SPAN for vlan across Nexus vPC

Similar Messages

• Private vlan across switches in NX-OS

  Hi,
  I'm trying to make a scenario to span private vlan across multiple switches but I couldn't get this to work in NX-OS N7K.
  My topology is similar to the one in the picture attached.
  I tried to ping from isolated host vlan 201 in switch A to isolated host vlan 202 in switch B. Promiscuous trunk port has been configured to upstream router in Switch A. From switch a to switch b is a normal trunk port.
  But still, I can't establish any connectivity from host vlan 201 to host vlan 202.
  Any suggestion?
  thanks

  Jerry -
  Any idea why? This breaks the ability to use moderately complex ACLs. For example - how would you configure scavenger class traffic to ignore some traffic, and mark other?
  Carole

• How to span vlans across core layer in core/distribution/access campus design?

  Hi,
  I studied Cisco Borderless Campus Design Guide 1.0 (http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1-0/Borderless_Campus_1-0_Design_Guide.html) last week because we plan to redesign our campus backbone to a three tier Core/Distribution/Access Design.
  Today we use a collapsed backbone where a lot of vlans are spanned across the backbone because they are needed in different buildings.
  Could anybody give me a hint how Cisco recommends to deal with that kind of vlans in the multi-tier design?
  In my eyes between core and distribution layer there is only routing functionality and no l2 transport of vlans.
  So using the same vlan in different buildings seems not to be supported?
  Best Regards,
  Thorsten

  Thorsten
  Just to add to Joseph's post.
  It is quite common for a vlan to be spanned when it doesn't actually need to be ie. the network has evolved that way.
  Most things do not need L2 adjacency, they can happily use L3. Servers sometimes do but in the campus design your servers are usually located in one site so you don't need to extend vlans to other sites in your campus.
  Not suggesting this is the case for you but it may be worth checking whether you really do. (apologies if you already have)
  As Joseph mentioned you really want to avoid it if at all possible ie. ideally all connections to the core switches are L3 ie. no need for vlans at all in the core.
  If you need to extend a few vlans then you can do this but still route for all other vlans ie. you would configure your distribution to core connections as trunks and then allow the vlans you need to extend plus one other vlan, unique per distribution pair, to route all other vlans. So per site your distribution switches route all vlans except the extended vlans and of they need to route to a vlan in another site they use that unique vlan.
  But this is not ideal because you then need to extend certain vlans across the core and because you are using L2 connections STP could come into it although that does depend on your core switch selection eg. 4500/6500 VSS etc. would alleviate this.
  There are ways to extend vlans across a L3 network but the solutions available are very much dependant on the kit you use and their capabilities so if you do need multiple vlans in multiple sites but still want to keep a L3 core you may want to investigate some of those before purchasing kit (unless of course you have already purchased it).
  What you do really depends on just how many vlans you actually need to extend between sites.
  Jon

• Spanning vlans across access switches in distribution block.... please help

  Hi All
  Can someone please explain why Cisco states that in a Campus Hierarchical modle if Vlans are spanned across Access switches in a distribution block, then the Distrubution to distribution link should be Layer 2. Is this really necesary or just a recommendation, and if so why? Can't this link be a L3 link when spanning vlans across Access switches in distribution block, as I understand the benefit of having a L3 distribution to distribution link so that SPT is avoided.
  Please help

  Hello,
  The cisco recommended design is L3 links, but these is only possible if you have no vlans you need to span over the hole network.
  It depends on your topology or what you want achieve.
  If you need for one or more vlan's spanned the LAN, you need to use a layer 2 connection between all switches and between distribution too.
  In my company we have for example a few vlans for restricted areas, like device management or else, so we can't use L3 Links in the distribution area because these vlan's are terminated at the firewall. I think these is good thing.
  I would recommend you if you don't have to span one or more vlan's across the network to use L3 Links, specially in the case of redundancy way's. So you need no spanning-tree, but need to use other protocols like GLBP or else. The works faster and are not so confusing (for some people) as STP.
  best regards,
  Sebastian

• Span VLANs across switches

  VLANs are new to me so please forgive me -
  We have 5 Cisco sg500x switches. We need to create two vlans across some or all of the switches.
  I have been successful in creating vlan1 on one switch and excluding and including ports to segregate traffic. My problem is I can’t get the other switches to see vlan1 that was created on the original switch. I have enabled gvrp on all switches and ports assigned to the vlan but no luck in getting vlan1 devices to communicate across switches. How do I make this work? I think my main problem is creating uplink ports between the switches to carry the vlan across.
  How do I go about spanning vlans across the switches?
  Many thanks

