Solved: Re: Routing a subnet between 2 sites

Joshua McNeely · ‎11-26-2013

Hello All,

I've been trawling through the forums here and while I've found a lot of good advice, I haven't found anything that makes sense in my case. Here's what I have:

Two of our sites are being set up with a PLC network. The vendor has decided that the only good way to accomplish cross-site monitoring is to have both sites on the same subnet. I've asked them if they would please set them to separate subnets, but they refuse claiming that this shouldn't be an issue because they've done it this way at other client sites. That said, I understand it's not really the right way to do things but they won't listen to reason.

So, both sites are residing on the same subnet of 172.X.X.Z. We do have a bit of an advantage in this situation and that is the way our sites are connected. Our switches are connected directly to each other using a telco provided ethernet connection. No MPLS, no VPN, just a direct connection. The telco equipment is completely transparent to the switches.

The switchports that are connected on each end are set up like so:

interface GigabitEthernet1/0/14

description xxxxxxx

switchport access vlan 5 (This shouldn't matter since it's been set to trunk mode)

switchport trunk encapsulation dot1q

switchport trunk native vlan 5

switchport trunk allowed vlan 5,172

switchport mode dynamic desirable

Now, if I set up a vlan interface with the 172.X.X.1 IP address on either side of the link the respective server is able to see the interface. So, the VLAN is working from the servers to the switches on both sides. However, the actual communication between the two servers (and all the PLCs on either side of the network) isn't working. It seems pretty obvious that the problem is happening somewhere on the link between the two switches but for the life of me I cannot figure out where.

Another small gotcha is that the servers are both set to use 172.X.X.1 as their default gateway. I had thought at one point that if I set up a VLAN Interface on both sides, one with .1 and one with .2 and set the servers to use those as their respective gateways that this might solve the problem. However, I'm not entirely sure if that will work if it will, whether it will require anything special or if it would be sufficient to just go

Conf t

interface vlan 172

ip address 172.X.X.1 255.255.255.0

(And similar for .2)

Thanks in advance for any help you can offer!

-Josh

Jon Marshall · ‎11-27-2013

Josh

So, if I'm hearing you right, vlans 5 and 172 should both not show any interfaces in the list if they are in trunk mode?

Yes. I think there is something more fundmental here. Are you sure the link can carry tagged traffic ie. the telco does not have any equipment in between that could be stopping this because i cannot see any reason why vlan 172 is not allowed across the link. Vlan 5 is seen on both ends by STP but vlan 172 isn't. Vlan 5 is not tagged because it is the native vlan. Can you check with the telco that you can send tagged traffic across that link ?

Jon

View solution in original post

daniel.dib · ‎11-27-2013

I agree that this is a horrible design but in theory it should work. Do you have any dynamic MAC entries over Gi1/0/24? Can you show the switchport operational mode and output for spanning tree as well.

Show int gi1/0/24 switchport

show span vlan 172

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

Jon Marshall · ‎11-27-2013

Josh

The L3 vlan interface for vlan 172 shouldn't matter as the servers are on the same subnet so they should simply switch the traffic at L2 ie. no need to route traffic so need to go to their L3 gateway. So unless you need to access these devices from another vlan/subnet you don't need to worry about the SVI at the moment.

The other thing to note is that you do not need to use a trunk because you only want vlan 172 on that link. The native vlan doesn't need to be allowed on a trunk link. I would try changing that to a simple access port on both sides and put the port in vlan 172.

As Daniel noted It is worth checking the output of "sh spanning-tree vlan 172" to see if that link is being blocked or not. How are these sites interconnected for other (non vlan 172) traffic ? Do you have an interconnect or are you sending the traffic via a WAN link ?

Jon

Joshua McNeely · ‎11-27-2013

Thanks for the replies. Jon, unfortunately we do route traffic across the native vlan. Site B uses the exchange server located at Site A for e-mail, and we use the internet connection at site A as a failover for Site B and vice versa. That said, here is the output for sh spanning-tree vlan 172 on both switches. The only thing I can really note is the high forward cost for the routes going between plants, but I'm fairly certain that's not a problem since it would only come in to play when trying to access an IP located at the other location.

