Extreme side : untag vlan 11 on port 24 AND

On Cisco sdie : add to gi0/1 sw tr na vl 11

Its working now, but this goes against our standards of having no untagged ports on the LAN rtr, so I am going to head back out onsite Monday to investigate further. No, this site did not have backups of configs....dont ask lol.

Why would I be unable to ping from the Cisco to the .6 address on the LAN router?

Why would with both ports tagged/configured correctly on both devices did I have have to untag ports to get this config to work?

Thanks

Flavio Boniforti · ‎11-13-2015

Hi there.

I got a very similar issue, here the relevant log outputs:

Nov 12 08:00:41 10.130.64.143 282714: *Jun 14 19:55:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/1 on VLAN0700. Port consistency restored.
Nov 12 08:00:41 10.130.64.143 282713: *Jun 14 19:55:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/1 on VLAN0010. Port consistency restored.
Nov 12 07:50:19 10.130.64.143 282701: *Jun 14 19:45:27: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/1 on VLAN0700. Inconsistent local vlan.
Nov 12 07:50:19 10.130.64.143 282700: *Jun 14 19:45:27: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/1 on VLAN0010. Inconsistent peer vlan.
Nov 12 07:50:19 10.130.64.143 282699: *Jun 14 19:45:27: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 10 on GigabitEthernet1/1 VLAN700.

Above entries have been detected on a Catalyst IE-8000-8TC with Cisco SW Version 15.0(2)SE

The uplink port Gi1/1 is configured as follows:

interface GigabitEthernet1/1
switchport trunk native vlan 888
switchport mode trunk
spanning-tree bpdufilter enable
end

On the other end, there's an Extreme Networks Summit X440-48p-10G, and its port 47 is configured with 14 tagged VLANs and no untagged VLAN. VLANs 10 and 700 are tagged on this port, whereas VLAN 888 is not configured at all on this port.

Does anybody know, how it could happen that some sort of "VLAN-crossing BPDUs" would flow?

Thanks and regards,

Flavio.