From: John Matijevic (matijevi@bellsouth.net)
Date: Sun Jul 27 2003 - 15:36:36 GMT-3
Hello,
Brian good information, so based on the bug information then we should allow
vlan 1, but we do not need to add vlan 1002-1005, because I can allow a vlan
without that error message you stated earlier. Finally could you please post
the link to where you found this on Cisco's website, also is there a list of
bugs with 12.1 we can look at? I found the following on ciso's website:
You can use the Bug Toolkit (registered customers only) to find a matching
bug. Is there a similar tool for non-cisco customers? Or is there another
area on Cisco's website?
Sincerely,
Matijevic
----- Original Message -----
From: "MMoniz" <ccie2002@tampabay.rr.com>
To: "Brian McGahan" <bmcgahan@internetworkexpert.com>; "'Richard L.
Pickard'" <nettable_walker@comcast.net>; "'Ccielab@Groupstudy. Com'"
<ccielab@groupstudy.com>
Sent: Sunday, July 27, 2003 2:22 PM
Subject: RE: CSCdz22629 Bug Details was RE: only allow one VLAN across trunk
on 3550
> Thanks for that post Brian!!
>
> Also I agree no traffic should use VLAN 1. It is a nightmare to inherit a
> network
> that most traffic is on VLAN 1. Particularly with multiple subnets and
> default
> gateways on this VLAN.
>
> It takes alot of off net time to correct this situation.
>
> interface Vlan1
> ip address 10.1.1.2 255.255.0.0
> ip access-group 199 in
> ip helper-address 10.87.1.1
> ip helper-address 10.87.1.185
> no ip redirects
> ip ospf priority 200
> standby 1 ip 10.1.1.1
> standby 1 timers 1 3
> standby 1 priority 200
> standby 1 preempt
> standby 1 authentication cisco
> standby 2 ip 10.1.32.97
> standby 2 timers 1 3
> standby 2 priority 200
> standby 2 preempt
> standby 2 authentication cisco
> standby 3 ip 10.1.32.96
> standby 3 timers 1 3
> standby 3 priority 200
> standby 3 preempt
> standby 3 authentication cisco
> standby 4 ip 10.1.1.36
> standby 4 timers 1 3
> standby 4 priority 200
> standby 4 preempt
> standby 4 authentication cisco
> standby 5 ip 10.1.15.2
> standby 5 timers 1 3
> standby 5 priority 200
> standby 5 preempt
> standby 5 authentication cisco
> standby 6 ip 10.1.15.78
> standby 6 timers 1 3
> standby 6 priority 200
> standby 6 preempt
> standby 6 authentication cisco
> standby 7 ip 10.1.32.98
> standby 7 timers 1 3
> standby 7 priority 200
> standby 7 preempt
> standby 7 authentication cisco
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Brian McGahan
> Sent: Sunday, July 27, 2003 2:02 PM
> To: 'Brian McGahan'; 'Richard L. Pickard'; 'Ccielab@Groupstudy. Com'
> Subject: CSCdz22629 Bug Details was RE: only allow one VLAN across trunk
> on 3550
>
>
> Group,
>
> Recant that last posting I just made. After further
> investigation, I have found that the 3550 does not perform as it should
> when editing the allowed vlan list.
>
> When VLAN 1 is removed off a trunk link, most Cisco switches
> still run a feature known as "VLAN 1 minimization". Basically this
> means that CDP and VTP updates are still sent over VLAN 1, but no user
> traffic. 3550, on the other hand, does not conform to this behavior:
>
> <quote>
>
> CSCdz22629 Bug Details
>
>
> Headline CDP / VTP updates not received when vlan1 cleared from trunk
> Product 3550
> Model all
> Component firmware
> Duplicate of CSCdz20942
> Severity 2
> Status Duplicate
> First Found-in Version 12.1(11)EA1
> First Fixed-in Version Version help
>
> Release Notes
>
> When vlan 1 is removed from a trunk on a 3550, we no longer see CDP
> neighbours via that interface.
