STP vs routing

Similar Messages

• The STP originated project I hear, the FCP project I don't - tho I see both

  Hi, thanks for reading!
  I created a multitrack project that monitors audio correctly. Great. But now I've "sent" a sequence to STP from FCP 7, and it imported fine, and the audio levels show on all the meters, but I can't hear anything. If I click back to my first project (which I created from scratch and is still open), I hear it fine.
  Wonder what I'm missing. Thanks in advance, I'm sure it's simple.
  Tudor Applen

  Thought I'd post my discovery in case someone else has this problem. I have a BlackMagic Decklink card installed for FCP, and the audio seems to want to follow it in STP when I export my sequence from FCP, unless I turn off the external video playback (ctrl+v). Then STP will route the signal to the Digital Out like I want. (Otherwise, I'd have to fire up the analog audio hardware to hear through the Decklink which is where it wants to follow the video flow.) That also explains why the project created from scratch was fine - it had no video. Hope this helps somebody.

• Strange nexus behavior

      I'll try to explain this best i can .   We have  2 6509's  running port channels down to 2 Nexus 7000' where the 7000's are running vpc .  All the routing is still being done on the 6509's .   The nexus 7000's only have routing running via separate ospf links back to the 6509's . The plan is to eventually have the routing on the nexus so we have all the layer 3 SVI's that are on the 6509's defined on the 7000's  with hsrp but all are admin down on the 7000's for now.  On the 7000's all the routing looks correct with all the ip routes being learned on the separate ospf links.  This is the strange thing from the 7000's if try to ping  the svi addresses both the primary and secondary addresses on the 6509's they  ping fine but if you try to ping any hsrp virtual address none of those ping .  The really strange thing we see in the routing table on the 7000's  is that hsrp virtual  is put into the ospf table as a /32  with a source of the vlan that it is on on the 7000's which is admin'd down so obviously that traffic is not going to go anywhere if it's trying to send it down a admin down SVI  . The actual subnet that the SVI is in is a /24 .   So what we tried is we removed the downed svi on both 7000's and then cleared that /32  virtual address and it works correctly  and the route for that address looks correct being the ospf uplinks to the 6509's . I'm not sure what to make of it . Is there some inherent difference in the way the Nexus handles hsrp even if it's admin'd down?   Or can anyone explain this behavior .  I will add this if you stick a device in that vlan on  either the 7000's or a nexus 5000 which is below the 7000's configured with an address and the virtual address as the gateway  it rides the vpc's as it should up from the 5000's to the 7000's and up  to the 6509s .  You can also ping the hsrp virtual from this device . The problem just seems to be with the nexus 7000 and ospf  and the hsrp virtual address being in the table as a /32 pointing to a vlan which is admi'd down on the 7000's .  Strange.   Any speculation welcome...

    Well there seems to be at least 2 or 3 bugs that are fairly close to this so my guess is it is a bug .  Seems like there is more hsrp bugs than there should be on the Nexus platform.   The only problem with this is a "clear ip route *"  does not fix what we are seeing so we really don't have a fix for this issue.
  STP vPC: route still installed after no hsrp
  CSCuh07613
  Description
  Symptom:
  hsrp vip is down by "shutdown" or "no hsrp", but route still installed
  Conditions:
  - On a N7k running 6.2(2)/6.2(2a) when a new SVI is created and HSRP is configured.
  - disable hsrp by "no hsrp " or shutdown interface.
  Workaround:
  clear ip route *
  Further Problem Description:
  Customer Visible
  Was the description about this Bug Helpful?
  (0)
  Last Modified:
  Jan 2,2014
  Status:
  Fixed
  Severity:
  3 Moderate
  Product:
  Cisco Nexus 7000 Series Switches
  Support Cases:
  5
  Known Affected Releases:
  (2)
  6.2(1.111)S5
  6.2(2a)

• No Audio when using firewire DV

  Hello!
  When I set SoundTrack to play the video using my firewire DV device (a little camcorder attached to an analog TV set) it reroutes all audio to that camcorder instead of using my otherwise fully functional 5.1 audio setup.
  How can I keep the audio playing through my external (USB) 5.1 audio setup while routing the video to an external firewire MiniDV camcorder?

