dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
983
share rss forum feed


CNANoob

@comcast.net

[Config] New uplink

Hi there,
Thanks for reading.

I've got a new MOE handoff. Does my boss include me in any planning meetings? Give me any contact info? Know any details? That would be too easy, right? Shame on me for letting all that happen.

I was planning for a newly lit up FE port on the ISP's managed switch in my datacenter. Instead, they brought it in through an existing fiber connection from their switch to my core router. That connection was already driving one of my remote sites.

I've got MY remote switch deployed. The link is up and working. I can tell because the switch is getting console logging messages from my core router so there's a physical connection but no pings.

On the core router, I added a subinterface with a dot1q vlan'd IP address. The router can ping the new IP and the IP answers pings from within my core network. The remote switch has the same VLAN ID but no ping replies to/from THAT switch IP addy.

Here's (what I think is) the relevant config info from the core router:

interface GigabitEthernet0/0/0
ip address 192.168.3.3 255.255.255.0
negotiation auto

interface GigabitEthernet0/0/0.1
encapsulation dot1Q 1055
ip address 192.168.55.1 255.255.255.0

router eigrp 10
network 10.0.0.0
network 192.168.1.0
network 192.168.3.0
network 192.168.4.0
network 192.168.8.0
network 192.168.10.0

no auto-summary
no eigrp log-neighbor-changes

ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.3.1
ip route 192.168.1.0 255.255.255.0 10.0.69.1
ip route 192.168.2.0 255.255.255.0 10.0.1.2
ip route 192.168.55.3 255.255.255.255 GigabitEthernet0/0/0.1 name AQUATIC_CTR_MDF

MOC_ROUTER(config-subif)#DO SHOW INT G0/0/0.1
GigabitEthernet0/0/0.1 is up, line protocol is up
Hardware is PM-3387, address is 001b.d5b8.9663 (bia 001b.d5b8.9663)
Description: SUBINT for AQUATIC CTR 55.1
Internet address is 192.168.55.1/24

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1055.
ARP type: ARPA, ARP Timeout 04:00:00
Last clearing of "show interface" counters never

Here's config from the remote switch:

vlan 1055
name AQUATIC_CTR
...

interface FastEthernet0
no ip address
shutdown

...

interface GigabitEthernet1/0/14
switchport access vlan 1055
switchport mode access
spanning-tree portfast

...

interface GigabitEthernet1/0/25
description GBIC UPLINK to local switches
switchport access vlan 1055
!
interface GigabitEthernet1/0/26
description GBIC UPLINK to local switches
switchport access vlan 1055
switchport mode trunk
...

interface Vlan1
no ip address

interface Vlan1055
ip address 192.168.55.3 255.255.255.0
ip helper-address 192.168.3.42

I'm CAT5'd from my remote switch 1/0/14 to the remote ISP managed switch.

I don't know why there's no logical connectivity with PINGs.

Thanks in advance!
Bob



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

The core side is doing dot1q trunking, so ethernet frames are tagged.

The remote side is doing untagged frames, with the port simply configured as an access port with the same VLAN ID as the core side.

Thats like trying to put a square peg in a round hole. Aint gonna work.

Either remove the VLAN config from the core side so that it transmits untagged ethernet frames, or configure the remote side port as a dot1q trunk port and allow VLAN 1055 across it.



battleop

join:2005-09-28
00000
reply to CNANoob

So I understand this correctly....

You have a router in Location A and a switch in location Z then they carrier is handing you a layer 2 point to point Fast Ethernet connection between the two sites?

If that's the case....

Remove the 192.168.3.3 255.255.255.0 from GI0/0/0

Remove switchport access vlan 1055 from GI1/0/26 (If this is you up link to the router) and add "switchport trunk encapsulation dot1q"

You can probably remove "ip helper-address 192.168.3.42" from vlan 1055 as well.
--
I do not, have not, and will not work for AT&T/Comcast/Verizon/Charter or similar sized company.



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

said by battleop:

Remove the 192.168.3.3 255.255.255.0 from GI0/0/0

Why would you do that? That subnet seems to have his gateway in it, according to the routes.

He can certainly remove this line though:

ip route 192.168.55.3 255.255.255.255 GigabitEthernet0/0/0.1 name AQUATIC_CTR_MDF
 

The router already knows how to get to 192.168.55.3 because its part of a subnet that is connected to an interface, so the route is implied. Probably added for troubleshooting, but in reality completely unnecessary even for that.

The config seems a bit messy after reading it again. A diagram would certainly help to better understand how this is all hooked up...


CNANoob

@comcast.net
reply to TomS_

Hi TomS,
Thanks for writing.

