897VAW: Cannot add Allowed vlans to Trunk on WLAN-GigabitEthernet interface

Similar Messages

• Unable to add allowed VLANs to TenGig trunk port

  Hi,
  I've got a ten gig interface on a 6509 running 12.2(33) configured as a trunk, but I've not been able to add any allowed VLANs as I've done before on other ten gig ports on different 6509 chassis. Am I missing something obvious?
  I'm assuming that the reason I'm unable to set the encapsulation to dot1q is because the new hardware doens't support ISL, hence no need. The command to add the VLANs however doesn't get rejected, it just doesn't appear to do anything.
  I've tried adding single VLANs and multiples, but no joy. Any ideas?
  Here's what I've done:
  SWITCH_1631(config)#default int t4/1
  Interface TenGigabitEthernet4/1 set to default configuration
  SWITCH_1631#sh ru int t4/12
  Building configuration...
  Current configuration : 65 bytes
  interface TenGigabitEthernet4/12
   no ip address
   shutdown
  end
  SWITCH_1631(config)#int t4/1
  SWITCH_1631(config-if)#switchport
  SWITCH_1631(config-if)#switchport mode trunk
  SWITCH_1631(config-if)#switchport trunk allowed vlan ?
    WORD    VLAN IDs of the allowed VLANs when this port is in trunking mode
    add     add VLANs to the current list
    all     all VLANs
    except  all VLANs except the following
    none    no VLANs
    remove  remove VLANs from the current list
  SWITCH_1631(config-if)#switchport trunk allowed vlan add 700
  SWITCH_1631(config-if)#
  SWITCH_1631#sh vlan id 700
  VLAN Name                             Status    Ports
  700  VLAN_NAME                        active    <snip>
  SWITCH_1631#sh ru int t4/1
  Building configuration...
  Current configuration : 74 bytes
  interface TenGigabitEthernet4/1
   switchport
   switchport mode trunk
  end

  Steve,
  Thanks for getting back to me. You're right that it is by default a dot1q trunk allowing all VLANs, therefore it should work for what I want to do.
  Port                Mode         Encapsulation  Status        Native vlan
  Gi3/39              on           802.1q         trunking      1
  Te4/1               on           802.1q         trunking      1
  Po1                 on           802.1q         trunking      50
  Po2                 on           802.1q         trunking      50
  Po3                 on           802.1q         trunking      50
  Po4                 on           802.1q         trunking      50
  Po5                 on           802.1q         trunking      50
  Port                Vlans allowed on trunk
  Gi3/39              15-16,20-23,30,401,608
  Te4/1               1-4094
  Po1                 10,13,20-21,25,30,50,52,61,70,600,700-701,950
  Po2                 10,20,30,50,52,61,70,600,700-701,950
  Po3                 10,20,30,50,61,70,600,700-701,950
  Po4                 10,20,30,50,61,70,600,700-701,950
  Po5                 2-3,10-23,25-26,30,35-36,40,50-53,56,58,61,65,70,77,101-102,145-146,155-158,401-402,600-602,608,700-701,800,950
  The problem was that I've always been advised that best practise is to only allow the VLANs that are actually required on a trunk to avoid broadcasting traffic unnecessarily. I worked out what the issue was though, and it was a pretty simple one!
  Once I saw that 1-4094 was allowed I tried "switchport trunk allowed vlan remove 700" which worked and left me with 1-699,701-4094.
  Then I realised what the problem was  trying to use the "add" command when all possible VLANs had already been added. As soon as I got rid of it and used "switchport trunk allowed vlan 700" followed by "switchport trunk allowed vlan add 701" I was back in business.
  So it was a very simple issue, but thank you Steve for pointing me in the right direction and confirming that all the VLANs were already allowed!

• Missing Allowed vlans on trunk on Standby ACE.

