management vlan for 2950
I am trying to configure management vlan for my new 2950 to not use vlan1. Upstream is a ASA 5500.
This switch will need to support etherchannel and multiple vlans for other devices. Does anyone have a configuration example?
ASA-1
SW2950-2
This switch will need to support etherchannel and multiple vlans for other devices. Does anyone have a configuration example?
ASA-1
interface Ethernet0/2
description 2950-0/48
switchport trunk allowed vlan 50,80,100,800
switchport mode trunkSW2950-2
interface FastEthernet0/48
description uplink-ASA-0/2
switchport mode trunk
switchport nonegotiate
shutdown
spanning-tree portfast trunk
spanning-tree bpduguard enable
interface Vlan1
ip address 192.168.2.244 255.255.255.0
no ip route-cache
!SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes. You can use etherchannel between the two switches.
ASKER
Does the following looks right for the uplink port?
BPDU keeps slamming the port when I try to bring up 2950-4. Looks like I need to port the config to GNS3 and test.
ASA5500---C2950-1----C2950
|
|
|_______C2950-4 (NEW)
BPDU keeps slamming the port when I try to bring up 2950-4. Looks like I need to port the config to GNS3 and test.
interface FastEthernet0/48
description uplink-ASA-0/2
switchport mode trunk
switchport nonegotiate
shutdown
spanning-tree portfast trunk
spanning-tree bpduguard enableASA5500---C2950-1----C2950
|
|
|_______C2950-4 (NEW)
Please post the full configuration of both switches.
ASKER
Please see below. I was wrong about 2 and 3. The physical layout should be as following.
_____C2950-2
|
ASA5500---C2950-1
| |_____C2950-3
|
|_______C2950-4 (NEW)
C2950-1
C2950-4
_____C2950-2
|
ASA5500---C2950-1
| |_____C2950-3
|
|_______C2950-4 (NEW)
C2950-1
SWCH01#sh run
Building configuration...
Current configuration : 4800 bytes
!
!
version 12.1
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service sequence-numbers
!
hostname SWCH01
!
aaa new-model
enable X
enable X
!
username X
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
--More-- !
ip name-server 192.168.200.250
ip name-server 192.168.100.250
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description port to 1/F apch12
!
interface FastEthernet0/2
description YCDC-1F-MCH-44
switchport mode trunk
switchport nonegotiate
auto qos voip trust
--More-- macro description cisco-switch
spanning-tree link-type point-to-point
!
interface FastEthernet0/3
description AP112 computer lab
switchport mode trunk
switchport nonegotiate
mls qos trust cos
auto qos voip trust
macro description cisco-wireless
spanning-tree bpduguard enable
!
interface FastEthernet0/4
!
interface FastEthernet0/5
description AP111 music room
switchport mode trunk
switchport nonegotiate
mls qos trust cos
auto qos voip trust
macro description cisco-wireless
spanning-tree bpduguard enable
!
--More--
SWCH01#[6~~sh run
Building configuration...
Current configuration : 4800 bytes
!
! Last configuration change at 15:09:34 EST Thu Jan 22 2015 by hstfadmin
! NVRAM config last updated at 15:09:34 EST Thu Jan 22 2015 by hstfadmin
!
version 12.1
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service sequence-numbers
!
hostname SWCH01
!
aaa new-model
enable secret 5 $1$7DdO$uNOzR48dU3ny.hhglhPK40
enable password tf375
!
username hstfadmin password 0 375Centre
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
--More-- !
ip domain-name hstf.local
ip name-server 192.168.200.250
ip name-server 192.168.100.250
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description port to 1/F apch12
!
interface FastEthernet0/2
description YCDC-1F-MCH-44
switchport mode trunk
switchport nonegotiate
auto qos voip trust
--More-- macro description cisco-switch
spanning-tree link-type point-to-point
!
interface FastEthernet0/3
description AP112 computer lab
switchport mode trunk
switchport nonegotiate
mls qos trust cos
auto qos voip trust
macro description cisco-wireless
spanning-tree bpduguard enable
!
interface FastEthernet0/4
!
interface FastEthernet0/5
description AP111 music room
switchport mode trunk
switchport nonegotiate
mls qos trust cos
auto qos voip trust
macro description cisco-wireless
spanning-tree bpduguard enable
!
--More-- interface FastEthernet0/6
!
interface FastEthernet0/7
description AP113 hcap room
switchport mode trunk
switchport nonegotiate
mls qos trust cos
auto qos voip trust
macro description cisco-wireless
spanning-tree bpduguard enable
!
interface FastEthernet0/8
!
interface FastEthernet0/9
description AP110 staffroom
switchport mode trunk
switchport nonegotiate
mls qos trust cos
auto qos voip trust
macro description cisco-wireless
spanning-tree bpduguard enable
!
interface FastEthernet0/10
--More-- !