  Thanks Robert I think that has got me a bit further in that I'm not getting VLAN MISMATCH error any more. I believe it was because the trunk ports were marked as untagged.  I still don't feel I understand the NATIVE VLAN concept or how to set it. If I have the default VLAN(1) and I have the VLAN I am trying to span across two switches (VLAN2) do I then need a 3rd VLAN to be the native for either end of the trunk between the two switches? Anyway this what I've done in more detail -
  On Switch 1
  Create VLAN 2: VLAN ID 2
  Set port 2 as follows: Default VLAN1 = forbidden, VAN2 = trunk, tagged
  Set port 3 as follows: Default VLAN1 = forbidden, VAN2 = access, untagged
  On Switch 2
  Create VLAN 2: VLAN ID 2
  Set port 2 as follows: Default VLAN1 = forbidden, VAN2 = trunk, tagged
  Set port 3 as follows: Default VLAN1 = forbidden, VAN2 = access, untagged
  With rj45 connect port 2 on both switches to each other. Clients connected to port 3 on both switches cannot ping each other across the trunk.
  Seeing this in the logs:
  Warning: %STP-W-PORTSTATUS:gi1/1/2: STP status Forwarding
  IP info:
  Default VLAN1 on 172.16.1.0/21
  VLAN2 on 172.16.40.0/21
  Any suggestions or areas to investigate would be helpful however obvious they may seem to anyone as this is my first effort with a Cisco. Thanks

• Extending VLANs across routed interfaces

  Hello;
  I'm trying to create a L3 core network. The core equipment will be Cisco 3750 enhanced. My idea is make each link between core 3750 a routed interface, with /30 IP addresses.
  The problem is the customer needs some VLANs extended across the full enterprise. Is there any way to encapsulate the VLAN inside routed interface?
  Thanks in advance.

  I realize this thread is 5+ years old, but I feel like commenting anyway.
  If you want to encapsulate the vlan across that link, you won't be able to use routed interfaces.  You will need to use a layer 2 trunk(dot1q).  Therefore, I wouldn't bother with the /30 addresses unless you want to monitor that specific link by IP.  In that case, use a special VLAN just for those two interfaces and put your /30 addresses on the vlan interfaces.
  If you want fast fail over on a layer 2 link, well then, use Rapid STP.  The goal should be to get rid of those flat VLANs that span the core and switch to your original plan of routed interfaces using EIGRP or OSPF.

• VLANS across WANS

  I am working on a project for CCNA class. I want to maintain VLAN identities across multiple WAN sites...i.e. My central Core will be in LA, remote offices at Dallas and St Louis. If I define VLANs 10, 20,30, and 40 at LA for 4 departments, with network 10.0.10.0/22, 10.0.20.0/22 etc..I have considered using EoMPLS to maintain the VLAN structure and the ability to not have to change or reassign different  network address at the remote sites. In essence, I wish to have the same subnets at all sites for all VLANS and implement NMC from the LA office. I want to have VLAN 10, with 10.0.10.0/22 at all 3 sites. Is this possible and maintainable from a management standpoint using EoMPLS. What am I missing here? Other posts I have researched state that this is not possible and not recommended. The objective is to maintain VLANs across all 3 sites.    
  If not, then how do we maintain VLAN identities and membership across all 3 sites with different Subnets? I am just looking for ideas, not solutions. Just some guidance, since I am a student. 

  I haven't personally used EoMPLS, but it seems a viable option.  The other L2 extension technologies to consider are:
  VPLS
  OTV (ASR1k or CSR1k)
  L2TPv3 (can use regular IOS routers)
  Typically you'd only consider extending L2 VLANs across a WAN for DCI (data center interconnect) and not branch to branch. 
  L2TPv3 is a neat feature that can be done cheaply using 800-series routers.  It does transmit all L2 traffic so it's possible to have spanning tree loops over the WAN (fun in the lab, but not in production).

• Spanning one image across two monitors?

