11-26-2013 08:33 PM - edited 03-07-2019 04:48 PM
Hello All,
I've been trawling through the forums here and while I've found a lot of good advice, I haven't found anything that makes sense in my case. Here's what I have:
Two of our sites are being set up with a PLC network. The vendor has decided that the only good way to accomplish cross-site monitoring is to have both sites on the same subnet. I've asked them if they would please set them to separate subnets, but they refuse claiming that this shouldn't be an issue because they've done it this way at other client sites. That said, I understand it's not really the right way to do things but they won't listen to reason.
So, both sites are residing on the same subnet of 172.X.X.Z. We do have a bit of an advantage in this situation and that is the way our sites are connected. Our switches are connected directly to each other using a telco provided ethernet connection. No MPLS, no VPN, just a direct connection. The telco equipment is completely transparent to the switches.
The switchports that are connected on each end are set up like so:
interface GigabitEthernet1/0/14
description xxxxxxx
switchport access vlan 5 (This shouldn't matter since it's been set to trunk mode)
switchport trunk encapsulation dot1q
switchport trunk native vlan 5
switchport trunk allowed vlan 5,172
switchport mode dynamic desirable
Now, if I set up a vlan interface with the 172.X.X.1 IP address on either side of the link the respective server is able to see the interface. So, the VLAN is working from the servers to the switches on both sides. However, the actual communication between the two servers (and all the PLCs on either side of the network) isn't working. It seems pretty obvious that the problem is happening somewhere on the link between the two switches but for the life of me I cannot figure out where.
Another small gotcha is that the servers are both set to use 172.X.X.1 as their default gateway. I had thought at one point that if I set up a VLAN Interface on both sides, one with .1 and one with .2 and set the servers to use those as their respective gateways that this might solve the problem. However, I'm not entirely sure if that will work if it will, whether it will require anything special or if it would be sufficient to just go
Conf t
interface vlan 172
ip address 172.X.X.1 255.255.255.0
(And similar for .2)
Thanks in advance for any help you can offer!
-Josh
Solved! Go to Solution.
11-27-2013 12:33 PM
Josh
So, if I'm hearing you right, vlans 5 and 172 should both not show any interfaces in the list if they are in trunk mode?
Yes. I think there is something more fundmental here. Are you sure the link can carry tagged traffic ie. the telco does not have any equipment in between that could be stopping this because i cannot see any reason why vlan 172 is not allowed across the link. Vlan 5 is seen on both ends by STP but vlan 172 isn't. Vlan 5 is not tagged because it is the native vlan. Can you check with the telco that you can send tagged traffic across that link ?
Jon
11-27-2013 12:27 AM
I agree that this is a horrible design but in theory it should work. Do you have any dynamic MAC entries over Gi1/0/24? Can you show the switchport operational mode and output for spanning tree as well.
Show int gi1/0/24 switchport
show span vlan 172
Daniel Dib
CCIE #37149
11-27-2013 03:49 AM
Josh
The L3 vlan interface for vlan 172 shouldn't matter as the servers are on the same subnet so they should simply switch the traffic at L2 ie. no need to route traffic so need to go to their L3 gateway. So unless you need to access these devices from another vlan/subnet you don't need to worry about the SVI at the moment.
The other thing to note is that you do not need to use a trunk because you only want vlan 172 on that link. The native vlan doesn't need to be allowed on a trunk link. I would try changing that to a simple access port on both sides and put the port in vlan 172.
As Daniel noted It is worth checking the output of "sh spanning-tree vlan 172" to see if that link is being blocked or not. How are these sites interconnected for other (non vlan 172) traffic ? Do you have an interconnect or are you sending the traffic via a WAN link ?
Jon
11-27-2013 05:32 AM
Thanks for the replies. Jon, unfortunately we do route traffic across the native vlan. Site B uses the exchange server located at Site A for e-mail, and we use the internet connection at site A as a failover for Site B and vice versa. That said, here is the output for sh spanning-tree vlan 172 on both switches. The only thing I can really note is the high forward cost for the routes going between plants, but I'm fairly certain that's not a problem since it would only come in to play when trying to access an IP located at the other location.