>
> The desired behavior described by this bug is known as "VLAN 1
> minimization". Until that feature is released on the 3550, follow the
> recommendation in the documentation and do not remove VLAN 1 from trunk
> ports.
>
> </quote>
>
>
> Therefore, VLAN 1 *should not* be removed from the allowed list
> on a trunk link on a 3550. Design wise this is not really an issue,
> since VLAN 1 should never be assigned for any user traffic, including
> management traffic. Also, since pruning will automatically control what
> traffic passes over the trunk, editing the allowed list is not really
> required in practicality.
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > Brian McGahan
> > Sent: Sunday, July 27, 2003 12:41 PM
> > To: 'Richard L. Pickard'; 'Ccielab@Groupstudy. Com'
> > Subject: RE: only allow one VLAN across trunk on 3550
> >
> > Richard,
> >
> > Editing the allowed vlan list does not affect VTP
> > advertisements. The VLANs that exist throughout the VTP domain will
> > still be advertised, but actual user traffic for the VLANs can only
> flow
> > over the link if it is in the allowed list.
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> >
> > > -----Original Message-----
> > > From: Richard L. Pickard [mailto:nettable_walker@comcast.net]
> > > Sent: Saturday, July 26, 2003 5:46 PM
> > > To: Brian McGahan
> > > Subject: RE: only allow one VLAN across trunk on 3550
> > >
> > > I may not be the brightest cookie, but I have come a long way !
> > > Do I need to clear anything after all is said & done?
> > > It looks like the VLAN's are still passing thru the trunk.
> > >
> > > I will shut the interface & no shut
> > >
> > >
> > > 3550_A#
> > > 3550_A#sh run int gigabitEthernet 0/1
> > > Building configuration...
> > >
> > > Current configuration : 155 bytes
> > > !
> > > interface GigabitEthernet0/1
> > > switchport trunk encapsulation isl
> > > switchport trunk allowed vlan 504,1002-1005
> > > switchport mode trunk
> > > no ip address
> > > end
> > >
> > > 3550_A#
> > > 3620__#8
> > > [Resuming connection 8 to 3550_b ... ]
> > >
> > > 3550_B#
> > > 3550_B#sh vlan brief
> > >
> > > VLAN Name Status Ports
> > > ---- -------------------------------- ---------
> > --------------------------
> > > --
> > > ---
> > > 1 default active Fa0/3, Fa0/5, Fa0/6,
> > Fa0/7
> > > Fa0/8, Fa0/13,
> Fa0/14,
> > > Fa0/15
> > > Fa0/16, Fa0/33,
> > Fa0/34,
> > > Fa0/35
> > > Fa0/36, Fa0/37,
> > Fa0/38,
> > > Fa0/39
> > > Fa0/40, Fa0/41,
> > Fa0/42,
> > > Fa0/43
> > > Fa0/44, Fa0/45,
> > Fa0/46,
> > > Fa0/47
> > > Fa0/48, Gi0/2
> > > 4 R_4 active
> > > 6 R_6 active
> > > 10 VLAN0010 active
> > > 15 VLAN0015 active
> > > 20 VLAN0020 active
> > > 25 VLAN0025 active
> > > 30 VLAN0030 active
> > > 35 VLAN0035 active
> > > 40 VLAN0040 active
> > > 45 VLAN0045 active
> > > 50 VLAN0050 active
> > > 55 VLAN0055 active
> > > 60 VLAN0060 active
> > >
> > > VLAN Name Status Ports
> > > ---- -------------------------------- ---------
> > --------------------------
> > > --
> > > ---
> > > 65 VLAN0065 active
> > > 70 VLAN0070 active
> > > 75 VLAN0075 active
> > > 80 VLAN0080 active
> > > 85 VLAN0085 active
> > > 90 PDC_VLAN active Fa0/9, Fa0/10,
> Fa0/11,
> > > Fa0/12
> > > Fa0/17, Fa0/18,
> > Fa0/19,
> > > Fa0/20
> > > Fa0/21, Fa0/22,
> > Fa0/23,
> > > Fa0/24
> > > Fa0/25, Fa0/26,
> > Fa0/27,
> > > Fa0/28
> > > Fa0/29, Fa0/30,
> > Fa0/31,
> > > Fa0/32
> > > 95 VLAN0095 active
> > > 111 VLAN0111 active
> > > 346 VLAN0346 active Fa0/4
> > > 504 BB_2 active Fa0/2
> > > 1002 fddi-default active
> > > 1003 token-ring-default active
> > > 1004 fddinet-default active
> > > 1005 trnet-default active
> > > 3550_B#
> > >
> > > -----Original Message-----
> > > From: Brian McGahan [mailto:brian@mcgahan.com]
> > > Sent: Saturday, July 26, 2003 3:26 PM
> > > To: 'Richard L. Pickard'; 'Ccielab@Groupstudy. Com'
> > > Subject: RE: only allow one VLAN across trunk on 3550
> > >
> > >
> > > Richard,
> > >
> > > By default, all VLANs are allowed to transit a trunk link. They
> > > are considered to be in the 'allowed list' for that trunk.