  Guys,
  I would like to know if allowing vlans under portchannel will replicate on standby unit.Somehow I see all configuration is sync except  switchport trunk allowed vlan under Portchannel.             
  Thanks
  Ajay

  Hi Siva,
  I remove 3rd port from port channel but still vlans are not getting sync.
  ACE1/Admin# sh vlan
  Vlans configured on physical port(s)
  vlan3001  vlan3060  vlan3200-3201  vlan3208  vlan3260-3262  vlan3264-3265  vlan3270-3272  vlan3274-3275  vlan3280  vlan3300-3302  vlan3650-3652  vlan3661-3663  vlan3668-3669  vlan4090
  ACE1/Admin#
  ACE2/Admin# sh vlan
  Vlans configured on physical port(s)
  vlan3001  vlan3200-3201  vlan3208  vlan3260-3262  vlan3264-3265  vlan3270-3272  vlan3274-3275  vlan3300-3302  vlan3650-3652  vlan3661  vlan3668-3669  vlan4090
  ACE2/Admin#
  ACE1/Admin# sh ft group status
  FT Group                     : 1
  Configured Status            : in-service
  Maintenance mode             : MAINT_MODE_OFF
  My State                     : FSM_FT_STATE_ACTIVE
  Peer State                   : FSM_FT_STATE_STANDBY_HOT
  Peer Id                      : 1
  No. of Contexts              : 1
  Running cfg sync status      : Running configuration sync has completed
  Startup cfg sync status      : Startup configuration sync has completed
  ft peer 1
    heartbeat interval 300
    heartbeat count 10
    ft-interface vlan 4090
    query-interface vlan 3001
  ft group 1
    peer 1
    no preempt
    priority 150
    associate-context Admin
    inservice
  any suggestion/ next steps to troubleshoot ?
  Thanks
  Ajay

• VTP Pruning vs Allowing VLANs on Trunk ports

  We would like to know best approach to reduce VLAN traffic on our network. We are currently trunking all fiber ports 802.1q.
  We have about 73 VLANs across the network. We have done a lot of research and there seem to be a lot of theoretical answers but no one who uses it in practice.
  Here is our current configs for fiber ports between closets:
  Cisco WMH6509
  interface GigabitEthernet2/8
   description Fiber To STB Lab 3850
   switchport
   switchport trunk encapsulation dot1q
   switchport mode trunk
   no ip address
   no snmp trap link-status
  end
  Cisco STB Lab 3850
  interface GigabitEthernet1/1/1
   description Fiber To WMH6509
   switchport mode trunk
  end
  We are considering:
  VTP Pruning Enable
             or
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 26,99,109,188
   switchport mode trunk
  Thanks,
  Tom

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of   the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  As I have some years (cough - decades) software development experience, I lean toward automation solutions, so, for example, I often prefer dynamic routing over static routing, and so likewise, I prefer VTP over manual configuration on multiple devices.
  However, VTP does have some "quirks".  For example, this year I ran into an issue where an edge switch had a new VLAN defined to a port which wasn't in use on a transit switch, so VTP auto pruning, pruned it off the transit's uplink trunk.  (I was a bit of a pain to find the cause as VTP doesn't prune right away - edge worked for a bit and then it stopped working.  One fix would have been to stop using VTP auto-pruning, across the whole VTP domain, but instead, configured VTP to not auto-prune the needed VLAN across the needed trunk.)
  So, as Paul notes, VTP auto pruning might be easier to get going, but be prepared for unexpected incidents (again, not saying you'll have any, just be prepared).  So, if you're prepared, I would go with VTP auto pruning, but if you want to "play safe", go with Paul's recommendation.

• Does it need add the native vlan to allowed vlan list ?

