authentify
asked on
Line Protocol On Cisco Switch
I had and odd occurence that I am hoping someone could help explain....
I have a private T1 backchannel to a remote datacenter. The T1 rides within a DS3 connected to a vendor router that then connects to my switch. The connection (or T1 in this case) went down.
This was the carrier's problem, however, them going down cause the VLAN line protocol to go down as well on my switch and any nodes connected tot hat VLAN. In other words any host on that VLAN lost connection to every other host on other VLANS within the layer 3 switch I own. It is important to note that it was the VLAN line protocol not an individual interface....the ENTIRE VLAN went down. How is that possible.....
Thanks!! Very desperate to figure out why and how that would happen.....
I have a private T1 backchannel to a remote datacenter. The T1 rides within a DS3 connected to a vendor router that then connects to my switch. The connection (or T1 in this case) went down.
This was the carrier's problem, however, them going down cause the VLAN line protocol to go down as well on my switch and any nodes connected tot hat VLAN. In other words any host on that VLAN lost connection to every other host on other VLANS within the layer 3 switch I own. It is important to note that it was the VLAN line protocol not an individual interface....the ENTIRE VLAN went down. How is that possible.....
Thanks!! Very desperate to figure out why and how that would happen.....
Justin Ellenbecker
The only thing that should cause an entire vlan to go down is if the last interface in the VLAN goes down. Depending on your VTP environment this could happen if no other ports are in that vlan on that switch. The other ports that are in the VLAN are they all in switchport mode access or allowed trunks?
ASKER
StrifeJester,
All the ports in the VLAN are switchport mode access....none are spanning-tree, I am only allowing that one vlan traffic on the port.
All the ports in the VLAN are switchport mode access....none are spanning-tree, I am only allowing that one vlan traffic on the port.
When you created the vlan then i am assuming you created it on switch and all of the rest of the switches picked it up correct? Can you post the running config from the switch and also a show ver please.
Or is this all on a single switch with no other connected to it?
ASKER
Yeh just a single switch.....
Can you post the configuration please
ASKER
Here is the config....it is huge so I cut it down to just include the vlan in question here and the guts of the functions on the switch.....
sing 10876 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SungardSTL3750
!
enable secret
enable password
!
no aaa new-model
switch 1 provision ws-c3750g-48ts
switch 2 provision ws-c3750g-48ts
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
switchport access vlan 101
speed 100
duplex full
!
interface GigabitEthernet1/0/2
switchport access vlan 101
speed 100
duplex full
!
interface GigabitEthernet1/0/3
switchport access vlan 101
!
interface GigabitEthernet1/0/4
switchport access vlan 101
!
interface GigabitEthernet1/0/5
switchport access vlan 101
!
interface GigabitEthernet1/0/6
switchport access vlan 101
!
interface GigabitEthernet1/0/7
switchport access vlan 101
!
interface GigabitEthernet1/0/8
switchport access vlan 101
!
interface GigabitEthernet1/0/9
switchport access vlan 101
!
interface GigabitEthernet1/0/10
switchport access vlan 101
!
interface Vlan1
no ip address
shutdown
!
interface Vlan20
description DMZ1
no ip address
!
interface Vlan30
description Inside
no ip address
!
interface Vlan40
description VPN
no ip address
!
interface Vlan101
description Management Network
ip address 10.x.x.x 255.255.255.0
ip helper-address 10.x.x.x
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.x.x.x
ip route 10.x.x.x 255.255.255.0 10.x.x.x
ip route 10.x.x.x 255.255.255.192 10.x.x.x
ip route 10.x.x.x 255.255.255.192 10.x.x.x
ip http server
!
access-list 110 permit ip 10.x.x.0 0.0.0.255 10.x.x.0 0.0.0.255
access-list 110 permit ip 10.x.x.0 0.0.0.255 10.x.x.0 0.0.0.255
access-list 110 permit ip 10.x.x.0 0.0.0.2 any
access-list 110 deny ip 10.x.x.0 0.0.0.255 any
snmp-server community
snmp-server location
snmp-server contact
snmp-server enable traps license
snmp-server host
!
control-plane
!
