asked on VLAN not allowed in management domain
Hello,
I just added a SVI on a core switch (Catalyst 3750). The VLAN is vlan 370. The core switch that this VLAN is configured on CAN ping the default gateway for this VLAN - 10.37.30.1. I can ping the default gateway from my workstation as well.
There are 3 switches in the mix.
The core switch
AS-01 which is the up linking switch
AS-02 which is the switch that has an Ubuntu server plugged into the Access port for this new VLAN.
PROBLEM: The Ubuntu server cannot ping its default gateway: 10.37.30.1
I am POSITIVE this is because the AS-01 switch in the middle is NOT allowing VLAN 370 into the management domain. It DOES allow the VLAN across the trunk, just not into the management domain as shown here:
Port Vlans allowed on trunk
Gi0/1 1,100,110,310,330,340,350-
Gi0/3 1,100,110,310,330,340,350-
Gi0/4 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1,100,110,310,330,340,350-
Gi0/3 1,100,110,310,330,340,350-
Gi0/4 1,100,110,310,330,340,350-
The core switch and the AS-02 switch ARE allowing this new VLAN into the management domain as shown here:
AS-02
Port Vlans allowed on trunk
Gi0/1 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1,100,110,310,330,340,350-
The AS-01 switch does NOT have any ports needing to access this VLAN 370 and I don't want it to. Are there commands I can input to allow this VLAN to be in themanagement domain on this middle AS-01 switch?
Thanks,
Dan
I just added a SVI on a core switch (Catalyst 3750). The VLAN is vlan 370. The core switch that this VLAN is configured on CAN ping the default gateway for this VLAN - 10.37.30.1. I can ping the default gateway from my workstation as well.
There are 3 switches in the mix.
The core switch
AS-01 which is the up linking switch
AS-02 which is the switch that has an Ubuntu server plugged into the Access port for this new VLAN.
PROBLEM: The Ubuntu server cannot ping its default gateway: 10.37.30.1
I am POSITIVE this is because the AS-01 switch in the middle is NOT allowing VLAN 370 into the management domain. It DOES allow the VLAN across the trunk, just not into the management domain as shown here:
Port Vlans allowed on trunk
Gi0/1 1,100,110,310,330,340,350-
Gi0/3 1,100,110,310,330,340,350-
Gi0/4 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1,100,110,310,330,340,350-
Gi0/3 1,100,110,310,330,340,350-
Gi0/4 1,100,110,310,330,340,350-
The core switch and the AS-02 switch ARE allowing this new VLAN into the management domain as shown here:
AS-02
Port Vlans allowed on trunk
Gi0/1 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1,100,110,310,330,340,350-
The AS-01 switch does NOT have any ports needing to access this VLAN 370 and I don't want it to. Are there commands I can input to allow this VLAN to be in themanagement domain on this middle AS-01 switch?
Thanks,
Dan
Network OperationsSwitches / Hubs
Last Comment
Daniel Christ
ASKER
It looks like there are some VTP inconsistencies across the network. Below is the VTP info for the AS-01 switch (the uplink switch) and the AS-02 switch the actual access switch for this server. I put X's over the VTP domain mode for security reasons. Once again VLAN 370 shows up as allowed on the trunks just not "allowed and active in management domain" as shown above. What is weired though is that ALL 3 switches CAN ping the default gateway. Just not the server.
Here is the VTP info on AS-01
VTP Version : running VTP1 (VTP2 capable)
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 14
VTP Operating Mode : Transparent
VTP Domain Name : xxxx
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xD7 0x0F 0x5B 0x48 0x18 0x43 0x97 0xC8
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Here is the VTP info on AS-02 the access switch for the server:
VTP Version : running VTP1 (VTP2 capable)
Configuration Revision : 23
Maximum VLANs supported locally : 1005
Number of existing VLANs : 15
VTP Operating Mode : Client
VTP Domain Name : xxxx
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xE1 0x7D 0xB8 0x30 0xB7 0x7A 0x25 0xFA
Configuration last modified by 10.200.30.1 at 2-15-10 15:48:10
Here is the VTP info on AS-01
VTP Version : running VTP1 (VTP2 capable)
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 14
VTP Operating Mode : Transparent
VTP Domain Name : xxxx
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xD7 0x0F 0x5B 0x48 0x18 0x43 0x97 0xC8
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Here is the VTP info on AS-02 the access switch for the server:
VTP Version : running VTP1 (VTP2 capable)
Configuration Revision : 23
Maximum VLANs supported locally : 1005
Number of existing VLANs : 15
VTP Operating Mode : Client
VTP Domain Name : xxxx
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xE1 0x7D 0xB8 0x30 0xB7 0x7A 0x25 0xFA
Configuration last modified by 10.200.30.1 at 2-15-10 15:48:10
ASKER
A little more troubleshooting. I went ahead and made a switch port on the AS-01 access the VLAN 370. Of course this then adds it to the vlan info (database) for this switch, thereby allowing the PINGS to cross this switches trunk interfaces from AS-02 to the core switch.
How do I add a VLAN on a lower switch that needs to get OUT without having to add an access port in that new VLAN on the intermediate switch????
And of course as seen in the above VTP status configs, the AS-01 switch has 14 existing VLANs while the AS-02 switch has 15 VLANS. Of course, they both now have 15. So I can now ping across, I just didn't want to add this VLAN to the AS-01 switch as an access port.
Does this make sense?
How do I add a VLAN on a lower switch that needs to get OUT without having to add an access port in that new VLAN on the intermediate switch????
And of course as seen in the above VTP status configs, the AS-01 switch has 14 existing VLANs while the AS-02 switch has 15 VLANS. Of course, they both now have 15. So I can now ping across, I just didn't want to add this VLAN to the AS-01 switch as an access port.
Does this make sense?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Yes, the core is in server mode. I definitely don't want an AS switch to be in server mode. So client is probably best.
Thanks,
Thanks,
It dosent hurt to have 2 switches in server mode. That way if one goes down you still have one managing VTP. Just keep in mind that whichever server has the latest version will update all others with its vlan database.
My suggestion would be change it to client first. Let it update its vlan db then change it to server. But with 3 switches its not a big deal.
My suggestion would be change it to client first. Let it update its vlan db then change it to server. But with 3 switches its not a big deal.
ASKER
Makes sense. We have 3 core switches in the network - 1 per building. This happens to be a core switch at one of our school buildings.
If you are not using VTP then make sure vlan 370 is configured on all switches and allowed across the proper trunks.