  If I confiured the port like this "
  switchport trunk native vlan 10
  switchport trunk allowed vlan 11,12"
  does the vlan 10 allowed passing ? or it still need add vlan 10 to the allowed vlan list like "
  switchport trunk native vlan 10
  switchport trunk allowed vlan 10,11,12"
  Thanks

  Yes you can remove the native VLAN from the list, and it does prevent the native VLAN from traversing the trunk. That is, if you look at the Spanning Tree for the native VLAN, the trunk will be absent from the list of ports on the VLAN.
  The question of untagged frames is a different one. There are some control protocols, particularly link-local ones, that are sent untagged, and these will traverse the trunk regardless. However, they are not considered as part of the native VLAN Spanning Tree as such.
  But beware: there is a bug in earlier IOS and in all CatOS switches! If you use a non-1 VLAN as your trunk native VLAN, and you disallow it from the trunks, and there are no other ports carrying that native VLAN, then the Spanning Tree for that VLAN shut down. That is fair enough. But the bug is that the Spanning Tree for VLAN 1 also breaks down, sending your network into meltdown.
  Kevin Dorrell
  Luxembourg

• CSCur53506 - broadcast flood when allowed vlan add/remove on protected port

  Does not this Bug occur in IOS 15.XX ?

  Thanks for the reply - yes I did save it.  All the other ports have the command.  But when the phone boots up - it ends up disappearing after the above occurs:
  When the phone boots up - it seems to encounter a broadcast storm (???) the port goes from this:
  interface gigabitethernet36
  switchport trunk allowed vlan add 10
  to this:
  interface gigabitethernet36
  storm-control broadcast enable
  storm-control broadcast level 10
  storm-control include-multicast
  port security max 10
  port security mode max-addresses
  port security discard trap 60
  spanning-tree portfast
  switchport trunk allowed vlan add 10
  macro description ip_phone
  !next command is internal.
  macro auto smartport dynamic_type ip_phone
  Then in a minute or two I'm no longer able to ping the voicelan - and when I do a show run - gi36 isn't even visible.  However, the PC that is also on gi36 works fine.
  If I then reissue the 'switchport trunk allowed vlan add 10' to gi36 - the phone is pingable - and works continuously until the phone is rebooted.
  So I'm not really sure what happens during the bootup that causes this to happen, or a way to try and prevent it from occuring.

• New Firefox does not allow me to add attitional bookmarks. I can delete but I cannot add a new site or sites. Do you have an instant fix for the problem?

  I have xp and have always been able to use bookmarks. The new Firefox allows me to go to a site with bookmarks, delete bookmarks, but I cannot add a bookmark by clicking on the star.
  Also, Ebay's pages have smaller print (and pictures) than they should have - Google has the correct print and picture size. There is something wrong with Firefox.

  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.
  *Switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance
  *Do NOT click the Reset button on the Safe Mode start window
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes
  You can check for problems with the <b>places.sqlite</b> database file in the Firefox profile folder.
  *http://kb.mozillazine.org/Bookmarks_history_and_toolbar_buttons_not_working_-_Firefox
  *https://support.mozilla.org/kb/Bookmarks+not+saved#w_fix-the-bookmarks-file
  *Places Maintenance: https://addons.mozilla.org/firefox/addon/places-maintenance/
  You may have zoomed the page(s) by accident.<br>Reset the page zoom on pages that cause problems.
  *<b>View > Zoom > Reset</b> (Ctrl/Command+0 (zero))
  *http://kb.mozillazine.org/Zoom_text_of_web_pages

• I cannot add a printer. It is not listed under default, and does not allow me to add printer.

  I cannot add a printer. It is not listed under default, and does not allow me to a add printer.

  philw
  Try some maintenance actions:
  1) Reset Printing System:
  http://support.apple.com/kb/PH14141
  2) If that doesn't help, repair the hard drive and permissions after booting from the recovery partition:
  http://support.apple.com/kb/ts1417
  (go down to "Try Disk Utility")

• I cannot add a site to the list of allow micro sites on Flash Player settings manager