!
line con 0
!
ntp server 10.x.x.x
end
sing 10876 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SungardSTL3750
!
enable secret
enable password
!
no aaa new-model
switch 1 provision ws-c3750g-48ts
switch 2 provision ws-c3750g-48ts
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
switchport access vlan 101
speed 100
duplex full
!
interface GigabitEthernet1/0/2
switchport access vlan 101
speed 100
duplex full
!
interface GigabitEthernet1/0/3
switchport access vlan 101
!
interface GigabitEthernet1/0/4
switchport access vlan 101
!
interface GigabitEthernet1/0/5
switchport access vlan 101
!
interface GigabitEthernet1/0/6
switchport access vlan 101
!
interface GigabitEthernet1/0/7
switchport access vlan 101
!
interface GigabitEthernet1/0/8
switchport access vlan 101
!
interface GigabitEthernet1/0/9
switchport access vlan 101
!
interface GigabitEthernet1/0/10
switchport access vlan 101
!
interface Vlan1
no ip address
shutdown
!
interface Vlan20
description DMZ1
no ip address
!
interface Vlan30
description Inside
no ip address
!
interface Vlan40
description VPN
no ip address
!
interface Vlan101
description Management Network
ip address 10.x.x.x 255.255.255.0
ip helper-address 10.x.x.x
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.x.x.x
ip route 10.x.x.x 255.255.255.0 10.x.x.x
ip route 10.x.x.x 255.255.255.192 10.x.x.x
ip route 10.x.x.x 255.255.255.192 10.x.x.x
ip http server
!
access-list 110 permit ip 10.x.x.0 0.0.0.255 10.x.x.0 0.0.0.255
access-list 110 permit ip 10.x.x.0 0.0.0.255 10.x.x.0 0.0.0.255
access-list 110 permit ip 10.x.x.0 0.0.0.2 any
access-list 110 deny ip 10.x.x.0 0.0.0.255 any
snmp-server community
snmp-server location
snmp-server contact
snmp-server enable traps license
snmp-server host
!
control-plane
!
!
line con 0
!
ntp server 10.x.x.x
end
OK does it only happen when a certain link is unplugged? What if you would unplug one of the others, I am assuming the one that went down was on gi1/0/2 correct?
Everything in the cpnfig looks ok can you post a show vlan please.
Everything in the cpnfig looks ok can you post a show vlan please.
Also can you post a show ver?
ASKER
Actually it is GI1/0/1. What happened was that the third party telco router has an ethernet port on it that plugs into gi1/0/1. When the carriers DS3 flapped so did the Line Protocol on Interface VLAN 101. That in turn then stops communication from node to node within that vlan....how is that possible??
SH VLAN:
VLAN Name Status Ports
---- --------------------------
1 default active Gi1/0/49, Gi1/0/50, Gi1/0/51, Gi1/0/52, Gi2/0/1
Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5, Gi2/0/6, Gi2/0/7
Gi2/0/8, Gi2/0/9, Gi2/0/10, Gi2/0/49, Gi2/0/50
Gi2/0/51, Gi2/0/52
20 VLAN0020 active Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17
Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21, Gi1/0/22
Gi2/0/13, Gi2/0/14, Gi2/0/15, Gi2/0/16, Gi2/0/17
Gi2/0/18, Gi2/0/19, Gi2/0/20, Gi2/0/21, Gi2/0/22
30 VLAN0030 active Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27
Gi1/0/28, Gi1/0/29, Gi1/0/30, Gi1/0/31, Gi1/0/32
Gi1/0/33, Gi1/0/34, Gi1/0/35, Gi1/0/36, Gi1/0/37
Gi1/0/38, Gi1/0/39, Gi1/0/40, Gi1/0/41, Gi1/0/42
Gi1/0/43, Gi1/0/44, Gi1/0/45, Gi1/0/46, Gi1/0/47
Gi1/0/48, Gi2/0/23, Gi2/0/24, Gi2/0/25, Gi2/0/26
Gi2/0/27, Gi2/0/28, Gi2/0/29, Gi2/0/30, Gi2/0/31
Gi2/0/32, Gi2/0/33, Gi2/0/34, Gi2/0/35, Gi2/0/36
Gi2/0/37, Gi2/0/38, Gi2/0/39, Gi2/0/40, Gi2/0/41
Gi2/0/42, Gi2/0/43, Gi2/0/44, Gi2/0/45, Gi2/0/46
Gi2/0/47, Gi2/0/48
40 VLAN0040 active Gi1/0/11, Gi1/0/12, Gi2/0/11, Gi2/0/12
101 VLAN0101 active Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
101 enet 100101 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
--------------------------
Primary Secondary Type Ports
------- --------- ----------------- --------------------------
Sh Ver:
Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(35)SE5, RELEAS
E SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 19-Jul-07 19:15 by nachen
Image text-base: 0x00003000, data-base: 0x01080000
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEE4, RELEASE SOFTWA
RE (fc1)
SungardSTL3750 uptime is 25 weeks, 5 days, 3 hours, 59 minutes
System returned to ROM by power-on
System image file is "flash:c3750-ipbase-mz.122
5.bin"
cisco WS-C3750G-48TS (PowerPC405) processor (revision F0) with 118784K/12280K by
tes of memory.
