Solved: pvlan and trunk port mapping WS-X6548-GE-TX

raylo · ‎10-09-2013

Hi Cisco Support Forum,

I was told that on the ethernet line card e.g. WS-6548-GE-TX, there are limitation on how you group the pvlan and trunking together as it has port to ASIC consideration or related to oversubscribing.

Is this only applies to 6513 running CATOS only and if this also applies to IOS? Reason I am asking is our 6513 is still running with CATOS 8.5(5) and we are planning to upgrade to IOS 12.2(33)SXJ6. After the upgrade, we are connecting the existing 6513 Catalyst switch to the new Nexus 7009 with port channel. I noticed that on the current config, we separate pvlan and trunking by a group of 8 interfaces apart. So I guess my question is, after the IOS upgrade, are we able to use interface 11/39 and 11/40 configure them as a trunk interface and grouped into a port channela and mix it with other interfaces configured as pvlan interfaces in the same ASIC?

Current out from CATOS:

11/32 sydupsp20 .30/24 notconnect 717,718 full 100 10/100/1000

11/33 sydaapms32-pper eth1 notconnect 719,720 full 100 10/100/1000

11/34 sydaapms32-RIB RIB notconnect 719,720 full 100 10/100/1000

11/35 sydaapms32-pper eth2 notconnect 717,718 full 100 10/100/1000

11/36 SYDAAPMS47-PWN.34/24 connected 717,718 full 100 10/100/1000

11/37 SYDAAPMS47-PWN.74/23 connected 719,720 full 100 10/100/1000

11/38 AU04UDB017QANS2eth0 connected 717,718 full 1000 10/100/1000

11/39 disabled 1 full 100 10/100/1000

11/40 disabled 1 full 100 10/100/1000

Proposed config on 11/39 and 11/40 after IOS upgrade:

interface range GigabitEthernet11/39-40

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 670,805,806,815-817,840-859

switchport mode trunk

switchport nonegotiate

channel-group 15 mode on

Wilson Bonilla · ‎10-10-2013

Hi

So let me recap

Q1:Is this only applies to 6513 running CATOS only and if this also applies to IOS?

- The PVLAN limitation applies for both CatOS and IOS.

Q2:So I guess my question is, after the IOS upgrade, are we able to use interface 11/39 and 11/40 configure them as a trunk interface and grouped into a port channela and mix it with other interfaces configured as pvlan interfaces in the same ASIC?

- In a 6548 linecard there exists two port-groups. Port group #1 corresponds from port 1 to 24, then port-group #2 corresponds from port 25 to 48.

Q3:Both modules are WS-X6548-GE-TX, if there is a 24 port restriction, why configuration can still be done? What will be the potential problem?

- Yeah I have seen cases where it works and some other where it doesn't. I would say as stated in the bug documentation ( documented for IOS only in CSCsb44185):

..."However, in a very rare case (as described in this DDTS)

the two types of the ports may become forwarding at the same time"...

The only potential issue that I see is that this is an unsupported configuration ...unsupported configurations might bring unexpected results... It might just stop working...

=========================================================

Configuration guide for CatOS8.5

You cannot set the ports belonging to the same ASIC where one port is set to trunking or

promiscuous mode or is a SPAN destination and another port is set to isolated or community port.

=========================================================

Regards.

Wilson B.

View solution in original post

Wilson Bonilla · ‎10-09-2013

Hello

Taken from the configuration guide 12.2SX

In all releases , this 24-port restriction applies to the WS-X6548-GE-TX and WS-X6148-GE-TX 10/100/1000 Mb Ethernet switching modules.

Within groups of 24 ports (1-24, 25-48), do not configure ports as isolated ports or community VLAN ports when one port within the group of 24 ports is any of these:

–A trunk port

–A SPAN destination port

–A promiscuous private VLAN port

Regards.

WIlson B.

raylo · ‎10-10-2013

Hi Wilson,

Thanks for the update.