Site A

VLAN0172

Spanning tree enabled protocol ieee

Root ID Priority 32940

Address 081f.f3ca.6b80

This bridge is the root

Hello Time 2 sec

Max Age 20 sec

Forward Delay 15 sec

Bridge ID Priority 32940 (priority 32768 sys-id-ext 172)

Address 081f.f3ca.6b80

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi1/0/14 Desg FWD 19 128.14 P2p

Gi1/0/23 Desg FWD 4 128.23 P2p

Gi1/0/24 Desg FWD 4 128.24 P2p

Po1 Desg FWD 3 128.488 P2p

Po2 Desg FWD 3 128.496 P2p

Po5 Desg FWD 3 128.520 P2p

Po6 Desg FWD 3 128.528 P2p

Po13 Desg FWD 3 128.584 P2p

Gi2/0/19 Desg FWD 4 128.73 P2p

Gi2/0/23 Back BLK 4 128.77 P2p

Site B

VLAN0172

Spanning tree enabled protocol rstp

Root ID Priority 24748

Address 4055.39cc.4300

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24748 (priority 24576 sys-id-ext 172)

Address 4055.39cc.4300

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi1/0/24 Desg FWD 4 128.24 P2p

Po2 Desg FWD 3 128.496 P2p

Po4 Desg FWD 3 128.512 P2p

Gi2/0/14 Desg FWD 19 128.68 P2p

Gi2/0/24 Desg FWD 4 128.78 P2p

Also, Daniel, both switchports are enabled.

Thanks,
Josh

Jon Marshall · ‎11-27-2013

Josh

Can you post configs of switches at both ends of the link ?

Also as Daniel asked, when you try to ping a server from one switch to another what do you see in the mac-address and arp tables ?

Jon

Joshua McNeely · ‎11-27-2013

Hi Jon,

Arp tables show nothing for VLAN 172 on either switch.

Mac tables on Site A shows a single mac on vlan 172, dynamic, port gi2/0/19. This is interesting because that port, while hooked up, is not configured with any settings at all. (((Fixed this problem. The mac table now shows the same mac address going to gi2/0/23 which is configured as seen below.)))

Meanwhile on Site B the mac tables show between 1 and 4 addresses on gi1/0/24.

I checked both tables while actively pinging from one server to the other and also after stopping the ping.

Here's the config of switch 1 with identifying information taken out. Speaking of, is there a spoiler tag I could use to make the post less bulky?

Note: The ports that are connecting back in to the network at Site A are 2/0/23, 1/0/24, and 1/0/23. The port that is connecting to Site B is 1/0/14.

Using 9198 out of 524288 bytes

!

! Last configuration change at 14:54:48 UTC Wed Nov 27 2013 by admin

! NVRAM config last updated at 14:54:52 UTC Wed Nov 27 2013 by admin

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log datetime localtime

no service password-encryption

!

hostname xxxxxxx

!

boot-start-marker

boot-end-marker

!

enable secret xxxxxxx

!

username xxxxxx

!

aaa new-model

!

aaa session-id common

switch 1 provision ws-c3750g-24ts-1u

switch 2 provision ws-c3750g-24ts-1u

system mtu routing 1500

ip routing

ip domain-name xxxxxx

!

crypto pki trustpoint xxxxx

enrollment selfsigned

subject-name xxxxx

revocation-check xxxxx

rsakeypair xxxxx

!

crypto pki certificate chain xxxxx

certificate self-signed 01 nvram:xxxx

!

port-channel load-balance src-dst-ip

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Port-channel2

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Port-channel3

switchport access vlan 106

switchport mode access

!

interface Port-channel4

switchport access vlan 106

switchport mode access

!

interface Port-channel5

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Port-channel6

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Port-channel7

switchport access vlan 106

switchport mode access

!

interface Port-channel8

switchport access vlan 106

switchport mode access

!

interface Port-channel13

description xxxxxxxxxxx

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

spanning-tree portfast trunk

!

interface GigabitEthernet1/0/2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 2 mode on

spanning-tree portfast trunk

!

interface GigabitEthernet1/0/3

switchport access vlan 106

switchport mode access

channel-group 3 mode active

spanning-tree portfast

!

interface GigabitEthernet1/0/4

switchport access vlan 106

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/5

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 5 mode on

spanning-tree portfast trunk

!

interface GigabitEthernet1/0/6

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 6 mode on

spanning-tree portfast trunk

!

interface GigabitEthernet1/0/7

switchport access vlan 106

switchport mode access

channel-group 7 mode active

spanning-tree portfast

!

interface GigabitEthernet1/0/8

switchport access vlan 106

switchport mode access

channel-group 8 mode active

spanning-tree portfast

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

description xxxx

switchport mode access

!

interface GigabitEthernet1/0/13

description xxxxx

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 13 mode on

spanning-tree portfast trunk

!

interface GigabitEthernet1/0/14

description xxxxx

switchport access vlan 5

switchport trunk encapsulation dot1q

switchport trunk native vlan 5

switchport trunk allowed vlan 5,172

switchport mode dynamic desirable

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

switchport access vlan 105

switchport mode access

!

interface GigabitEthernet1/0/22

switchport access vlan 105

switchport mode access

!

interface GigabitEthernet1/0/23

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,125,172

switchport mode trunk

priority-queue out

mls qos trust dscp

!

interface GigabitEthernet1/0/24

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,125,172

switchport mode trunk

priority-queue out

mls qos trust dscp

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface GigabitEthernet2/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

spanning-tree portfast trunk

!

interface GigabitEthernet2/0/2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 2 mode on

spanning-tree portfast trunk

!

interface GigabitEthernet2/0/3

switchport access vlan 106

switchport mode access

channel-group 3 mode active

spanning-tree portfast

!

interface GigabitEthernet2/0/4

switchport access vlan 106

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet2/0/5

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 5 mode on

spanning-tree portfast trunk

!

interface GigabitEthernet2/0/6

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 6 mode on

spanning-tree portfast trunk

!

interface GigabitEthernet2/0/7

switchport access vlan 106

switchport mode access

channel-group 7 mode active

spanning-tree portfast

!

interface GigabitEthernet2/0/8

switchport access vlan 106

switchport mode access

channel-group 8 mode active

spanning-tree portfast

!

interface GigabitEthernet2/0/9

!

interface GigabitEthernet2/0/10

!

interface GigabitEthernet2/0/11

!

interface GigabitEthernet2/0/12

description xxxxx

switchport mode access

!

interface GigabitEthernet2/0/13

description xxxxx

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 13 mode on

spanning-tree portfast trunk

!

interface GigabitEthernet2/0/14

description xxxxx

switchport access vlan 5

switchport mode access

!

interface GigabitEthernet2/0/15

!

interface GigabitEthernet2/0/16

!

interface GigabitEthernet2/0/17

!

interface GigabitEthernet2/0/18

!

interface GigabitEthernet2/0/19

!

interface GigabitEthernet2/0/20

!

interface GigabitEthernet2/0/21

switchport access vlan 105

switchport mode access

!

interface GigabitEthernet2/0/22

switchport access vlan 105

switchport mode access

!

interface GigabitEthernet2/0/23

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,125,172

switchport mode trunk

priority-queue out

mls qos trust dscp

!

interface GigabitEthernet2/0/24

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,125,172

switchport mode trunk

priority-queue out

mls qos trust dscp

!

interface GigabitEthernet2/0/25

!

interface GigabitEthernet2/0/26

!

interface GigabitEthernet2/0/27

!

interface GigabitEthernet2/0/28

!

interface Vlan1

ip address xxxxxxxxxxx 255.255.255.0

ip helper-address xxxxxxxxxxxxx

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 xxxxxxxxxxxxx

ip ospf 1 area 0.0.0.1

!

interface Vlan5

bandwidth 10000

ip address 192.168.5.5 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 xxxxxxxxxxxxx

ip ospf cost 100

ip ospf 1 area 0.0.0.1

!

interface Vlan104

ip address xxxxxxxxxxxxx 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

!

interface Vlan105

ip address xxxxxxxxxxxx 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

!

interface Vlan106

ip address xxxxxxxxxxxx 255.255.255.0

no ip redirects

no ip proxy-arp

!

interface Vlan125

ip address xxxxxxxxxx 255.255.255.0

ip helper-address xxxxxxxxxxx

!

router ospf 1

router-id xxxxxxxxxxxxx

log-adjacency-changes

area 0.0.0.1 authentication message-digest

network xxxxxxxxxx 0.0.0.255 area 0.0.0.1

network xxxxxxxxxxxx 0.0.0.0 area 0.0.0.1

network xxxxxxxxxxxx 0.0.0.255 area 0.0.0.1

network xxxxxxxxxxx 0.0.3.255 area 0.0.0.1

!

xxxxx ip routing table was here xxxxx

no ip http server

ip http secure-server

!

ip sla enable reaction-alerts

!

line con 0

line vty 0 4

privilege level 15

line vty 5 15

privilege level 15

!

ntp clock-period 36029203

ntp server xxxxxxxxx prefer

ntp server xxxxxxxxxx

end

Message was edited by: Joshua McNeely

Jon Marshall · ‎11-27-2013

Josh

Is the link currently working for the other traffic on vlan 5 ?

Can you post output of "sh int trunk" from both switches + switch port is connected to the link on switch in site B ?

Edit - i think the switches might be seeing this link as an access port in vlan 5 because you do have a "switchport access vlan 5" statement.

Jon

Joshua McNeely · ‎11-27-2013

Yes, all my other traffic is routing across vlan 5 properly. I did just discover something that I should have remembered to look at yesterday. Doing a tracert reveals that traffic from both servers makes it to the core switch, but is then routed to my firewalls and out to the internet. I'm wondering if adding in a static route pointing that subnet at the other switch would fix anything. In the meantime, here's the info you requested.

Site A

Port Mode Encapsulation Status Native vlan

Gi1/0/14 desirable 802.1q trunking 5

Gi1/0/23 on 802.1q trunking 1

Gi1/0/24 on 802.1q trunking 1

Gi2/0/19 auto n-802.1q trunking 1

Gi2/0/23 on 802.1q trunking 1

Po1 on 802.1q trunking 1

Po2 on 802.1q trunking 1

Po5 on 802.1q trunking 1

Po6 on 802.1q trunking 1

Po13 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi1/0/14 5,172

Gi1/0/23 1,125,172

Gi1/0/24 1,125,172

Gi2/0/19 1-4094

Gi2/0/23 1,125,172

Po1 1-4094

Po2 1-4094

Po5 1-4094

Po6 1-4094

Po13 1-4094

Port Vlans allowed and active in management domain

Gi1/0/14 5,172

Gi1/0/23 1,125,172

Gi1/0/24 1,125,172

Gi2/0/19 1,5,104-106,125,172

Gi2/0/23 1,125,172

Po1 1,5,104-106,125,172

Po2 1,5,104-106,125,172

Po5 1,5,104-106,125,172

Po6 1,5,104-106,125,172

Po13 1,5,104-106,125,172

Port Vlans in spanning tree forwarding state and not pruned

Gi1/0/14 5,172

Gi1/0/23 1,125,172

Gi1/0/24 1,125,172

Gi2/0/19 1,5,104-106,125,172

Gi2/0/23 172

Po1 1,5,104-106,125,172

Po2 1,5,104-106,125,172

Po5 1,5,104-106,125,172

Po6 1,5,104-106,125,172

Po13 1,5,104-106,125,172

Site B

Port Mode Encapsulation Status Native vlan

Gi1/0/24 on 802.1q trunking 1

Gi2/0/14 desirable 802.1q trunking 5

Gi2/0/24 on 802.1q trunking 1

Po2 on 802.1q trunking 50

Po4 on 802.1q trunking 50

Port Vlans allowed on trunk

Gi1/0/24 111,125,172

Gi2/0/14 5,172

Gi2/0/24 111,125,172

Po2 1-4094

Po4 1-4094

Port Vlans allowed and active in management domain

Gi1/0/24 111,125,172

Gi2/0/14 5,172

Gi2/0/24 111,125,172

Po2 1,5,108-109,111,125,172

Po4 1,5,108-109,111,125,172

Port Vlans in spanning tree forwarding state and not pruned

Gi1/0/24 111,125,172

Gi2/0/14 5,172

Gi2/0/24 111,125,172

Po2 1,5,108-109,111,125,172

Po4 1,5,108-109,111,125,172

Site B Switchport

Port Mode Encapsulation Status Native vlan

Gi2/0/14 desirable 802.1q trunking 5

Port Vlans allowed on trunk

Gi2/0/14 5,172

Port Vlans allowed and active in management domain

Gi2/0/14 5,172

Port Vlans in spanning tree forwarding state and not pruned

Gi2/0/14 5,172

Jon Marshall · ‎11-27-2013

Josh

Okay, it looks like they are both trunking properly. I'm confused about your tracert though. The servers are in the same subnet so there is no routing involved. Doesn't matter what routes you have anywhere, if the subnet and subnet mask agree then it should simply be L2 switched across the link.

We are tallking about servers seeing each other in the same subnet aren't we ?

Jon

Joshua McNeely · ‎11-27-2013

Yes, both servers are on the 172.X.X.Z subnet. Here's a quick high-level overview of how it's set up.