  I cannot add a site to the list of allow micro sites on Flash Player settings manager.
  as Adobe says at his help document (http://help.adobe.com/en_US/FlashPlayer/LSM/WS6aa5ec234ff3f285139dc56112e3786b68c-7ff8.htm l):
  Displays a list of previously visited websites that have asked to use the camera or microphone on your computer. You can allow or block the use of your camera and microphone by sites on the list. You can also ask to be prompted for permission to use them. Finally, you can choose to remove sites from the list. Removing a site deletes all settings and data stored for that site in Flash Player.
  The list initially contains only the sites you have already visited. If you want to specify camera and microphone settings for sites you have not yet visited, you can choose to add sites to the list. Once a site is on the list, you can specify whether to always allow camera and microphone use, ask permission, or never allow camera and microphone use by that site.
  I cannot find any button to add a website. Can you help me please.
  Thanks in advanced
  Pedro

  There's a "live" panel here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.htm l

• Switch Port Trunk allowed Vlan

  Hi Guys
  Request your help on my query :
  I have a distribution switch  and access switch and port channel between them.
  Dist switch is the VTP server
  lets assum I have 25 vlan
  when I do show vlan brief on the access switch I can see all 25 vlans listed now
  no when I configure switch port trunk allowed vlan (ex : permitting 10 vlans )on the link connecting to access switch at Dist switch
  Dist switch po1 -- connecting to - po Access switch
  Dist switch #
  int po1
  switch port trunk alllowed vlan x,x,x,x,x,x,x,x,x,
  After permitting 10 vlan through trunk allowed vlan and then when I do show vlan brief on the access switch , I should see only the 10 vlan whcih I have permiited right ?
  Thanks in advance  

  Hi,
  John is absolutely correct - even if you do not permit a VLAN on a trunk, it can still provide communication among local ports on a switch that are all assigned to the same VLAN.
  I have a feeling that your original question was focused on a different aspect, though: You probably expected that if you exclude some VLANs from trunks, these VLANs will not be propagated via VTP to surrounding switches. Sadly, this is not the case. The switchport trunk allowed vlan command only affects data traffic in individual VLANs but it has no impact on the operation of VTP protocol. The VTP still advertises all VLANs, regardless of which VLANs are allowed on a trunk. To put it plainly, in a VTP domain, all server/client switches will know about all VLANs. THere is no legal possibility of having a single VTP domain consisting of server/client switch and yet have the switches differ in their VLAN database contents. It's as easy as that: one VTP domain = one big common VLAN database.
  Best regards,
  Peter

• How to add VLAN to trunk port on Cisco SF200-24

  Hello All,
  I have question want to ask: 
  I have Cisco switch SF200-24 I want to configuration VLAN as below:
  Port 1 to 10 = Vlan 100
  Port 11 to 21 = Vlan 200
  Port 22 to 24 = Vlan 300
  Port GE1 = Trunking (Primary)
  Port GE2 = Trunking (Secondary)
  How to add all VLAN 100, 200, 300 go through Trunking Primary and Secondary?
  Which port can I connect for management switch?
  Thanks 

  > How to add all VLAN 100, 200, 300 go through Trunking Primary and Secondary?
  firstly set those ports as trunks via "VLAN Management" -> "Interface settings" - click on corresponding port, click on "edit.." button and select "Trunk" from list.
  Once those ports (GE1 and GE2) are as trunks, you can now assign them all desired VLANs via "VLAN Management" -> "Port VLAN Membership". Select first port (GE1), click "join VLAN" and select all desired VLANs from left list and put them to right list.
  and you are done.
  > Which port can I connect for management switch?
  by default, switch management IP is a part of default VLAN1. If you wanted to keep access to your switch, assign "VLAN1" to one of access ports, or change management VLAN to different number than 1 - but in this case dont forget to apply correct IP settings in order to meet subnet assigned in new VLAN.