I have looked at the sw release 12.2 about the 12 port restrictions. However, on our production switch 6513 on module 10 and module 12:

Mod 10:

Port Name Status Vlan Duplex Speed Type

----- -------------------- ---------- ---------- ------ ----------- ------------

10/1 notconnect 1 full 100 10/100/1000

10/2 disabled 1 auto auto 10/100/1000

10/3 connected trunk full 1000 10/100/1000

10/4 connected 803 full 100 10/100/1000

10/5 connected 804 full 100 10/100/1000

10/6 connected 813 full 100 10/100/1000 -- promiscuous port

10/7 connected 823 full 100 10/100/1000

10/8 connected trunk full 1000 10/100/1000

10/9 disabled 1 auto auto 10/100/1000

10/10 connected 741 full 100 10/100/1000 -- promiscuous port

10/11 disabled 843 full 100 10/100/1000

10/12 connected trunk full 100 10/100/1000

10/13 connected 825 full 100 10/100/1000

10/14 connected 826 full 100 10/100/1000

10/15 connected 827 full 100 10/100/1000

10/16 connected 828 full 100 10/100/1000

10/17 connected 829 full 100 10/100/1000

10/18 connected 861 full 100 10/100/1000

10/19 connected 862 full 100 10/100/1000

10/20 connected trunk full 1000 10/100/1000

10/21 connected trunk full 1000 10/100/1000

10/22 connected trunk full 1000 10/100/1000

10/23 connected trunk full 1000 10/100/1000

10/24 connected trunk full 1000 10/100/1000

10/25 notconnect 761,762 full 100 10/100/1000

10/26 notconnect 741,742 full 100 10/100/1000

10/27 notconnect 741,742 full 100 10/100/1000

10/28 connected 761,762 full 100 10/100/1000

10/29 connected 741,742 full 100 10/100/1000

10/30 connected 741,742 full 100 10/100/1000

10/31 connected 761,762 full 100 10/100/1000

10/32 connected 761,762 full 100 10/100/1000

10/33 notconnect 741,742 full 100 10/100/1000

10/34 connected 741,742 a-full a-1Gb 10/100/1000

10/35 disabled 741,742 full 1000 10/100/1000

10/36 connected 741,742 full 1000 10/100/1000

10/37 connected 741,742 full 1000 10/100/1000

10/38 connected 741,742 full 1000 10/100/1000

10/39 disabled 741,742 full 100 10/100/1000

10/40 notconnect 1 full 1000 10/100/1000

10/41 connected 778 a-full a-100 10/100/1000

10/42 connected 741 full 100 10/100/1000 -- promiscuous port

10/43 connected 741 full 100 10/100/1000 -- promiscuous port

10/44 connected 741 full 100 10/100/1000 -- promiscuous port

10/45 disabled 1 auto auto 10/100/1000

10/46 disabled 1 auto auto 10/100/1000

10/47 disabled 1 auto auto 10/100/1000

10/48 connected 761 a-full a-1Gb 10/100/1000 -- promiscuous port

xxxxxx > (enable) sh pvlan mapping

Port Primary Secondary

---- ------- ---------

10/6 813 814

10/10 741 742

10/42 741 742

10/43 741 742

10/44 741 742

10/48 761 762

==============================

Mod 12

Port Name Status Vlan Duplex Speed Type

----- -------------------- ---------- ---------- ------ ----------- ------------

12/1 connected 817 full 100 10/100/1000

12/2 connected trunk full 100 10/100/1000

12/3 connected trunk full 100 10/100/1000

12/4 connected 878 full 100 10/100/1000

12/5 connected 778 full 100 10/100/1000

12/6 notconnect 860 full 100 10/100/1000

12/7 notconnect 868 full 100 10/100/1000

12/8 disabled 1 full 1000 10/100/1000

12/9 disabled 1 full 1000 10/100/1000

12/10 connected trunk full 1000 10/100/1000

12/11 connected trunk full 1000 10/100/1000

12/12 connected trunk full 1000 10/100/1000

12/13 connected trunk full 1000 10/100/1000

12/14 connected 841 full 1000 10/100/1000

12/15 connected 855 full 1000 10/100/1000

12/16 connected 864 full 1000 10/100/1000

12/17 connected 741,742 full 100 10/100/1000

12/18 disabled 878,879 full 100 10/100/1000

12/19 connected 741,742 full 100 10/100/1000

12/20 notconnect 741,742 full 100 10/100/1000

12/21 disabled 761,762 full 100 10/100/1000