Site A
VLAN0172
Spanning tree enabled protocol ieee
Root ID Priority 32940
Address 081f.f3ca.6b80
This bridge is the root
Hello Time 2 sec
Max Age 20 sec
Forward Delay 15 sec
Bridge ID Priority 32940 (priority 32768 sys-id-ext 172)
Address 081f.f3ca.6b80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/14 Desg FWD 19 128.14 P2p
Gi1/0/23 Desg FWD 4 128.23 P2p
Gi1/0/24 Desg FWD 4 128.24 P2p
Po1 Desg FWD 3 128.488 P2p
Po2 Desg FWD 3 128.496 P2p
Po5 Desg FWD 3 128.520 P2p
Po6 Desg FWD 3 128.528 P2p
Po13 Desg FWD 3 128.584 P2p
Gi2/0/19 Desg FWD 4 128.73 P2p
Gi2/0/23 Back BLK 4 128.77 P2p
Site B
VLAN0172
Spanning tree enabled protocol rstp
Root ID Priority 24748
Address 4055.39cc.4300
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24748 (priority 24576 sys-id-ext 172)
Address 4055.39cc.4300
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/24 Desg FWD 4 128.24 P2p
Po2 Desg FWD 3 128.496 P2p
Po4 Desg FWD 3 128.512 P2p
Gi2/0/14 Desg FWD 19 128.68 P2p
Gi2/0/24 Desg FWD 4 128.78 P2p
Also, Daniel, both switchports are enabled.
Thanks,
Josh
11-27-2013 06:06 AM
Josh
Can you post configs of switches at both ends of the link ?
Also as Daniel asked, when you try to ping a server from one switch to another what do you see in the mac-address and arp tables ?
Jon
11-27-2013 07:12 AM
Hi Jon,
Arp tables show nothing for VLAN 172 on either switch.
Mac tables on Site A shows a single mac on vlan 172, dynamic, port gi2/0/19. This is interesting because that port, while hooked up, is not configured with any settings at all. (((Fixed this problem. The mac table now shows the same mac address going to gi2/0/23 which is configured as seen below.)))
Meanwhile on Site B the mac tables show between 1 and 4 addresses on gi1/0/24.
I checked both tables while actively pinging from one server to the other and also after stopping the ping.
Here's the config of switch 1 with identifying information taken out. Speaking of, is there a spoiler tag I could use to make the post less bulky?
Note: The ports that are connecting back in to the network at Site A are 2/0/23, 1/0/24, and 1/0/23. The port that is connecting to Site B is 1/0/14.
Using 9198 out of 524288 bytes
!
! Last configuration change at 14:54:48 UTC Wed Nov 27 2013 by admin
! NVRAM config last updated at 14:54:52 UTC Wed Nov 27 2013 by admin
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime localtime
no service password-encryption
!
hostname xxxxxxx
!
boot-start-marker
boot-end-marker
!
enable secret xxxxxxx
!
username xxxxxx
username xxxxxx
!
!
aaa new-model
!
!
!
!
!
aaa session-id common
switch 1 provision ws-c3750g-24ts-1u
switch 2 provision ws-c3750g-24ts-1u
system mtu routing 1500
ip routing
ip domain-name xxxxxx
!
!
!
!
crypto pki trustpoint xxxxx
enrollment selfsigned
subject-name xxxxx
revocation-check xxxxx
rsakeypair xxxxx
!
!
crypto pki certificate chain xxxxx
certificate self-signed 01 nvram:xxxx
!
!