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/14
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/15
description PC desktop
--More-- switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/16
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/17
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/18
--More-- description 041
switchport mode access
logging event status
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/19
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/20
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
--More-- !
interface FastEthernet0/21
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/22
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/23
description YCDC-2F-R4LAB
switchport mode trunk
switchport nonegotiate
auto qos voip trust
macro description cisco-switch
--More-- spanning-tree link-type point-to-point
!
interface FastEthernet0/24
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.200.241 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.200.1
ip http server
logging trap warnings
logging 192.168.50.44
snmp-server community Ritmo RO
--More-- !
line con 0
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!
ntp clock-period 17179703
ntp server 192.168.200.250 prefer
ntp server 192.168.100.250
!
end
SWCH01# sh run en
SWCH01#sh run
Building configuration...
Current configuration : 4800 bytes
!
! Last configuration change at 15:09:34 EST Thu Jan 22 2015 by hstfadmin
! NVRAM config last updated at 15:09:34 EST Thu Jan 22 2015 by hstfadmin
!
version 12.1
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service sequence-numbers
!
hostname SWCH01
!
aaa new-model
enable secret 5 $1$7DdO$uNOzR48dU3ny.hhglhPK40
enable password tf375
!
username hstfadmin password 0 375Centre
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
--More-- !
ip domain-name hstf.local
ip name-server 192.168.200.250
ip name-server 192.168.100.250
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description port to 1/F apch12
!
interface FastEthernet0/2
description YCDC-1F-MCH-44
switchport mode trunk
switchport nonegotiate
auto qos voip trust
--More-- macro description cisco-switch
spanning-tree link-type point-to-point
!
interface FastEthernet0/3
description AP112 computer lab
switchport mode trunk
switchport nonegotiate
mls qos trust cos
auto qos voip trust
macro description cisco-wireless
spanning-tree bpduguard enable
!
interface FastEthernet0/4
!
interface FastEthernet0/5
description AP111 music room
switchport mode trunk
switchport nonegotiate
mls qos trust cos
auto qos voip trust
macro description cisco-wireless
spanning-tree bpduguard enable
!
--More-- interface FastEthernet0/6
!
interface FastEthernet0/7
description AP113 hcap room
switchport mode trunk
switchport nonegotiate
mls qos trust cos
auto qos voip trust
macro description cisco-wireless
spanning-tree bpduguard enable
!
interface FastEthernet0/8
!
interface FastEthernet0/9
description AP110 staffroom
switchport mode trunk
switchport nonegotiate
mls qos trust cos
auto qos voip trust
macro description cisco-wireless
spanning-tree bpduguard enable
!
interface FastEthernet0/10
--More-- !
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/14
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/15
description PC desktop
--More-- switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/16
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/17
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/18
--More-- description 041
switchport mode access
logging event status
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/19
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/20
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
--More-- !
interface FastEthernet0/21
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/22
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/23
description YCDC-2F-R4LAB
switchport mode trunk
switchport nonegotiate
auto qos voip trust
macro description cisco-switch
--More-- spanning-tree link-type point-to-point
!
interface FastEthernet0/24
description PC desktop
switchport mode access
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.200.241 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.200.1
ip http server
logging trap warnings
logging 192.168.50.44
snmp-server community Ritmo RO
--More-- !
line con 0
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!
ntp clock-period 17179703
ntp server 192.168.200.250 prefer
ntp server 192.168.100.250
!
end
SWCH01# sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
0060B9C84F1E Fas 0/14 174 H BCM91100
0060B9C86FE2 Fas 0/17 162 H BCM91100
0060B9C8BA7B Fas 0/2 178 H BCM91100
0060B9C8D5EF Fas 0/9 121 H BCM91100
0060B9C84F30 Fas 0/13 170 H BCM91100
C2950-2
Fas 0/12 171 S I WS-C2950-2Fas 0/6
C2950-3
Fas 0/23 123 S I WS-C2950G-Fas 0/24
0060B9C862A8 Fas 0/9 138 H BCM91100 C2950-4
interface FastEthernet0/48
description uplink-ASA-0/2
switchport mode trunk
switchport nonegotiate
shutdown
spanning-tree portfast trunk
spanning-tree bpduguard enable
interface Vlan1
ip address 192.168.2.244 255.255.255.0
no ip route-cache
!
What do you mean by "BPDU keeps slamming the port when I try to bring up 2950-4."?
You don't have any loops and all you're doing is connecting a switch to a port on the ASA. It doesn't get much easier than this.
You don't have any loops and all you're doing is connecting a switch to a port on the ASA. It doesn't get much easier than this.
ASKER
The switchport in C2950-4 went to error disable with BDP error when I try to bring it up.
cdp neighbor doesn't show router ...... I missed one link to the ASA, By looking the port description in C2950-2 and ASA. I think this should be physical layout. (Apologize for the confusion) Would this leg to the ASA causing aloop?
