RE: Another Catalyst 802.1q trunking issue

From: Grant Stevenson (grant.h.stevenson@virgin.net)
Date: Sat Nov 20 2004 - 11:24:51 GMT-3

• Next message: ccie2be: "Re: MQC - Nested Class-maps"
• Previous message: Kevin: "Re: MQC - Nested Class-maps"
• Maybe in reply to: Chris Larson: "RE: Another Catalyst 802.1q trunking issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Tim,

I must admit I had a reply for you, then I went off and checked that I knew
what I was talking about. And low and behold, it did not do as I thought.
So you learn something new everyday.

I remember in the past that the 5000/6500 series switches could only pass
vtp on vlan1, which is why most people made this the admin lan. I know that
Cisco brought out a modification for the 3500-xl switches so that you could
specify which management vlan you wanted (just create the vlan and issue
"management" under interface vlan x). I assumed that this had been passed
onto the 3550 series, but have never had to verify this. You made me think
about it, and as far as I can see, you cannot make/modify a management VLAN
(assuming of course that such a concept still exists!). I think it is
purely a reference to a vlan that you consider is passing management
information.

Have a look at this link and it may help

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12120ea2/3550scg/s
wvlan.htm

HTH Grant

-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: 20 November 2004 13:19
To: Grant Stevenson; Bob Sinclair; ccielab@groupstudy.com
Subject: Re: Another Catalyst 802.1q trunking issue

Grant,

No, your're not butting in at all. In fact, I greatly appreciate seeing the
info in your post. I had never thought of using debug commands for this,
but it seems that this could be very useful in verifying you've met the
requirements of the tasks given in the lab.

The next time I have access to a couple of 3550's I plan to run these debugs
to see what happens under various conditions.

Thanks for butting in.

Tim
----- Original Message -----
From: "Grant Stevenson" <grant.h.stevenson@virgin.net>
To: "ccie2be" <ccie2be@nyc.rr.com>; "Bob Sinclair"
<bsinclair@netmasterclass.net>; <ccielab@groupstudy.com>
Sent: Saturday, November 20, 2004 7:15 AM
Subject: RE: Another Catalyst 802.1q trunking issue