• Various questions on uplink profiles, CoS, native VLAN, downlink trunking

  I will be using vPC End Host Mode with MAC-pinning. I see I can further configure MAC-Pinning. Is this required or will it automatically forward packets by just turning it on? Is it also best not to enable failover for the vnics in this configuration? See this text from the Cisco 1000V deployment Guide:
  Fabric Fail-Over Mode
  Within the Cisco UCS M71KR-E, M71KR-Q and M81KR adapter types, the Cisco Unified Computing System can
  enable a fabric failover capability in which loss of connectivity on a path in use will cause remapping of traffic
  through a redundant path within the Cisco Unified Computing System. It is recommended to allow the Cisco Nexus
  1000V redundancy mechanism to provide the redundancy and not to enable fabric fail-over when creating the
  network interfaces within the UCS Service Profiles. Figure 3 shows the dialog box. Make sure the Enable Failover
  checkbox is not checked."
  What is the 1000V redundancy?? I didn't know it has redundancy. Is it the MAC-Pinning set up in the 1000V? Is it Network State Tracking?
  The 1000V has redundancy and we can even pin VLANs to whatever vNIC we want. See Cisco's Best Practices for Nexus 1000V and UCS.
  Nexus1000V management VLAN. Can I use the same VLAN for this and for ESX-management and for Switch management? E.g VLan 3 for everything.
  According to the below text (1000V Deployment Guide), I can have them all in the same vlan:
  There are no best practices that specify whether the VSM
  and the VMware ESX management interface should be on the same VLAN. If the management VLAN for
  network devices is a different VLAN than that used for server management, the VSM management
  interface should be on the management VLAN used for the network devices. Otherwise, the VSM and the
  VMware ESX management interfaces should share the same VLAN.
  I will also be using CoS and Qos to prioritize the traffic. The CoS can either be set in the 1000V (Host control Full) or per virtual adapter (Host control none) in UCS. Since I don't know how to configure CoS on the 1000V, I wonder if I can just set it in UCS (per adapter) as before when using the 1000V, ie. we have 2 choices.
  Yes, you can still manage CoS using QoS on the vnics when using 1000V:
  The recommended action in the Cisco Nexus 1000V Series is to assign a class of service (CoS) of 6 to the VMware service console and VMkernel flows and to honor these QoS markings on the data center switch to which the Cisco UCS 6100 Series Fabric Interconnect connects. Marking of QoS values can be performed on the Cisco Nexus 1000V Series Switch in all cases, or it can be performed on a per-VIF basis on the Cisco UCS M81KR or P81E within the Cisco Unified Computing System with or without the Cisco Nexus 1000V Series Switch.
  Something else: Native VLANs
  Is it important to have the same native VLAN on the UCS and the Cisco switch? And not to use the default native VLAN 1?   I read somewhere that the native VLAN is used for communication between the switches and CDP amongst others. I know the native VLAN is for all untagged traffic. I see many people set the ESXi management VLAN as native also, and in the above article the native VLAN (default 1) is setup. Why? I have been advised to leave out the native VLAN.
  Example:Will I be able to access a VM set with VLAN 0 (native) if the native VLAN is the same in UCS and the Cisco switch (Eg. VLAN 2)? Can I just configure a access port with the same VLAN ID as the native VLAN, i.e 2 and connect to it with a PC using the same IP network address?
  And is it important to trunk this native VLAN? I see in a Netapp Flexpod config they state this: "This configuration also leverages the native VLAN on the trunk ports to discard untagged packets, by setting the native VLAN on the port channel, but not including this VLAN in the allowed VLANs on the port channel". But I don't understand it...
  What about the downlinks from the FI to the chassis. Do you configure this as a port channel also in UCS? Or is this not possible with the setup described here with 1000V and MAC-pinning.
  No, port channel should not be configured when MAC-pinning is configured.
  [Robert] The VSM doesn't participate in STP so it will never send BPDU's.  However, since VMs can act like bridges & routers these days, we advise to add two commands to your upstream VEM uplinks - PortFast and BPDUFilter.  PortFast so the interface is FWD faster (since there's no STP on the VSM anyway) and BPDUFilter to ignore any received BPDU's from VMs.  I prefer to ignore them then using BPDU Gaurd - which will shutdown the interface if BPDU's are received.
  -Are you thinking of the upstream switch here (Nexus, Catalyst) or the N1kV uplink profile config?
  Edit: 26 July 14:23. Found answers to many of my many questions...

