Stacked switch VLAN issue
Wondered if any one else has seen this.
I have got a stack of 2 Cisco 2960's. with about 10 vlans configured. these are spread out across the stack and have been working fine. few weeks back I created VLAN 3005 on the core and via VTP it propagated to the rest of the devices including this one.
I then configured a port on switch 2 of the stack as an access port in vlan 3005 and could not get any data through it. So I then created a vlan 3005 interface assigned it an IP and could successfull get to it from across the network. Just to test I tried another port first on switch 2 then on switch 1 (switch one has the only current uplink port back to core). the second port on Switch 2 also did not work, but on Switch 1 it works fine.
Config is identical, and all the other vlans work on both switch 1 and 2? its like there stack ports don't allow vlan 3005! any one else seen an issue like this with stacked switches?
I have got a stack of 2 Cisco 2960's. with about 10 vlans configured. these are spread out across the stack and have been working fine. few weeks back I created VLAN 3005 on the core and via VTP it propagated to the rest of the devices including this one.
I then configured a port on switch 2 of the stack as an access port in vlan 3005 and could not get any data through it. So I then created a vlan 3005 interface assigned it an IP and could successfull get to it from across the network. Just to test I tried another port first on switch 2 then on switch 1 (switch one has the only current uplink port back to core). the second port on Switch 2 also did not work, but on Switch 1 it works fine.
Config is identical, and all the other vlans work on both switch 1 and 2? its like there stack ports don't allow vlan 3005! any one else seen an issue like this with stacked switches?
- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com
Comments
-
VAHokie56
Member Posts: 783
did you confirm vlan 3005 got created on the switch successfully?
do a..
sh vlan b
make sure its there , if not...obviously you know what you need to do.ιlι..ιlι.
CISCO
"A flute without holes, is not a flute. A donut without a hole, is a Danish" - Ty Webb
Reading:NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
The fact that as I mentioned I can create a VLAN interface and assign it an IP suggests that you can ping from the core suggest that the VLAN must exist, is active and the trunks are set up correctly. As far as I am aware in a switch stack the VLAN config is held centrally by the master switch and there are no restrictions across the stacking ports.
When I am talking about switch 1 and 2, these are stack members not separate switches with separate management interfaces. Sorry if that was not clear.- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
networker050184
Mod Posts: 11,962 Mod
First thing that comes to mind is VTP not supporting extended range VLANs depending on the version. Perhaps something to do with it.An expert is a man who has made all the mistakes which can be made. -
VAHokie56
Member Posts: 783
Creating the L3 vlan interface does automagically create the L2 vlan on the switch. You are trying to make a L2 access port , if the vlan does not exist on switch @ L2 this could be your issue...this is all I was suggesting.ιlι..ιlι.
CISCO
"A flute without holes, is not a flute. A donut without a hole, is a Danish" - Ty Webb
Reading:NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
Creating the L3 vlan interface does automagically create the L2 vlan on the switch. You are trying to make a L2 access port , if the vlan does not exist on switch @ L2 this could be your issue...this is all I was suggesting
If the layer 2 VLAN does not exist then a layer 3 VLAN interface will not be able to communicate across the trunk to the core, If the layer 2 VLAN is not active then layer 3 interface will show as down. For the layer 3 interface to come up there must be either a access port assigned to the VLAN and active, or the VLAN permitted on a trunk interface and active. So yes you can create a layer3 interface but it will be inactive unless you create the layer 2 VLAN to match.
But as I mentioned when you have a stacked switch there is no way I know of creating a VLAN on only one of the members. And in this case a port placed in the VLAN on switch 1 of the stack works, but on switch 2 does not. So in answer to networker as well, VTP has created the VALN as expected, switch version is 15.0 so reasonable up to date.
