Fabric interconnect and Native Vlan

Similar Messages

• Management and native Vlan in different subnet??

  Can i have a management ip and native vlan in different subnet on a AIR-1242 and 2960 switch?
  Native on Switch = 1.
  Interface vlan 100 = 10.10.1.25X /24
  BVI ip in vlan 100 = 10.10.1.25X /24
  -HM-

  Hi,
  Thanks for the update..
  Ok in short YES this can be done.. here is the AP configuration..
  Step 1>> Configure the SSID and map it with respective Vlans..
  Step 2>> Create the sub interafce int dot11 0.5 / int fa 0.5 (encapsulation dot1q 5 , bridge-group 5)and int dot11 0.6 / int fa 0.6(encapsulation dot1q 6 , bridge-group 6)
  Step 3>> Create the sub interface 0.100 for both Radio and Fa and under this (encapsulation dot1q 100 native , bridge-group 1)
  Step 4>> Make sure all the interafces are up and running and Try to ping the VLAN 100 interafce ip addr from the AP to verify.
  lemme know if this answered your question..
  Regards
  Surendra
  ====
  Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

• Port-channel Problem between Fabric Interconnect and N7K vPC

  Dear all,
  I have a problem with Port-channel Uplink between Fabric Interconnect with N7K using vPC
  This is my network topology for UCS Deployment
  In N7K I has configured vPC for red link and green link, at Fabric Interconnect A I has configured Port-Channel with member is Port 1 and Port 2, uplink is red link. At Fabric Interconnect B, I has configured Port-Channel with member is Port 1 and Port 2, uplink is green link.
  The show interface port-channel on N7K is good, every port-channel is up and have all member. But At Fabric Interconnnect, when I see on UCS Manager, the status of Port-Channel on Fabic A and Fabric B is fault with Additional Info: No operational member. Although all link is link up and I has status of Port-Channel is enable on UCS Manager. When I see the Properties of Port 1, Port 2 on Port-channel, I see the membership status is : individual. This mean port-channel is not up and no membership in this configuration. I want to using port-channel for load balance and plus more bandwidth for uplink to 20Gig. I don't understand why ?
  Please help me resolve this problem, I has send the capture screen of UCS Manager when I show status of Port-channel and Port-member in port-channel in attach items.
  Anyone can help me to resolve this, thanks you very much. Please reference attach items for more detail about fault.
  Thanks,
  Trung.

  Thanks Matthew very much,
  I has resolved this problem. The reason of problem is miss match protocol of port-channel between N7K and Fabric Interconnect. The Fabric Interconnect always use LACP protocol, but N7K using Port-channel mode on, that why the port-channel failed. I has configured LACP for port-channel in N7K, it has resolved the problems.
  Thanks,
  Trung.

• Voice Vlan and Native Vlan

  Dear all,
  I am now reading some information regarding the setup of Voip Phone. It mentioned that the Phone is actually a 3-ports switch:
  Port 1: Connect to upstream switch
  Port 2: Transfer Phone traffic
  Port 3: Connect to a PC
  Actually, what should i configure on the upstream switch port? Should it be a trunk port containing both the voice traffic vlan and pc data vlan?
  Or something else?
  Also, there is a term called 'Voice Vlan', is there any different between 'Voice vlan' and ordinary Vlan ?
  Is there any special usage of 'Native' Vlan in implementing Voip?
  Thanks.
  Br,
  aslnet

  Thanks.
  How about if the PC data should be tagged as another vlan (e.g., Vlan 10)? Then I should change the native vlan to vlan 10?
  But from my understanding, Native Vlan should be the same in the whole network, then I need to change the whole network native vlan? If there are different vlans should be assigned to different PCs that behind different VoIP-phone, then how to do it?
  From my guessing, is it i can assign individual native vlan (vlan10) on that port (connect to voip-phone), and then keep the switch's uplink port as original native vlan (vlan1).
  Therefore, PC data traffic would be untagged when entering from voip to the switch, and then tagged as vlan10 when leaving the switch to other uplink switch, right?
  Thanks.