  I've had a similar problem and posted a few questions myself regarding the "no audio" when going from FCP to STP.
  But I figured it out: If you connect a DV cam via Firewire, the audio in STP is routed to the camera only.
  In my case I also have a MOTU 828MKII audio interface connected via a separate FireWire, but it seems that in STP only the DV cam get the audio.
  As soon as I disconnect the DV cam, the Audio can be routed to my audio interface as per my Audio/Midi setup.
  In FCP I don't have this problem.
  So now, when using STP, I disconnect the DV Cam and get my Video via an RGB connection to the TV and the audio can be routed as I want.
  Not really elegant (and not really Apple-like not to have full Audio/Midi setup compatibility) but then again, when working in STP, it's the sound that matters and not the picture.

• Xbox 360 w/ WRT54G - MTU Failed Connecting to XBox Live

  Any help will be greatly appreciated. My son is aching to connect to XBox Live.
  Our home network works fine from wireless cable modem.
  Need to use our spare WRT54G as XBox 360 connection to 'net..
  In advance, thanks.
  ChicagoArt
  Here is our network setup:
  Linksys WRT54G V3 Wireless Gateway Router
  Firmware: DD-WRT v23 SP2 (09/15/06) std
  WAN IP: 0.0.0.0
  Connection Type Disabled
  STP Disabled
  Router Name DD-WRT
  Host Name Blank
  MTU Manual 1365
  Router IP 192.168.1.2
  Subnet Mask 255.255.255.0
  Gateway Blank
  Local DNS Blank
  WAN Port
  Assign WAN Port Switch Checked
  Network Address Server Settings (DHCP) 
  DHCP Type DHCP Server
  DHCP Server Disable
  Start IP Address 192.168.1.100
  Maximum DHCP Users 50
  Static DNS 1 
  Static DNS 2 
  Static DNS 3 
  WINS Blank
  Use DNSMasq for DHCP Checked
  Use DNSMasq for DNS Checked
  DHCP-Authoritative Checked
  Use local time Checked
  MAC Address Clone Enable
  Clone WAN MAC 00:13:10:7D:24:FA
  Clone Wireless MAC 00:13:10:7D:24:FB
  Operating Mode OSPF Router
  Wireless Mode Client Bridge
  SSID XXXXXXXXXXXX
  Wireless Security WPA Pre-Shared Key
  MAC Filter Disable
  Advanced Wireless Settings Authentication Type Shared Key
  SPI Firewall Disable
  Router Name DD-WRT 
  Router Model Linksys WRT54G/GL/GS 
  LAN MAC 00:13:10:7D:24:F9 
  WAN MAC 00:13:10:7D:24:FA 
  Wireless MAC 00:13:10:7D:24:FB 
  WAN IP Disabled 
  LAN IP 192.168.1.2 
  Wireless Radio Radio is On 
  Mode AP   
  Network Mixed   
  SSID XXXXXXXXXXXX
  dd-wrt  Channel 6 
  Xmit 28 mW 
  Rate 54 Mbps 
  Services
  DHCP Server Disabled
  WRT-radauth Disabled
  WRT-rflow Disabled
  MAC-upd Disabled
  Samba Mount Disabled
  Sputnik Agent Disabled
  XBOX 360
  Ethernet connected to Linksys WRT54G
  Status Code
  MTU Failed
  Status Code W: 0000-000B
  Status Code X: 0000-F001

  I have the WRT54G Version 6. I could not connect -- First I updated the firmware. Check the linksys site for your router under support to ensure you have the most up-to-date firmware. Still could not connect. Observed which IP it was assigning to the XBox then put this IP address into the DMZ. It has worked since. Might work, might not. I noticed you have the V3 router, so hope this helps in some way.