!
port-channel load-balance src-dst-ip
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel3
switchport access vlan 106
switchport mode access
!
interface Port-channel4
switchport access vlan 106
switchport mode access
!
interface Port-channel5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel7
switchport access vlan 106
switchport mode access
!
interface Port-channel8
switchport access vlan 106
switchport mode access
!
interface Port-channel13
description xxxxxxxxxxx
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode on
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/3
switchport access vlan 106
switchport mode access
channel-group 3 mode active
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 106
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 5 mode on
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/6
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 6 mode on
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/7
switchport access vlan 106
switchport mode access
channel-group 7 mode active
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport access vlan 106
switchport mode access
channel-group 8 mode active
spanning-tree portfast
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
description xxxx
switchport mode access
!
interface GigabitEthernet1/0/13
description xxxxx
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 13 mode on
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/14
description xxxxx
switchport access vlan 5
switchport trunk encapsulation dot1q
switchport trunk native vlan 5
switchport trunk allowed vlan 5,172
switchport mode dynamic desirable
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
switchport access vlan 105
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 105
switchport mode access
!
interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,125,172
switchport mode trunk
priority-queue out
mls qos trust dscp
!
interface GigabitEthernet1/0/24
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,125,172
switchport mode trunk
priority-queue out
mls qos trust dscp
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet2/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
spanning-tree portfast trunk
!
interface GigabitEthernet2/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode on
spanning-tree portfast trunk
!
interface GigabitEthernet2/0/3
switchport access vlan 106
switchport mode access
channel-group 3 mode active
spanning-tree portfast
!
interface GigabitEthernet2/0/4
switchport access vlan 106
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet2/0/5
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 5 mode on
spanning-tree portfast trunk
!
interface GigabitEthernet2/0/6
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 6 mode on
spanning-tree portfast trunk
!
interface GigabitEthernet2/0/7
switchport access vlan 106
switchport mode access
channel-group 7 mode active
spanning-tree portfast
!
interface GigabitEthernet2/0/8
switchport access vlan 106
switchport mode access
channel-group 8 mode active
spanning-tree portfast
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
description xxxxx
switchport mode access
!
interface GigabitEthernet2/0/13
description xxxxx
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 13 mode on
spanning-tree portfast trunk
!
interface GigabitEthernet2/0/14
description xxxxx
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
switchport access vlan 105
switchport mode access
!
interface GigabitEthernet2/0/22
switchport access vlan 105
switchport mode access
!
interface GigabitEthernet2/0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,125,172
switchport mode trunk
priority-queue out
mls qos trust dscp
!
interface GigabitEthernet2/0/24
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,125,172
switchport mode trunk
priority-queue out
mls qos trust dscp
!
interface GigabitEthernet2/0/25
!
interface GigabitEthernet2/0/26
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
ip address xxxxxxxxxxx 255.255.255.0
ip helper-address xxxxxxxxxxxxx
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 xxxxxxxxxxxxx
ip ospf 1 area 0.0.0.1
!
interface Vlan5
bandwidth 10000
ip address 192.168.5.5 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 xxxxxxxxxxxxx
ip ospf cost 100
ip ospf 1 area 0.0.0.1
!
interface Vlan104
ip address xxxxxxxxxxxxx 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan105
ip address xxxxxxxxxxxx 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan106
ip address xxxxxxxxxxxx 255.255.255.0
no ip redirects
no ip proxy-arp
!
interface Vlan125
ip address xxxxxxxxxx 255.255.255.0
ip helper-address xxxxxxxxxxx
!
router ospf 1
router-id xxxxxxxxxxxxx
log-adjacency-changes
area 0.0.0.1 authentication message-digest
network xxxxxxxxxx 0.0.0.255 area 0.0.0.1
network xxxxxxxxxxxx 0.0.0.0 area 0.0.0.1
network xxxxxxxxxxxx 0.0.0.255 area 0.0.0.1
network xxxxxxxxxxx 0.0.3.255 area 0.0.0.1
!
xxxxx ip routing table was here xxxxx
no ip http server
ip http secure-server
!
!
ip sla enable reaction-alerts
!
!
!
line con 0
line vty 0 4
privilege level 15
line vty 5 15
privilege level 15
!
ntp clock-period 36029203
ntp server xxxxxxxxx prefer
ntp server xxxxxxxxxx
end
Message was edited by: Joshua McNeely
11-27-2013 07:38 AM
Josh
Is the link currently working for the other traffic on vlan 5 ?
Can you post output of "sh int trunk" from both switches + switch port is connected to the link on switch in site B ?
