From: Bob Sinclair (bsin@cox.net)
Date: Sun Nov 30 2003 - 14:17:20 GMT-3
Fellow Seekers of Truth,
I find that I can run VTP and PAgP across a dot1q trunk with vlan 1 removed
from the trunk. Try your same experiment, but do a shut/no shut after the
configuration change. It works for me using Cat 3550 and Cat6K in native
mode.
-Bob Sinclair
CCIE #10427, CISSP, MCSE
bsinclair@netmasterclass.net
----- Original Message -----
From: "Mujica, Raul - (Per)" <raul.mujica@attla.com>
To: "'Bob Sinclair '" <bsin@cox.net>
Cc: <ccielab@groupstudy.com>
Sent: Sunday, November 30, 2003 10:40 AM
Subject: RE: Catalyst 802.1q trunking issues
> Bob:
> When I remove vlan1 from trunk, the vtp doesn4t work as you can see:
>
> vlan dot1q tag native
> interface range FastEthernet0/23 -24
> switchport trunk encapsulation dot1q
> switchport trunk allowed vlan 2-4094
> switchport mode trunk
> no ip address
> udld enable
> channel-group 1 mode on
> ***********************************************************************
> ***********************************************************************
> Switch#sh vtp status
> VTP Version : 2
> Configuration Revision : 0
> Maximum VLANs supported locally : 1005
> Number of existing VLANs : 5
> VTP Operating Mode : Client
> VTP Domain Name : IPExpert
> VTP Pruning Mode : Enabled
> VTP V2 Mode : Disabled
> VTP Traps Generation : Disabled
> MD5 digest : 0xA2 0x41 0xDC 0x60 0xC4 0x4D 0x57 0x36
> Configuration last modified by 0.0.0.0 at 3-1-93 00:18:36
> Switch#sh vtp s
> Switch#sh vtp status
> VTP Version : 2
> Configuration Revision : 0
> Maximum VLANs supported locally : 1005
> Number of existing VLANs : 5
> VTP Operating Mode : Client
> VTP Domain Name : IPExpert
> VTP Pruning Mode : Enabled
> VTP V2 Mode : Disabled
> VTP Traps Generation : Disabled
> MD5 digest : 0xA2 0x41 0xDC 0x60 0xC4 0x4D 0x57 0x36
> Configuration last modified by 0.0.0.0 at 3-1-93 00:18:36
> Switch#sh vl
> Switch#sh vlan
>
> VLAN Name Status Ports
> ---- -------------------------------- ---------
> -------------------------------
> 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
> Fa0/5, Fa0/6, Fa0/7, Fa0/8
> Fa0/9, Fa0/10, Fa0/11,
> Fa0/12
> Fa0/13, Fa0/14, Fa0/15,
> Fa0/16
> Fa0/17, Fa0/18, Fa0/19,
> Fa0/20
> Fa0/21, Fa0/22, Gi0/1,
Gi0/2
> 1002 fddi-default active
> 1003 token-ring-default active
> 1004 fddinet-default active
> 1005 trnet-default active
>
> VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1
> Trans2
> ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------
> ------
> 1 enet 100001 1500 - - - - - 0 0
> 1002 fddi 101002 1500 - - - - - 0 0
> 1003 tr 101003 1500 - - - - srb 0 0
> 1004 fdnet 101004 1500 - - - ieee - 0 0
> 1005 trnet 101005 1500 - - - ibm - 0 0
>
> Remote SPAN VLANs
> --------------------------------------------------------------------------
-- > -- > > > Primary Secondary Type Ports > ------- --------- ----------------- > ------------------------------------------ > > Switch# > Switch#sh int trunk > > Port Mode Encapsulation Status Native vlan > Po1 on 802.1q trunking 1 > > Port Vlans allowed on trunk > Po1 2-4094 > > Port Vlans allowed and active in management domain > Po1 none > > Port Vlans in spanning tree forwarding state and not pruned > Po1 none > Switch#conf t > Enter configuration commands, one per line. End with CNTL/Z. > > > Switch(config)#int Po1 > Switch(config-if)#switchport trunk allowed vlan add 1 > Switch(config-if)# > > > 00:27:03: VTP LOG RUNTIME: Transmit vtp summary, domain IPExpert, rev 0, > followers 1 > MD5 digest calculated = A2 41 DC 60 C4 4D 57 36 D9 6B 78 F7 8F 66 0A AB > > 00:27:03: VTP LOG RUNTIME: Transmit vtp summary, domain IPExpert, rev 0, > followers 1 > MD5 digest calculated = A2 41 DC 60 C4 4D 57 36 D9 6B 78 F7 8F 66 0A AB > > 00:27:04: VTP LOG RUNTIME: Summary packet received, domain = IPExpert, rev = > 2, followers = 1 > > 00:27:04: VTP LOG RUNTIME: Summary packet rev 2 greater than domain IPExpert > rev 0 > > 00:27:04: VTP LOG RUNTIME: Domain IPExpert currently not in updating state > > 00:27:04: VTP LOG RUNTIME: Subset packet received, domain = IPExpert, rev = > 2, seq = 1, length = 204 > > 00:27:04: VTP LOG RUNTIME: Transmit vtp summary, domain IPExpert, rev 2, > followers 1 > MD5 digest calculated = 18 0E F6 1B 89 F1 8B 45 93 BD 93 D5 61 32 A6 D2 > > 00:27:04: VTP LOG RUNTIME: Summary packet received, domain = IPExpert, rev = > 2, followers = 1 > > 00:27:04: VTP LOG RUNTIME: Summary packet rev 2 equal