• Nexus 7k and native vlan 1

  Hi, is it recommended to use a native vlan other than 1 on the trunks connecting Nexus box's. It used to be that you should not use native vlan 1 on the trunks between switches. Is this not an issue anymore.
  Thanks

  Hi Chuck,
  It is recomended to use a different vlan other than vlan 1 as your default vlan.
  This is one of the best practices for secure the overall network.
  For eg.
  In a switch spoofing attack, an attacking host imitates a trunking  switch by speaking the tagging and trunking protocols (e.g. Multiple  VLAN Registration Protocol, IEEE 802.1Q, VLAN Trunking Protocol) used in  maintaining a VLAN. Traffic for multiple VLANs is then accessible to  the attacking host. 
  HTH,
  Aman

• FIP and Native VLAN

  Hello,
  according to documentation, FIP uses native vlan for FCoE VLAN discovery. Is it necessary to trunk native VLAN on the CNA port of a switch facing a server? For example if e1/1 is connected to a host and I'm using VLAN10 for data and VLAN100 for storage, and my native vlan is VLAN1, should the configuration be:
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk native vlan 1
    switchport trunk allowed vlan 1,10,100
    spanning-tree port type edge trunk
  OR is it sufficient to have:
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk allowed vlan 10,100
    spanning-tree port type edge trunk
  Another alternative, which takes into account that host may not tag it's data traffic:
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk native vlan 10
    switchport trunk allowed vlan 10,100
    spanning-tree port type edge trunk
  Is it really a must to trunk native VLAN? In my lab it works either way.

  FIP VLAN Discovery
  FIP VLAN discovery discovers the FCoE VLAN that will be used by all other FIP protocols as well as by the FCoE encapsulation for Fibre Channel payloads on the established virtual link. One of the goals of FC-BB-5 was to be as nonintrusive as possible on initiators and targets, and therefore FIP VLAN discovery occurs in the native VLAN used by the initiator or target to exchange Ethernet traffic. The FIP VLAN discovery protocol is the only FIP protocol running on the native VLAN; all other FIP protocols run on the discovered FCoE VLANs.
  The ENode sends a FIP VLAN discovery request to a multicast MAC address called All-FCF-MACs, which is a multicast MAC address to which all FCFs listen. All FCFs that can be reached in the native VLAN of the ENode are expected to respond on the same VLAN with a response that lists one or more FCoE VLANs that are available for the ENode's VN_Port login. This protocol has the sole purpose of allowing the ENode to discover all the available FCoE VLANs, and it does not cause the ENode to select an FCF.

• Wireless VLAN and Native VLAN

  OK, I’m a bit confused about what to do with the native VLAN. I know that for QoS/CoS, I should not use VLAN1 as the native VLAN. I also know that I should use a separate VLAN as the management VLAN. So I’m left thinking, do I need a native VLAN? If I do, can I just make a dumb VLAN that goes nowhere and use that as the native VLAN? Or am I just completely missing something. Thanks

  The native VLAN must also be your management VLAN for Cisco APs.
  The Native VLAN can be any number, as long as you configure it accordingly.
  Also keep in mind that the local RADIUS server, and DHCP will only deliver to the native VLAN. If you intend to use either of those services on the non-native VLAN/SSID, you'll need to have a layer three device on the line to forward that traffic.
  Good Luck
  Scott

