Create Date: Jul 7 2012 5:14PM
Odd case at worksite, power outage, when devices came back up, all Cisco management IPs were offline, but end users reported no issues (DHCP is
working/verified), so its was limited to management vlan (11 in this case). Topology in play is this:
LAN Router Extreme (X450a-24t XOS) port 24 ---directly connected----- Cisco 3524 int gi0/1
(very old IOS on Cisco):
Cisco Internetwork Operating System Software
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5.1)XW, MAINTENANCE INTERIM SOFTWARE
System image file is "flash:c3500XL-c3h2s-mz-120.5.1-XW.bin")
Should be simple enough.
User vlan is 19, management is 11
We are unable to ping management IP of 3524 from LAN router side or ping extreme from Cisco side).
Tagged on Extreme side:
0389-RTR-01.8 # sh vlan "Manage"
VLAN Interface with name Manage created by user
Admin State: Enabled Tagging: 802.1Q Tag 11
Virtual router: VR-Default
Primary IP : 10.169.48.6/24
Protocol: Match all unfiltered protocols
QosProfile: None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile: None configured
Ports: 15. (Number of active ports=13)
*21(Server),*22(Server),*23(Server),*24(LAB-3548), 25, 26
Tagged for management port 24.
Vlan 11 (management) is up and active:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
10 VLAN0010 active
11 VLAN0011 active
Cisco port config gi0/1:
switchport trunk encapsulation dot1q
switchport mode trunk
Interface IP-Address OK? Method Status Protocol
VLAN1 unassigned YES NVRAM up down
VLAN11 10.169.48.1 YES NVRAM up up
GW is correct:
0389-SW-Training-01#sh run | inc gate
ip default-gateway 10.169.48.6
Mind you, this is an odd IP assignment, I have changed it...for standards are LAN rtr is .6, while this sw was .1, its has since been reip'd, but that has no bearing here. When I have the above config I can not ping the Extreme from the Cisco or ping the Cisco from the Extreme side. The Cisco is pinging nothing past the LAN router (only tried private, did not try public).
The odd part is that spanning tree is blocking vlan 1 and 11:
On Cisco sw we get this error in logs:
*Feb 28 16:04:30.982: %SPANTREE-2-RECV_PVID_ERR:
Received BPDU with inconsistent peer vlan id 1 on GigabitEthernet0/1 on vlan 11.
*Feb 28 16:04:30.982: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet0/1 on vlan 1.
Inconsistent peer vlan.
*Feb 28 16:04:31.000: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/1 on vlan 11.
Inconsistent local vlan
To me this means a native vlan mismatch..maybe. But on the extreme side the default vlan is disabled/not on any ports.
0389-RTR-01.3 # sh vlan "Default"
VLAN Interface with name Default created by user
Admin State: Enabled Tagging: 802.1Q Tag 1
Ports: 0. (Number of active ports=0)
To fix I tried various items on both extreme and cisco side, the ONLY way I could get comms re-establish on management vlan was:
On Extreme side : untag vlan 19 on port 24 AND
On Cisco side: add to gi0/1 sw tr na vl 19
On Extreme side : untag vlan 11 on port 24 AND
On Cisco sdie : add to gi0/1 sw tr na vl 11
Its working now, but this goes against our standards of having no untagged ports on the LAN rtr, so I am going to head back out onsite Monday to investigate further. No, this site did not have backups of configs....dont ask lol.
Why would I be unable to ping from the Cisco to the .6 address on the LAN router (when the configs to me look 100% correct)?
Why would with both ports tagged/configured correctly on both devices did I have have to untag ports to get this config to work?
Jimmy (from jimmy_s)