Is there a way to spill out verbose log of what is causing the loop from STP?
_________________________
| _____C2950-2
| |
ASA5500---C2950-1
| |_____C2950-3
|
|_______C2950-4 (NEW)
C2950-2
cdp neighbor doesn't show router ...... I missed one link to the ASA, By looking the port description in C2950-2 and ASA. I think this should be physical layout. (Apologize for the confusion) Would this leg to the ASA causing aloop?
Is there a way to spill out verbose log of what is causing the loop from STP?
_________________________
| _____C2950-2
| |
ASA5500---C2950-1
| |_____C2950-3
|
|_______C2950-4 (NEW)
C2950-2
interface FastEthernet0/23
description uplink-ASA-0/1
switchport mode trunk
switchport nonegotiate
mls qos trust dscp
auto qos voip trust
macro description cisco-router
spanning-tree portfast trunk
spanning-tree bpduguard enable
end
SWCHDT01#sh run int fa 0/24
Building configuration...
Current configuration : 207 bytes
!
interface FastEthernet0/24
description uplink-swch01-0/23
switchport mode trunk
switchport nonegotiate
auto qos voip trust
macro description cisco-switch
spanning-tree link-type point-to-point
endASA# sh run int
!
interface Ethernet0/0
description internet-uplink
switchport access vlan 40
!
interface Ethernet0/1
description C2950-2-0/23
switchport access vlan 100
!
interface Ethernet0/2
description SWCH02-0/48
switchport access vlan 100
shutdown
!
interface Ethernet0/3
description 2F-TLC:apch21
switchport trunk allowed vlan 50,80,100,800
switchport trunk native vlan 800
switchport mode trunk
!
interface Ethernet0/4
description 2F-STAFFROOM:apch22
switchport trunk allowed vlan 50,80,100,800
switchport trunk native vlan 800
switchport mode trunk
!
interface Ethernet0/5
description 1F-STAFFROOM:apch11
switchport trunk allowed vlan 50,80,100,800
switchport trunk native vlan 800
switchport mode trunk
!
interface Ethernet0/6
description 1F-PCLAB:apch12
switchport trunk allowed vlan 50,80,100,800
switchport trunk native vlan 800
switchport mode trunk
!
It's impossible to say for certain without a more detailed understanding of your network, but I can almost guarantee that you should not have BPDU guard enabled on the switch 4 ports connecting to any other network devices (switches, ASA).
ASKER
I can provide any log except C2950-4 as the port is shut and I have no console access until tomorrow. Would that help?
The picture above should provide the complete topology .
The picture above should provide the complete topology .
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There is more to this than a diagram. For example, where is the root bridge. I'm assuming it's not switch 4. So you do not want BPDU guard on that switch.
As long as you have BPDU guard enabled on that switch, the port will go err-disable within 2 seconds of connecting it.
As long as you have BPDU guard enabled on that switch, the port will go err-disable within 2 seconds of connecting it.
ASKER
Thanks. I verified the links between between the switch have no bpdu guard and portfast.
Once I removed bpdu on switch4 (No devices are connected yet), the link comes up but there are errors. Is it correct that I should only enable BDPU and portfast on access port?
C2950-4
Once I removed bpdu on switch4 (No devices are connected yet), the link comes up but there are errors. Is it correct that I should only enable BDPU and portfast on access port?
.Mar 8 14:24:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/47, changed state to up
.Mar 8 14:24:45: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on FastEthernet0/47 VLAN100.
.Mar 8 14:24:45: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/47 on VLAN0100. Inconsistent local vlan.C2950-1# sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0014.a8ba.2340
Cost 19
Port 12 (FastEthernet0/12)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0019.e774.b2c0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/6 Desg FWD 19 128.6 P2p
Fa0/9 Desg FWD 19 128.9 P2p
Fa0/12 Root FWD 19 128.12 P2p
Fa0/13 Desg FWD 19 128.13 Edge P2p
Fa0/14 Desg FWD 19 128.14 Edge P2p
Fa0/17 Desg FWD 19 128.17 Edge P2p
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg FWD 19 128.24 Edge P2pC2950-4
interface FastEthernet0/47
description UPLINK-RCH01-0/2
switchport trunk allowed vlan 50,80,100,800
switchport mode trunk
!
interface FastEthernet0/48
shutdown
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan800
ip address 192.192.200.52 255.255.255.0
no ip route-cache
!
ip default-gateway 192.192.200.1
ip http server
logging trap warnings
logging 192.168.50.44
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
ntp clock-period 17179867
ntp server 192.168.200.250 key 0 prefer
ntp server 192.168.100.250 key 1
!
end
C2950-4#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Fa0/25, Fa0/26, Fa0/27, Fa0/28
Fa0/29, Fa0/30, Fa0/31, Fa0/32
Fa0/33, Fa0/34, Fa0/35, Fa0/36
Fa0/37, Fa0/38, Fa0/39, Fa0/40
Fa0/41, Fa0/42, Fa0/43, Fa0/44
Fa0/45, Fa0/46, Fa0/48, Gi0/1
Gi0/2
50 guest50 active
100 prod100 active
500 serv500 active
800 mgmt800 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup Is it correct that I should only enable BDPU and portfast on access port?