to domain IPExpert rev > 2 > > 00:27:04: VTP LOG RUNTIME: Subset packet received, domain = IPExpert, rev = > 2, seq = 1, length = 204 > > Switch(config-if)# > Switch(config-if)#end > Switch#sh vtp s > 00:27:15: %SYS-5-CONFIG_I: Configured from console by console > Switch#sh vtp status > VTP Version : 2 > Configuration Revision : 2 > Maximum VLANs supported locally : 1005 > Number of existing VLANs : 5 > VTP Operating Mode : Client > VTP Domain Name : IPExpert > VTP Pruning Mode : Enabled > VTP V2 Mode : Disabled > VTP Traps Generation : Disabled > MD5 digest : 0x18 0x0E 0xF6 0x1B 0x89 0xF1 0x8B 0x45 > Configuration last modified by 0.0.0.0 at 3-1-93 00:25:09 > Switch# > 00:27:41: VTP LOG RUNTIME: Summary packet received, domain = IPExpert, rev = > 3, followers = 1 > > 00:27:41: VTP LOG RUNTIME: Summary packet rev 3 greater than domain IPExpert > rev 2 > > 00:27:41: VTP LOG RUNTIME: Domain IPExpert currently not in updating state > > 00:27:41: VTP LOG RUNTIME: Subset packet received, domain = IPExpert, rev = > 3, seq = 1, length = 224 > > 00:27:41: VTP LOG RUNTIME: Transmit vtp summary, domain IPExpert, rev 3, > followers 1 > MD5 digest calculated = 70 60 DD 7D E7 84 42 3A B6 9B 6C 70 29 58 82 21 > > Switch#sh vtp status > VTP Version : 2 > Configuration Revision : 3 > Maximum VLANs supported locally : 1005 > Number of existing VLANs : 6 > VTP Operating Mode : Client > VTP Domain Name : IPExpert > VTP Pruning Mode : Enabled > VTP V2 Mode : Disabled > VTP Traps Generation : Disabled > MD5 digest : 0x70 0x60 0xDD 0x7D 0xE7 0x84 0x42 0x3A > Configuration last modified by 0.0.0.0 at 3-1-93 00:28:01 > Switch#sh vtp status > VTP Version : 2 > Configuration Revision : 3 > Maximum VLANs supported locally : 1005 > Number of existing VLANs : 6 > VTP Operating Mode : Client > VTP Domain Name : IPExpert > VTP Pruning Mode : Enabled > VTP V2 Mode : Disabled > VTP Traps Generation : Disabled > MD5 digest : 0x70 0x60 0xDD 0x7D 0xE7 0x84 0x42 0x3A > Configuration last modified by 0.0.0.0 at 3-1-93 00:28:01 > Switch# > 00:28:02: VTP LOG RUNTIME: Summary packet received, domain = IPExpert, rev = > 4, followers = 1 > > 00:28:02: VTP LOG RUNTIME: Summary packet rev 4 greater than domain IPExpert > rev 3 > > 00:28:02: VTP LOG RUNTIME: Domain IPExpert currently not in updating state > > 00:28:02: VTP LOG RUNTIME: Subset packet received, domain = IPExpert, rev = > 4, seq = 1, length = 244 > > 00:28:02: VTP LOG RUNTIME: Transmit vtp summary, domain IPExpert, rev 4, > followers 1 > MD5 digest calculated = 0F 4A 4C F4 54 CD FD 37 D3 06 0F F2 C4 A1 7C 2C > sh vtp status > VTP Version : 2 > Configuration Revision : 4 > Maximum VLANs supported locally : 1005 > Number of existing VLANs : 7 > VTP Operating Mode : Client > VTP Domain Name : IPExpert > VTP Pruning Mode : Enabled > VTP V2 Mode : Disabled > VTP Traps Generation : Disabled > MD5 digest : 0x0F 0x4A 0x4C 0xF4 0x54 0xCD 0xFD 0x37 > Configuration last modified by 0.0.0.0 at 3-1-93 00:28:22 > Switch# > > ******************************************************************** > ******************************************************************** > Also UDLD frame are not being forwarding: > > Switch(config)#int Po1 > Switch(config-if)#switchport trunk allowed vlan except 1 > > At the other side: > > 00:32:11: %SYS-5-CONFIG_I: Configured from console by console > 00:32:22: %UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Fa0/23, > unidirectional link detected > 00:32:22: %PM-4-ERR_DISABLE: udld error detected on Fa0/23, putting Fa0/23 > in err-disable state > 00:32:22: %UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Fa0/24, > unidirectional link detected > 00:32:22: %PM-4-ERR_DISABLE: udld error detected on Fa0/24, putting Fa0/24 > in err-disable state > 00:32:22: VTP LOG RUNTIME: switchport trunk mode on Po1 has changed > > 00:32:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, > changed state to down > 00:32:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, > changed state to down > 00:32:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, > changed state to down > > ********************************************************************* > ********************************************************************* > And finally PAGP packet as you can see in the e-mail posted today "RE: > Etherchannel one way-link question" > > > > After a few days dealing with PAGP, VTP and UDLD, finally I learned what CCO > recommends about allowing