SG300 Port-Channel Configuration

NHCOITServices · ‎08-14-2013

We have an SG300 52P and a SG300 28P that we need to LAG/Trunk together, but have had a hell of a time doing it. Both switches are updated to 1.3.0.62. The 52 port switch is configured in layer 3, the 28 port switch in layer 2. All connectivity that is directly connected to the 52 port works as intended, but no traffic on the 28 port over the port channel to VLANs outside the native VLAN are working. Strangely too, it is possible to ping the 28 port from a serial connection on the 52 port on the native vlan address, but cannot access the management interface over ethernet. The last 4 ports of each switch are part of the port channel.

Here are the two configurations:

52 Port:

vlan database
vlan 2,4,6,8,10,100

ip dhcp relay address 10.0.4.10
ip dhcp relay address 10.0.4.14
ip dhcp relay enable
ip name-server 10.0.4.10 10.0.4.14

hostname CORE-SW1

ip ssh server
ip ssh pubkey-auth

snmp-server server
snmp-server community public ro 10.0.4.5 view Default

interface vlan 1
Name ReserverdDefault
ip address 192.168.0.1 255.255.255.0
no ip address dhcp

interface vlan 2
ip address 10.0.2.1 255.255.255.0
ip dhcp relay enable

interface vlan 4
ip address 10.0.4.1 255.255.255.0
ip dhcp relay enable

interface vlan 6
ip address 10.0.6.1 255.255.255.0
ip dhcp relay enable

interface vlan 8
ip address 10.0.8.1 255.255.255.0
ip dhcp relay enable

interface vlan 10
ip address 10.0.10.1 255.255.255.0
ip dhcp relay enable

interface vlan 100
name Network
ip address 10.0.0.1 255.255.255.0
ip dhcp relay enable

interface gigabitethernet1
switchport mode access
switchport access vlan 100

interface gigabitethernet2
switchport mode access
switchport access vlan 100

(all ports between are configured like ports 1 & 2)

interface gigabitethernet49
channel-group 1 mode on

interface gigabitethernet50
channel-group 1 mode on

interface gigabitethernet51
channel-group 1 mode on

interface gigabitethernet52
channel-group 1 mode on

interface Port-channel1
description CORELINK
speed 1000
no negotiation
switchport trunk allowed vlan add 2,4,6,8,10

switchport trunk native vlan 100

ip default-gateway 10.0.0.254

28 Port:

vlan database
vlan 2,4,6,8,10,100

ip dhcp relay address 10.0.4.10
ip dhcp relay address 10.0.4.14
ip dhcp relay enable
ip name-server 10.0.4.10 10.0.4.14

hostname ACC-SW1

ip ssh server
ip ssh pubkey-auth

snmp-server server
snmp-server community public ro 10.0.4.5 view Default

interface vlan 1
Name ReserverdDefault
no ip address dhcp

interface vlan 2
ip dhcp relay enable

interface vlan 4
ip dhcp relay enable

interface vlan 6
ip dhcp relay enable

interface vlan 8
ip dhcp relay enable

interface vlan 10
ip dhcp relay enable

interface vlan 100
name Network
ip address 10.0.0.2 255.255.255.0

ip dhcp relay enable

interface gigabitethernet1
switchport mode access
switchport access vlan 100

interface gigabitethernet2
switchport mode access
switchport access vlan 100

(all ports between are configured like ports 1 & 2)

interface gigabitethernet25
channel-group 1 mode on

interface gigabitethernet26
channel-group 1 mode on

interface gigabitethernet27
channel-group 1 mode on

interface gigabitethernet28
channel-group 1 mode on

interface Port-channel1
description CORELINK
speed 1000
no negotiation
switchport trunk allowed vlan add 2,4,6,8,10

switchport trunk native vlan 100

Thank you in advance for any assistance that you can provide, I have been tearing my hair out on this

-Drew

Tom Watts · ‎08-14-2013

Hi Drew, looking at the configuration, I don't think it is a switch problem.

Let's take your vlan 10 as example

ip address 10.0.10.1 255.255.255.0

If you configure a computer on vlan 10 of the layer 2 switch with an ip address 10.0.10.100, mask 255.255.255.0 and gateway 10.0.10.1 are you able to communicate to a computer or device on vlan 100 that is properly set up with an ip address on the subnet 10.0.0.x mask 255.255.255.0 and gateway 10.0.0.2?

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

NHCOITServices · ‎08-14-2013

Thanks for the response Tom.

If I have an active device on any VLAN (including 100), traffic is not passed on the devices. For instance, I had a laptop connected to the L2 switch with an IP of 10.0.0.75 connected to port 1. It could ping and access 10.0.0.2, but not 10.0.0.1. While connected via serial, the L2 switch could ping 10.0.0.1, which totally threw me for a loop. This was totally the same when testing with VLAN 4. 10.0.4.75, I could not ping 10.0.4.1 or anything on a different network.

Also, when connecting and disconnecting the LAG cables, I was able to see the VLANs come to an up status, which to me indicated that the VLANs on the trunks were seen correctly.

One thing that I thought was odd was the switches were throwing extra config tags, here is one of the tags that it added to the lag ports: macro auto smartport. I tried removing the commands with no, but had no luck.