  Answers inline.
  Atle Dale wrote:
  Something else: Native VLANsIs it important to have the same native VLAN on the UCS and the Cisco switch? And not to use the default native VLAN 1?   I read somewhere that the native VLAN is used for communication between the switches and CDP amongst others. I know the native VLAN is for all untagged traffic. I see many people set the ESXi management VLAN as native also, and in the above article the native VLAN (default 1) is setup. Why? I have been advised to leave out the native VLAN.[Robert] The native VLAN is assigned per hop.  This means between the 1000v Uplinks port profile and your UCS vNIC definition, the native VLAN should be the same.  If you're not using a native VLAN, the "default" VLAN will be used for control traffic communication.  The native VLAN and default VLAN are not necessarily the same.  Native refers to VLAN traffic without an 802.1q header and can be assigned or not.  A default VLAN is mandatory.  This happens to start as VLAN 1 in UCS but can be changed. The default VLAN will be used for control traffic communication.  If you look at any switch (including the 1000v or Fabric Interconnects) and do a "show int trunk" from the NXOS CLI, you'll see there's always one VLAN allowed on every interface (by default VLAN 1) - This is your default VLAN.Example:Will I be able to access a VM set with VLAN 0 (native) if the native VLAN is the same in UCS and the Cisco switch (Eg. VLAN 2)? Can I just configure a access port with the same VLAN ID as the native VLAN, i.e 2 and connect to it with a PC using the same IP network address?[Robert] There's no VLAN 0.  An access port doesn't use a native VLAN - as its assigned to only to a single VLAN.  A trunk on the other hand carries multiple VLANs and can have a native vlan assigned.  Remember your native vlan usage must be matched between each hop.  Most network admins setup the native vlan to be the same throughout their network for simplicity.  In your example, you wouldn't set your VM's port profile to be in VLAN 0 (doens't exist), but rather VLAN 2 as an access port.  If VLAN 2 also happens to be your Native VLAN northbound of UCS, then you would configured VLAN 2 as the Native VLAN on your UCS ethernet uplinks.  On switch northbound of the UCS Interconnects you'll want to ensure on the receiving trunk interface VLAN 2 is set as the native vlan also.  Summary:1000v - VM vEthernet port profile set as access port VLAN 21000v - Ethernet Uplink Port profile set as trunk with Native VLAN 2UCS - vNIC in Service Profile allowing all required VLANs, and VLAN 2 set as NativeUCS - Uplink Interface(s) or Port Channel set as trunk with VLAN 2 as Native VLANUpstream Switch from UCS - Set as trunk interface with Native VLAN 2From this example, your VM will be reachable on VLAN 2 from any device - assuming you have L3/routing configured correctly also.And is it important to trunk this native VLAN? I see in a Netapp Flexpod config they state this: "This configuration also leverages the native VLAN on the trunk ports to discard untagged packets, by setting the native VLAN on the port channel, but not including this VLAN in the allowed VLANs on the port channel". But I don't understand it...[Robert] This statement recommends "not" to use a native VLAN.  This is a practice by some people.  Rather than using a native VLAN throughout their network, they tag everything.  This doesn't change the operation or reachability of any VLAN or device - it's simply a design descision.  The reason some people opt not to use a native VLAN is that almost all switches use VLAN 1 as the native by default.  So if you're using the native VLAN 1 for management access to all your devices, and someone connects in (without your knowing) another switch and simply plug into it - they'd land on the same VLAN as your management devices and potentially do harm.What about the downlinks from the FI to the chassis. Do you configure this as a port channel also in UCS? Or is this not possible with the setup descrived here with 1000V and MAC-pinning.[Robert] On the first generation hardware (6100 FI and 2104 IOM) port channeling is not possible.  With the latest HW (6200 and 2200) you can create port channels with all the IOM - FI server links.  This is not configurable.  You either tell the system to use Port Channel or Individual Links.  The major bonus of using a Port Channel is losing a link doesn't impact any pinned interfaces - as it would with individual server interfaces.  To fix a failed link when configured as "Individual" you must re-ack the Chassis to re-pinn the virtual interfaces to the remaining server uplinks.  In regards to 1000v uplinks - the only supported port channeling method is "Mac Pinning".  This is because you can't port channel physical interfaces going to separate Fabrics (one to A and one to B).  Mac Pinning gets around this by using pinning so all uplinks can be utilized at the same time.--[Robert] The VSM doesn't participate in STP so it will never send BPDU's.  However, since VMs can act like bridges & routers these days, we advise to add two commands to your upstream VEM uplinks - PortFast and BPDUFilter.  PortFast so the interface is FWD faster (since there's no STP on the VSM anyway) and BPDUFilter to ignore any received BPDU's from VMs.  I prefer to ignore them then using BPDU Gaurd - which will shutdown the interface if BPDU's are received.-Are you thinking of the upstream switch here (Nexus, Catalyst) or the N1kV uplink profile config?[Robert] The two STP commands would be used only when the VEM (ESX host) is directly connected to an upstream switch.  For UCS these two commands to NOT apply.

