Ipv6 Vlan Interface EUI-64 assignation problem

Hello, I have 2 routers 1800 series with switch modules incorporated connected with IPv6. Everything is working fine except for the problem that when I assign an IPv6 address to a Vlan (using the EUI-64 format to the switch ports), it assigns the SAME interface id (last 64 bits of the IPv6) of a fastEthernet port (FE 0/0), to the vlan, causing an error problem of duplicity:
" c..T, overlaps with another prefix "
Why does the EUI-64 assigns the MAC address of the FastEthernet ports instead of the ones in the switch modules?

Thanks for the reply, but I just solved the problem. The problem was with the command IPV6 ADDRESS AUTOCONFIGURATION. This command definitely brings up a lot of trouble with VLAN ipv6 address assignation.
After some testing I concluded that:
1- If one interface has the IPV6 ADDRESS AUTOCONFIGURATION mode on, the interface could end up with more than one ipv6 global interface address.
2- You cannot assign this mode to a vlan interface without getting into configuration problems.
3- If a FastEthernet Interface has this mode on(IPV& A. A.), the router does not let you assign a global unicast address to the vlan interface, and gives the following error message:
%IPV6-6-ADDRESS: 3FFE:C00:C18:F100:213:C4FF:FE44:4961/64 can not be configurex
4- For the VLAN`s Interface ID you have to manually assign the link local address with the command line
IPV6 ADDRESS FE80::1 (or any other unique link local address) LINK-LOCAL.
This is for Vlans that are in a switch module of the same router.
All this testing was for a Cisco router 1800 series with a switch module integrated in the router.
Could be that this command is used for other specific occasions which I am not aware of.
Regards,
Grupo GTD

Similar Messages

EIGRP IPv6 and VLAN interfaces

We've found that we have to set static link local IPs when two routers might peer over multiple VLAN interfaces.
The issue is that the routers, 6500s with sup720s, utilize the same autoconfig'd link local address on each VLAN interface.   EIGRP IPv6 refuses to peer with the other router on multple VLANs when the link local are the same.
Anyone else encounter this?   Did we miss a config option that would force unique link locals on different VLANs interfaces?
Because of this issue, we've made it our best practice to configure static link local for all inter-router transits.

HI Gary,
I had a setup with SU720 on 2 7600s and I am able to enable the neighborship without any issues. I didnt configure static link local as below,
Ryanair#show ipv6 int vlan 500 | inc FE
IPv6 is enabled, link-local address is FE80::21C:B0FF:FEB5:6D00
Ryanair#sho ipv6 int vlan 501 | inc FE
IPv6 is enabled, link-local address is FE80::21C:B0FF:FEB5:6D00
Ryanair#show ipv6 eigrp nei
EIGRP-IPv6 neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
1   Link-local address:     Vl501             11 00:15:51 816 4896 0 13
    FE80::222:55FF:FE17:25C0
0   Link-local address:     Vl500             11 00:17:14    1   200 0 12
    FE80::222:55FF:FE17:25C0
Ryanair#
Can you let us know the version on oth the devices?.
Regards,
Nagendra

Cannot Assign IP to a vlan interface SG-300 28MP

hI all a very simple configurations ... bought 10 smb sg-300 28mp switches . every thing goes fine in vlan configuration, port assigning .. but when I try to assign ip to one of the created vlan interface switch hangs GUI or CLI. Layer 3 is enabled. regards

Configure as below
Login to CLI:
switch(config):int vlan 1
switch(int-config):ip address 192.168.1.254 255.255.255.0
switch(int-config):no ip dhcp relay enable
switch(config):do wr
switch(config):int vlan 2 -----------------------> New vlan
switch(int-config):ip address 192.168.2.xx 255.255.255.0
switch(int-config):no ip dhcp relay enable
switch(config):do wr

3550 VLAN Interfaces Problem

I was setting up two VLAN interfaces for my 3550. I had two VLAN interfaces. One for VLAN 10 and one for VLAN 15. After configuring each VLAN Interface, VLAN 15 was down and wouldnt come up. VLAN 10 was up however. After issuing the no shutdown command for VLAN 15, it said VLAN 15 is not shutdown, but, when i checked the interface again, the VLAN interface was up. Now, I would think, if I had to do the no shutdown command on VLAN 15, why didnt I have to do that on the VLAN 10 interface? With switches, is the first VLAN interface automatically always up and all later VLAN interfaces automatically shut down.

