CDP 802.1Q Trunks

[Mikecl]

Hi,

I have a couple of 3550 cisco switches connected via a layer 2 external network. Only vlan's 501-504 are allowed to pass across the link and I believe they all need to be tagged. I can pass traffic across the link ok, i can telnet between the switches ok but I cant get CDP info across the link.
I have tried setting vlan dot1q tag native and various other settings but still no cdp between the switches across the external network.

Any Ideas?

Thanks

 

[leedsit]

Hi,

I beleive on some Switches CDP will only work across vlan 1, regardless of your Native Vlan.

Lee.

LEEroy
MCNE6,CCNA2,CWNA, Project+, CCSA

 

[vipergg]

Try allowing vlan 1 across your trunks. I thought cdp still got carried across even if vlan 1 wasn't specifically allowed , though I may be thinking about catos switches.

 

[wabob]

VLAN 1 carries all the "control plane" traffic such as CDP, SNMP, syslog, etc.

I did not think it was possible to completely block VLAN 1.


Experience is a tough teacher.
The test comes first, the lesson comes later...

 

[ADB100]

There was a bug in earlier 12.1(x) software on the 3550 that prevented CDP from working if VLAN 1 wasn't allowed on the trunk. This was fixed in a later IOS release, just upgrade to a later release - either 12.1(22)EA7 or 12.2(25)SED.

You are right not to want to allow VLAN 1 on your trunks.....

HTH

Andy

 

[wabob]

Hope this isn't a dumb question, why would you not want to allow VLAN 1 on your trunks?

Does this cause side-effects?

Experience is a tough teacher.
The test comes first, the lesson comes later...

 

[ADB100]

Even if you have one or two switches and don't use any VLAN's then it's advisable to move everything off VLAN 1. VLAN 1 is used by all Cisco switches for Control-Plane traffic - CDP, VTP, DTP etc. Cisco recommend not using VLAN for anything other than that.
If you have only a few switches and a flat network then you should simply create a new VLAN (such as VLAN 10) and assign all your interfaces to this, inter-switch links should be configured as access ports in this single VLAN (no trunks):

vlan 10
name data-vlan
!
interface range FastEthernet0/1 - 24
switchport mode access
switchport access vlan 10
!

If you have a few VLAN's and use trunks you should define a UNIQUE VLAN to be used for the Native VLAN. This should be unused anywhere apart from between the 2 switches. You should also restrict the allowed VLANs on the trunk to only your VLANs with user data on them:

vlan 10
name data-vlan-10
!
vlan 20
name data-vlan-20
!
vlan 910
name Native-vlan-910
!
vlan 920
name Native-vlan-920
!
interface range FastEthernet0/1 - 11
switchport mode access
switchport access vlan 10
!
interface range FastEthernet0/12 - 22
switchport mode access
switchport access vlan 20
!
interface FastEthernet0/23
switchport mode trunk
switchport trunk native vlan 910
switchport trunk allowed vlan 10,20
!
interface FastEthernet0/24
switchport mode trunk
switchport trunk native vlan 920
switchport trunk allowed vlan 10,20
!


All of this best practise information can be found on CCO.

HTH

Andy

 

[Mikecl]

Hi Andy,

Thanks for the info, one of the switches has 12.1x installed I have updgraded it to 12.2(25)SEA but still cant see cdp across the link although I can see local devices, can you remember what the bug ID was for the problem?

 

[ADB100]

Sorry I can't remember the bug. I do however have a 3550 and a 2950 currently connected with a dot1q trunk and can happily see CDP either side:

!3550
interface GigabitEthernet0/1
description 802.1q to 2950
switchport access vlan 4000
switchport trunk encapsulation dot1q
switchport trunk native vlan 4000
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
udld port aggressive
!

cat-3550-emi#sho cdp neighbors gigabitEthernet 0/1
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
cat-2950 Gig 0/1 175 S I WS-C2950T-Gig 0/1


!2950
interface GigabitEthernet0/1
description 802.1q to 3550
switchport access vlan 4000
switchport trunk native vlan 4000
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
udld port aggressive
!
cat-2950#sho cdp neighbors gigabitEthernet 0/1
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
cat-3550-emi Gig 0/1 172 R S I WS-C3550-2Gig 0/1

The 3550 is running 12.2(25)SED and the 2950 is running 12.1(22)EA7.

HTH

Andy

 

[Mikecl]

Hi Andy,

Thanks for the quick reply. If I connect the 2 switches with a crossover cable Fa0/1 to Fa0/1 I can see CDP ok, the issue arrises when I connect the switches to the external provider's layer2 switched network. Only VLAN's 501-504 Inc are allowed on their trunks

On the 3550 switches I have the management VLAN set as 504
Fa0/1 on each switch
switchport trunk encap dot1q
switcport trunk native vlan 501
switchport mode trunk
I have tried only allowing only certian VLANs on trunks

Both Switches In Transparent Mode VLANS 502 - 504 exist.
All normal communication works ok just CDP not working.
I checked int fa0/1 switchport and it says native vlan501

I have tried changing the native VLAN to 504 on the trunk ports Fa0/1 but then I get no comms at all.

Any ideas's?

 

[ADB100]

What kit is the provider using? It could be they have other switches in the way, maybe using Q-in-Q which is quite common with service providers:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/gt_qinq.htm

HTH

Andy

 

[Mikecl]

Hi Andy,

Thanks for responding we are moving from double tagging
Q in Q(which work fine) to single tagging which is how this link is configured. Not sure of the Kit. I believe only tagged packets from VLAN's 501-504 inc are allowed across the link. I did try setting vlan dot1q tag native on the whole switch but still no CDP. I have tried preventing VLAN1 from the trunks but still no CDP. Perhaps I will have to leave it for now return to fight another day.
Thanks for your suggestions.

Mike

 

[Mikecl]

Hi Andy,

Thanks for your help it appears as though the code running on these Lightning Edge switches does not properly handle CDP, this is to be sorted in a later code release.

Thanks to all who made suggestions, this tread can be closed

Regards Mike