Edit - i think the switches might be seeing this link as an access port in vlan 5 because you do have a "switchport access vlan 5" statement.
Jon
11-27-2013 07:45 AM
Yes, all my other traffic is routing across vlan 5 properly. I did just discover something that I should have remembered to look at yesterday. Doing a tracert reveals that traffic from both servers makes it to the core switch, but is then routed to my firewalls and out to the internet. I'm wondering if adding in a static route pointing that subnet at the other switch would fix anything. In the meantime, here's the info you requested.
Site A
Port Mode Encapsulation Status Native vlan
Gi1/0/14 desirable 802.1q trunking 5
Gi1/0/23 on 802.1q trunking 1
Gi1/0/24 on 802.1q trunking 1
Gi2/0/19 auto n-802.1q trunking 1
Gi2/0/23 on 802.1q trunking 1
Po1 on 802.1q trunking 1
Po2 on 802.1q trunking 1
Po5 on 802.1q trunking 1
Po6 on 802.1q trunking 1
Po13 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/14 5,172
Gi1/0/23 1,125,172
Gi1/0/24 1,125,172
Gi2/0/19 1-4094
Gi2/0/23 1,125,172
Po1 1-4094
Po2 1-4094
Po5 1-4094
Po6 1-4094
Po13 1-4094
Port Vlans allowed and active in management domain
Gi1/0/14 5,172
Gi1/0/23 1,125,172
Gi1/0/24 1,125,172
Gi2/0/19 1,5,104-106,125,172
Gi2/0/23 1,125,172
Po1 1,5,104-106,125,172
Po2 1,5,104-106,125,172
Po5 1,5,104-106,125,172
Po6 1,5,104-106,125,172
Po13 1,5,104-106,125,172
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/14 5,172
Gi1/0/23 1,125,172
Gi1/0/24 1,125,172
Gi2/0/19 1,5,104-106,125,172
Gi2/0/23 172
Po1 1,5,104-106,125,172
Po2 1,5,104-106,125,172
Po5 1,5,104-106,125,172
Po6 1,5,104-106,125,172
Po13 1,5,104-106,125,172
Site B
Port Mode Encapsulation Status Native vlan
Gi1/0/24 on 802.1q trunking 1
Gi2/0/14 desirable 802.1q trunking 5
Gi2/0/24 on 802.1q trunking 1
Po2 on 802.1q trunking 50
Po4 on 802.1q trunking 50
Port Vlans allowed on trunk
Gi1/0/24 111,125,172
Gi2/0/14 5,172
Gi2/0/24 111,125,172
Po2 1-4094
Po4 1-4094
Port Vlans allowed and active in management domain
Gi1/0/24 111,125,172
Gi2/0/14 5,172
Gi2/0/24 111,125,172
Po2 1,5,108-109,111,125,172
Po4 1,5,108-109,111,125,172
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/24 111,125,172
Gi2/0/14 5,172
Gi2/0/24 111,125,172
Po2 1,5,108-109,111,125,172
Po4 1,5,108-109,111,125,172
Site B Switchport
Port Mode Encapsulation Status Native vlan
Gi2/0/14 desirable 802.1q trunking 5
Port Vlans allowed on trunk
Gi2/0/14 5,172
Port Vlans allowed and active in management domain
Gi2/0/14 5,172
Port Vlans in spanning tree forwarding state and not pruned
Gi2/0/14 5,172
11-27-2013 07:48 AM
Josh
Okay, it looks like they are both trunking properly. I'm confused about your tracert though. The servers are in the same subnet so there is no routing involved. Doesn't matter what routes you have anywhere, if the subnet and subnet mask agree then it should simply be L2 switched across the link.
We are tallking about servers seeing each other in the same subnet aren't we ?
Jon
11-27-2013 07:56 AM
Yes, both servers are on the 172.X.X.Z subnet. Here's a quick high-level overview of how it's set up.