Processor board ID FOC1316W4NU
Last reset from power-on
5 Virtual Ethernet interfaces
104 Gigabit Ethernet interfaces
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:25:83:11:8C:00
Motherboard assembly number : 73-10218-08
Power supply part number : 341-0107-01
Motherboard serial number :
Power supply serial number :
Model revision number : F0
Motherboard revision number : E0
Model number : WS-C3750G-48TS-S
System serial number :
Top Assembly Part Number : 800-26857-02
Top Assembly Revision Number : B0
Version ID : V04
CLEI Code Number : COM7X10ARA
Hardware Board Revision Number : 0x09
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
1 52 WS-C3750G-48TS 12.2(35)SE5 C3750-IPBASE-M
* 2 52 WS-C3750G-48TS 12.2(35)SE5 C3750-IPBASE-M
Switch 01
---------
Switch Uptime : 1 day, 17 hours, 8 minutes
Base ethernet MAC Address : 00:25:46:F1:EA:80
Motherboard assembly number : 73-10218-08
Power supply part number : 341-0107-01
Motherboard serial number :
Power supply serial number :
Model revision number : F0
Motherboard revision number : E0
Model number : WS-C3750G-48TS-S
System serial number :
Top assembly part number : 800-26857-02
Top assembly revision number : B0
Version ID : V04
CLEI Code Number : COM7X10ARA
Configuration register is 0xF
SH VLAN:
VLAN Name Status Ports
---- --------------------------
1 default active Gi1/0/49, Gi1/0/50, Gi1/0/51, Gi1/0/52, Gi2/0/1
Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5, Gi2/0/6, Gi2/0/7
Gi2/0/8, Gi2/0/9, Gi2/0/10, Gi2/0/49, Gi2/0/50
Gi2/0/51, Gi2/0/52
20 VLAN0020 active Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17
Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21, Gi1/0/22
Gi2/0/13, Gi2/0/14, Gi2/0/15, Gi2/0/16, Gi2/0/17
Gi2/0/18, Gi2/0/19, Gi2/0/20, Gi2/0/21, Gi2/0/22
30 VLAN0030 active Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27
Gi1/0/28, Gi1/0/29, Gi1/0/30, Gi1/0/31, Gi1/0/32
Gi1/0/33, Gi1/0/34, Gi1/0/35, Gi1/0/36, Gi1/0/37
Gi1/0/38, Gi1/0/39, Gi1/0/40, Gi1/0/41, Gi1/0/42
Gi1/0/43, Gi1/0/44, Gi1/0/45, Gi1/0/46, Gi1/0/47
Gi1/0/48, Gi2/0/23, Gi2/0/24, Gi2/0/25, Gi2/0/26
Gi2/0/27, Gi2/0/28, Gi2/0/29, Gi2/0/30, Gi2/0/31
Gi2/0/32, Gi2/0/33, Gi2/0/34, Gi2/0/35, Gi2/0/36
Gi2/0/37, Gi2/0/38, Gi2/0/39, Gi2/0/40, Gi2/0/41
Gi2/0/42, Gi2/0/43, Gi2/0/44, Gi2/0/45, Gi2/0/46
Gi2/0/47, Gi2/0/48
40 VLAN0040 active Gi1/0/11, Gi1/0/12, Gi2/0/11, Gi2/0/12
101 VLAN0101 active Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
101 enet 100101 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
--------------------------
Primary Secondary Type Ports
------- --------- ----------------- --------------------------
Sh Ver:
Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(35)SE5, RELEAS
E SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 19-Jul-07 19:15 by nachen
Image text-base: 0x00003000, data-base: 0x01080000
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEE4, RELEASE SOFTWA
RE (fc1)
SungardSTL3750 uptime is 25 weeks, 5 days, 3 hours, 59 minutes
System returned to ROM by power-on
System image file is "flash:c3750-ipbase-mz.122
5.bin"
cisco WS-C3750G-48TS (PowerPC405) processor (revision F0) with 118784K/12280K by
tes of memory.
