Discussion in 'Cisco' started by GJP, Mar 8, 2005.

  1. GJP

    GJP Guest

    Have set up a FastEthernet dot1q trunk between a 6509 and a 3524xl.

    When I enter "sh vlan" on the 3524xl I do not see all the active vlans
    configured on the 6509. A 2950 connected to the 6509 over a Gigabit
    trunk will display all active vlans when entering "sh vlan". Has
    anyone got any idea what I have done wrong?

    Here is the config:


    interface FastEthernet0/24
    duplex full
    speed 100
    switchport trunk encapsulation dot1q
    switchport mode trunk

    sh int f0/24 swi
    Name: Fa0/24
    Switchport: Enabled
    Administrative mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: Disabled
    Access Mode VLAN: 0 ((Inactive))
    Trunking Native Mode VLAN: 1 (default)
    Trunking VLANs Enabled: ALL
    Trunking VLANs Active: 1,10
    Pruning VLANs Enabled: 2-1001
    Priority for untagged frames: 0
    Override vlan tag priority: FALSE
    Voice VLAN: none
    Appliance trust: none
    Self Loopback: No


    set port speed 6/8 100
    set port duplex 6/8 full
    set trunk 6/8 on dot1q 1-1005,1025-4094
    set spantree portfast 6/8 disable

    sh trunk 6/8
    * - indicates vtp domain mismatch
    # - indicates dot1q-all-tagged enabled on the port
    Port Mode Encapsulation Status Native vlan
    -------- ----------- ------------- ------------ -----------
    6/8 on dot1q trunking 1

    Port Vlans allowed on trunk
    -------- ---------------------------------------------------------------------
    6/8 1-1005,1025-4094

    Port Vlans allowed and active in management domain
    -------- ---------------------------------------------------------------------
    6/8 1-12,100

    Port Vlans in spanning tree forwarding state and not pruned
    -------- ---------------------------------------------------------------------
    6/8 1-12,100
    GJP, Mar 8, 2005
  2. Which VLANs are showing up on the3524 XLs "show vlan" (you did not
    include it)? Also, which VLANs have active hosts connected to the
    3524XL - my bet would be only VLAN1 and VLAN10, which is probably why
    they are the only one showing active on the trunk. If the 3524XLs VLAN
    database is not complete, you might want to check the VTP status on
    both the 3524XL and 6509 and see if the 3524XL is on the same VTP
    domain and at the same revision number.

    Good Luck,
    Robert B. Phillips, II, Mar 8, 2005
  3. GJP

    Brian V Guest

    The 3524 will not see the vlans automatically, you need to put both in the
    same VTP domain with the 6509 as the server and the 3524 as a client.

    set vtp domain XXXX
    set vtp mode server

    3524 (commands are from Priv Exec NOT config mode)
    vlan database
    vtp domain XXXX
    vtp client

    Give it about 45seconds and the vlans should be there.

    If you are changing the VTP characteristics this will affect all switches in
    your network, be prepared for this. You may (will) need to reconfig those
    switches as well.

    Use VTP at your own risk. In a small infrastructure it is fine, but in my
    opinion should NEVER be used in a large infrastructure. There's 2 different
    schools on this, there's the ones who say it's not a problem, then there's
    the others who know better! <G> There are too many problems with using it in
    a large infrastructure, scalability, security, etc.

    There were some flavors of CatIOS software that would automatically
    configure and learn the VTP domain information, the 2950 series is one of
    them. The 3524 will not automatically do it which is why it needs to be
    manually entered.

    Brian V, Mar 8, 2005
  4. GJP

    GJP Guest

    Thanks both for your advice. VTP was indeed the issue.

    Now I am wondering how to configure VTP (or not) for the LAN. There
    are about 250 Catalyst 2900XL/3500XL/2950 switches and 4 6509/5500s.

    Should I set all switches to transparent apart from the 6509/5500s and
    only use client mode to pick up all the VLANs on a new switch when it
    is installed on the LAN?

    Will reconfiguring VTP to transparent mode on the active switches
    cause any problems?

    Thanks again.
    GJP, Mar 10, 2005
  5. GJP

    Brian V Guest


    With 250 devices, design, layout and implementation is critical and should
    be evaluated, corrected and adjusted as a first step.

    Personally I wouldn't use VTP regardless of how many VLANs are used. All
    switches would be configured to transparent including the core 6509's.

    Regarding the VTP:

    The proper way to do it/reconfigure everything is to begin furthest away
    from the core, on the access layer switches. Those should be set to
    transparent and only the vlans on that switch that are used should be
    configured on it. A switch knowing of "vlan 10" that doesn't have any
    clients in "vlan 10" on it is useless and severly degradates the performance
    of the network. When a switch is configured for a vlan, even with no clients
    in it on that vlan, that switch will go thru a STP calculation every single
    time a client comes live or reboots anywhere on that network which takes up
    process power and bandwidth.

    Once the access layer is taken care of you need to begin moving inward to
    the distribution layer, again, transparent and again only the needed vlans
    should be configured on those devices.

    Next step would be the core, if core 1 and 2 only feed devices on vlan 1,2
    and 3 then only those vlans should be on those switches. Obviously take into
    account any failover/HSRP that is being used. Again, with this size network
    I would use transparent.

    After everything is configured for transparent, everything is confirmed
    working and there are no problems you need to begin pruning. This is done in
    the core. An example of pruning would be, port g3/1 on core 1, this port
    only feeds clients on vlans 2 and 3, only vlans 2 and 3 should be allowed on
    that trunk.

    There is so much more to this than a simple post in a news group could ever
    take care of. It's obvious that you know how to work on/service an
    infrastructure, but do you know proper design techniques or best practices?
    I'm saying this as a general statement; most in-house engineers do not know
    real world design or implementation. They are typically grown from a PC/Help
    desk technician or are hired fresh out of school to work with a more
    experienced staff member within the network that they are servicing. There
    are obviously exceptions to this, there are several people here, within this
    NG that are, shall we say simply incredible. Unless you are one of those
    few, meeting with a well experienced VAR would greatly benefit you and your

    Hope this helped,

    Brian V, Mar 10, 2005
  6. GJP

    GJP Guest


    Thanks for the info, it has been very useful.

    I am getting conflicting opinions regarding the use (or not) of VTP.
    Your reasoning seems the most persuasive at the moment.

    Cisco's best practices paper appears to leave the decision up to the
    GJP, Mar 11, 2005
  7. GJP

    Hansang Bae Guest

    It doesn't buy you much. Think about it. If VTP creates the vlans for
    you so what? You still have to assign the ports right?

    The potential for disaster (wiping out vlans across the network) is far
    too heavy a penalty.

    We have tens of thousands of switches in our network. And we don't use



    Hansang Bae, Mar 14, 2005