Server A is connected to the PLC switch (unmanaged). The PLC switch is connected to a managed Cisco Small Business (CSB from now on) switch. The port that it is connected to on the CSB is set as untagged VLAN 172. The CSB connects back to a CSB in our server room. All ports that are used from this point forward are tagged VLAN 172. The CSB in the server room connects to gi2/0/23 on the site A core switch. From there it should use gi1/0/14 to connect to the Site B core switch on gi2/0/14. The Site B core switch connects via gi1/0/23 and 1/0/24 (although it looks like only /24 is being used) to a CSB in the server room. This connects back to another CSB (again, all this is tagged VLAN 172), which then connects back to the PLC switch as untagged VLAN 172. The PLC switch is then hooked up to Server B.
So:
Server A -> PLC Switch -> CSB -> CSB Server Room -> Cisco Core Switch A <-> Cisco Core Switch B <- CSB Server Room <- CSB <- PLC Switch <- Server B
Make sense?
11-27-2013 09:31 AM
It makes sense. I can't see anything wrong with your switch config. But there are a lot of other switches involved. Perhaps there is an issue with one of these.
I'll have another look at the config just to be sure but it looks fine.
Jon
11-27-2013 09:52 AM
Okay, well, thanks for looking. I'll throw this out just to see if you can spot any glaring errors:
Server A -> 172.X.X.52 255.255.255.0 (Gateway set for 172.X.X.1)
|
PLC Switch -> unmanaged, not addressed as far as I'm aware.
|
CSB -> Port connecting to PLC is set to access mode on VLAN 172. Port connecting to the server room is set for trunk mode, VLAN 172 is tagged.
|
CSB Server Room -> port connecting to CSB above is in trunk mode, VLAN 172 is tagged. Port connecting to core switch is in trunk mode, VLAN 172 is tagged.
|
Cisco Core Switch A -> should be okay
|
Cisco Core Switch B -> should be okay
|
CSB Server Room -> port connecting to core switch is in trunk mode, VLAN 172 is tagged. port connecting to CSB below is in trunk mode, VAN 172 is taged.
|
CSB -> port connecting to server room is in trunk mode, VLAN 172 is tagged. port connecting to PLC switch is in access mode on VLAN 172
|
PLC Switch -> unmanaged, not addressed as far as I'm aware.
|
Server B -> 172.X.X.52 255.255.255.0 (Gateway is set as 172.X.X.1)
11-27-2013 10:52 AM
Josh
I noticed that both switches (site A and B) think they are the root for vlan 172 which suggests vlan 172 is not being passed on that link ie. no BPDUs for vlan 172 are being sent.
Can you post the output of "sh spanning-tree vlan 5" from both switches ?
Jon
11-27-2013 10:54 AM
Sure thing, here you are.
Site A
VLAN0005
Spanning tree enabled protocol ieee
Root ID Priority 24581
Address 4055.39cc.4300
Cost 19
Port 14 (GigabitEthernet1/0/14)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32773 (priority 32768 sys-id-ext 5)
Address 081f.f3ca.6b80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/14 Root FWD 19 128.14 P2p
Po1 Desg FWD 3 128.488 P2p
Po2 Desg FWD 3 128.496 P2p
Po5 Desg FWD 3 128.520 P2p
Po6 Desg FWD 3 128.528 P2p
Po13 Desg FWD 3 128.584 P2p
Gi2/0/19 Desg FWD 4 128.73 P2p
Site B
VLAN0005
Spanning tree enabled protocol rstp
Root ID Priority 24581
Address 4055.39cc.4300
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24581 (priority 24576 sys-id-ext 5)
Address 4055.39cc.4300
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Po2 Desg FWD 3 128.496 P2p
Po4 Desg FWD 3 128.512 P2p
Gi2/0/14 Desg FWD 19 128.68 P2p Peer(STP)
11-27-2013 11:02 AM
For vlan 5 that's what it should ie. only one switch is the root. I appreciate the output shows that link trunking but i'm wondering if config of your ports should be changed ie. on both ends -
1) remove the switchport access vlan 5 command
and
2) add "switchport mode trunk"
Note if you do this there may be a blip in the traffic. It may not fix the problem but i cannot see anything else in your config that is wrong. The fact that both switches see themselves as root means no vlan 172 is being sent across that link.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide