Port Channel config Question with Private-vlan

Discussion in 'Cisco' started by spacemancw, Aug 15, 2008.

  1. spacemancw

    spacemancw Guest

    Wondering if someone can help out here with this setup.

    I have a 3750 switch stack (Stack-1).
    I created a 2nd stack (Stack-2) in another cabinet.
    Too far apart for stacking cables so I am using port channeling.
    2 Gig ports on each switch, each belonging to a port channel.
    Ports are up and I can ping from stack-1 to stack-2 and back again.
    However ‘sh ip int br’ on both stacks show poertchannels as down-down.
    I am using “channel-group # mode passive” to disable PAgP because the
    ports in each channel are on separate switches.

    So the question is, why do both switches show Port-channels as down-
    down and yet I am able to ping back and forth?


    also as I am using private-vlans (so that client-1 cannot see or
    communicate with client-2,3,4 etc) I cannot use VTP in server mode. On
    Stack-1 i want to use private-vlans 200-299.
    On Stack-2 I want to use private-vlan 299-399.

    The ASA (the gateway to the internet) is patched to Switch-1. So all
    servers attched to Stack-2 need to not see private-vlans on stack-1 or
    stack-2 but must use the ASA (192.168.20.250) as the default gateway.



    Below is a snippet of some of the configs on both switches.

    I suspect I either have the port-channels or the ports in the
    portchannels misconfigured.


    Stack1
    ==========================

    vlan 100
    name vlan-100-vsite-shared
    private-vlan primary
    private-vlan association 200-211,299

    vlan 200
    name vlan-200-Client1
    private-vlan community


    interface Vlan100
    ip address 192.168.20.245 255.255.255.0

    interface Port-channel1
    description Port-Channel-1 - LINK to Stack-2
    switchport trunk encapsulation dot1q
    switchport mode trunk
    load-interval 30

    interface FastEthernet1/0/3
    description F1/0/03 - Client-1 - Server1
    switchport private-vlan host-association 100 200
    switchport mode private-vlan host
    speed 100
    duplex full


    interface GigabitEthernet1/0/1
    description G1/0/01 - LINK to Stack-2
    switchport trunk encapsulation dot1q
    switchport mode trunk
    channel-group 1 mode passive
    spanning-tree portfast disable
    !
    interface GigabitEthernet2/0/1
    description G2/0/01 - LINK to Stack-2
    switchport trunk encapsulation dot1q
    switchport mode trunk
    channel-group 1 mode passive
    spanning-tree portfast disable

    sh ip int br
    …..
    GigabitEthernet1/0/1 unassigned YES unset
    up up
    GigabitEthernet2/0/1 unassigned YES unset
    up up
    Port-channel1 unassigned YES unset
    down down


    Stack2
    ==========================

    vlan 100
    name vlan-100-vsite-shared
    private-vlan primary
    private-vlan association 299-301


    interface Vlan100
    ip address 192.168.20.246 255.255.255.0

    vlan 301
    name vlan-301-Client2
    private-vlan community


    interface Port-channel2
    description Port-Channel-1 - LINK to Stack-1
    switchport trunk encapsulation dot1q
    switchport mode trunk
    load-interval 30
    spanning-tree portfast disable


    interface GigabitEthernet1/0/1
    description G1/0/01 - Testing-Stack-Communication
    switchport private-vlan host-association 100 301
    switchport mode private-vlan host


    interface GigabitEthernet1/0/28
    description G1/0/28 - LINK to Stack-1
    switchport trunk encapsulation dot1q
    switchport mode trunk
    channel-group 2 mode passive
    spanning-tree portfast disable

    interface GigabitEthernet2/0/28
    description G2/0/28 - LINK to Stack-1
    switchport trunk encapsulation dot1q
    switchport mode trunk
    channel-group 2 mode passive
    spanning-tree portfast disable

    sh ip int br
    …..
    GigabitEthernet1/0/28 unassigned YES unset
    up up
    GigabitEthernet2/0/28 unassigned YES unset
    up up
    Port-channel2 unassigned YES unset
    down down
    spacemancw, Aug 15, 2008
    #1
    1. Advertising

  2. spacemancw

    spacemancw Guest

    On Aug 15, 1:47 am, spacemancw <> wrote:
    > Wondering if someone can help out here with this setup.
    >
    > I have a 3750 switch stack (Stack-1).
    > I created a 2nd stack (Stack-2) in another cabinet.
    > Too far apart for stacking cables so I am using port channeling.
    > 2 Gig ports on each switch, each belonging to a port channel.
    > Ports are up and I can ping from stack-1 to stack-2 and back again.
    > However ‘sh ip int br’ on both stacks show poertchannels as down-down..
    > I am using “channel-group # mode passive” to disable PAgP because the
    > ports in each channel are on separate switches.
    >
    > So the question is, why do both switches show Port-channels as down-
    > down and yet I am able to ping back and forth?
    >
    > also as I am using private-vlans (so that client-1 cannot see or
    > communicate with client-2,3,4 etc) I cannot use VTP in server mode. On
    > Stack-1 i want to use private-vlans 200-299.
    > On Stack-2 I want to use private-vlan 299-399.
    >
    > The ASA (the gateway to the internet) is patched to Switch-1. So all
    > servers attched to Stack-2 need to not see private-vlans on stack-1 or
    > stack-2 but must use the ASA (192.168.20.250) as the default gateway.
    >
    > Below is a snippet of some of the configs on both switches.
    >
    > I suspect I either have the port-channels or the ports in the
    > portchannels misconfigured.
    >
    > Stack1
    > ==========================
    >
    > vlan 100
    >  name vlan-100-vsite-shared
    >   private-vlan primary
    >   private-vlan association 200-211,299
    >
    > vlan 200
    >  name vlan-200-Client1
    >   private-vlan community
    >
    > interface Vlan100
    >  ip address 192.168.20.245 255.255.255.0
    >
    > interface Port-channel1
    >  description Port-Channel-1 - LINK to Stack-2
    >  switchport trunk encapsulation dot1q
    >  switchport mode trunk
    >  load-interval 30
    >
    > interface FastEthernet1/0/3
    >  description F1/0/03 - Client-1 - Server1
    >  switchport private-vlan host-association 100 200
    >  switchport mode private-vlan host
    >  speed 100
    >  duplex full
    >
    > interface GigabitEthernet1/0/1
    >  description G1/0/01 - LINK to Stack-2
    >  switchport trunk encapsulation dot1q
    >  switchport mode trunk
    >  channel-group 1 mode passive
    >  spanning-tree portfast disable
    > !
    > interface GigabitEthernet2/0/1
    >  description G2/0/01 - LINK to Stack-2
    >  switchport trunk encapsulation dot1q
    >  switchport mode trunk
    >  channel-group 1 mode passive
    >  spanning-tree portfast disable
    >
    > sh ip int br
    > …..
    > GigabitEthernet1/0/1     unassigned      YES unset
    > up                    up
    > GigabitEthernet2/0/1     unassigned      YES unset
    > up                    up
    > Port-channel1          unassigned      YES unset
    > down                  down
    >
    > Stack2
    > ==========================
    >
    > vlan 100
    >  name vlan-100-vsite-shared
    >   private-vlan primary
    >   private-vlan association 299-301
    >
    > interface Vlan100
    >  ip address 192.168.20.246 255.255.255.0
    >
    > vlan 301
    >  name vlan-301-Client2
    >   private-vlan community
    >
    > interface Port-channel2
    >  description Port-Channel-1 - LINK to Stack-1
    >  switchport trunk encapsulation dot1q
    >  switchport mode trunk
    >  load-interval 30
    >  spanning-tree portfast disable
    >
    > interface GigabitEthernet1/0/1
    >  description G1/0/01 - Testing-Stack-Communication
    >  switchport private-vlan host-association 100 301
    >  switchport mode private-vlan host
    >
    > interface GigabitEthernet1/0/28
    >  description G1/0/28 - LINK to Stack-1
    >  switchport trunk encapsulation dot1q
    >  switchport mode trunk
    >  channel-group 2 mode passive
    >  spanning-tree portfast disable
    >
    > interface GigabitEthernet2/0/28
    >  description G2/0/28 - LINK to Stack-1
    >  switchport trunk encapsulation dot1q
    >  switchport mode trunk
    >  channel-group 2 mode passive
    >  spanning-tree portfast disable
    >
    > sh ip int br
    > …..
    > GigabitEthernet1/0/28  unassigned      YES unset
    > up                    up
    > GigabitEthernet2/0/28  unassigned      YES unset
    > up                    up
    > Port-channel2          unassigned      YES unset
    > down                  down


    I fixed it
    channel-group 1 mode active
    and
    channel-group 2 mode active

    port channels are up.

    Also VTP cannot be set to server mode because private-vlans are in
    use. So I just have to create the vlans on both switches and include
    them in associations.

    All working well now.

    Thanks
    spacemancw, Aug 15, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. HMV

    Re: How to keep your private files private

    HMV, Feb 21, 2006, in forum: Computer Support
    Replies:
    0
    Views:
    491
  2. Steve

    Re: How to keep your private files private

    Steve, Feb 21, 2006, in forum: Computer Support
    Replies:
    1
    Views:
    487
  3. John Holmes

    Re: How to keep your private files private

    John Holmes, Feb 21, 2006, in forum: Computer Support
    Replies:
    0
    Views:
    439
    John Holmes
    Feb 21, 2006
  4. Replies:
    2
    Views:
    12,966
  5. Ned

    Private VLAN config

    Ned, May 10, 2010, in forum: Cisco
    Replies:
    1
    Views:
    682
    Morph
    May 10, 2010
Loading...

Share This Page