-Drew

Tom Watts · ‎08-14-2013

Drew, want to do a team viewer 8? I'm curious

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

NHCOITServices · ‎08-14-2013

I would, but the switches are unfortunately in production. We were trying to re-address and segment the network at the same time, but ended up rolling back the segmentation. I took out the lag and used a single connection between the switches to get everything working.

I did have both sides hard set at 1000. I have a small window of time on Friday morning that I could test auto negotiation. My next window of opportunity is next weekend (8/24). If the auto negotiation does not work on Friday and you are available we could do it then.

-Drew

olopez002 · ‎08-15-2013

How I can reset to factory default settings for the SG 300-10?

trgood · ‎08-14-2013

Hi Drew,

I just recreated this in my lab and had no issues until I configured "no negotiation" on my interface Port-channel1. Remove this command and it works perfectly for me.

Let me know if you need any further assistance.

-Trent Good

** Please rate useful posts! **

-Trent Good ** Please rate useful posts! **

Tom Watts · ‎08-14-2013

Hi Trent, that presents a different problem, auto negotiation shouldn't matter so long as both sides are set correctly.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

NHCOITServices · ‎08-14-2013

I will test this on Friday.

-Drew

trgood · ‎08-14-2013

Hi Drew,

Sounds good, if you continue to have issues after removing it I would recommend opening a case with STAC as besides the negotiation I don't see what the issue could be. The negotiation shouldn't effect it really either but for some reason it caused issues on my setup.

-Trent Good

** Please rate useful posts! **

-Trent Good ** Please rate useful posts! **

NHCOITServices · ‎08-16-2013

The LAG is back up and working on native VLAN 100, but I am still not able to pass other vlan traffic from the L2 to L3 switch. The switch also took out my switchport trunk native vlan 100 configs on both switches when they were connected. After I manually put the configuration back the switches were able to communicate. Here is the current port channel and LAG configurations:

52:

interface gigabitethernet51

description "LAG 3"

channel-group 1 mode on

no macro auto smartport

interface gigabitethernet52

description "LAG 4"

channel-group 1 mode on

no macro auto smartport

interface Port-channel1

negotiation 1000f

description CORELINK

spanning-tree link-type point-to-point

switchport trunk allowed vlan add 2,4,10,14

switchport trunk native vlan 100

macro description switch

!next command is internal.

macro auto smartport dynamic_type switch

28:

interface gigabitethernet27

description "LAG 3"

channel-group 1 mode on

interface gigabitethernet28

description "LAG 4"

channel-group 1 mode on

interface Port-channel1

negotiation 1000f

description CORELINK

spanning-tree link-type point-to-point

switchport trunk allowed vlan add 2,4,10,14

switchport trunk native vlan 100

macro description switch

!next command is internal.

macro auto smartport dynamic_type switch

When I try to ping 10.0.4.1 from the 28 port, here is the output:

Pinging 10.0.4.1 with 18 bytes of data:

PING: net-unreachable
PING: net-unreachable
PING: net-unreachable
PING: net-unreachable

----10.0.4.1 PING Statistics----
4 packets transmitted, 0 packets received, 100% packet loss

Thank you again for any assistance you can provide.

-Drew

NHCOITServices · ‎08-29-2013

I was able to get this up and running. I had an additional switch that needed to be added for capacity, and was able to spend additional time with the configuration because the expansion was not immediately needed. I noticed that the switches would change the configuration of the port channel when the cables were connected and followed it from there.

In my original configuration, the port channel was configured as follows:

interface Port-channel1

description CORELINK

speed 1000

no negotiation

switchport trunk allowed vlan add 2,4,6,8,10

switchport trunk native vlan 100

What I had found is that only traffic on VLAN 100 was carried. When we connected the switches, they removed the switchport trunk native vlan 100 tag, and added it to the switchport trunk allowed vlan add 2,4,6,8,10,100.

We manually re-added the native vlan tags, which appeared to allow the switches to communicate. What we didn't account for was the need for an active device to be connected to the switch to allow ICMP to work on the other VLANS. So when we tried to ping 10.0.4.1 from the second switch, even though there were active connections on the layer 3 switch, the layer 2 switch couldn't ping it.

In conclusion, we found that if the port channel had a native VLAN assigned, we couldnt communicate on VLANs other than the native. When we connected the new switch, we allowed the port channels removal of the native VLAN, then added a device to one of the additional VLANs, and everything worked as intended.

Our working port channel config:

interface Port-channel1

negotiation 1000f

description CORELINK

switchport trunk allowed vlan add 2,4,6,8,10, 100

-Drew

Brandon Svec · ‎08-29-2013

Thanks for coming back to post the update. Very good info.

-- please remember to rate and mark answered helpful posts --

Tom Watts · ‎08-29-2013

Hi, the reason the port configuration was changing is due to the switch macros. The macro default vlan is 1 therefore the configuration changed to make the vlan 1 untagged while tagging all other vlans which is the effect you experienced. If you want to fix that you may modify the macro to be vlan 100 which will create and maintain your vlan 100 untagged to a port.

Here is a topic where I posted how to modify the macros.

https://supportforums.cisco.com/thread/2177613

https://supportforums.cisco.com/thread/2195681

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Brandon Svec · ‎08-29-2013

Yes and it reminds me of this similar post that Tom helped me on:

https://supportforums.cisco.com/thread/2232855

-- please remember to rate and mark answered helpful posts --