On the remote side, I tried setting the 1/0/14 port to switchport trunk and switchport mode trunk and finally dot1x all with no luck. I tried mutliple combos to see what would stick.

I originally set the core side to dot1q because the first time I tried to apply an IP address to the new subinterface, I was blocked with a warning telling me that a dot1q vlan needed to be created beforehand.

Maybe there's another method on the core side?

Thanks again!



CNANoob

@comcast.net
reply to battleop

Hi Battleop,

Thanks for writing.

That 3.3 private IP is the IP of my busiest core router. I'm starting to think my ISP got lazy by using an existing uplink rather than provisioning a new port for uplink.



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
reply to CNANoob

Ok so this is some random VLAN ID that you chose?

How has the provider provisioned this new service over the existing fibre connection?

We will need a lot more details before we can really help you further.



battleop

join:2005-09-28
00000
reply to TomS_

Only to keep things clean. I don't number an interface if I am going to load it up with sub interfaces and trunk to a switch.

There really isn't enough info to figure out what he is trying to do.
--
I do not, have not, and will not work for AT&T/Comcast/Verizon/Charter or similar sized company.



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

said by battleop:

Only to keep things clean. I don't number an interface if I am going to load it up with sub interfaces and trunk to a switch.

True.

But I would have also said "replace it with:"

interface GigabitEthernet0/0/0.1
 encapsulation dot1q 1 native
 ip address 192.168.3.3 255.255.255.0
 

At which point he would also need to create a new subint for his new circuit. At which point I would have said "call it GigabitEthernet0/0/0.1055" because I like my subint numbers to match the VLAN ID. :-)

But Im not sure that 1055 is a valid VLAN ID in this case, need more details from the OP first.


battleop

join:2005-09-28
00000

Hah. I didn't catch the mismatch between the interface number and vlan. Talk about a future confusing mess.
--
I do not, have not, and will not work for AT&T/Comcast/Verizon/Charter or similar sized company.


markysharkey
Premium
join:2012-12-20
united kingd
reply to TomS_

quote:
But Im not sure that 1055 is a valid VLAN ID in this case, need more details from the OP first.
Only valid if the (Cisco) switch is in server mode. Can't comment on other manufcturer switches.
In transparent mode the usable VLAN's are 1-1001 and as we all know VLAN 1 is the default / native VLAN until it's changed.
--
Binary is as easy as 01 10 11

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9

WTF are you talking about? Valid VLAN IDs are 1-4095 (12bits.) Some systems apply additional rules... vlan 0 or vlan 4095 handled as "all vlans", etc. Others have limits on the total number of vlans allowed (hardware limits usually.)

And then there's Cisco continuing brain damage... the "translation" vlans. NX-OS (Nexus) finally abandoned that crap, however IOS (and CatOS) switches still support FDDI and tokenring translation that cannot be turned off -- vlans 1002-1005 are, thus, reserved. (This is so stupid; they haven't made either fddi or token gear in over 15 years.)



tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1

1 edit

said by cramer:

And then there's Cisco continuing brain damage... the "translation" vlans. NX-OS (Nexus) finally abandoned that crap, however IOS (and CatOS) switches still support FDDI and tokenring translation that cannot be turned off -- vlans 1002-1005 are, thus, reserved. (This is so stupid; they haven't made either fddi or token gear in over 15 years.)

but nx-os on the n7k has its own awesome internally allocated vlans -- and there are two ranges -- 81 vlans that can't be allocated -- and 128 that can be shifted -- but must be continuous.

»www.cisco.com/en/US/docs/switche···_1273370

[edited to add] yes, i know that the c6k platform has allocated vlans as well (»www.cisco.com/en/US/docs/switche···p1032562) -- but the usage is far less than the n7k.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9

Right. I forgot about internal vlans -- it's never bit me, so I tend to forget about them. 'tho my coworkers love of "1000" based things does create problems.



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
reply to cramer

said by cramer:

WTF are you talking about? Valid VLAN IDs are 1-4095 (12bits.)

Sorry, not clear in my post I realise.

Im more than aware that VLAN IDs are a 12 bit value, and the various flavours of VLAN limits that are around.

What Im talking about is that hes trying to trunk VLAN 1055 in to the provider. He said he set this because a sub-int requires a VLAN ID, so was it just some random VLAN ID? Was it specified by the carrier?

If the provider isn't expecting or accepting this VLAN tag, or any, then its not going to work. So not "valid" in the context of the circuit hes trying to bring up.

Hence we need more details from this guy, like a diagram, some kind of technical spec from the provider that indicates trunking and/or VLAN IDs or whatever. In any case, more information needed.