• RV180 Router: Cannot get Inter-VLAN Routing to work.

  I have been banging at this now for two days and just cannot get Inter-VLAN routing working to work on this router.
  Here is the est-up:.
  Upgraded to latest Cisco firmware (1.0.1.9).
  Starting with factory default settings, I added 2 VLANS as follows:
      vlan default(id=1): dhcpmode=server IP=192.168.1.1/24 port 1
      vlan vlan2  (id=2): dhcpmode=server IP=192.168.2.1/24 port 2
      vlan vlan3  (id=3): dhcpmode=server IP=192.168.3.1/24 port 3
                                     (unconnected)
                                       WAN port
                                          |         
                                      Routing/NAT
                                          |
  vlan ip                   192.168.1.1   192.168.2.1   192.168.3.1
  vlan name                   default        vlan2        vlan3
  vlan id                       ID=1          ID=2         ID=3
  Inter-VLAN Routing             No           Yes          Yes
  Port 1                     Untagged       Excluded     Excluded
  Port 2                     Excluded       Untagged     Excluded
  Port 3                     Excluded       Excluded     Untagged
  Port 4(not of interest)    Untagged       Excluded     Excluded
                              Port 1         Port 2       Port 3
                                |              |            |
                             AdminPC          PC2          PC3
                                         192.168.2.191   192.168.3.181
  PC2 gets assigned an IP Address of 192.168.2.191 (DGW=192.168.2.1) - OK
  PC3 gets assigned an IP Address of 192.168.3.181 (DGW=192.168.3.1) - OK
  PC2 with (IP 192.168.2.191) can ping 192.168.2.1 and 192.168.3.1 - OK
  PC3 with (IP 192.168.3.181) can ping 192.168.3.1 and 192.168.2.1 - OK
  BUT....
  PC2 cannot ping PC3  - NOT WORKING
  PC3 cannot ping PC2  - NOT WORKING
  (does not work in both Gateway Mode and Router Mode)
  ANYONE CAN HELP ME FIGURE OUT WHY ??????
  Your help is much appreciated.
  I bought this device specifically because it supported inter-VLAN routing!.
  Venu
  Supporting Information:
  Screen captures:
  VLAN Membership:
    VLAN ID  Description  Inter VLAN  Device   Port 1    Port 2    Port 3    Port 4  
                          Routing     Mgment
         1   Default      Disabled    Enabled  Untagged  Excluded  Excluded  Untagged  
         2   VLAN2        Enabled     Enabled  Excluded  Untagged  Excluded  Excluded  
         3   VLAN3        Enabled     Enabled  Excluded  Excluded  Untagged  Excluded 
  Multiple VLAN Subnets:
     VLAN ID IP Address   Subnet Mask    DHCP Mode    DNS Proxy Status  
          1  192.168.1.1  255.255.255.0  DHCP Server  Enabled  
          2  192.168.2.1  255.255.255.0  DHCP Server  Enabled  
          3  192.168.3.1  255.255.255.0  DHCP Server  Enabled
  Routing Table (Gateway Mode)
  Destination     Gateway   Genmask         Metric  Ref   Use   Interface   Type     Flags
  127.0.0.1     127.0.0.1   255.255.255.255 1       0     0     lo          Static   UP,Gateway,Host
  192.168.3.0     0.0.0.0   255.255.255.0   0       0     0     bdg3        Dynamic   UP
  192.168.2.0     0.0.0.0   255.255.255.0   0       0     0     bdg2        Dynamic   UP
  192.168.1.0     0.0.0.0   255.255.255.0   0       0     0     bdg1        Static   UP
  192.168.1.0 192.168.1.1   255.255.255.0   1       0     0     bdg1        Static   UP,Gateway
  127.0.0.0       0.0.0.0   255.0.0.0       0       0     0     lo          Dynamic
  Routing Table (Router Mode)
  (Same)