  If this has been asked before, I applogize. It is probably a simple solution, but, not sure if it is possible.
  I am using an Imac 17" Display, 160 Gig HDD, 1 Gig RAM and an external 19" monitor (as an extended desktop)
  I have downloaded some of the split screen backgrounds, and, they look fantastic, but, they can be hard to find.
  I am wondering, if I get a widescreen background (Single. Not Dual Monitor), can it be set to Span the image across both monitors?
  My resoloution for my 17" Imca is 1400 X 940 (Or, whatever the native resolution is for it)
  My external monitor is set to 1280 by 1024
  Any help would be appreciated.
  Gary

  I had the same problem.  U need to install ITAP RPD, it supports spanning very well.  U can test with their trial version.
  I have a new IMac 27" with 27" Thunderbolt second display.  Working on remote desktop with 5120 x 1440 pixels is awesome, and ITap supports it very well
  Cheers

• Is there an NXOS command to check to see if traffic is being dropped from traversing a Nexus vPC link?

  Is there an NXOS command to check to see if traffic is being dropped from traversing a Nexus vPC link?

  iTunes 11 seems to shuffle just fine for me.
  You can restore much of the look & feel of the previous version with these shortcuts:
  Ctrl-B to turn on the menu bar.
  Ctrl-S to turn on the sidebar (your device should be listed here as before).
  Ctrl-/ to turn on the status bar.
  Click the magnifying glass top right and untick Search Entire Library to restore the old search behaviour.
  If you want to roll back to iTunes 10.7 first download a copy of the 32 bit installer or 64 bit installer as appropriate, uninstall iTunes and suppporting software, i.e. Apple Application Support & Apple Mobile Device Support. Reboot. Restore the pre-upgrade version of your library database as per the diagram below, then install iTunes 10.7.
  See iTunes Folder Watch for a tool to scan the media folder and catch up with any changes made since the backup file was created.
  tt2

• Creating multiple vlans across multiple switches

  Hi All,
  How should I create multiple vlans across multiple switches?
  For instance, I have two (primary/redudant) layer 3 (core) switches and four layer 2 access switches (Cisco 2960) for the hosts, and given these are the vlans/subnets to be created. Should I do it in the core switches only and it would just propagate through the access via VTP?  Just trying to practice and learn.. Any help will be greatly appreciated:)
  VLAN 100: [DHCP-workstations]
  172.26.4.0/24
  172.26.5.0/24
  VLAN 200: [Servers]
  172.16.1.0/24
  172.16.2.0/24
  VLAN 300: [Printers]
  192.168.129.0/24
  192.168.130.0/24
  VLAN 800: [Management for switches/routers]
  10.160.1.0/24

  Hi
  You will have the SVI on the core. Set a VTP domain, make one of the cores as VTP server and rest of the switches as VTP clients. Once you do this, you won't have to login into each switch and create a vlan locally. The vlans will be automatically advertised from the VTP server to all the VTP clients.
  Thanks
  Ankur
  "Please rate the post if found useful"

• Extending VLAN across Data centers

  I hope you can help, I have 2 data centers connected via a L3 10gb (dark fiber) now I have a few more fiber strands available between the 2 data centers; so for Disaster Recovery and server clustering (requiring same subnet) does it make sense to extend certain vlans across using these extra fiber strands or is it best practice to keep the layer 3 separation, thanks in advance!

  Borman
  It does make sense in terms of clustering. Not sure exactly what you mean in terms of disaster recovery, that really depends on your topology/addressing.
  Basically i would route where you can and extend L2 when you have to. Be aware you are extending L2 between data centres and tha brings STP issues. Obvioulsy make sure you only allow the vlans you need on this link and route all else.
  There are other ways to extend a L2 vlan across a L3 link - L2TPv3 springs to mind.
  Jon

• No Spanning-Tree Vlan # on C2950

  Hello everyone,
  I've recently found that one of the switches on my network (which I never set up) is running a "no spanning-tree vlan 3, 5, 10" command, which I want to remove, but I have been unable to. When I do try and type in "spanning-tree vlan 3" nothing comes up, but when I show spanning tree it lets me know that it doesn't exist.
  Is there a command I'm missing? (It's a larger number of vlans)
  Thanks in advance,
  David

  I'm not sure there would be anything for spanning tree to calculate if no ports on the switch are assigned to vlan 3.  Try assigning an unused port to vlan 3 and see if your output of sh spanning-tree vlan 3 changes.