By "BPDU" do you mean BPDU guard? If so, that is correct. Portfast (and other related enhancements) should never be applied to ports which connect to other network devices.
The error you're receiving is due to a VLAN mis-match on port f0/47. Most likely, the allowed VLANs for the port are not the same as on switch 4 or you have a native VLAN mis-match.
Would need to see the config for that switch to know for sure.
ASKER
VLAN 100 is in the trunk on ASA 0/2 and so does on C2950-4. (See my previous post)
ASA
ASA
interface Ethernet0/0
description internet-uplink
switchport access vlan 40
!
interface Ethernet0/1
description C2950-1-0/23 (TO BE DECOMMISSION)
switchport access vlan 100
!
interface Ethernet0/2
description C2950-4-0/48 (NEW)
switchport trunk allowed vlan 50,80,100,800
switchport mode trunk
!
interface Ethernet0/3
description 2F-TLC:apch21
switchport trunk allowed vlan 50,80,100,800
switchport trunk native vlan 800
switchport mode trunk
!
interface Ethernet0/4
description 2F-STAFFROOM:apch22
switchport trunk allowed vlan 50,80,100,800
switchport trunk native vlan 800
switchport mode trunk
!
interface Ethernet0/5
description 1F-STAFFROOM:apch11
switchport trunk allowed vlan 50,80,100,800
switchport trunk native vlan 800
switchport mode trunk
!
interface Ethernet0/6
description 1F-PCLAB:apch12
switchport trunk allowed vlan 50,80,100,800
switchport trunk native vlan 800
switchport mode trunk
Minor point: On the ASA, it shows connecting to port "C2950-4-0/48", but you say that it's connected to port 47.
Are you certain that VLAN 100 is correctly defined on the ASA?
Are you certain that VLAN 100 is correctly defined on the ASA?
ASKER
Yes sir. It was a typo in the label.
ASA
C2950-4
ASA
sh sw vlan
VLAN Name Status Ports
---- -------------------------------- --------- -----------------------------
1 - down Et0/7
40 outside up Et0/0
50 guest50 up Et0/2, Et0/3, Et0/4, Et0/5
Et0/6
80 prod80 up Et0/2, Et0/3, Et0/4, Et0/5
Et0/6
100 inside up Et0/1, Et0/2, Et0/3, Et0/4
Et0/5, Et0/6
200 voice200 down
500 serv500 down
800 mgmt800 up Et0/2, Et0/3, Et0/4, Et0/5
Et0/6C2950-4
sh int fa0/47 switchport
Name: Fa0/47
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 50,80,100,800
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: noneASKER
Does the following matter? switch 1-3 are using vlan 1. Literally vlan 1 is the same 100 but I would like to migrate off vlan 1 for best practice.
C2950-1#
C2950-1#
sh spanning-tree root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- ------ ----- --- --- ----------------
VLAN0001 32769 0014.a8ba.2340 38 2 20 15 Fa0/24 Literally vlan 1 is the same 100 but I would like to migrate off vlan 1 for best practice.I'm not sure what you're trying to say here, but 1 and 100 are not the same thing. You may be using them as the same thing, but they are most certainly not the same.
That said, you're going to want to have the same approach on all the switches. Otherwise, it's just going to confuse the issue.
ASKER
This setup was done by someone long time and will be replaced by vlan 100 with the exact same subnet and ip address. I am curious if the messages can be ignored in the meantime?
.Mar 8 14:24:45: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on FastEthernet0/47 VLAN100. .Mar 8 14:24:45: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/47 on VLAN0100. Inconsistent local vlan.ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I made the change over the weekend (Can't make the change during business hours) on the ASA / switch and the error went away.
It is a requirement on setting native vlan the same on all the trunk ports in ASA, when one of them is have native vlan set?
It is a requirement on setting native vlan the same on all the trunk ports in ASA, when one of them is have native vlan set?
Mar 16 20:24:36: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/47 on VLAN0100. Port consistency restored.It is a requirement on setting native vlan the same on all the trunk ports in ASA,No. The native VLAN only has to match both ends of a trunk.
ASKER
Thanks. Going to swap the switch this weekend!
ASKER
Current
ASA5500---C2950-1----C2950
Planned
_____________
| C2950-3
ASA5500 ||
| ||
| (||) Etherchannel
| ||
|____________C2950-4 (New)