VLAN Tagging/Trunk Issue

[judgestone]

I have a slight problem I am trying to fix. Here is the scenario and equipment:

- Avaya 363 - 1G GBIC on port 51 (192.168.8.3)
- Cisco 3750 - 1G GBIC on port Gi1/0/12, and 100MB GBIC on port Gi1/0/1 (192.168.8.251)
- Cisco 2900 - 100MB fiber interface (192.168.8.36)

The 363 is connected to 3750/Port 12, and 3750/Port 1 is connected to 2900 fiber interface. All interfaces set to VLAN 1. The problem is that the 363 has multiple VLANs (1 -.8.XXX, 2 - 9.XXX, and 3 - 172.XXX.XXX.XXX). The 363's uplink is connected to another 2950 into our network. All VLANS pass fine from the 363 the 2950 to our 7400 series router, as long as your connected to the 363.

I can pass traffic all the way through from the end location (2900 - 8.36) in another location through the 3750 (8.250) to the 363 (8.3) to the 2950 (8.2) to the 7400 (8.1) on the default VLAN 1 as I should be.

My problem is that the 2900 (8.36) in another location also, has 9.XXX, and 172.XXX.XXX.XXX addresses connecting to it. I need to be able to pass the 9.XXX, and 172.XXX.XXX.XXX traffic also all the way through to their gateway's interface (sub interfaces on 7204 router)

I usually use a PIX firewall and let it determine what segments interact with what VLANs/Subnets but I do not have that option here.

I have tried trunks on the ports, tagging, etc. to try and get the end location VLANS other than (1) to pass all the way through to no avail. All switches have a default-gw of 192.168.8.1

Any help in this matter would be greatly appreciated.

Here is a rundown of connectivity:

7204 FA0/1 (192.168.8.1/9.1/172.XXX.8.1)each interface set to dot1q encapslation 1/2/3 - to - 2950 FA/01 (192.168.8.2) uplink to 7204 set to Trunk, and FA0/3 set to trunk uplinked to - 363 (192.168.8.3) and 363 port 51 set to trunk and tagged bind-to-all - to - 3750 (192.168.8.250)Gi1/0/12 and 3750 Gi1/0/1 - to - 2900 FA0/24 (192.168.8.36)

Again, all 8.XX work fine on VLAN 1 no matter which switch your connected to, but any other VLAN on that end 2900 switch will not pass through.

 

[unclerico]

Can we see scrubbed configs from all devices involved??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[judgestone]

Here are the configs. I couldn't get the 363s overall config, but I do have its uplink ports to the 2950 and 3750 dot1q tag and bound to all. Will be ports gi1/0/12 on 3750s config, and port 7 on 2950's config.

Here is 1st device - 7204

!
version 12.4
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname XXXXXX
!
boot-start-marker
boot system disk0:c7200-is-mz.124-16a.bin
boot-end-marker
!
no logging console
enable secret 5 XXXXXXX
enable password XXXXXXX
!
no aaa new-model
clock calendar-valid
no ip source-route
no ip gratuitous-arps
!
!
ip cef
!
no ip bootp server
!
username XXXX password 0 XXXXXXx
!
!
ip tcp synwait-time 10
ip ftp username XXXXXXX
ip ftp password 7 XXXXXXX
bridge irb
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.8
encapsulation dot1Q 1 native
ip address 192.168.8.1 255.255.255.0
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0/0.9
encapsulation dot1Q 2
ip address 192.168.9.1 255.255.255.0
bridge-group 1
!
interface FastEthernet0/0.172
encapsulation dot1Q 3
ip address 172.16.8.1 255.255.255.0
no ip redirects
bridge-group 1
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
!
router rip
network 172.16.0.0
network 192.168.8.0
network 192.168.9.0
!
ip default-gateway XXXXXX to T1 connection to another location
ip route 0.0.0.0 0.0.0.0 XXXXXXXXXX
!
ip http server
!
snmp-server community XXXXXX RO
snmp-server community XXXXXX RO
snmp-server trap link ietf
arp XXXXXXXx XXXXXX4.b8b4 ARPA
!
snmp ifmib trap throttle
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
gateway
timer receive-rtp 1200
!
!
gatekeeper
shutdown
!
line con 0
exec-timeout 0 0
password 7 XXXXXXXXXXXX
login local
stopbits 1
line aux 0
exec-timeout 0 5
password 7 XXXXXXXXXXXXXXXX
login
no exec
stopbits 1
line vty 0 4
password XXXXXXXXXXXXXXXX
login local
line vty 5 15
login
!
!
end
-------------------------------------------

