Skip to main content

Weird CatOS to IOS Trunk Problem – Cannot Ping

I was setting this very basic configuration up the other evening and could not get basic L3 connectivity up and running.

 

I have a ASR 1002 on one side and an Catalyst 6509 running Hybrid CATOS and IOS. The configuration is basically to connect two devices for routing using 802.1q vlans. Here is the configs, but I cannot ping between the devices.

ASR1002



interface GigabitEthernet0/0/2
no ip address
negotiation auto
!
interface GigabitEthernet0/0/2.700
encapsulation dot1Q 700
ip address 172.24.253.17 255.255.255.252
ip ospf network point-to-point

6509 – Switch



set vlan 700   3/3
clear trunk 3/3  1-699,701-1005,1025-4094
set trunk 3/3  on dot1q 700
set spantree portfast    3/3 enable trunk
end

6509 - MSFC



interface Vlan700
ip address 172.24.253.18 255.255.255.252
ip ospf network point-to-point
end


I could not see any issue, so to confirm try and establish if it was some trunking issue, I remove the trunk and used the main interface on the ASR1000 and access port to vlan on the 6509 and I could ping between the devices no problem.

 

Happy the L2 was now establish I decided to rebuild the configuration again and still had the same issues. Not sure why I tried the next step but I modified the configuration on the 6509 to be this:

I issued set vlan 1   3/3

6509 - Switch



#module 3 : 16-port 1000BaseX Ethernet
clear trunk 3/3  1-699,701-1005,1025-4094
set trunk 3/3  on dot1q 700
set spantree portfast    3/3 enable trunk
end


Now everything is working ok ?

It also works with: set vlan 10   3/3 just not with the same VLAN as the trunk is using ???

 

It is Working


So in this situation it seems I cannot have the switchport configured with the same vlan id as I want to trunk. I found this really weird since I had stripped all vlans off the trunk anyway? Hope this helps some one else. Not that I really needed the Vlan assigned, so no big deal in most cases (what was I thinking!!!).

 

Code Level:


ASR1002


Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.1(1)S1, RELEASE SOFTWARE (fc1)
asr1000rp1-adventerprisek9.03.02.01.S.151-1.S1.bin

6509 – Switch


WS-C6509 Software, Version NmpSW: 7.6(9)
Copyright (c) 1995-2004 by Cisco Systems
NMP S/W compiled on Aug 27 2004, 20:05:14

System Bootstrap Version: 7.1(1)
System Boot Image File is 'bootflash:cat6000-sup2k8.7-6-9.bin'

6509 – MFSC


ROM: System Bootstrap, Version 12.1(11r)E1, RELEASE SOFTWARE (fc1)
BOOTFLASH: MSFC2 Software (C6MSFC2-BOOT-M), Version 12.1(8b)E11, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

 

Comments

Popular posts from this blog

ASR1006 Dual Route Processors Password Recovery - Tip

I recently ran into an issue when trying to perform dual route processors password recovery on a Cisco  ASR1006
Problem
After breaking into rommon mode and using confreg to ignore the startup configuration, during the rest the ASR1006 loaded the startup configuration!!!!!!!!
Solution
So quick and simple, I pulled one of the RP and preformed password recovery running on a single RP. All went according to the Cisco documentation

http://www.cisco.com/en/US/docs/routers/asr1000/install/guide/routers/asr1_hwc.html#wp1045971



After the system running on a single RP was recovered and fully booted I waiting for 5 minutes just to be sure; then I inserted the second RP and allowed everything to sync up.



All was well again :) phew



Note: The system was previously fully functioning with dual RPs; a configuration error was made during Tacacs+ configuration which resulted in lockout.


Summary
I hit an issue recovering and ASR with dual RPs, so rather that spending hour researching, I decided very quickly to go …

Where are all the AAA and PKI solutions gone for Dot1x

More Question than answers
(This series will be based on an enterprise with >20,000 dot1x devices)

I have been looking into dot1x authentication for Wired and Wireless devices based on device identity using x.509 Certificates. While I understand PKI, AAA, PEAP and sorts I had never really had the opertunity to bring these technologies together. I quickly found out that despite this stuff being around for years,  it was difficult to answer the following questions:

Which PKI solution should I use?
Which AAA solution should I use?
How to setup the PKI solution?
Does the PKI server need to be part of AD?
What if the clients are not in AD e.g. Wireless Tablets?
How do I issue certificates for devices?
How to configure the devices (wired and wireless)?
What AAA server do I use?
How do configure the rules and policies and identify clients?


What are the answers?
I am going to kick off a series here at networking-guru.net that tries to address the question above; I have limited time but hopefully I can …

Dell Latitude D830 SSD Upgrade

Slow Laptop Syndrome
I have a LATITUDE D830 : INTEL CORE 2 DUO T7500 4GB Ram from 2008, I did get a fairly high specification at the time, so it has always had pretty decent performance. However I haven't been using it for a while and when I did it seemed slow compared to my Core 5i desktop computer. (I use Windows 7 ultimate with the latest updates)

Laptop for Work
Now I might be doing a fair bit of travelling to customer sites in the near future and the last thing I want is a poorly performing Laptop, so I decide to ditch all the crap I had on it like iTunes, movies, miscellaneous software and cut back to a basic "work" PC. After all I do have iPhone, iPad and new kindle (soon) for all my multi media needs.

I purchased a "Corsair 120GB Force 3 SSD 2.5" SATA-III 6Gb/s Read = 550MB/s, Write = 510MB/s" from ebuyer.com. Now I am guessing that SATA-II rather that SATA-III on the system board, but the price difference between SATA-II and SATA-III was nothing …