> > >
> > > Switch#sh int fa0/13 trunk | begin allowed
> > > Port Vlans allowed on trunk
> > > Fa0/13 1-4094
> > >
> > > Switch#sh int fa0/13 switchport | in Trunking VLANs Enabled
> > > Trunking VLANs Enabled: ALL
> > >
> > > As you can see from the above output, port fa0/13 is trunking,
> > > and all vlans from 1-4094 are allowed to transit it. In order to
> > change
> > > what is in the allowed list, use the interface command 'switchport
> > trunk
> > > allowed vlan'.
> > >
> > > Switch(config-if)#switchport trunk allowed vlan 100
> > > Command rejected: Bad VLAN allowed list.
> > > VLANs 1002-1005 are required.
> > >
> > > As you can see from this output, the 3550 requires that
> > > 1002-1005 remain on the trunk link.
> > >
> > > Switch(config-if)#switchport trunk allowed vlan 100,1002-1005
> > >
> > > Switch#sh int fa0/13 switchport | in Trunking VLANs Enabled
> > > Trunking VLANs Enabled: 100,1002-1005
> > >
> > > Switch#sh int fa0/13 trunk | begin allowed
> > > Port Vlans allowed on trunk
> > > Fa0/13 100,1002-1005
> > >
> > > Now the only VLANs that will transit this interface are 100, and
> > > 1002 through 1005.
> > >
> > >
> > > HTH,
> > >
> > > Brian McGahan, CCIE #8593
> > > bmcgahan@internetworkexpert.com
> > >
> > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf
> > > Of
> > > > Richard L. Pickard
> > > > Sent: Saturday, July 26, 2003 4:18 PM
> > > > To: Ccielab@Groupstudy. Com
> > > > Subject: only allow one VLAN across trunk on 3550
> > > >
> > > > Fiesta===
> > > >
> > > >
> > > > I am working a lab that asks you to configure ISL trunk between
> two
> > > 3550's
> > > > &
> > > > only allow VLAN 504
> > > >
> > > > I created the trunk & created some VLAN's (including VLAN 504) on
> > the
> > > VTP
> > > > master.
> > > >
> > > > Can anyone tell me how to allow only VLAN 504 thru the trunk ?
> > > >
> > > >
> > > >
> > > > interface GigabitEthernet0/1
> > > >
> > > > switchport trunk encapsulation isl
> > > >
> > > > switchport mode trunk
> > > >
> > > > [GroupStudy removed an attachment of type image/jpeg which had a
> > name
> > > of
> > > > Fiesta Bkgrd.jpg]
> > > >
> > > >
> > > >
> > >
> >
> _______________________________________________________________________
> > > > You are subscribed to the GroupStudy.com CCIE R&S Discussion
> Group.
> > > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> _______________________________________________________________________
> > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:55 GMT-3