2nd device 2950

!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname XXXXXXXX
!
no logging console
enable secret 5 XXXXX
enable password XXXXX
!
ip subnet-zero
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 0
!
interface FastEthernet0/1
description Uplink-2-7204
switchport mode trunk
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface FastEthernet0/2
description Charles
switchport mode access
!
interface FastEthernet0/3
description Debbie
switchport mode access
!
interface FastEthernet0/4
description Harry
switchport mode access
!
interface FastEthernet0/5
description Joey
switchport mode access
!
interface FastEthernet0/6
switchport mode access
!
interface FastEthernet0/7
description Uplink 2 363 8 Dot
switchport mode trunk
!
interface FastEthernet0/8
description CLANCard Uplink
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/9
description Uplink 2 2nd 363 9 Dot
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface GigabitEthernet0/1
switchport mode trunk
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Vlan1
description Default
ip address 192.168.8.2 255.255.255.0
no ip proxy-arp
no ip route-cache
!
ip default-gateway 192.168.8.1
!
line con 0
exec-timeout 0 0
password XXXXX
line vty 0 4
password XXXXX
login
line vty 5 15
password XXXXX
login
!
!
end
---------------------------------
3rd device is the 363 connected to 2950's port 7 and the 363s is uplinked to 3750's gi1/0/12
----------------------------------

4th device - 3750

!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname XXXXXXX
!
no logging console
enable secret 5 XXXXXXX
enable password 7 XXXXXXX
!
no aaa new-model
switch 1 provision ws-c3750g-12s
ip subnet-zero
ip routing
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
no spanning-tree vlan 1
spanning-tree vlan 1,35,112,200-201 priority 4096
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
description Uplink To B11_2900
switchport mode dot1q-tunnel
no cdp enable
!
interface GigabitEthernet1/0/2
shutdown
!
interface GigabitEthernet1/0/3
shutdown
!
interface GigabitEthernet1/0/4
shutdown
!
interface GigabitEthernet1/0/5
shutdown
!
interface GigabitEthernet1/0/6
shutdown
!
interface GigabitEthernet1/0/7
shutdown
!
interface GigabitEthernet1/0/8
shutdown
!
interface GigabitEthernet1/0/9
shutdown
!
interface GigabitEthernet1/0/10
shutdown
!
interface GigabitEthernet1/0/11
shutdown
!
interface GigabitEthernet1/0/12
description Uplink to Avaya Net Switch
switchport mode dot1q-tunnel
no cdp enable
!
interface Vlan1
description Default
ip address 192.168.8.251 255.255.255.0
no ip proxy-arp
!
interface Vlan2
no ip address
!
interface Vlan3
no ip address
!
ip default-gateway 192.168.8.1
ip classless
ip http server
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line vty 0 4
password 7 XXXXXXXXXXX
login
line vty 5 15
password 7 XXXXXXXXXX
login
!
end

---------------------------------
5th device - 2900 located in another building which will require users with 9.XXX and 172.XXX IPs to traverse across