12/22 connected 741,742 full 100 10/100/1000

12/23 disabled 1 auto auto 10/100/1000

12/24 notconnect 761,762 full 100 10/100/1000

12/25 connected 741,742 full 1000 10/100/1000

12/26 connected 741,742 full 1000 10/100/1000

12/27 connected 741,742 full 1000 10/100/1000

12/28 disabled 741,742 full 1000 10/100/1000

12/29 connected 741,742 full 1000 10/100/1000

12/30 connected 741,742 full 100 10/100/1000

12/31 notconnect 741,742 full 100 10/100/1000

12/32 notconnect 761,762 full 100 10/100/1000

12/33 notconnect 741,742 full 100 10/100/1000

12/34 disabled 741,742 full 1000 10/100/1000

12/35 disabled 761,762 full 1000 10/100/1000

12/36 notconnect 761,762 full 100 10/100/1000

12/37 notconnect 741,742 full 100 10/100/1000

12/38 connected 741,742 full 100 10/100/1000

12/39 disabled 741,742 full 1000 10/100/1000

12/40 disabled 741,742 full 1000 10/100/1000

12/41 connected 741,742 a-full a-100 10/100/1000

12/42 connected 761,762 full 1000 10/100/1000

12/43 notconnect 860 full 100 10/100/1000

12/44 notconnect 860 full 100 10/100/1000

12/45 notconnect 862 full 100 10/100/1000

12/46 notconnect 860 full 100 10/100/1000

12/47 disabled 822 full 1000 10/100/1000

12/48 disabled 1 full 1000 10/100/1000

====================================

On Mod 10, port 10/25-48, there are mixture of isolated ports and promiscuous ports (10/

42-44, 10/48).

On Mod 12 port 12/1-24, there are mixture of trunk ports and pvlans.

Both modules are WS-X6548-GE-TX, if there is a 24 port restriction, why configuration can still be done? What will be the potential problem?

Your further advice is much appreciated!

Ray

Wilson Bonilla · ‎10-10-2013

Hi

So let me recap

Q1:Is this only applies to 6513 running CATOS only and if this also applies to IOS?

- The PVLAN limitation applies for both CatOS and IOS.

Q2:So I guess my question is, after the IOS upgrade, are we able to use interface 11/39 and 11/40 configure them as a trunk interface and grouped into a port channela and mix it with other interfaces configured as pvlan interfaces in the same ASIC?

- In a 6548 linecard there exists two port-groups. Port group #1 corresponds from port 1 to 24, then port-group #2 corresponds from port 25 to 48.

Q3:Both modules are WS-X6548-GE-TX, if there is a 24 port restriction, why configuration can still be done? What will be the potential problem?

- Yeah I have seen cases where it works and some other where it doesn't. I would say as stated in the bug documentation ( documented for IOS only in CSCsb44185):

..."However, in a very rare case (as described in this DDTS)

the two types of the ports may become forwarding at the same time"...

The only potential issue that I see is that this is an unsupported configuration ...unsupported configurations might bring unexpected results... It might just stop working...

=========================================================

Configuration guide for CatOS8.5

You cannot set the ports belonging to the same ASIC where one port is set to trunking or

promiscuous mode or is a SPAN destination and another port is set to isolated or community port.

=========================================================

Regards.

Wilson B.

raylo · ‎10-11-2013

Hi Wilson,

You are correct, I have set up a lab last night and put some isolated pvlan ports and promiscuos ports and trunk ports together within port 1-24 on a WS-X6548-GE-TX line card. I have a PC connect to one of the isolated pvlan port and another PC connected to a promiscuous port, PC connected to isloated pvlan port is always in a 'notconnect'. Behaviour is similar when connects to trunk port and isolated pvlan port. If I move my pc to the 2nd half of the asic (e.g. port 28), isloated pvlan port came up straight.