PArt of me wants to give the switch a reboot to see if it gets fixed, while the other part of me is just curious want wants to know why
- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
RouteMyPacket
Member Posts: 1,104
Ok, so your core is the VTP Server. Ok, so you verified that VLAN 3005 exists on the 2960 yes? Ok so do a "sh span vlan 3005" and see if it is crossing your trunk back to dist/core
Do the same on the core, sh span vlan 3005Modularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
OK so,
Building configuration... Mod_2#sh span vlan 3005 VLAN3005 Spanning tree enabled protocol rstp Root ID Priority 39869 Address 4403.a754.8300 Cost 4 Port 49 (GigabitEthernet1/0/49) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 52157 (priority 49152 sys-id-ext 3005) Address b4e9.b04c.8100 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi1/0/26 Desg FWD 100 128.26 Shr Edge Gi1/0/49 Root FWD 4 128.49 P2p
and here is the sh int status from the switchPort Name Status Vlan Duplex Speed Type Gi1/0/1 connected 1 a-full a-100 10/100/1000BaseTX ... ... Gi1/0/25 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/26 connected 3005 a-half a-10 10/100/1000BaseTX Gi1/0/27 notconnect 1 auto auto 10/100/1000BaseTX ... ... ... Gi2/0/24 notconnect 1 auto auto 10/100/1000BaseTX Gi2/0/25 connected 1 a-full a-100 10/100/1000BaseTX Gi2/0/26 notconnect 3005 auto auto 10/100/1000BaseTX Gi2/0/27 notconnect 1 auto auto 10/100/1000BaseTX ... ... ...
Show run for both interfaces areMod_2(config-if)#do sh run int g1/0/26 Building configuration... Current configuration : 161 bytes ! interface GigabitEthernet1/0/26 switchport access vlan 3005 switchport mode access switchport voice vlan 10 mls qos trust cos spanning-tree portfast end Mod_2(config-if)#do sh run int g2/0/26 Building configuration... Current configuration : 161 bytes ! interface GigabitEthernet2/0/26 switchport access vlan 3005 switchport mode access switchport voice vlan 10 mls qos trust cos spanning-tree portfast end
interface g1/0/26 as you can see is up and running, if I unplug from there and patch in to G2/0/26 it no longer works and you do not even see a MAC address learnt on the port (this is true for all ports on switch 2).
This is not a issue with the VLAN configuration between the stack and core, it seems to be with in the switches in the stack.- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
it_consultant
Member Posts: 1,903
The problem isn't that the VLAN isn't making its way to the switch, it is, the problem is that it is only making to the master member of the stack. Once the master has it, it should propagate the VLAN to all member's of the stack. If it doesn't do that then their is no real reason to have a stack. The port is working on stack member 1 but not on stack member 2 - do I have that essentially correct? I also assume that you have other VLANs propagated via VTP that work fine on stack member 1 and stack member 2, is that essentially correct as well? -
it_consultant
Member Posts: 1,903
From Cisco's website:
The configurations of VLAN IDs 1 to 1005 are always saved in the VLAN database (vlan.dat file). If the VTP mode is transparent, they are also saved in the switch running configuration file. You can enter the copy running-config startup-config privileged EXEC command to save the configuration in the startup configuration file. In a switch stack, the whole stack uses the same vlan.dat file and running configuration. To display the VLAN configuration, enter the show vlan privileged EXEC command.
It looks like the stack syncs the vlan.dat file, which only goes from 1 to 1005.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swvlan.html -
RouteMyPacket
Member Posts: 1,104
Ok, so what does "sh vtp status" look like? running v3 or no?Modularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
it_consultant wrote: »The problem isn't that the VLAN isn't making its way to the switch, it is, the problem is that it is only making to the master member of the stack. Once the master has it, it should propagate the VLAN to all member's of the stack. If it doesn't do that then their is no real reason to have a stack. The port is working on stack member 1 but not on stack member 2 - do I have that essentially correct? I also assume that you have other VLANs propagated via VTP that work fine on stack member 1 and stack member 2, is that essentially correct as well?
yer see if only i could explain things like you in writing you have it exactly right. - If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
RouteMyPacket wrote: »Ok, so what does "sh vtp status" look like? running v3 or no?
you cant set to a switch to client mode if there are extended vlans on the server switch configured and it is not running version 3. It will give you an error message, you either have to remove the extended vlans from the VTP domain or first change the version to 3 before setting it to client.
My VTP settings are automatically pushed to devices and they are also configured in my baseline checks which run each night or when changes are made. So all the other switches have identical VTP configs (apart from cores that are set to server mode). This is the only stack I see the issue on. despite have an few 2960s stacks around.- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com