!
version 11.2
no service pad
no service udp-small-servers
no service tcp-small-servers
!
hostname XXXXXXXX
!
enable secret 5 XXXXXXXXXXXXX
enable password XXXXXXXXXX
!
interface VLAN1
ip address 192.168.8.36 255.255.255.0
no ip proxy-arp
no ip route-cache
!
interface FastEthernet0/1
speed 100
duplex full
!
interface FastEthernet0/2
switchport access vlan 3
!
interface FastEthernet0/3
speed 100
duplex full
switchport access vlan 2
!
interface FastEthernet0/4
switchport access vlan 3
!
interface FastEthernet0/5
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11 - "Test Port"
switchport access vlan 3
!
interface FastEthernet0/12 - "Test Port"
switchport access vlan 2
!
interface FastEthernet0/13 - "Test Port"
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
!
interface FastEthernet0/24
shutdown
!
ip default-gateway 192.168.8.1
no logging console
snmp-server community XXXXXXXX RW
snmp-server community XXXXXXXX RO
snmp-server chassis-id 0x0F
!
line con 0
password XXXXXXXXX
stopbits 1
line vty 0 4
password XXXXXXXXXX
login
line vty 5 15
password XXXXXXXXXXX
login
!
end
---------------
Sorry for the long post, and my problem my lie below in regards to I may need to set the port to trunk mode on the uplink to a 363 with a 9 dot address, but I still need to hit 9.1 from the end 2900.
-----------------------------------
!
interface FastEthernet0/7
description Uplink 2 363 8 Dot
switchport mode trunk
!
interface FastEthernet0/9
description Uplink 2 2nd 363 9 Dot
switchport access vlan 2
switchport mode access
-------------------------------------

Again, any help will be greatly appreciated.

 

[judgestone]

Also, I know that bypassing the 363 probably would do the trick, the problem with this is:

1. The buildings are kinda far apart, so 2950 LX to 2950 LX will not work.
2. 3750 to media converter to 2950 can not be done, because my company will not let me use a media converter to do this. This would pipe the traffic straight into the originating 2950 straight to the 7204, but a no go with the media converter.

 

[VinceWhirlwind]

Why are the ports on the 3750 configured as "dot1q-tunnel" mode?
That doesn't seem to match what the 2950 is configured as and why would you want .1q tunneling anyway?

(irrelevant, but why is CDP disabled on the 3750-2900 link? CDP is your friend!)

When you've checked the trunking is OK, do a "show vlan" on each device to ensure each VLAN actually exists on each device.

 

[judgestone]

The dotqtunneling was put there, just as a test since it was uplinking to an Avaya 363 that was passing all tags and VLANS. The CDP part I will fix, since I hadn't noticed it while trying to get the devices to talk.

I have since as a test, took the 3750 and 363 out of the picture and I am now going straight 2900 XL to 2950. I went and picked up the 2900XL from the remote location and since brought it to my office to configure and then return it upon satisfaction that it works.

I think I have narrowed it down to spanning-tree port fast?

I have been searching Cisco's site and I have the configured 2950 to 7204 as prescribed, but now just have to get the the second 2900 to pass VLANS through the 2950 to the 7204. I am reasearching this now.

A point in the right direction will be gracious.

 

[VinceWhirlwind]

It must be your trunk configuration.

Check you have applied the following on both ends of each inter-switch trunk:
- switchport trunk encapsulation 802.1q (older Cisco devices sometimes default to ISL, CIsco-Cisco usually negotiates correctly, but Cisco-nonCisco will not work if the Cisco has defaulted to ISL)
- switchport mode trunk
- native vlan = same at both ends, if in doubt set it to "1"
- switchport trunk allowed vlan n,n,nn,nn,...... same at both ends and includes all VLANs you want passed

When you're doing Cisco-nonCisco, just remember the Cisco end should be configured as above, while the non-cisco needs to be configured as "trunk" (will be 802.1q by default) and assign all VLANs to the trunk as "tagged" VLANs except for your "native" VLAN which is "untagged".

 

[vipergg]

That may be your problem , early versions of the 2900 only support ISL and the 2950 only support dot1q so you may not be able to get a working trunk between the 2900 and the 2950. What version on the 2900 are you using?

 

[VinceWhirlwind]

Another thing which should help you is to set logging to "debug" level on all your switches/routers, and point them to your syslog server (install and run one on your laptop if you don't have one on the network already).

Once you confirm all devices are logging to your syslog, break the physical connection on each switch-switch link and watch the messages it logs as it comes back up: often these will give you clues as to what exactly is going on.

 

[judgestone]

Thanks for all you alls help. I got it working this morning.

It was two factors as you all stated.

1. The old 2900XL was using "isl", and I had to set it to 802
2. I had to add "all" to the switchport trunk allowed on both switch ports.

It worked no problem after that.

 

[vipergg]

glad you got it working...