• Port-channel L2 problem with Fabric Interconnect and Nexus 7010

  Hi,
  i using port-channel from both fabric interconnect to N7k with 3 cables per Fabric Interconnect.
  but, my problem is when i creating port-channel, Fabric Interconnect don't support mode ON dan rate-mode share in Interface 10G Nexus 7010.
  I was trying :
  1. I using non dedicated port in Nexus 7010.
        - rate-mode share
        - channel-group 1 mode active
        - switchport mode trunk
  when i using this option, the port-channel in Nexus 7010 was suspended
  2. I using non dedicated port in Nexus 7010
       - rate-mode share
       - channel group 1 mode on
       - switchport mode trunk
  when i using this option, the port-channel in Nexus 7010 was came up, but in Fabric interconnect was failed.
  3. I using dedicated port in Nexus 7010
       - rate-mode share
       - channel group 1 mode active
       - switchport mode trunk
  when i using this option, the port-channel in Nexus 7010 was suspended
  4. I using dedicated port in Nexus 7010
       - rate-mode dedicated
       - channel group 1 mode active
       - switchport mode trunk
  when i using this option, the port-channel in Nexus 7010 was came up and running well.
  but, the problem is my costumer do not want using a dedicated rate-mode. if i using dedicated mode the only available port is 8 interfaces instead of 32 ports. i want to using rate-mode share in nexus 7010.
  is there any way to configuring port-channel using mode on in fabric interconnect ? i was trying using CLI to create port-channel in Fabric interconect but i cannot configure the channel group protocol.
  i attach the topology of N7K with Fabric interconnect.
  regards,
  Berwin H

  Hi Manish,
  the issue was solved, i was fix it last week.
  the solution is:
  i enable the license grace-priode (since my license is Enterprise so cannot create VDC) then i create a VDC (ex: VDC 2)  so i allocate the interface on all module
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  N7K-M132XP-12 to VDC 2. after that i delete VDC 2 then all interface back to VDC 1 (default vdc). then i enable the rate-mode share in dedicated port and bundle into port-channel and its working.
  i dont know why it must move to VDC first then it will working, maybe cisco can explain the reasons.
  So here the result of my port-channel :
  SVRN7KFARM-HO-01# show port-channel summary
  Flags:  D - Down        P - Up in port-channel (members)
          I - Individual  H - Hot-standby (LACP only)
          s - Suspended   r - Module-removed
          S - Switched    R - Routed
          U - Up (port-channel)
  Group Port-       Type     Protocol  Member Ports
        Channel
  1     Po1(SU)     Eth      LACP      Eth1/1(P)    Eth1/2(P)    Eth1/3(P)
                                       Eth1/4(P)    Eth1/25(P)  
  2     Po2(SU)     Eth      LACP      Eth1/9(P)    Eth1/10(P)   Eth1/11(P)
                                       Eth1/12(P)   Eth1/26(P)  
  3     Po3(SU)     Eth      LACP      Eth1/17(P)   Eth1/18(P)  
  4     Po4(SU)     Eth      NONE      Eth10/32(P)  Eth10/34(P)  Eth10/35(P)
                                       Eth10/36(P)
  Thanks.
  Berwin H

• Fabric Interconnect and storage solutions

  Dear
  Please I would like to clarify a question, is that a solution of storage, such as EMC VNX5300 can be connected directly to a Fabric Interconnect, but would lose functionality when connected to a Nexus 5000 switch. I would like someone to clarify this doubt indicating that functionality is lost when direct connection would be advisable to FI or the Nexus.
  Regards

  In versions of UCS earlier than 2.1, you had the  option to useDirect Attached Storage DAS with UCS. However, you needed a SAN switch connected  to the FI so the switch could push the zone database to the FI. That is,  the UCS platform was not able to build a zone database
  With the release of Version 2.1, UCS now has the  ability to build its own zone database. You can have DAS with UCS  without the need for a SAN switch to push the zoning configuration
  hope this helps

• What is difference between Default VLAN and Native VLAN?

