Stacked switch VLAN issue

Wondered if any one else has seen this.

I have got a stack of 2 Cisco 2960's. with about 10 vlans configured. these are spread out across the stack and have been working fine. few weeks back I created VLAN 3005 on the core and via VTP it propagated to the rest of the devices including this one.

I then configured a port on switch 2 of the stack as an access port in vlan 3005 and could not get any data through it. So I then created a vlan 3005 interface assigned it an IP and could successfull get to it from across the network. Just to test I tried another port first on switch 2 then on switch 1 (switch one has the only current uplink port back to core). the second port on Switch 2 also did not work, but on Switch 1 it works fine.

Config is identical, and all the other vlans work on both switch 1 and 2? its like there stack ports don't allow vlan 3005! any one else seen an issue like this with stacked switches?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

VAHokie56

did you confirm vlan 3005 got created on the switch successfully?

do a..
sh vlan b
make sure its there , if not...obviously you know what you need to do

DevilWAH

The fact that as I mentioned I can create a VLAN interface and assign it an IP suggests that you can ping from the core suggest that the VLAN must exist, is active and the trunks are set up correctly. As far as I am aware in a switch stack the VLAN config is held centrally by the master switch and there are no restrictions across the stacking ports.

When I am talking about switch 1 and 2, these are stack members not separate switches with separate management interfaces. Sorry if that was not clear.

networker050184

First thing that comes to mind is VTP not supporting extended range VLANs depending on the version. Perhaps something to do with it.

VAHokie56

Creating the L3 vlan interface does automagically create the L2 vlan on the switch. You are trying to make a L2 access port , if the vlan does not exist on switch @ L2 this could be your issue...this is all I was suggesting

DevilWAH

VAHokie56 wrote: »

Creating the L3 vlan interface does automagically create the L2 vlan on the switch. You are trying to make a L2 access port , if the vlan does not exist on switch @ L2 this could be your issue...this is all I was suggesting

If the layer 2 VLAN does not exist then a layer 3 VLAN interface will not be able to communicate across the trunk to the core, If the layer 2 VLAN is not active then layer 3 interface will show as down. For the layer 3 interface to come up there must be either a access port assigned to the VLAN and active, or the VLAN permitted on a trunk interface and active. So yes you can create a layer3 interface but it will be inactive unless you create the layer 2 VLAN to match.

But as I mentioned when you have a stacked switch there is no way I know of creating a VLAN on only one of the members. And in this case a port placed in the VLAN on switch 1 of the stack works, but on switch 2 does not. So in answer to networker as well, VTP has created the VALN as expected, switch version is 15.0 so reasonable up to date.

PArt of me wants to give the switch a reboot to see if it gets fixed, while the other part of me is just curious want wants to know why

RouteMyPacket

Ok, so your core is the VTP Server. Ok, so you verified that VLAN 3005 exists on the 2960 yes? Ok so do a "sh span vlan 3005" and see if it is crossing your trunk back to dist/core

Do the same on the core, sh span vlan 3005

DevilWAH

OK so,

Building configuration...

Mod_2#sh span vlan 3005


VLAN3005
  Spanning tree enabled protocol rstp
  Root ID    Priority    39869
             Address     4403.a754.8300
             Cost        4
             Port        49 (GigabitEthernet1/0/49)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec


  Bridge ID  Priority    52157  (priority 49152 sys-id-ext 3005)
             Address     b4e9.b04c.8100
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec


Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/26            Desg FWD 100       128.26   Shr Edge 
Gi1/0/49            Root FWD 4         128.49   P2p

and here is the sh int status from the switch

Port      Name               Status       Vlan       Duplex  Speed Type
Gi1/0/1                      connected    1          a-full  a-100 10/100/1000BaseTX
...
...
Gi1/0/25                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/26                     connected    3005       a-half   a-10 10/100/1000BaseTX
Gi1/0/27                     notconnect   1            auto   auto 10/100/1000BaseTX
...
...
...
Gi2/0/24                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/25                     connected    1          a-full  a-100 10/100/1000BaseTX
Gi2/0/26                     notconnect   3005         auto   auto 10/100/1000BaseTX
Gi2/0/27                     notconnect   1            auto   auto 10/100/1000BaseTX
...
...
...

Show run for both interfaces are

Mod_2(config-if)#do sh run int g1/0/26
Building configuration...


Current configuration : 161 bytes
!
interface GigabitEthernet1/0/26
 switchport access vlan 3005
 switchport mode access
 switchport voice vlan 10
 mls qos trust cos
 spanning-tree portfast
end


Mod_2(config-if)#do sh run int g2/0/26
Building configuration...


Current configuration : 161 bytes
!
interface GigabitEthernet2/0/26
 switchport access vlan 3005
 switchport mode access
 switchport voice vlan 10
 mls qos trust cos
 spanning-tree portfast
end

interface g1/0/26 as you can see is up and running, if I unplug from there and patch in to G2/0/26 it no longer works and you do not even see a MAC address learnt on the port (this is true for all ports on switch 2).

This is not a issue with the VLAN configuration between the stack and core, it seems to be with in the switches in the stack.

it_consultant

The problem isn't that the VLAN isn't making its way to the switch, it is, the problem is that it is only making to the master member of the stack. Once the master has it, it should propagate the VLAN to all member's of the stack. If it doesn't do that then their is no real reason to have a stack. The port is working on stack member 1 but not on stack member 2 - do I have that essentially correct? I also assume that you have other VLANs propagated via VTP that work fine on stack member 1 and stack member 2, is that essentially correct as well?

it_consultant

From Cisco's website:

The configurations of VLAN IDs 1 to 1005 are always saved in the VLAN database (vlan.dat file). If the VTP mode is transparent, they are also saved in the switch running configuration file. You can enter the copy running-config startup-config privileged EXEC command to save the configuration in the startup configuration file. In a switch stack, the whole stack uses the same vlan.dat file and running configuration. To display the VLAN configuration, enter the show vlan privileged EXEC command.

It looks like the stack syncs the vlan.dat file, which only goes from 1 to 1005.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swvlan.html

RouteMyPacket

Ok, so what does "sh vtp status" look like? running v3 or no?

DevilWAH

it_consultant wrote: »

The problem isn't that the VLAN isn't making its way to the switch, it is, the problem is that it is only making to the master member of the stack. Once the master has it, it should propagate the VLAN to all member's of the stack. If it doesn't do that then their is no real reason to have a stack. The port is working on stack member 1 but not on stack member 2 - do I have that essentially correct? I also assume that you have other VLANs propagated via VTP that work fine on stack member 1 and stack member 2, is that essentially correct as well?

yer see if only i could explain things like you in writing

you have it exactly right.

DevilWAH

RouteMyPacket wrote: »

Ok, so what does "sh vtp status" look like? running v3 or no?

you cant set to a switch to client mode if there are extended vlans on the server switch configured and it is not running version 3. It will give you an error message, you either have to remove the extended vlans from the VTP domain or first change the version to 3 before setting it to client.

My VTP settings are automatically pushed to devices and they are also configured in my baseline checks which run each night or when changes are made. So all the other switches have identical VTP configs (apart from cores that are set to server mode). This is the only stack I see the issue on. despite have an few 2960s stacks around.