Solved

5406zl (J8697A) port loses VLAN membership

Posted on 2012-03-21
11
1,254 Views
Last Modified: 2012-06-27
I have a 5604zl switch, where I have tagged some vlans on port A6 (uplink to 2824 switch) the config look like this:

vlan 1
   name "DEFAULT_VLAN"
   untagged A1-A3,A6-A7,A17-A19,B2,B8-B12,B17-B18,C7-C24,Trk1-Trk4
   ip helper-address 10.31.48.21
   ip helper-address 10.31.48.22
   ip address 10.31.45.7 255.255.255.0
   tagged A20,A22
   no untagged A4,A8-A16,A21,A23-A24,B1,B3-B7,B13-B16,B19-B20,Trk10
   ip proxy-arp
   exit
vlan 110
   name "DAO_LAN"
   tagged A6,Trk1-Trk4
   no ip address
   exit
vlan 210
   name "HB-VLAN-210"
   untagged A12
   tagged A2-A3,A6,A19,B2-B3,B5-B6,B8-B12,Trk4
   no ip address
   exit
vlan 220
   name "HB-VLAN-220"
   tagged A2-A3,A6,A19,B2-B3,B5-B6,B8-B12,Trk4
   no ip address
   exit
vlan 230
   name "HB-VLAN-230"
   tagged A2-A3,A6,A19,B2-B3,B5-B6,B8-B12,Trk4
   no ip address
   exit
vlan 48
   name "Server_Vlan"
   untagged A4,A9,A11,A20-A21,A23-A24,B1,B3-B4,B6-B7,B13-B16,B20,Trk10
   ip address 10.31.48.7 255.255.255.0
   tagged A1-A3,A6,A8,A19,A22,B2,B5,B8-B12,Trk4
   exit

Open in new window


A6 is untagged in default vlan (native) and tagged in the other vlans. The port on the 2824 switch is also tagged with the other vlans, and untagged in default vlan..

And when I connect the two switches its working, i can access the tagged vlans on both switches and off couse the native default vlan.

But suddently after about 1 hour of uptime the port A6 on the 5406 seems to lose its VLAN membership, and all servers connected to the 2824 switch is lost.

The 5406 is running with software:  K.13.63, and I have found the fix in a newer software release to the switch:

VRP (PR_0000040238)— After a dynamically-learned VLAN is converted to a static port-based VLAN, and an
interface is made a static member of that VLAN, disabling GVRP causes the port to lose the VLAN membership. The
running-config, startup-config and the SNMP egress static member list for the VLAN show the port as member of the
VLAN. All other data shows the port is no longer a member of the VLAN. VLAN communication over the affected
interface is no longer possible until the one of the two following workarounds is executed. Workarounds: Either reissue
the tag and untag commands for VLAN port assignment or reload the system.

Is it correct that the port is loosing its VLAN membership because of a software error?

I've another 5406 switch with software  K.14.84 and here i dont have this problem. I just wan't your experts to confirm my assumption.

Its critical when the port loses VLAN membership and i looses connection to 24 servers in the 2824 switch :-)

Best Regards, Steffen.
0
Comment
Question by:pfpoulsen
  • 6
  • 5
11 Comments
 
LVL 6

Expert Comment

by:RKinsp
Comment Utility
This problem seems to affect only VLANs that were learned from GVRP then converted to static. Did you have GVRP enabled?
0
 

Author Comment

by:pfpoulsen
Comment Utility
ESB-HP-5406-Core-02# show gvrp

 GVRP support

  Maximum VLANs to support [256] : 256
  Primary VLAN : DEFAULT_VLAN
  GVRP Enabled [No] : No

Open in new window


apparently not.

But the other 5406 switch I have (where the uplink is connected right now) does not looses the ports vlan membership, and the only difference I can see on thoose two switches is the software version.

I have tried to change the uplink to the other 5406 switch the last two nights at arround 12pm. And in the past two nights the port has losts its VLAN membership 2pm...

If pretty tired of getting waked in the middel of the night because of this failure, do you have any other suggention if its not the software version??

