Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Port Channel config Question with Private-vlan

Reply
Thread Tools

Port Channel config Question with Private-vlan

 
 
spacemancw
Guest
Posts: n/a
 
      08-15-2008
Wondering if someone can help out here with this setup.

I have a 3750 switch stack (Stack-1).
I created a 2nd stack (Stack-2) in another cabinet.
Too far apart for stacking cables so I am using port channeling.
2 Gig ports on each switch, each belonging to a port channel.
Ports are up and I can ping from stack-1 to stack-2 and back again.
However ‘sh ip int br’ on both stacks show poertchannels as down-down.
I am using “channel-group # mode passive” to disable PAgP because the
ports in each channel are on separate switches.

So the question is, why do both switches show Port-channels as down-
down and yet I am able to ping back and forth?


also as I am using private-vlans (so that client-1 cannot see or
communicate with client-2,3,4 etc) I cannot use VTP in server mode. On
Stack-1 i want to use private-vlans 200-299.
On Stack-2 I want to use private-vlan 299-399.

The ASA (the gateway to the internet) is patched to Switch-1. So all
servers attched to Stack-2 need to not see private-vlans on stack-1 or
stack-2 but must use the ASA (192.168.20.250) as the default gateway.



Below is a snippet of some of the configs on both switches.

I suspect I either have the port-channels or the ports in the
portchannels misconfigured.


Stack1
==========================

vlan 100
name vlan-100-vsite-shared
private-vlan primary
private-vlan association 200-211,299

vlan 200
name vlan-200-Client1
private-vlan community


interface Vlan100
ip address 192.168.20.245 255.255.255.0

interface Port-channel1
description Port-Channel-1 - LINK to Stack-2
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30

interface FastEthernet1/0/3
description F1/0/03 - Client-1 - Server1
switchport private-vlan host-association 100 200
switchport mode private-vlan host
speed 100
duplex full


interface GigabitEthernet1/0/1
description G1/0/01 - LINK to Stack-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode passive
spanning-tree portfast disable
!
interface GigabitEthernet2/0/1
description G2/0/01 - LINK to Stack-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode passive
spanning-tree portfast disable

sh ip int br
…..
GigabitEthernet1/0/1 unassigned YES unset
up up
GigabitEthernet2/0/1 unassigned YES unset
up up
Port-channel1 unassigned YES unset
down down


Stack2
==========================

vlan 100
name vlan-100-vsite-shared
private-vlan primary
private-vlan association 299-301


interface Vlan100
ip address 192.168.20.246 255.255.255.0

vlan 301
name vlan-301-Client2
private-vlan community


interface Port-channel2
description Port-Channel-1 - LINK to Stack-1
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
spanning-tree portfast disable


interface GigabitEthernet1/0/1
description G1/0/01 - Testing-Stack-Communication
switchport private-vlan host-association 100 301
switchport mode private-vlan host


interface GigabitEthernet1/0/28
description G1/0/28 - LINK to Stack-1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode passive
spanning-tree portfast disable

interface GigabitEthernet2/0/28
description G2/0/28 - LINK to Stack-1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode passive
spanning-tree portfast disable

sh ip int br
…..
GigabitEthernet1/0/28 unassigned YES unset
up up
GigabitEthernet2/0/28 unassigned YES unset
up up
Port-channel2 unassigned YES unset
down down
 
Reply With Quote
 
 
 
 
spacemancw
Guest
Posts: n/a
 
      08-15-2008
On Aug 15, 1:47*am, spacemancw <(E-Mail Removed)> wrote:
> Wondering if someone can help out here with this setup.
>
> I have a 3750 switch stack (Stack-1).
> I created a 2nd stack (Stack-2) in another cabinet.
> Too far apart for stacking cables so I am using port channeling.
> 2 Gig ports on each switch, each belonging to a port channel.
> Ports are up and I can ping from stack-1 to stack-2 and back again.
> However ‘sh ip int br’ on both stacks show poertchannels as down-down..
> I am using “channel-group # mode passive” to disable PAgP because the
> ports in each channel are on separate switches.
>
> So the question is, why do both switches show Port-channels as down-
> down and yet I am able to ping back and forth?
>
> also as I am using private-vlans (so that client-1 cannot see or
> communicate with client-2,3,4 etc) I cannot use VTP in server mode. On
> Stack-1 i want to use private-vlans 200-299.
> On Stack-2 I want to use private-vlan 299-399.
>
> The ASA (the gateway to the internet) is patched to Switch-1. So all
> servers attched to Stack-2 need to not see private-vlans on stack-1 or
> stack-2 but must use the ASA (192.168.20.250) as the default gateway.
>
> Below is a snippet of some of the configs on both switches.
>
> I suspect I either have the port-channels or the ports in the
> portchannels misconfigured.
>
> Stack1
> ==========================
>
> vlan 100
> *name vlan-100-vsite-shared
> * private-vlan primary
> * private-vlan association 200-211,299
>
> vlan 200
> *name vlan-200-Client1
> * private-vlan community
>
> interface Vlan100
> *ip address 192.168.20.245 255.255.255.0
>
> interface Port-channel1
> *description Port-Channel-1 - LINK to Stack-2
> *switchport trunk encapsulation dot1q
> *switchport mode trunk
> *load-interval 30
>
> interface FastEthernet1/0/3
> *description F1/0/03 - Client-1 - Server1
> *switchport private-vlan host-association 100 200
> *switchport mode private-vlan host
> *speed 100
> *duplex full
>
> interface GigabitEthernet1/0/1
> *description G1/0/01 - LINK to Stack-2
> *switchport trunk encapsulation dot1q
> *switchport mode trunk
> *channel-group 1 mode passive
> *spanning-tree portfast disable
> !
> interface GigabitEthernet2/0/1
> *description G2/0/01 - LINK to Stack-2
> *switchport trunk encapsulation dot1q
> *switchport mode trunk
> *channel-group 1 mode passive
> *spanning-tree portfast disable
>
> sh ip int br
> …..
> GigabitEthernet1/0/1 * * unassigned * * *YES unset
> up * * * * * * * * * *up
> GigabitEthernet2/0/1 * * unassigned * * *YES unset
> up * * * * * * * * * *up
> Port-channel1 * * * * *unassigned * * *YES unset
> down * * * * * * * * *down
>
> Stack2
> ==========================
>
> vlan 100
> *name vlan-100-vsite-shared
> * private-vlan primary
> * private-vlan association 299-301
>
> interface Vlan100
> *ip address 192.168.20.246 255.255.255.0
>
> vlan 301
> *name vlan-301-Client2
> * private-vlan community
>
> interface Port-channel2
> *description Port-Channel-1 - LINK to Stack-1
> *switchport trunk encapsulation dot1q
> *switchport mode trunk
> *load-interval 30
> *spanning-tree portfast disable
>
> interface GigabitEthernet1/0/1
> *description G1/0/01 - Testing-Stack-Communication
> *switchport private-vlan host-association 100 301
> *switchport mode private-vlan host
>
> interface GigabitEthernet1/0/28
> *description G1/0/28 - LINK to Stack-1
> *switchport trunk encapsulation dot1q
> *switchport mode trunk
> *channel-group 2 mode passive
> *spanning-tree portfast disable
>
> interface GigabitEthernet2/0/28
> *description G2/0/28 - LINK to Stack-1
> *switchport trunk encapsulation dot1q
> *switchport mode trunk
> *channel-group 2 mode passive
> *spanning-tree portfast disable
>
> sh ip int br
> …..
> GigabitEthernet1/0/28 *unassigned * * *YES unset
> up * * * * * * * * * *up
> GigabitEthernet2/0/28 *unassigned * * *YES unset
> up * * * * * * * * * *up
> Port-channel2 * * * * *unassigned * * *YES unset
> down * * * * * * * * *down


I fixed it
channel-group 1 mode active
and
channel-group 2 mode active

port channels are up.

Also VTP cannot be set to server mode because private-vlans are in
use. So I just have to create the vlans on both switches and include
them in associations.

All working well now.

Thanks
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Dual channel or triple channel? Tony Computer Support 0 06-06-2010 08:32 AM
Re: Dual channel or triple channel? VanguardLH Computer Support 1 06-06-2010 01:36 AM
2924-XL Port Aggregation (port-channel) Steven Carr Cisco 3 10-17-2007 04:52 PM
Six channel or two channel sound on DVD? cydeweys@gmail.com DVD Video 1 10-10-2005 04:51 AM
Have two ATA100 Seagate drives in a vp6, one IDE channel comes up as mode 5 in winxp but the other channel is stuck in mode 4 Tim Computer Support 3 02-23-2004 03:35 AM



Advertisments