Processor board ID FOC1316W4NU
Last reset from power-on
5 Virtual Ethernet interfaces
104 Gigabit Ethernet interfaces
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:25:83:11:8C:00
Motherboard assembly number : 73-10218-08
Power supply part number : 341-0107-01
Motherboard serial number :
Power supply serial number :
Model revision number : F0
Motherboard revision number : E0
Model number : WS-C3750G-48TS-S
System serial number :
Top Assembly Part Number : 800-26857-02
Top Assembly Revision Number : B0
Version ID : V04
CLEI Code Number : COM7X10ARA
Hardware Board Revision Number : 0x09
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
1 52 WS-C3750G-48TS 12.2(35)SE5 C3750-IPBASE-M
* 2 52 WS-C3750G-48TS 12.2(35)SE5 C3750-IPBASE-M
Switch 01
---------
Switch Uptime : 1 day, 17 hours, 8 minutes
Base ethernet MAC Address : 00:25:46:F1:EA:80
Motherboard assembly number : 73-10218-08
Power supply part number : 341-0107-01
Motherboard serial number :
Power supply serial number :
Model revision number : F0
Motherboard revision number : E0
Model number : WS-C3750G-48TS-S
System serial number :
Top assembly part number : 800-26857-02
Top assembly revision number : B0
Version ID : V04
CLEI Code Number : COM7X10ARA
Configuration register is 0xF
Can you unplug a device that is plugged into one of the other interfaces on that vlan and have it stay up? It may have been something with the flapping i am checking tech notes for that version of IOS.
ASKER
Yep I can unplug another device and the vlan stays up. Heck even in this case I really didn't unplug anything...it was the telco connectiont hat flapped and the vlan line protocol goes down. Since these are layer 3 switches and act as a router, is there something with plugging a router into a router??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey StrifeJester,
I agree that it had something to do with the flapping, but one important thing to point out....the ethernet port leading from the vendor router to my switch was not flapping....the ds3 coming in to the router was flapping. Now if there were error packets, it is interesting that it would take the Admin Down temporarily....although that seems even harsh as error packets are uncommon, but no THAT uncommon.
The switch obviously has no built in IPS functionality and mistake the traffic as intrusive.
I am not able to do unplug the cable at this point. This facility is 350+ miles away....but I may be able to in the next month or so.
Let me ask you this, would it make sense to put just the port that the router is connected to on my switch in its own vlan? That way it would only take down that single port vlan??
I agree that it had something to do with the flapping, but one important thing to point out....the ethernet port leading from the vendor router to my switch was not flapping....the ds3 coming in to the router was flapping. Now if there were error packets, it is interesting that it would take the Admin Down temporarily....although that seems even harsh as error packets are uncommon, but no THAT uncommon.
The switch obviously has no built in IPS functionality and mistake the traffic as intrusive.
I am not able to do unplug the cable at this point. This facility is 350+ miles away....but I may be able to in the next month or so.
Let me ask you this, would it make sense to put just the port that the router is connected to on my switch in its own vlan? That way it would only take down that single port vlan??
If it doesn't mess with your routing that is a solution but maybe a bit of overkill. I would look more into the router and see if it flooded something out while the connection was flapping, possibly a routing protocol update that was basically storming everytime it came up or down. Since it is all Layer 3 switching though if you anticipate other problems with this port and the provider going down again it might not hurt to get it in its own vlan and isolate it. If that is something quick and easy to do go for it, one of the beauties of having a layer 3 switch.
You might also want to consider getting the IOS upgraded to 12.4 there are a lot of improvements and bug fixes, perhaps this is all that was as well.
ASKER
Thanks Strife,
So I believe I figured out based on your comment about the interface. This is a private point to point connection, so it dawned on me that the VLAN spans the connection back here to home base, which here there is a switch port that is also on VLAN101.....so it is reasonable to assume that the switch at my remote location thinks the port locally is on the same VLAN....if the connection is cut, so goes the Line Protocol for the VLAN.....similiar to a nic flapping plugged into a switch, like you mentioned, it should only affect that port, unless the VLAN itself is cut........!!
I called the router vendor and they confirmed that is indeed what would happen. Thanks Jester!!!
So I believe I figured out based on your comment about the interface. This is a private point to point connection, so it dawned on me that the VLAN spans the connection back here to home base, which here there is a switch port that is also on VLAN101.....so it is reasonable to assume that the switch at my remote location thinks the port locally is on the same VLAN....if the connection is cut, so goes the Line Protocol for the VLAN.....similiar to a nic flapping plugged into a switch, like you mentioned, it should only affect that port, unless the VLAN itself is cut........!!
I called the router vendor and they confirmed that is indeed what would happen. Thanks Jester!!!
NP glad everything is squared away.