[nsp] vlans and VTP

jlewis at lewis.org jlewis at lewis.org
Wed May 28 14:23:42 EDT 2003 

I'm trying to configure a VLAN that trunks through another switch before 
terminating on an ISL fastethernet subinterface on a 7206.  i.e.

7206---3550a---3550b--vlan 101 on port 5

The 7206 is plugged into port 48 on 3550a, 3550a's port 47 is plugged into 
3550b's port 48.  A test PC is plugged into 3550b's port 5.

[3550a]
interface FastEthernet0/47
 switchport trunk encapsulation isl
 switchport mode trunk
 no ip address
 no cdp enable
!
interface FastEthernet0/48
 switchport trunk encapsulation isl
 switchport mode trunk
 no ip address
 duplex full
 speed 100
 no cdp enable
!

[3550b]
interface FastEthernet0/5
 switchport access vlan 101
 switchport mode access
 no ip address
!
interface FastEthernet0/48
 switchport trunk encapsulation isl
 switchport mode trunk
 no ip address

[7206]
interface FastEthernet0/0
 no ip address
 no ip mroute-cache
 load-interval 30
 no keepalive
 duplex full
!
interface FastEthernet0/0.1
 encapsulation isl 1
 ip address 69.28.65.2 255.255.255.224
!
interface FastEthernet0/0.2
 encapsulation isl 101
 ip address 69.28.65.37 255.255.255.252

Initially, I had 3550b setup as the VTP server, set the same VTP domain 
name on 3550b and 3550a, but vlan 101 traffic would not pass.  The 7206 
and test PC would not see each other's ARP requests.

I was only able to get vlan 101 working by configuring both switches to 
VTP transparent mode, and defining vlan 101 on each of them.  I didn't 
expect to have to define vlans on 3550a if they're just trunking 
through and none of its ports are in vlans other than 1.

Is this normal?  After reading some of the caveats for VTP, I'm not sure I
actually want to run VTP anyway.  It sounds as though if a used switch
with a high VTP config version were added to an existing STP domain, it
would wipe out all the existing vlans and cause a serious outage.

The testing I'm doing is in preparation for building a setup like the
following...the idea being high availability with the switches that
customers connect to being the only single points of failure...both
routers have connections to the outside world.  There will be multiple
"switch3"'s, but they were left out of the ascii art.  Switch3 is a layer 
3 switch that will actually route for most customers...vlan trunking back 
to the routers is only planned for certain special case customers.


router1          HSRP             router2
  |      between the router eths     |
  |                                  |
  |   /-------------------------\    |
  |  /                           \   |
switch1------\         /---------switch2
              \       /
               switch3
               | | | |
              customers

I'm wondering if others think this is a sensible layout?  I expect before
long (maybe even immediately), we'll want to directly connect router1 and
router2 to avoid sending traffic between them across the customer 
connecting ethernets and switches.

----------------------------------------------------------------------
 Jon Lewis *jlewis at lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the cisco-nsp mailing list