A 'feature' of all the newer Catalyst switches and newer IOS is that the logical VLAN interface will remain down until a port in that VLAN is up.
The VTP config/status can also complicate this as a VTP client doesn't have the VLANs that the IOS config actually has because the VTP client hasn't learned the VLANs yet. In other words, the switch is in a state in which the IOS config puts a port in a VLAN that doesn't yet exist because VTP hasn't downloaded the VLAN database.
Keep in mind that VTP requires an operating trunk and if it is 802.1q then the native VLANs must match (so a native VLAN other than 1 will not work if the VLAN database hasn't been dowloaded by VTP or has been corrupted).
Not that you are running into the VTP issue, but in the effort of full disclosure...
Hope that helps...

VLAN Interface Command

Ok, I thought I had the reason for the VLAN interface command down. I thought it was either used for switch management or routing between VLANS? However, now I realized that some communication wont work with out this command which doesnt make sense. If I have a VLAN, then the switch will only switch packets to ports on the same VLAN. The only way, communication would work between VLANS is if I either enabled routing between VLANs with the VLAN Interface command, connected the switch to another multi-layer switch that did do routing between VLANS, or connected the switch to a router which routed between the VLANs.
However, I just got this new 3550 switch in, configured the correct ports with the assigned VLANs, and the only way my cisco ip phone would work is if the VLAN Interface for my voice-ip VLAN was configured. The 3550 is connected to a 4507. Now, can someone tell my why this is? You shouldnt have to configure the VLAN Interface, right?(unless I wanted to route between VLANs, which could be done by the 4507)

Sounds to me like you either dont have the dot1q trunk interface between your 4506 and 3550 working properly, or your 3550 is running the enhanced image which allows routing.
It would be nice to see your config on both the 3550 and the 4500 to determine the reason. Just a stab at how it should be configured is that on your 4506, you have it running VTP server or transparent with the defined Data and Voice Vlan's. You have a port configured for trunking (which connects to the 3550). On your 3550, you have configured it as a vtp client or transparent and have verified that it has received (or if transparent VTP you have configured) the appropriate VLAN's. You than specified "interface VLAN #" or whatever number for switch management and configured the port that connects to the 4500 as a trunk. Your port connected to the port has the auxillary or voice vlan configured. If this is how your equipment is configured and it still does not work, than look for the line "ip routing" in your 3550 and negate it with "no ip routing".
If still no worky worky, post your config.
Cheers,

WLC - 4402/4 - Vlan Interface Addressing

I currently have 7 WLCs with the same Vlan interfaces defined across all 7 controllers. Does anyone know the best practice for addressing these interfaces on each of the WLCs. I currently have each unique Vlan interface assigned with the same IP address across all 7 WLCs. This is working. Should I leave it this way or should I assign each controller with a different address for the Vlan interface?

The controllers, assuming you have it configured as such, act as dhcp relay agents. Presumably, if the router got the wrong mac address in its arp entry, the dhcp message would be lost.
Clients could have taken a while before getting a dhcp addr (race condition for router arp entry) and not been able to work if dhcp was required.
That said, I've seen the controllers work with the dhcp server set to 255.255.255.255 so the ip helper addresses on the routers would pick up the requests.

Vlan Interface state constantly disabled

Hi.
I have a SF500 in layer 3 mode. I have 5 vlans (10,100,200,201,202)
Of these 5 vlans, each one has a vlan interface configured.
However, vlan 10 and 202 don't have an IPv4 route (which is created automatically I believe).
I had a look and the vlan interface state is set to 'Disabled' (yes I'm using the GUI...)
Whenever I click 'Edit', it brings up the new window, but it has a tick in the Enabled box. Unchecking and applying and then checking and applying makes no difference. I just can't seem to change the state of the vlan interface.
Am I missing something weird?
Cheers.
Andy