VLAN on C3550: > > Note You cannot remove VLAN 1 or VLANs 1002 to 1005 from the allowed VLAN > list. > > Regards, > > Raul Mujica > > > > > -----Original Message----- > From: Bob Sinclair > To: jfaure@sztele.com; ccielab@groupstudy.com > Sent: 29/11/2003 19:50 > Subject: Re: Catalyst 802.1q trunking issues > > Juan, > > I put a sniffer on a 3550 dot1q trunk and observed the following when I > removed Vlan 1 from the dot1q trunk, but left it as the native vlan: > > 1. All traffic leaving the port is tagged > 2. VTP, CDP and DTP traffic leave the port with Vlan 1 tags > 3. No other Vlan 1 traffic is seen leaving the port (including no Vlan > 1 > BPDUs) > 4. All BPDUs are PVST+ encapsulated, to address 01-00-0c-cc-cc-cd > > This should not cause a problem as long as all of your switches are > Cisco > and similarly configured: > a. The Cisco switches recognize that CDP, VTP and DTP are not to be > forwarded > b. The Cisco switches recognize the encapsulated BPDUs > > You very well might have an STP issue if you connect such a port to a > non-Cisco switch, because the brand X switch will not see any > recognizable > BPDUs, and the Cisco switch may not recognize the untagged BPDUs on the > native vlan coming from the Brand X switch. It would seem prudent to > allow > the native vlan across the trunk. > > But then, you would never put a Brand X switch in your network... > > would you? > > -Bob Sinclair > CCIE #10427, CISSP, MCSE > bsinclair@netmasterclass.net > > > ----- Original Message ----- > From: <jfaure@sztele.com> > To: <ccielab@groupstudy.com> > Sent: Saturday, November 29, 2003 12:55 PM > Subject: Catalyst 802.1q trunking issues > > > > Hi all: > > > > -From the 6500 CCO configuration guide, about removing vlan1 from the > > trunk: > > > > "You can remove VLAN 1. If you remove VLAN 1 from a trunk, the trunk > > interface continues to send and receive management traffic, for > example, > > Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Port > > Aggregation Protocol (PAgP), and DTP in VLAN 1. " > > > > -But also, in the same document: > > > > "Disabling spanning tree on the native VLAN of an 802.1Q trunk without > > disabling spanning tree on every VLAN in the network can cause > spanning > > tree loops. We recommend that you leave spanning tree enabled on the > native > > VLAN of an 802.1Q trunk. If this is not possible, disable spanning > tree on > > every VLAN in the network. Make sure your network is free of physical > loops > > before disabling spanning tree" > > > > And then my question is: > > If you have several dot1q trunks configured in your swiched network in > such > > a way that these trunks don't allow pass the vlan1, the vlan1 is the > native > > vlan for them (you can see this doing a "sh int trunk") and the > interface > > vlan 1 is in shutdown state in all the switches (but no STP disabled > on > > this vlan 1), can you have any stp issues like to be unable to block > some > > loops? > > What happens with the STP control traffic if vlan 1 isn't included on > the > > trunks? Having vlan 1 in shutdown state maybe interpreted by the > system as > > it has stp disabled for this vlan? I'm usign RAPID PVSTP > > > > Any thoughs will be greatly apreciated. > > > > > > > > > > > > Juan Faure Ferrer > > email: jfaure@sztele.com > > > > Lmnea de Negocio de Telematica y CC > > Ingeniero de Integracisn de Redes y Sistemas > > > ------------------------------------------------------------------------ > -- > -- > > > > SOLUZIONA TELECOMUNICACIONES > > Servicios Profesionales de UNION FENOSA > > Jerez, 3 > > 28016 MADRID > > tel 91 579 30 00 fax 91 350 72 83 > > > ------------------------------------------------------------------------ > -- > - > > > > > _______________________________________________________________________ > > Please help support GroupStudy by purchasing your study materials > from: > > http://shop.groupstudy.com > > > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > _______________________________________________________________________ > Please help support GroupStudy by purchasing your study materials from: > http://shop.groupstudy.com > > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html > > _______________________________________________________________________ > Please help support GroupStudy by purchasing your study materials from: > http://shop.groupstudy.com > > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:19 GMT-3