Problem seems only can be corrected if I remove the promiscuous port and trunk port within the 24 port group asic followed by a shut and no shut on the isolated vlan port.

As this are lagacy switches, now need to think about ways to move forward:

1. Obviously we may need to redefine all the switchports in a 24 port group pattern (which is a very painful exercise)

2. Will later release ios solve this issue? I ask this because when I looked at release notes on 15.1SY, the pvlan issue is not mentioned while it is mentioned in 12.2. To me, 24 port group is a hardware limitation and upgrade to 15.1SY will not solve this?

3. With this asic limitation, why we still able to config a mixture of isolated vlan ports and promiscuous ports and trunk ports within the 24 port group? I think the IOS should be written in such a way that it should give you warning messsages?

4. As we are presuured by our clients to have this upgrade done asap, I may rasie a TAC case for this lagacy issue in their environment.

5. It is strange that this combination of switchport configuration is working in our exisiting environment which our switches are running in CATOS 8.5(5) as our architect actually put them in a 8 port group in a line card but not 24 port group.

Your assitance is much appreciated!

Wilson Bonilla · ‎10-12-2013

Hello

2. It's interesting the release notes doesn't metioned anything about the limitatio, I will look further into this back on monday.

3. I agree, as described in the document:

http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml

IOS displays error message %PM-SP-3-ERR_INCOMP_PORT: is set to inactive because is a trunk port

4 - 5. Sure, I think you can opened a TAC. In my opinion CatOS is EOL'd since Feb 2013, no longer supported. The best suggestion is to upgrade and take in considerations the limitations already known.

Regards.

Wilson B.

raylo · ‎10-14-2013

Hi Wilson,

I have now opned a TAC case with Cisco. Fyi, it is 627703433. I am happy to close the discussion and also like to thanks for your support if you do not have further updates.

Regards/Ray.

raylo · ‎11-04-2013

Hi Wilson,

We also have 4507 in our environment running in IOS. Our line card is WS-X4548-GB-RJ45-RJ-45. It seems that this line card do not have the limitation of asci port group?

I have a show output below from one of the ports :

AU01USW011QAN42#sh int gi7/46 capabilities

GigabitEthernet7/46

Model: WS-X4548-GB-RJ45-RJ-45

Type: 10/100/1000-TX

Speed: 10,100,1000,auto

Duplex: half,full,auto

Trunk encap. type: 802.1Q,ISL

Trunk mode: on,off,desirable,nonegotiate

Channel: yes

Broadcast suppression: percentage(0-100), sw

Flowcontrol: rx-(off,on,desired),tx-(off,on,desired)

VLAN Membership: static, dynamic

Fast Start: yes

Queuing: rx-(N/A), tx-(1p3q1t, Shaping)

CoS rewrite: yes

ToS rewrite: yes

Inline power: no

SPAN: source/destination

UDLD: yes

Link Debounce: no

Link Debounce Time: no

Port Security: yes

Dot1x: yes

Maximum MTU: 1552 bytes (Baby Giants)

Multiple Media Types: no

Diagnostic Monitoring: N/A AU01USW011QAN42#sh int gi7/46 capabilities
GigabitEthernet7/46
Model:                 WS-X4548-GB-RJ45-RJ-45
Type:                  10/100/1000-TX
Speed:                 10,100,1000,auto
Duplex:                half,full,auto
Trunk encap. type:     802.1Q,ISL
Trunk mode:            on,off,desirable,nonegotiate
Channel:               yes
Broadcast suppression: percentage(0-100), sw
Flowcontrol:           rx-(off,on,desired),tx-(off,on,desired)
VLAN Membership:       static, dynamic
Fast Start:            yes
Queuing:               rx-(N/A), tx-(1p3q1t, Shaping)
CoS rewrite:           yes
ToS rewrite:           yes
Inline power:          no
SPAN:                  source/destination
UDLD:                  yes
Link Debounce:         no
Link Debounce Time:    no
Port Security:         yes
Dot1x:                 yes
Maximum MTU:           1552 bytes (Baby Giants)
Multiple Media Types: no
Diagnostic Monitoring: N/A

Thanks for your help.

Raymond.