Hi.
Thanks forumers!!
Turns out that even thought it was assigned to an interface, the static route never appeared until the end device was connected (even if you tried to access that vlan from a different vlan).
For example, the internal interface vlan 1 (192.168.1.254) would never have a route added until a device appeared on a vlan1 port - even if a device on a vlan2 port had access to vlan1, it didn't recognise it as being valid.
Many thanks for your help!
Andrew

3750X - Dropped multicat traffic flooding on all switchport vlan interfaces

Hello forum,
I have a problem on source multicast blocking. I have a switch with a vlan interface (Ex. vlan 20 )and on that vlan interface an extended ACL is present. That ACL block specific multicast groups. Furtehrmore I have many switchport access interfaces on vlan 20 with different sources connected.
If one source start streaming with multicast destination IP blocked by ACL, dropped traffic is flooaded on all switchports on source's vlan
IGMP snooping on this vlan is enabled but seems that dropped traffic stay on L2 vlan without it.
Device used: C3750X
IOS: 15.0(2)SE5
Thank you for help

Hi Michal,
thanks for your reply!
Yes, probably i've captured all lines of access-list... but I've to change my approach because my access-list is a extended "named" access-list and, on other post, I've read that "named" access-list cannot be debugged...
Now i've deleted all access-lists entries that refer to vlan2 and I've created new one "numerical":
#ip access-list extended 100
#10 ip permit 172.16.2.0 0.0.0.15 any log
In this mode the debug shows only access-list 100 traffic + bcast + mcast.
But, the strange thing is another one now...
I've bought a multifunction printer, that send scanned document to a email account, the printer haven't internal smtp, it makes a connection to hp servers that forward scans to real destination address...
I was curious to find out how this connection works because, my private/confidential documents are send on internet and, i would hope that hp use a secure connection from my printer to its server...
Well, if I add "log" switch command at the end of access-list, or I enable access-list debug, the printer stop to comunicate to hp services/server... if I turn off debug or rewrite access-list without "log" feature, incredibly the printer re-start to comunicate with hp...
Have you any idea that explain that? I'm going crazy...

C3750, SNMP, MRTG, Vlan Interface Counters..

This question HAS to have been asked and answered a thousand times by now, but I've tried for the last half hour to find that info and can't
For years now I've just accepted that I can't get correct traffic counts on Vlan interfaces on C3750 switches by snmp polling with MRTG.
Has anyone out there either figured out how to do this or tracked down the reason why it's not possible? I read one post that said the C3750 didn't support this. But then I started thinking. If it didn't support it then why is there an OID for it I can successfully poll? I just get wrong information, not no information. The count that it does give me seems to amount to the behavior of some kind of minimum traffic flow or keep alive activity, and the pattern doesn't seem to be affected much or at all by how much or little traffic is being carried by the Vlan.
Anyone out there that's already pursued an explanation/resolution to this issue?
Thanks!
-John Jackson

So, So, does anyone have any idea why, if the IF-MIB counters don't supply the correct count of the traffic that they're supposed to, Cisco has provided working OID's for them at all? What keeps getting me about this issue is that I keep hearing from everyone that this is simply a 'feature that is not supported' on this platform. What I don't hear along with that, which I would expect, is an acknowledgement attributed to Cisco that yes, someone made a mistake, and that's why it doesn't work properly. For Cisco to respond that way though seems like it would be opening itself up to the logical next thought - if it's broken, then fix it. If Cisco knew the hardware wouldn't support this, why have they implemented the OID's for it at all? If, as Joe is saying, the problem is not that the counters don't exist, it's just that you can't get at them, why is that?? If they exist, what would be the reason for making it so you couldn't get at them? This seems like such a small issue, and why am I making such a fuss about it? Well, I'm just tired of accepting a vague explanation about the issue, which I've been hearing from people for years now. I'd really like for someone to indulge my curiosity and hit me with the full, detailed explanation of how we got to this point of having these switches give essentially wrong information and Cisco's explanation has just been to say that's acceptable. I don't think it's acceptable. I just can't imagine I can really possible bring about a change in that.
-John

Force a svi vlan interface

HI..
Is there a way to force a svi vlan interface to up if no physical link is connected on a ws-c3650 version 03.03.02se.
/Lasse

You will need to have the vlan configured and assigned to an interface before the svi will be up/up.