• Root bridge for VLAN 1

  If I have 2 core Layer 3 switches that are in an HSRP config, each of the active router vlans are setup already as the root bridge for those particular vlans, who should I designate as the root bridge for VLAN 1 ?

  Root bridge and the active router in hsrp are not really related.
  Root bridge selection is only used to control which paths are blocked if any. The actual path of the traffic does not have to pass via the root bridge. It will always take the most direct path between the machines.
  It is much more important to see where the blocked link is if you have any.
  As a example you have a distribution switch connected to your 2 core switches and the 2 core switches connected to each other. You design you spanning tree to block the link between the 2 core switches by setting the cost very high. In this case any machine on the distribution switch can directly access either core switch. Since only the core switch that is the active HSRP router for a vlan will advertise the common mac address the distribution switch will only see the mac address on one of the two links. Either core switch can be set as the root but the traffic will alway directly flow to the active HSRP device.
  Of course you don't want to block the line between the switches because the HSRP keepalive message will be layer 2 routed via the distribution switch. In a very simple design it is common to have the root bridge be the HSRP active device just because its easier to configure but the concepts are not really related. Root bridge placement is more related to traffic volumes than anything else it just tends to be true that the switch has the gateway is also the highest volume of traffic

• Sending specific Vlan across wireless bridge

  Hello All,
  I would like to know how I can send a specific VLAN across a wireless bridge.  Currently, we have a building across the street from our main office that's connected via a wireless bridge (no physical cabling).  One of the switches in building 1 has a port in VLAN 206 (10.20.6.0/24) which connects to the wireless bridge (10.20.6.3) on that building.  The wireless bridge in building 2 is 10.20.6.4 and connects to a router on the same subnet.  So both bridges, the switch in building 1, and the router in building 2 are all on the same subnet.  I need to send VLAN 60 across this wireless bridge so that the workstations in building 2 can go out to the Internet.  As a side note, VLAN 60 is unrouted and is it's own subnet which has it's own firewall and web filter.  My thought on this is that if I can get the wireless bridges to send VLAN 60 to building 2, then all I would need to do is add the workstations to that VLAN on the switch in that building and all should be well.  I'm just not sure what I need to configure on the bridges and how building 2 should be configured seeing that the 2nd bridge connects to a router instead of a switch.  Any tips, suggestions, and help would be great!
  Thanks,
  Terence                  

  assume that i have two bridges Br-root , and Br-nonroot and i want to send traffic from multiple vlans across the wireless link, all you need to have is infrastructure-ssid on the native vlan. Then define the required subinterfaces on both radio and ethernet of root and non-root.
  Example: ( vlan 1 , 2 , and three )
  Root(config)#dot11 ssid test             
                   #authentication open
                   #vlan 1
                   #infrastructure-ssid
                  #exit
  Root(config)#interface dot11radio 0
                   #ssid test
                   #station-role root bridge
                   #no shut
                  #exit
  Root(config)#interface dot11rdio0.1
                   #encapsulation dot1q 1 native
                  #bridge-group 1
                 #exit
  Root(config)#interface dot11rdio0.2
                   #encapsulation dot1q 2
                  #bridge-group 2
                 #exit
  Root(config)#interface dot11rdio0.3
                   #encapsulation dot1q 3
                  #bridge-group 3
                 #exit
  Root(config)#interface fa0.1
                   #encapsulation dot1q 1 native
                  #bridge-group 1
                 #exit
  Root(config)#interface fa0.2
                   #encapsulation dot1q 2
                  #bridge-group 2
                 #exit
  Root(config)#interface fa0.3
                   #encapsulation dot1q 3
                  #bridge-group 3
                 #exit
  for the non-root , same config but the station-role should be non-root
  Enjoy

• Management vlan across wan links

  I have 50 sites. There is one server at each of the 49 sites. The 50th site has the bulk of the servers. My Director wants me to create a 'management' vlan that spans all 50 sites for the integrated lights out port of all the servers. I don't think that it is necessary or wise to creat vlans that span wan links. Any input is welcome!

  NO, DON'T DO IT.......
  Why do people suggest such crazy things? Think of the spanning-tree and broadcast implications - jeez I wouldn't even span a VLAN throughout a Campus LAN, let alone the WAN.
  I can understand the need to keep this off the main network but I would just create another VLAN at each remote site to cater for this requirement and then maybe protect it with ACL's if need be.
  HTH
  Andy