> Hi,
>
> Hope I am not butting in but some good debug commands I came across to
test
> this
>
> Switch#debug sw-vlan ?
> badpmcookies vlan manager incidents of bad PM (Port Manager) cookies
> cfg-vlan config vlan
> events vlan manager events
> ifs vlan manager ifs error tests
> management vlan manager management of internal vlans
> notification vlan manager notifications
> packets vlan manager packets
> registries vlan manager registries
> vtp vtp protocol debugging
>
> Where you can see if the VTP info is being passed.
>
> I changed the native vlan and no vtp info was passed between the switches.
>
> But DTP did
>
> Switch#debug dtp ?
> aggregation Show DTP debug user message aggregation
> all All DTP debugging messages
> decision Show DTP debug decision table
> events DTP events
> oserrs DTP OS errors
> packets DTP packet processing
> queue Show DTP debug packet queueing
> states DTP state transitions
> timers DTP timer events
>
> I did the debug dtp all, and so the ports negotiate.
>
> HTH.
>
> Grant
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> ccie2be
> Sent: 19 November 2004 19:33
> To: Bob Sinclair; ccielab@groupstudy.com
> Subject: Re: Another Catalyst 802.1q trunking issue
>
>
> Thanks, Bob.
>
> The documentation definately is not very clear on this.
>
> BTW, do you think Group Study is down? Are you seeing the normal volume
of
> posts? I'm not.
>
> Tim
> ----- Original Message -----
> From: "Bob Sinclair" <bsinclair@netmasterclass.net>
> To: "ccie2be" <ccie2be@nyc.rr.com>; <ccielab@groupstudy.com>
> Sent: Friday, November 19, 2004 1:57 PM
> Subject: Re: Another Catalyst 802.1q trunking issue
>
>
> > Tim,
> >
> > I sniffed a trunk a few years ago to find this answer. As I recall the
> > result, that management traffic (VTP, CDP, DTP, PAGP) all comes out on
> vlan
> > 1, whether or not vlan 1 is allowed or native or whatever.
> >
> > HTH,
> >
> > Bob Sinclair
> > CCIE #10427, CCSI 30427, CISSP
> > www.netmasterclass.net
> >
> > ----- Original Message -----
> > From: "ccie2be" <ccie2be@nyc.rr.com>
> > To: "Bob Sinclair" <bsin@cox.net>; <jfaure@sztele.com>;
> > <ccielab@groupstudy.com>
> > Sent: Friday, November 19, 2004 12:18 PM
> > Subject: Re: Another Catalyst 802.1q trunking issue
> >
> >
> > > Bob,
> > >
> > > I hope this isn't a dumb question but...
> > >
> > > By default, vlan 1 is the native vlan and the management vlan ie it
> > > carries
> > > all that vtp, cdp and DTP stuff. When the native vlan is changed to
> > > something other than vlan 1, does that mean that the management vlan
is
> > > also
> > > changed and all that management traffic is now carried in the new
native
> > > vlan?
> > >
> > > Thanks, Tim
> > > ----- Original Message -----
> > > From: "Bob Sinclair" <bsin@cox.net>
> > > To: <jfaure@sztele.com>; <ccielab@groupstudy.com>
> > > Sent: Saturday, November 29, 2003 7:50 PM
> > > Subject: Re: Catalyst 802.1q trunking issues
> > >
> > >
> > >> Juan,
> > >>
> > >> I put a sniffer on a 3550 dot1q trunk and observed the following when
I
> > >> removed Vlan 1 from the dot1q trunk, but left it as the native vlan:
> > >>
> > >> 1. All traffic leaving the port is tagged
> > >> 2. VTP, CDP and DTP traffic leave the port with Vlan 1 tags
> > >> 3. No other Vlan 1 traffic is seen leaving the port (including no
Vlan
> 1
> > >> BPDUs)
> > >> 4. All BPDUs are PVST+ encapsulated, to address 01-00-0c-cc-cc-cd
> > >>
> > >> This should not cause a problem as long as all of your switches are
> Cisco
> > >> and similarly configured:
> > >> a. The Cisco switches recognize that CDP, VTP and DTP are not to be
> > >> forwarded
> > >> b. The Cisco switches recognize the encapsulated BPDUs
> > >>
> > >> You very well might have an STP issue if you connect such a port to a
> > >> non-Cisco switch, because the brand X switch will not see any
> > >> recognizable
> > >> BPDUs, and the Cisco switch may not recognize the untagged BPDUs on
the
> > >> native vlan coming from the Brand X switch. It would seem prudent to
> > > allow
> > >> the native vlan across the trunk.
> > >>
> > >> But then, you would never put a Brand X switch in your network...
> > >>
> > >> would you?
> > >>
> > >> -Bob Sinclair
> > >> CCIE #10427, CISSP, MCSE
> > >> bsinclair@netmasterclass.net
> > >>
> > >>
> > >> ----- Original Message -----
> > >> From: <jfaure@sztele.com>
> > >> To: <ccielab@groupstudy.com>
> > >> Sent: Saturday, November 29, 2003 12:55 PM
> > >> Subject: Catalyst 802.1q trunking issues
> > >>
> > >>
> > >> > Hi all:
> > >> >
> > >> > -From the 6500 CCO configuration guide, about removing vlan1 from
the
> > >> > trunk:
> > >> >
> > >> > "You can remove VLAN 1. If you remove VLAN 1 from a trunk, the
trunk
> > >> > interface continues to send and receive management traffic, for
> > >> > example,
> > >> > Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Port
> > >> > Aggregation Protocol (PAgP), and DTP in VLAN 1. "
> > >> >
> > >> > -But also, in the same document:
> > >> >
> > >> > "Disabling spanning tree on the native VLAN of an 802.1Q trunk
> without
> > >> > disabling spanning tree on every VLAN in the network can cause
> spanning
> > >> > tree loops. We recommend that you leave spanning tree enabled on
the
> > >> native
> > >> > VLAN of an 802.1Q trunk. If this is not possible, disable spanning
> tree
> > > on
> > >> > every VLAN in the network. Make sure your network is free of
physical
> > >> loops
> > >> > before disabling spanning tree"
> > >> >
> > >> > And then my question is:
> > >> > If you have several dot1q trunks configured in your swiched network
> in
> > >> such
> > >> > a way that these trunks don't allow pass the vlan1, the vlan1 is
the
> > >> native
> > >> > vlan for them (you can see this doing a "sh int trunk") and the
> > > interface
> > >> > vlan 1 is in shutdown state in all the switches (but no STP
disabled
> on
> > >> > this vlan 1), can you have any stp issues like to be unable to
block
> > > some
> > >> > loops?
> > >> > What happens with the STP control traffic if vlan 1 isn't included
on
> > > the
> > >> > trunks? Having vlan 1 in shutdown state maybe interpreted by the
> system
> > > as
> > >> > it has stp disabled for this vlan? I'm usign RAPID PVSTP
> > >> >
> > >> > Any thoughs will be greatly apreciated.
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > Juan Faure Ferrer
> > >> > email: jfaure@sztele.com
> > >> >
> > >> > Lmnea de Negocio de Telematica y CC
> > >> > Ingeniero de Integracisn de Redes y Sistemas
> > >>
> >
>
>> -------------------------------------------------------------------------
> -
> > >> --
> > >> >
> > >> > SOLUZIONA TELECOMUNICACIONES
> > >> > Servicios Profesionales de UNION FENOSA
> > >> > Jerez, 3
> > >> > 28016 MADRID
> > >> > tel 91 579 30 00 fax 91 350 72 83
> > >>
> >
>
>> -------------------------------------------------------------------------
> -
> > >> -
> > >> >
> > >> >
> _______________________________________________________________________
> > >> > Please help support GroupStudy by purchasing your study materials
> from:
> > >> > http://shop.groupstudy.com
> > >> >
> > >> > Subscription information may be found at:
> > >> > http://www.groupstudy.com/list/CCIELab.html
> > >>
> > >>

• Next message: ccie2be: "Re: MQC - Nested Class-maps"
• Previous message: Kevin: "Re: MQC - Nested Class-maps"
• Maybe in reply to: Chris Larson: "RE: Another Catalyst 802.1q trunking issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:48 GMT-3