Broadcast/multicast counters does not increase on vlan interface

Hi,
on a Cat6500 we try to monitor interface packet statistics via snmp, in detail we want to get information about the relation between unicast, multicast and broadcast packet counter.
What we found out is that while on physical l2 interfaces all counters (ifHCInUcastPkts, ifHCInMulticastPkts, fHCInBroadcastPkts, ifHCOutUcastPkts, ifHCOutMulticastPkts, ifHCOutBroadcastPkts) are filled, on vlan interfaces multicast in/out and broadcast out packets stay zero whole the time. We use arp, hsrp, ospf and other well know broadcast and multicast based protocols.
Does anybody know why this counters do not increase?
Attached you find an excel sheet which shows an example of interface counter vs. vlan counter.
many thanks in advance,
Thorsten Steffen

Hi jon,
belown the result of sh sdm prefer,so need i a licence ip service to apply the route-maap on the interface vlan,or just entrer the config"sdm prefer routing" and reboot the switch?
SWBB0#sh sdm prefer
The current template is "desktop default" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses:                  6K
number of IPv4 IGMP groups + multicast routes:    1K
number of IPv4 unicast routes:                    8K
    number of directly-connected IPv4 hosts:        6K
    number of indirect IPv4 routes:                 2K
number of IPv6 multicast groups:                  64
number of directly-connected IPv6 addresses:      74
number of indirect IPv6 unicast routes:           32
number of IPv4 policy based routing aces:         0
number of IPv4/MAC qos aces:                      0.5K
number of IPv4/MAC security aces:                 0.875k
number of IPv6 policy based routing aces:         0
number of IPv6 qos aces:                          0
number of IPv6 security aces:                     60

Vlan Interface on a 2691 router

Hi,
I am trying to create an vlan interface on a 2691 router but can't do it. What switch module do I need and what code. Argh!! I've searcehed all over cisco but I can't find it. What am I mmissing??
Thanks,
Lee

Can you give us more information about what is it that you're trying to do?
Your IOS is the latest and greatest in the 12.3 line as of the date of this posting. And your Feature Set is Advanced Enterprise Services, which is the fullest Feature Set you can get. (The "Plus" capabilities were folded into Enterprise Services when Cisco reorganized the Feature Sets they offer.)
Going back to your original situation. I may have misunderstood exactly what you are trying to do.
RE: "I am trying to create an vlan interface on a 2691 router but can't do it."
If by this you mean you are tring to create an "interface Vlan2" or "interface Vlan10" or "interface Vlan18" like you can do on the Cisco Catalyst switches, and then put interface-specific commands underneath it, then I don't think you can. Even though you can enter "interface ?" and it shows Vlan as one of the options, it is my understanding that you do it as I outlined above in my previous post.
If you are going to carry multiple VLANs on a single router port connected to an 802.1Q trunking switch port, then if you need IPX capabilities on a particular sub-interface, just add the IPX network address and IPX frame/encapsulation type under the sub-interface.
If you're just trying to dedicate one router LAN port to act as a default gateway for a particular VLAN, then connect the router to a switch port that is defined as an access port for that VLAN. Assign the appropriate IP and IPX addressing under the router's LAN interface and you're done. No need for sub-interfaces, or bothering to configure the router with any Layer 2 VLAN information, except maybe a description assigned to the port that tells you what VLAN on the switch you're connecting it to.
RE: "What switch module do I need and what code."
If you're trying to host multiple 10/100 switching ports within the router, then you are looking for some version of Cisco's 16-port EtherSwitch Network Module. The model number NM-16ESW-something, where the "something" designates support for inline power or an optional Gigabit Ethernet interface. This should run on the code you have.
The NM-16ESW supports 802.1Q, according to the documentation. But I have never worked with one, so I couldn't tell you how the interfaces are numbered (Fa1/0 through Fa1/15?). Also, I have no idea how the router communicates with the switching network module internally: are there 16 separate FastEthernet ports now, each one configurable as the router's own LAN ports are? Or is there some common, internal backplane-type connection between the network module and the router's CPU, configured like a Gigabit Ethernet VLAN trunk port when you implement multiple access VLANs on the 10/100 ports?
Rather than use an NM-16ESW in a router to handle multiple VLANs, I would just use a Cisco Layer 3 switch if it were only for routing IP. 3550 or 3750 would be fine. But if you need IPX routing, then in Cisco's line you either need routers or chassis switches running Enterprise code. Other manufacturers support IPX and IP in a stackable size: Foundry, HP, and Extreme Networks, for example. In fact, Foundry and HP (who OEMs some product from Foundry) use a CLI very much like Cisco's. I've even seen HP switches show up as CDP neighbors to a Cisco router.
There are times to use routers and times to use Layer 3 switches. And times when you need both. It all depends on what you're doing, and what you're trying to do it with...

Could I use "vlan interface" as a tunnel source of DMVPN ?

I have a router R2811 with a 9 port FE Switch module(HWIC-D-9ESW).
Could I use vlan interface as a tunnel source when configuring DMVPN ?
The vlan ports is on the 9 port FE Switch module.
Because it's used now in production,I can't try it.

Hello.
I think there is no restriction on software routers like 2811.
PS: using loopback could be a better idea.

Netflow on 6509 in Native Mode from Vlan Interface

I'm trying to get a 6509-E, running Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.
2(33)SXI9, RELEASE SOFTWARE (fc2), to send netflow traffic from a vlan interface to a Solarwinds server.
The server is not seeing all the vlan traffic, but does see all the traffic on the layer 2 ports (not netflow).
I've seen that a command, ip flow ingress layer2-switched vlan, needs to be enabled, but the OS I have does not support that command.
Or could it be that MLS is not configured except for a couple commands:
mls netflow interface
mls cef error action reset
netflow setup:
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
    Source(1)       10.31.101.1 (Vlan52)
    Destination(1) 10.30.2.196 (2055)
Version 5 flow records
14927339 flows exported in 615072 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
0 export packets were dropped enqueuing for the RP
0 export packets were dropped due to IPC rate limiting
0 export packets were dropped due to Card not being able to export
interface:
interface Vlan52
description AN.VDI.stu
ip address 10.31.101.1 255.255.255.0
ip helper-address 10.31.149.200
no ip redirects
ip flow ingress
ip flow egress
ip pim neighbor-filter 98
ip pim sparse-dense-mode
ip cgmp

Enabling MLS was the fix.
mls netflow interface
mls flow ip interface-full
mls nde sender version 5
mls cef error action reset

ACE - Query VLAN Interfaces Status

Hi,
I am wondering what the status of the query vlan interface means in the command 'show ft peer detail':
Query Vlan IF State : UP, Manual validation - please ping peer
I am pretty sure that I did not see this status when I configured query vlan last time. Current version is A2(2.3).
Unfortunately this status does not seem to be documented anywhere on CCO.
I appreciate any help!
Thanks,
Daniel

Hi Daniel,
The FT Query VLAN interface is an optional, yet very good, feature to be used when using redundant ACE modules or appliances. Without it, if the FT VLAN was to go down, the standby ACE will no longer receive FT heartbeats from the active ACE and therefore take the active role. However, if the active ACE is still running fine in the active role, then you don't want the standby ACE to take over as active because that will put them into an active/active scenario, which may lead to connectivity issues.
This is where the FT Query VLAN interface comes in. If the FT VLAN goes down, the standby ACE will notice this, but before taking the active role, it will ping it's peer IP address configured on the interface that is designated as the FT Query VLAN. If the ping is successful, then it will stay in the standby role, thereby saving you some headaches.
The status that you are seeing is the ACE's way of telling you that the interface is UP, but if you want to know if it can successfully ping the peer IP address, then you would have to manually ping the peer IP address from the CLI. The ACE does not periodically check the ping connectivity through any automatic mechanism. The automatic mechanism is only triggered by the FT VLAN going down.
Does this help?
Sean

Ipv6 Vlan Interface EUI-64 assignation problem

Similar Messages

Maybe you are looking for