  Answer

  Cisco switches always have VLAN 1 as the default VLAN, which is needed for many protocol communication between switches like spanning-tree protocol for instance.
  You can't change or even delete the default VLAN, it is mandatory.
  The native VLAN is the only VLAN which is not tagged in a trunk, in other words, native VLAN frames are transmitted unchanged.
  Per default the native VLAN is VLAN 1 but you can change that:
  #show interface Fa0/8 trunk
  Port        Mode             Encapsulation  Status        Native vlan
  Fa0/8       on               802.1q         other         1
  (config-if)#switchport trunk native vlan 2
  (config-if)#do show interface f0/8 trunk
  Port        Mode             Encapsulation  Status        Native vlan
  Fa0/8       on               802.1q         other         2
  The default VLAN is still VLAN 1.
  #show vlan id 1
  VLAN Name Status    Ports
  1    default active    Fa0/8, Gi0/1
  HTH
  Rolf

• WLSM, mGRE tunnels and Native VLAN

  I understand that to be able to use mGRE tunnels, all that is needed from the AP is to have IP connectivity. If the AP connects to a port on a switch, and that port is on VLAN 196, for instance, will the following setup allow me to connect to that VLAN over wireless, and at the same time allow other users (through the use of the other SSID) to connect to a network that's on a mobility group?
  I've tested it already and it works. I just want to know if there are any drawbacks, or if it's not recommended. etc...
  interface Dot11Radio0
  encryption mode wep mandatory
  ssid vlan196
  authentication open eap eap_methods
  authentication network-eap eap_methods
  ssid public
  authentication open eap eap_methods
  authentication network-eap eap_methods
  mobility network-id 100

  I had a look at your configuration and it looks good. I think this is the best way of doing this and will work without any issues. You can goahead and implement this setup.

• Changing fabric interconnect and cluster ip/sm/gw

  I need to change the ip address/sm/gw of bnoth FI and the cluster but when I try to commit buffer
  it keeps telling me this
  Management IP of switch A & VIP are not in same subnet]

  the error message is clear ! correct your input and it will work. what are your IP addresses and VIP, masks ??
  It is most likely easier to do this with GUI: Admin ===> Management Interface

• Rebooting fabric interconnect and mac addresses

  I rebooted the subordinate and noticed that I lose only one ping on a vm and saw that mac address show up in the primary. 
  After the subordinate came back online, I did a show mac address table on the subordinate and noticed that a bunch of mac addresses showed back on the subordinate. 
  how does ucs know what mac address to use for the subordinate  or primary when the subordinate comes back online?
  the vm that i was pinging was initially on subordinate but after the reboot, it was on the primary.
  but other mac addresses are already showing on the subordinate right after the reboot

  Register to Ciscolive365 and download BRKCOM-3003 , which has answers to all your questions.

• WLC 7.4.110.0 where native vlan and SSID vlan is the same vlan

  Hi
  We have app. 1500 accespoints in app. 500 locations. WLCs are WiSM2s running 7.4.110.0. The AP are 1131LAPs.In a FlexConnect configuration we use vlan 410 as native vlan and the ssid (LAN) also in vlan 410. This works fine, never had any problems with this.
  Now we have started use 1602 APs and the client connection on ssid LAN becomes unstable.
  If we configure an different ssid, using vlan 420 and native vlan as 410, everything works fine.
  I can't find any recommandations regarding the use of native vlan/ssid vlan
  Is there anyone experiencing similar problems? Is this a problem with my configuration or is it a bug wittin 1602 accespoints?
  Regards,
  Lars Christian

  It is the recomended design to put FlexConnect AP mgt into native vlan & user traffic to a tagged vlan.
  From the QoS perspective if you want to enforce WLC QoS profile values, you have to tag SSID traffic to a vlan (other than native vlan) & trust CoS on the switch port connected to FlexConnect AP (usually configured as trunk port)
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Native Vlan and Trunking

  Hi Folks,
  I am having a doubt with native Vlan in trunk ports.
  In a topology of 3 switches. Switch A is connected with switchB and SwitchC on uplinks. Can I configure the different native vlans for 2 different trunk for switch A.
  Like I am having 3 vlan,s configured in switch A with VTP domain transparent(1,500,900-Vlans configured). Same configuration is there in B & C too.
  So can we use 999 as a native vlan for trunk between A&B and native vlan 1 for trunk configured between A&C.

  yes possible, if specific reasons. Already discussed several times on this forum. Pls refer this link:
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbe4e88