Server A is connected to the PLC switch (unmanaged). The PLC switch is connected to a managed Cisco Small Business (CSB from now on) switch. The port that it is connected to on the CSB is set as untagged VLAN 172. The CSB connects back to a CSB in our server room. All ports that are used from this point forward are tagged VLAN 172. The CSB in the server room connects to gi2/0/23 on the site A core switch. From there it should use gi1/0/14 to connect to the Site B core switch on gi2/0/14. The Site B core switch connects via gi1/0/23 and 1/0/24 (although it looks like only /24 is being used) to a CSB in the server room. This connects back to another CSB (again, all this is tagged VLAN 172), which then connects back to the PLC switch as untagged VLAN 172. The PLC switch is then hooked up to Server B.

So:

Server A -> PLC Switch -> CSB -> CSB Server Room -> Cisco Core Switch A <-> Cisco Core Switch B <- CSB Server Room <- CSB <- PLC Switch <- Server B

Make sense?

Jon Marshall · ‎11-27-2013

It makes sense. I can't see anything wrong with your switch config. But there are a lot of other switches involved. Perhaps there is an issue with one of these.

I'll have another look at the config just to be sure but it looks fine.

Jon

Joshua McNeely · ‎11-27-2013

Okay, well, thanks for looking. I'll throw this out just to see if you can spot any glaring errors:

Server A -> 172.X.X.52 255.255.255.0 (Gateway set for 172.X.X.1)

|

PLC Switch -> unmanaged, not addressed as far as I'm aware.

|

CSB -> Port connecting to PLC is set to access mode on VLAN 172. Port connecting to the server room is set for trunk mode, VLAN 172 is tagged.

|

CSB Server Room -> port connecting to CSB above is in trunk mode, VLAN 172 is tagged. Port connecting to core switch is in trunk mode, VLAN 172 is tagged.

|

Cisco Core Switch A -> should be okay

|

Cisco Core Switch B -> should be okay

|

CSB Server Room -> port connecting to core switch is in trunk mode, VLAN 172 is tagged. port connecting to CSB below is in trunk mode, VAN 172 is taged.

|

CSB -> port connecting to server room is in trunk mode, VLAN 172 is tagged. port connecting to PLC switch is in access mode on VLAN 172

|

PLC Switch -> unmanaged, not addressed as far as I'm aware.

|

Server B -> 172.X.X.52 255.255.255.0 (Gateway is set as 172.X.X.1)

Jon Marshall · ‎11-27-2013

Josh

I noticed that both switches (site A and B) think they are the root for vlan 172 which suggests vlan 172 is not being passed on that link ie. no BPDUs for vlan 172 are being sent.

Can you post the output of "sh spanning-tree vlan 5" from both switches ?

Jon

Joshua McNeely · ‎11-27-2013

Sure thing, here you are.

Site A

VLAN0005

Spanning tree enabled protocol ieee

Root ID Priority 24581

Address 4055.39cc.4300

Cost 19

Port 14 (GigabitEthernet1/0/14)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32773 (priority 32768 sys-id-ext 5)

Address 081f.f3ca.6b80

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi1/0/14 Root FWD 19 128.14 P2p

Po1 Desg FWD 3 128.488 P2p

Po2 Desg FWD 3 128.496 P2p

Po5 Desg FWD 3 128.520 P2p

Po6 Desg FWD 3 128.528 P2p

Po13 Desg FWD 3 128.584 P2p

Gi2/0/19 Desg FWD 4 128.73 P2p

Site B

VLAN0005

Spanning tree enabled protocol rstp

Root ID Priority 24581

Address 4055.39cc.4300

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24581 (priority 24576 sys-id-ext 5)

Address 4055.39cc.4300

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Po2 Desg FWD 3 128.496 P2p

Po4 Desg FWD 3 128.512 P2p

Gi2/0/14 Desg FWD 19 128.68 P2p Peer(STP)

Jon Marshall · ‎11-27-2013

For vlan 5 that's what it should ie. only one switch is the root. I appreciate the output shows that link trunking but i'm wondering if config of your ports should be changed ie. on both ends -

1) remove the switchport access vlan 5 command

and

2) add "switchport mode trunk"

Note if you do this there may be a blip in the traffic. It may not fix the problem but i cannot see anything else in your config that is wrong. The fact that both switches see themselves as root means no vlan 172 is being sent across that link.

Jon