  cadet alain, you hit the nail on the head.    The router was doing Iner-VLAN routing, but the PCs were blocking the pings because they came from another subnet.  Thank you for your help in resolving this.
  I have a follow-up question if I may - I need to add a default route but can't seem to find a way to do that.  Tried adding a static route with IP=0.0.0.0 Mask=0.0.0.0 but it will not allow it.  My current routing table looks like this:
  Destination   Gateway     Genmask           Metric  Ref   Use  Interface  Type    Flags
  127.0.0.1     127.0.0.1   255.255.255.255   1       0     0    lo         Static  UP,Gateway,Host
  192.168.2.0   0.0.0.0     255.255.255.0     0       0     0    bdg2       Dynamic UP
  192.168.1.0   0.0.0.0     255.255.255.0     0       0     0    bdg1       Static  UP
  127.0.0.0     0.0.0.0     255.0.0.0         0       0     0    lo         Dynamic UP
  It routes all packets to VLAN2 and VLAN3 correctly; but if a packet arrives to any other network address, I would like to get it to forward to another gateway on VLAN2 (at address 192.168.2.254).  Can't seem to find a way to add a default route.

• Private VLAN Promiscuous Trunk Port - Switches which support this function

  Can anyone confirm if the "Private VLAN Promiscuous Trunk Port" feature is supported in any lower end switches such as Nexus 5548/5672 or 4500X? According to the feature navigator support seems to be restricted to the Catalyst 4500 range (excluding the 4500X) as shown below. If the feature is going to be supported in the Cat 3850 this would be good to know, thanks

  4500x Yes
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
  Nexus 5k Yes
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
  3850s
  They dont support pvs at all yet
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
  Restrictions for VLANs
  The following are restrictions for VLANs:
  The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
  The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
  Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
  Private VLANs are not supported on the switch.
  You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches.

• Catalyst series - Private VLAN over trunk

  Hey every body
  I was planning to implement a Cisco Nexus 5596 in a data center as it supports private VLAN over trunk.
  But now, I av been forced to use a Cisco Catalyst series instead of the Nexus one.
  Based on the feature that is very important for my manager (private VLAN over trunk), which Catalyst switch can be replaced with the Nexus 5596? In other words, what Catalyst series switch works at the same scale and efficiency of Nexus 5596 and supports private VLAN over trunk feature?
  Cheers

  4500x Yes
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
  Nexus 5k Yes
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
  3850s
  They dont support pvs at all yet
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
  Restrictions for VLANs
  The following are restrictions for VLANs:
  The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
  The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
  Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
  Private VLANs are not supported on the switch.
  You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches.