Avatar of authentify
authentify
 asked on

Line Protocol On Cisco Switch

I had and odd occurence that I am hoping someone could help explain....

I have a private T1 backchannel to a remote datacenter.  The T1 rides within a DS3 connected to a vendor router that then connects to my switch.  The connection (or T1 in this case) went down.  

This was the carrier's problem, however, them going down cause the VLAN line protocol to go down as well on my switch and any nodes connected tot hat VLAN.  In other words any host on that VLAN lost connection to every other host on other VLANS within the layer 3 switch I own.  It is important to note that it was the VLAN line protocol not an individual interface....the ENTIRE VLAN went down.  How is that possible.....

Thanks!!  Very desperate to figure out why and how that would happen.....
Switches / HubsRouters

Avatar of undefined
Last Comment
Justin Ellenbecker

8/22/2022 - Mon
Justin Ellenbecker

The only thing that should cause an entire vlan to go down is if the last interface in the VLAN goes down.  Depending on your VTP environment this could happen if no other ports are in that vlan on that switch.  The other ports that are in the VLAN are they all in switchport mode access or allowed trunks?
authentify

ASKER
StrifeJester,

All the ports in the VLAN are switchport mode access....none are spanning-tree, I am only allowing that one vlan traffic on the port.
Justin Ellenbecker

When you created the vlan then i am assuming you created it on switch and all of the rest of the switches picked it up correct? Can you post the running config from the switch and also a show ver please.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Justin Ellenbecker

Or is this all on a single switch with no other connected to it?
authentify

ASKER
Yeh just a single switch.....
Justin Ellenbecker

Can you post the configuration please
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
authentify

ASKER
Here is the config....it is huge so I cut it down to just include the vlan in question here and the guts of the functions on the switch.....

sing 10876 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SungardSTL3750
!
enable secret
enable password
!
no aaa new-model
switch 1 provision ws-c3750g-48ts
switch 2 provision ws-c3750g-48ts
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
 switchport access vlan 101
 speed 100
 duplex full
!
interface GigabitEthernet1/0/2
 switchport access vlan 101
 speed 100
 duplex full
!
interface GigabitEthernet1/0/3
 switchport access vlan 101
!
interface GigabitEthernet1/0/4
 switchport access vlan 101
!
interface GigabitEthernet1/0/5
 switchport access vlan 101
!
interface GigabitEthernet1/0/6
 switchport access vlan 101
!
interface GigabitEthernet1/0/7
 switchport access vlan 101
!
interface GigabitEthernet1/0/8
 switchport access vlan 101
!
interface GigabitEthernet1/0/9
 switchport access vlan 101
!
interface GigabitEthernet1/0/10
 switchport access vlan 101
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan20
 description DMZ1
 no ip address
!
interface Vlan30
 description Inside
 no ip address
!
interface Vlan40
 description VPN
 no ip address
!
interface Vlan101
 description Management Network
 ip address 10.x.x.x 255.255.255.0
 ip helper-address 10.x.x.x
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.x.x.x
ip route 10.x.x.x 255.255.255.0 10.x.x.x
ip route 10.x.x.x 255.255.255.192 10.x.x.x
ip route 10.x.x.x 255.255.255.192 10.x.x.x
ip http server
!
access-list 110 permit ip 10.x.x.0 0.0.0.255 10.x.x.0 0.0.0.255
access-list 110 permit ip 10.x.x.0 0.0.0.255 10.x.x.0 0.0.0.255
access-list 110 permit ip 10.x.x.0 0.0.0.2 any
access-list 110 deny   ip 10.x.x.0 0.0.0.255 any
snmp-server community
snmp-server location
snmp-server contact
snmp-server enable traps license
snmp-server host
!
control-plane
!
!
line con 0

!
ntp server 10.x.x.x
end
Justin Ellenbecker

OK does it only happen when a certain link is unplugged?  What if you would unplug one of the others, I am assuming the one that went down was on gi1/0/2 correct?

Everything in the cpnfig looks ok can you post a show vlan please.
Justin Ellenbecker

Also can you post a show ver?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
authentify

ASKER
Actually it is GI1/0/1.  What happened was that the third party telco router has an ethernet port on it that plugs into gi1/0/1.  When the carriers DS3 flapped so did the Line Protocol on Interface VLAN 101.  That in turn then stops communication from node to node within that vlan....how is that possible??

SH VLAN:
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/49, Gi1/0/50, Gi1/0/51, Gi1/0/52, Gi2/0/1
                                                Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5, Gi2/0/6, Gi2/0/7
                                                Gi2/0/8, Gi2/0/9, Gi2/0/10, Gi2/0/49, Gi2/0/50
                                                Gi2/0/51, Gi2/0/52
20   VLAN0020                         active    Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17
                                                Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21, Gi1/0/22
                                                Gi2/0/13, Gi2/0/14, Gi2/0/15, Gi2/0/16, Gi2/0/17
                                                Gi2/0/18, Gi2/0/19, Gi2/0/20, Gi2/0/21, Gi2/0/22
30   VLAN0030                         active    Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27
                                                Gi1/0/28, Gi1/0/29, Gi1/0/30, Gi1/0/31, Gi1/0/32
                                                Gi1/0/33, Gi1/0/34, Gi1/0/35, Gi1/0/36, Gi1/0/37
                                                Gi1/0/38, Gi1/0/39, Gi1/0/40, Gi1/0/41, Gi1/0/42
                                                Gi1/0/43, Gi1/0/44, Gi1/0/45, Gi1/0/46, Gi1/0/47
                                                Gi1/0/48, Gi2/0/23, Gi2/0/24, Gi2/0/25, Gi2/0/26
                                                Gi2/0/27, Gi2/0/28, Gi2/0/29, Gi2/0/30, Gi2/0/31
                                                Gi2/0/32, Gi2/0/33, Gi2/0/34, Gi2/0/35, Gi2/0/36
                                                Gi2/0/37, Gi2/0/38, Gi2/0/39, Gi2/0/40, Gi2/0/41
                                                Gi2/0/42, Gi2/0/43, Gi2/0/44, Gi2/0/45, Gi2/0/46
                                                Gi2/0/47, Gi2/0/48
40   VLAN0040                         active    Gi1/0/11, Gi1/0/12, Gi2/0/11, Gi2/0/12
101  VLAN0101                         active    Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6
                                                Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
20   enet  100020     1500  -      -      -        -    -        0      0
30   enet  100030     1500  -      -      -        -    -        0      0
40   enet  100040     1500  -      -      -        -    -        0      0
101  enet  100101     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------


Sh Ver:


Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(35)SE5, RELEAS
E SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 19-Jul-07 19:15 by nachen
Image text-base: 0x00003000, data-base: 0x01080000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEE4, RELEASE SOFTWA
RE (fc1)

SungardSTL3750 uptime is 25 weeks, 5 days, 3 hours, 59 minutes
System returned to ROM by power-on
System image file is "flash:c3750-ipbase-mz.122-35.SE5/c3750-ipbase-mz.122-35.SE
5.bin"

cisco WS-C3750G-48TS (PowerPC405) processor (revision F0) with 118784K/12280K by
tes of memory.
Processor board ID FOC1316W4NU
Last reset from power-on
5 Virtual Ethernet interfaces
104 Gigabit Ethernet interfaces


512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 00:25:83:11:8C:00
Motherboard assembly number     : 73-10218-08
Power supply part number        : 341-0107-01
Motherboard serial number       :
Power supply serial number      :
Model revision number           : F0
Motherboard revision number     : E0
Model number                    : WS-C3750G-48TS-S
System serial number            :
Top Assembly Part Number        : 800-26857-02
Top Assembly Revision Number    : B0
Version ID                      : V04
CLEI Code Number                : COM7X10ARA
Hardware Board Revision Number  : 0x09


Switch   Ports  Model              SW Version              SW Image
------   -----  -----              ----------              ----------
     1   52     WS-C3750G-48TS     12.2(35)SE5             C3750-IPBASE-M
*    2   52     WS-C3750G-48TS     12.2(35)SE5             C3750-IPBASE-M


Switch 01
---------
Switch Uptime                   : 1 day, 17 hours, 8 minutes
Base ethernet MAC Address       : 00:25:46:F1:EA:80
Motherboard assembly number     : 73-10218-08
Power supply part number        : 341-0107-01
Motherboard serial number       :
Power supply serial number      :
Model revision number           : F0
Motherboard revision number     : E0
Model number                    : WS-C3750G-48TS-S
System serial number            :
Top assembly part number        : 800-26857-02
Top assembly revision number    : B0
Version ID                      : V04
CLEI Code Number                : COM7X10ARA

Configuration register is 0xF
Justin Ellenbecker

Can you unplug a device that is plugged into one of the other interfaces on that vlan and have it stay up?  It may have been something with the flapping i am checking tech notes for that version of IOS.
authentify

ASKER
Yep I can unplug another device and the vlan stays up.  Heck even in this case I really didn't unplug anything...it was the telco connectiont hat flapped and the vlan line protocol goes down.   Since these are layer 3 switches and act as a router, is there something with plugging a router into a router??
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
Justin Ellenbecker

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
authentify

ASKER
Hey StrifeJester,

I agree that it had something to do with the flapping, but one important thing to point out....the ethernet port leading from the vendor router to my switch was not flapping....the ds3 coming in to the router was flapping.  Now if there were error packets, it is interesting that it would take the Admin Down temporarily....although that seems even harsh as error packets are uncommon, but no THAT uncommon.  

The switch obviously has no built in IPS functionality and mistake the traffic as intrusive.  

I am not able to do unplug the cable at this point.  This facility is 350+ miles away....but I may be able to in the next month or so.

Let me ask you this, would it make sense to put just the port that the router is connected to on my switch in its own vlan?  That way it would only take down that single port vlan??
Justin Ellenbecker

If it doesn't mess with your routing that is a solution but maybe a bit of overkill.  I would look more into the router and see if it flooded something out while the connection was flapping, possibly a routing protocol update that was basically storming everytime it came up or down.  Since it is all Layer 3 switching though if you anticipate other problems with this port and the provider going down again it might not hurt to get it in its own vlan and isolate it.  If that is something quick and easy to do go for it, one of the beauties of having a layer 3 switch.
Justin Ellenbecker

You might also want to consider getting the IOS upgraded to 12.4 there are a lot of improvements and bug fixes, perhaps this is all that was as well.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
authentify

ASKER
Thanks Strife,


So I believe I figured out based on your comment about the interface.  This is a private point to point connection, so it dawned on me that the VLAN spans the connection back here to home base, which here there is a switch port that is also on VLAN101.....so it is reasonable to assume that the switch at my remote location thinks the port locally is on the same VLAN....if the connection is cut, so goes the Line Protocol for the VLAN.....similiar to a nic flapping plugged into a switch, like you mentioned, it should only affect that port, unless the VLAN itself is cut........!!

I called the router vendor and they confirmed that is indeed what would happen.   Thanks Jester!!!
Justin Ellenbecker

NP glad everything is squared away.