I have configured a dot1q trunk between a 6509 and a Nokia IP740, The VLANS within the trunk are running VRRP. The vrrp backup keeps switching between Master and Backup. Has anyone ever come across this problem before ? is there something I am missing which is not required when configuring a switch to switch trunk ? I have already ruled out cable or port errors by substitution.
The only thing I can think of is that hello packets for VRRP is not flowing properly and if trunk is properly configured and VRRP vlans are aloowd it should not be a problem but tell me something that is NOKIA IP740 has a conecpt of native vlan on its trunk because i think cisco has a concept of native vlan and bydefault vlan 1 is a native vlan on trunk port so please check what is the native vlan on Nokia switch because if Nokia is expecting all vlan as tagged and cisco is sending native van as untagged this problem can occur.
Just checked if you have not enabled dot1q all tagged on cisco switches also.
is the native vlan necessary for the trunk ? I have allowed 2 vlans across the trunk but not vlan 1. I have also tried making one of the trunked vlans the native vlan which has an adverse effect. In this scenario I end up with master / master on the nokia's instead of master / backup. The link does stay up though, which would suggest that the Nokia interface isn't faulty.....i'm struggling with this one a bit.
I found the following from Nokia, they recommend turning on the portfast feature for ports that connect to VRRP participating Nokia devices:
'The spanning tree protocol should be set to
"portfast"mode for ports that connect to VRRP participating Nokia devices. On the Catalyst series of switches the command to achieve this is simple and as follows. On a port per port basis :-
interface fa x/x
For Nokia devices that are running VRRP, the portfast option should be enabled for these ports and these ports only. As for the "overall"
spanning tree process and inter-switch / trunk ports, spanning tree should be left enabled or as per the design being used'
many thanks for the info. I have checked and portfast is already enabled on these ports. WOuld have been nice and simple if this had been the problem.
portfasting a trunk is not the same as portfasting an access port.
2950-Main(config-if)#spanning-tree portfast ?
disable Disable portfast for this interface
trunk Enable portfast on the interface even in trunk mode
2950-Main(config-if)#spanning-tree portfast trunk
Somehow I am sure there is some problem related to config for native vlan. Do me a favour just post me the config of both the switches relating to the ports connected and Will try my best to find out something.
quite a straight forward config really... A pair of 6509's
set trunk mod/port on dot1q 614-615
set trunk mod/port on dot1q 614-615
although I believe the firewalls use vlan 1 as a default I don't think they have a requirement to see vlan 1 from the switches. I have configure the above vlans on the firewalls. If I debug the firewalls I can see the vrrp hello's from the primary. Seems like this is a common problem because I have seen other people logging this issue on different forums.
For what it's worth I am posting a solution to our problem.
We had two IP710 connected to two 6509 switches. Both IP710 had trouble negotiating between Master and Backup.
Since IGMP snooping is enabled by default on the 6500 platform we had to turn it off to successfully run VRRP.
thanks for the information. very useful information to remember. In our case, it turned out to be a faulty interface card in the IP740. we replaced the card and the problem is now solved.