[nsp] vlans and VTP

Stephen J. Wilcox steve at telecomplete.co.uk
Wed May 28 19:35:49 EDT 2003 

This isnt a full answer but..

VTP is useful, save a lot of vlan config but as you say beware the config 
number, this isnt a problem if you config your switches carefully and use a 
domain and password.

You must have the vlan configured on all switches for traffic to pass, I'm 
guessing you didnt initally hence the vlan wasnt allowed thro but when you 
changed the vtp settings the vlan was created.

I think you're overlooking 3550a .. you must do "vlan database" from enable mode
and config up the vlan 101 if you dont have vtp enabled and dont have 101 ports
on that switch. 3550b will have 101 created automatically when you put the port
into the vlan...

Not sure on your layout, depends on your needs altho sw1 and sw2 seem to not be 
doing anything useful..

Steve


On Wed, 28 May 2003 jlewis at lewis.org wrote:

> I'm trying to configure a VLAN that trunks through another switch before 
> terminating on an ISL fastethernet subinterface on a 7206.  i.e.
> 
> 7206---3550a---3550b--vlan 101 on port 5
> 
> The 7206 is plugged into port 48 on 3550a, 3550a's port 47 is plugged into 
> 3550b's port 48.  A test PC is plugged into 3550b's port 5.
> 
> [3550a]
> interface FastEthernet0/47
>  switchport trunk encapsulation isl
>  switchport mode trunk
>  no ip address
>  no cdp enable
> !
> interface FastEthernet0/48
>  switchport trunk encapsulation isl
>  switchport mode trunk
>  no ip address
>  duplex full
>  speed 100
>  no cdp enable
> !
> 
> [3550b]
> interface FastEthernet0/5
>  switchport access vlan 101
>  switchport mode access
>  no ip address
> !
> interface FastEthernet0/48
>  switchport trunk encapsulation isl
>  switchport mode trunk
>  no ip address
> 
> [7206]
> interface FastEthernet0/0
>  no ip address
>  no ip mroute-cache
>  load-interval 30
>  no keepalive
>  duplex full
> !
> interface FastEthernet0/0.1
>  encapsulation isl 1
>  ip address 69.28.65.2 255.255.255.224
> !
> interface FastEthernet0/0.2
>  encapsulation isl 101
>  ip address 69.28.65.37 255.255.255.252
> 
> Initially, I had 3550b setup as the VTP server, set the same VTP domain 
> name on 3550b and 3550a, but vlan 101 traffic would not pass.  The 7206 
> and test PC would not see each other's ARP requests.
> 
> I was only able to get vlan 101 working by configuring both switches to 
> VTP transparent mode, and defining vlan 101 on each of them.  I didn't 
> expect to have to define vlans on 3550a if they're just trunking 
> through and none of its ports are in vlans other than 1.
> 
> Is this normal?  After reading some of the caveats for VTP, I'm not sure I
> actually want to run VTP anyway.  It sounds as though if a used switch
> with a high VTP config version were added to an existing STP domain, it
> would wipe out all the existing vlans and cause a serious outage.
> 
> The testing I'm doing is in preparation for building a setup like the
> following...the idea being high availability with the switches that
> customers connect to being the only single points of failure...both
> routers have connections to the outside world.  There will be multiple
> "switch3"'s, but they were left out of the ascii art.  Switch3 is a layer 
> 3 switch that will actually route for most customers...vlan trunking back 
> to the routers is only planned for certain special case customers.
> 
> 
> router1          HSRP             router2
>   |      between the router eths     |
>   |                                  |
>   |   /-------------------------\    |
>   |  /                           \   |
> switch1------\         /---------switch2
>               \       /
>                switch3
>                | | | |
>               customers
> 
> I'm wondering if others think this is a sensible layout?  I expect before
> long (maybe even immediately), we'll want to directly connect router1 and
> router2 to avoid sending traffic between them across the customer 
> connecting ethernets and switches.
> 
> ----------------------------------------------------------------------
>  Jon Lewis *jlewis at lewis.org*|  I route
>  System Administrator        |  therefore you are
>  Atlantic Net                |  
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list