Expanding topology crashes a piece of vlan

[Iago77]

I'm expanding the existing topology in my company. I have a central Catalyst 4510 with many VLAN.

I'm trying to connect a 2900XL with ethernet link, so I've set the vtp mode in transparent (4510 is in server mode). I've defined three VLAN: 2 (Support) and 3 (Intranet), the same ID as in 4510.

In 2900 I've configured f 0/1 like a trunk port. I haven't disallowed any vlan by now throgh trunking. I connect 2900 and 4510 (g 4/47 as a trunk port), there's layer 1 and layer 2 (interface is up, line protocol is up).

Suddenly, some stations from vlan 2 losses connection, only a a few of them. The rest of members (whose ports belongs to the same vlan 2) can work as always.

_____4510___________________________........ 2900
/ \ |
sw1 sw2 sw3
/ | \ / | \ / | \
s1 s2 s3 s4 s5 s6 s7 s8 s9

For example, s1, s2, s4 and s5 belongs vlan2. If I connect 2900, s1 and s2 losses connection: (ping won't work).

There's no spanning-tree enabled, nevertheless sw3 has only stations that belongs to vlan3 (it connects to 4510 throgh fiber link) and the configuration would be the same. I've looking at the configuration and there's a unique difference ("no spanning-tree vlan 2, 3, etc).

I'm putting the blame on sw1 (different provider: 3com) the rest of them are Cisco too.

Maybe convergence time? I thought this operation would be fast.

Is there a special configuration if you have some trunk ports in a switch?

 

[vipergg]

without seeing the configs its a crapshoot . In any case I would never turn off spanning tree . This causes little overhead and prevents spanning tree loops from anyone who may come along and wire something incorrectly or decide they are going to stick there own standlone hub or switch on the network.

 

[Iago77]

I'm going to try it again tomorrow.

2900 running-config
-------------------

version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
!
!
!
!
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
switchport access vlan 2
!
interface FastEthernet0/4
switchport access vlan 2
!
interface FastEthernet0/5
switchport access vlan 2
!
interface FastEthernet0/6
switchport access vlan 2
!
interface FastEthernet0/7
switchport access vlan 2
!
interface FastEthernet0/8
switchport access vlan 3
!
interface FastEthernet0/9
switchport access vlan 15
!
interface FastEthernet0/10
switchport access vlan 15
!
interface FastEthernet0/11
switchport access vlan 15
!
interface FastEthernet0/12
switchport access vlan 15
!
interface VLAN1
no ip directed-broadcast
no ip route-cache
!
interface VLAN3
ip address 192.168.4.213 255.255.254.0
no ip redirects
no ip directed-broadcast
no ip proxy-arp
no ip route-cache
shutdown
!
!
line con 0
transport input none
stopbits 1
line vty 5 15
!
end


4510R1 Configuration
--------------------

Current configuration : 14327 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname cisco4510R
!
boot-start-marker
boot-end-marker
!
!
redundancy
mode sso
enable secret 5 $1$8VAc$RvUozGyc9Ibq0EeJ4qDYs.
!
no aaa new-model
qos
ip subnet-zero
!
!
!
key chain C4500
key 1
key-string Rsistemas
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
no spanning-tree vlan 1-1024
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!

... (I'm not including all the hundreds of interfaces

... There's no "switchport mode trunk" at the moment, it'll be this port anyway

!
interface GigabitEthernet4/47
switchport trunk encapsulation dot1q
!
!
interface Vlan1
no ip address
!
interface Vlan3
description "Intranet"
ip address 192.168.4.8 255.255.254.0
ip helper-address 172.21.40.164
no ip redirects
no ip proxy-arp
ip rip authentication mode md5
ip rip authentication key-chain C4500
standby ip 192.168.4.1
standby priority 111
standby preempt
standby authentication SOLUZION
!
interface Vlan4
description "Call Center"
ip address 172.21.0.8 255.255.255.0
ip helper-address 172.21.40.164
no ip redirects
ip rip authentication mode md5
ip rip authentication key-chain C4500
standby ip 172.21.0.1
standby priority 111
standby preempt
standby authentication SOLUZION
!
interface Vlan11
description "servidores corporativos"
ip address 172.21.40.84 255.255.254.0
no ip redirects
no ip proxy-arp
ip rip authentication mode md5
ip rip authentication key-chain C4500
no ip mroute-cache
standby ip 172.21.40.1
standby priority 111
standby preempt
standby authentication SOLUZION
!
interface Vlan14
ip address 172.21.100.1 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain C4500
!
interface Vlan104
description "Calle real"
ip address 192.168.6.8 255.255.254.0
ip helper-address 172.21.40.164
no ip redirects
no ip proxy-arp
ip rip authentication mode md5
ip rip authentication key-chain C4500
standby ip 192.168.6.1
standby priority 111
standby preempt
standby authentication SOLUZION
!
router rip
version 2
redistribute connected
redistribute static
passive-interface Vlan14
network 172.21.0.0
network 192.168.4.0
network 192.168.6.0
neighbor 172.21.0.9
neighbor 172.21.40.85
neighbor 192.168.6.9
neighbor 192.168.4.9
maximum-paths 5
no auto-summary
!
ip default-gateway 172.21.40.1
ip route 172.30.4.0 255.255.255.0 172.21.100.10
ip route 172.30.254.0 255.255.255.0 172.21.100.10
no ip http server
!
!
logging trap debugging
logging 172.21.41.46
no cdp run
!
!
snmp-server community trafico RO
!
line con 0
exec-timeout 0 0
password cisco
login
stopbits 1
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
end
..

 

[vipergg]

I wouldn't turn off spanning tree ("no spanning-tree vlan 1-1024) on the 4510 , you have no protection if you have an unknown loop in your network .

 

[KiscoKid]

Out of interest, what kind of machines do you have that lose access when the new switch is added?

I ask as I remember a particularly gritty problem I had to work on that involved 3Com and Cisco switches with Apple MACs. Cisco switches come with STP enabled and it was wreaking havoc on the 3Com switched network and specifically anything attached to some Apple MACs.

I had to

(a) Ensure the switched network was loopfree (sounds like yours is if all the switches you have are connected only via the 4510)

(b) Disable spanning tree on every switch in the network inc. the Cisco.

I was able to replicate this issue at any time by enabling Spanning Tree on the Cisco.

May be worth checking sw2 and sw3 and see if they have spanning tree disabled.

 

[Iago77]

I've disabled STP on 2900. By default is enabled. Just works!

Thank you very much