Best regards, Steffen
0
 

Author Comment

by:pfpoulsen
Comment Utility
Here is the current setup, that is working CORE1 (5406 conncted to 2824 from port A24 to port 21)

CORE1 vlan config:


vlan 1
   name "DEFAULT_VLAN"
   untagged A3-A6,A8,A10,A12,A16,A18-A21,A24-B3,B6-B7,B17,C7-C24,Trk1-Trk4
   ip helper-address 10.31.48.93
   ip helper-address 10.31.48.22
   ip address 10.31.45.1 255.255.255.0
   tagged A22
   no untagged A1-A2,A7,A9,A11,A13-A15,A17,A23,B4-B5,B8-B16,B18-B20
   exit
vlan 100
   name "SUN_LAN"
   tagged Trk1-Trk4
   no ip address
   exit
vlan 110
   name "DAO_LAN"
   untagged A2
   tagged A24,Trk1-Trk4
   no ip address
   exit
vlan 210
   name "HB-VLAN-210"
   tagged A3-A4,A6-A7,A10,A12,A24-B2,B4-B6,Trk4
   no ip address
   exit
vlan 220
   name "HB-VLAN-220"
   tagged A3-A4,A6-A7,A10,A12,A24-B2,B4-B6,Trk4
   no ip address
   exit
vlan 230
   name "HB-VLAN-230"
   tagged A3-A4,A6-A7,A10,A12,A24-B2,B4-B6,Trk4
   no ip address
   exit
vlan 48
   name "Server_Vlan"
   untagged A9,A11,A13-A15,A23,B4-B5,B8,B10-B16,B18,B20
   ip address 10.31.48.1 255.255.255.0
   tagged A3-A6,A8,A10,A12,A22,A24-B3,B6,Trk4
   exit
vlan 310
   name "iSCSI-VLAN-310"
   untagged A7,A17,B9,B19
   tagged Trk4
   no ip address
   exit
vlan 47
   name "ESB-PRINT"
   no ip address
   exit
vlan 46
   name "Management"
   no ip address
   exit
vlan 240
   name "Telenor-Statusplan"
   untagged A1
   tagged A3-A4,A6-A7,A10,A12,A24-B2,B4-B6,Trk4
   no ip address
   exit

Open in new window


2824vlan  config:

vlan 1
   name "DEFAULT_VLAN"
   untagged 1-3,7,9,12,14,19-24
   ip address 10.31.46.121 255.255.255.0
   no untagged 4-6,8,10-11,13,15-18
   exit
vlan 48
   name "Server_Vlan"
   untagged 6,8,10-11,13,15-18
   tagged 1-3,7,21
   exit
vlan 210
   name "HB-VLAN-210"
   tagged 1-2,7,21
   exit
vlan 220
   name "HB-VLAN-220"
   tagged 1-2,7,21
   exit
vlan 230
   name "HB-VLAN-230"
   tagged 1-2,7,21
   exit
vlan 240
   name "Statusplan"
   untagged 5
   tagged 1-2,7,21
   exit
vlan 310
   name "iSCSI-VLAN"
   exit
vlan 110
   name "DAO_LAN"
   untagged 4
   tagged 21
   exit

Open in new window


I'm trying to take the link from port A24 on CORE1, and connect it to port A6 on the CORE2

Core2 VLAN config:

vlan 1
   name "DEFAULT_VLAN"
   untagged A1-A3,A6-A7,A17-A19,B2,B8-B12,B17-B18,C7-C24,Trk1-Trk4
   ip helper-address 10.31.48.21
   ip helper-address 10.31.48.22
   ip address 10.31.45.7 255.255.255.0
   tagged A20,A22
   no untagged A4,A8-A16,A21,A23-A24,B1,B3-B7,B13-B16,B19-B20,Trk10
   ip proxy-arp
   exit
vlan 100
   name "SUN_LAN"
   tagged Trk1-Trk4
   no ip address
   exit
vlan 110
   name "DAO_LAN"
   tagged A6,Trk1-Trk4
   no ip address
   exit
vlan 210
   name "HB-VLAN-210"
   untagged A12
   tagged A2-A3,A6,A19,B2-B3,B5-B6,B8-B12,Trk4
   no ip address
   exit
vlan 220
   name "HB-VLAN-220"
   tagged A2-A3,A6,A19,B2-B3,B5-B6,B8-B12,Trk4
   no ip address
   exit
vlan 230
   name "HB-VLAN-230"
   tagged A2-A3,A6,A19,B2-B3,B5-B6,B8-B12,Trk4
   no ip address
   exit
vlan 48
   name "Server_Vlan"
   untagged A4,A9,A11,A20-A21,A23-A24,B1,B3-B4,B6-B7,B13-B16,B20,Trk10
   ip address 10.31.48.7 255.255.255.0
   tagged A1-A3,A6,A8,A19,A22,B2,B5,B8-B12,Trk4
   exit
vlan 310
   name "iSCSI-VLAN-310"
   untagged A8,A10,A16,A22,B5,B19
   tagged A2,B2,Trk4
   no ip address
   exit
vlan 47
   name "ESB-PRINT"
   no ip address
   exit
vlan 46
   name "Management"
   no ip address
   exit
vlan 240
   name "Telenor-Statusplan"
   tagged A2-A3,A6,A19,B2-B3,B5-B6,B8-B12,Trk4
   no ip address
   exit
vlan 320
   name "VMware"
   untagged A13-A15
   no ip address
   exit
vlan 60
   name "SDM-Wireless-Clients"
   ip helper-address 10.31.48.21
   ip helper-address 10.31.48.22
   ip address 10.31.60.1 255.255.252.0
   tagged Trk10
   exit

Open in new window


And as said before this uplink change is working for two hours and then fail, causes lost connection to all devices connected to the 2824 switch...
Strange that its working for two hours before its going down. The only differnce between the CORE1 and CORE2 switch is the software version.
0
 
LVL 6

Expert Comment

by:RKinsp
Comment Utility
Im still looking through your configs, but regardless you should update your firmware, considering there is no firmware cost.
0
 
LVL 6

Expert Comment

by:RKinsp
Comment Utility
It would be interesting to see your hole config. Everything looks alright, however a mismatched trunk configuration could cause this problem.

So far, I'd assume it is a bug and upgrade version would fix it.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:pfpoulsen
Comment Utility
Config attached to this comment, and thank you for your help so far.
 I'll try to update the firmware at arround 1am to night. Right now the time is 10:32pm in Denmark where I am.. :)
conf.txt
0
 

Author Comment

by:pfpoulsen
Comment Utility
I'm not truking on the A6 (uplink to the 2824 switch) I'm only taging VLANs on that port..
0
 
LVL 6

Accepted Solution

by:
RKinsp earned 500 total points
Comment Utility
On your core 2 I believe you are missing VLAN 48 from A6, however this should not cause the problem you mentioned. You might also want to check the version on your 2824, since it has some version VLAN bugs.

I understand that when you configure this, you don't have any possible loop on your network, right? Because you might want to make sure the STP configurations match Remember that if MSTP is configured with different VLANs on two switches, they will treat it like different regions.

Let me know how the update went!

Best of luck,
RK
0
 

Author Comment

by:pfpoulsen
Comment Utility
vlan 48
   name "Server_Vlan"
   untagged A4,A9,A11,A20-A21,A23-A24,B1,B3-B4,B6-B7,B13-B16,B20,Trk10
   ip address 10.31.48.7 255.255.255.0
   tagged A1-A3,A6,A8,A19,A22,B2,B5,B8-B12,Trk4

Don't see that i'm missing vlan 48 :-)

There is no loop between the 2824 switches, and in log i can see that STP is not blocking the port its was the first thing i checked :)

The Update of the CORE2 swtich went fine - I'll try to night to change the uplink from CORE1 to the CORE2 switch again ...

Further follow.......
0
 

Author Closing Comment

by:pfpoulsen
Comment Utility
After the update the port does not loses its vlan tags anymore, and it has worked for more than 24 hours now :-)

Wired bug.. :-)
0
 
LVL 6

Expert Comment

by:RKinsp
Comment Utility
Hello Steffan, thanks for the points but it seems that you had it figured out all by yourself. I don't know if you can now, but feel free to close the question without awarding points.
Regards,
RK
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Transparency shows that a company is the kind of business that it wants people to think it is.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now