• Goods Receipt in STO with delivery ( SD Route ) problem

  Hi,
  there is issue related to Goods Receipt in STO with delivery ( SD Route)
  here
  1. PO with delivery is created ( SD rote )
  2. with reference to above STO outboud delivery & PGI is done
  but after this Goods Receipt is done but outbound delivery document is not updated.
  Note : as per my understanding here user has done Goods Receipt against STO PO instead of Outbound delivery.
  so please guide me so in the future user can not do Goods Receipt against STP PO in the case of STO with delivery cycle. only user can do Goods Receipt against outbound delivery.
  Thanks
  h shah

  You have to ensure in your organizational processes that there is no switch between Transactions MB0A/MIGO and VL32/VL32N. please read the note 199703.

• You can bridge the Fios Quantum Gateway Router

   Long story short. I could not figure out how to disable SIP on the Fios Gateway Router and some my Intercom Video Door station in use by my Control4 uses SIP. The router was causing conflicts and Control4 advised that SIP needs to be disabled on the router. Disabling SIP is a very common answer to people using IP based video conferencing or VOIP phones. That left me with 2 choices. Get the Fios Quantum Gateway to bridge and install my own router where SIP can be disabled, or get rid of Fios and use an ISP that does not require a combo "modem"/router. I didn't want to give up on Fios so easily. My installation was new and I am happy with the uptime and performance. I spent 2 days trying to get my Fios Quantum Gateway to Bridge.   I am writing this up so that someone else doesn't have to live the pain I've lived.  First up, after multple days of looking, their are limited instructions on getting the Fios Quantum Gateway router to bridge. The instructions you can find are for the Actiontec router. It's "almost" the same router but not 1:1. Most step by step guides say that the steps for the Actiontec will work for a FIos Quantum Gateway. That's not inaccurate, but isn't fully accurate either. Their are steps involved in the Acitontec instructions that do not apply to the Fios Quantum Gateway. First - this link is the baseline instructions I found that mostly work: http://www.dslreports.com/forum/r27666920-How-to-Make-Actiontec-MI424WR-Revision-I-Rev-I-a-Network All credit to the authors that came before me. I didn't discover these steps. I hijacked them and tested them with some revisions for a Fios Quantum Gateway router. I take not credit or responsbility for any action you take based on my post. It "works for me" and continues to work after 24 hours. My please note that I am using Coax/MoCa from the ONT to the Router and that Ethernet was not an option. I am going to repost the steps verbatim, but add some notes along the way where my experience was different in bold. I highly recommend you read the entire thing one time before starting with the step-by-step. You can replace the word Actiontech with Quantum Gateway in the below. Their are subtle differences in termonligy between the Acitontec and the Quantum. If you see a step in the guide and can not follow because your Quantum doesn't have the same display, you must find the nearest equivelement or ignore it entirelly. First get your Router and Actiontec set up like so: ONT -> Coax -> Actiontec Coax Port -> Actiontec LAN Port 1 -> My Selected Router WAN Port. Unplug the cable from the WAN Port, but keep it nearby. I was actually in LAN Port 1 on the Quantum Gateway but I don't think it will actually matter.
  Now we need to obtain the WAN MAC address of each Router device.
  For the Actiontec go to: Top Menu – Advanced – MAC Cloning – Set Mac of Device – Broadband (Coax). Here you should see the MAC Address, write this down on a paper or something. This is critical. You need to do this. Without the clone, I was unable to bridge. Note that I did not have to STAY cloned. I just had to clone until the lease expired even though I believe I had released the IP successfully. For your own router: You need to look this up yourself. The ASUS RT-N56U (w/ custom firmware) has a spot that just displays my WAN MAC address for me. I'm using an EdgeRouter from Unfi. Nobody can help you here except the forums for the router you are using because how you do this is different from router to router (generally speaking.)
  Once you have both of these pieces of information, it is time to start.
  1. Hardware Reset Actiontec Router I wouldn't do this. I didn't. I would actually save a copy of the configuration you have on the router before going any further, in case you have to hardware reset and restore your router.
  2. Log into Router using [ admin/password ].
  3. Change admin login info and set a different password. There should be a link on the side.
  4. Top Menu – My Network – Side Menu – Network Connections – Network (Home/Office) – Settings – IP Address – Setto 192.168.x.1 where x is not used on your LAN – Apply
  *NOTE*: Upon changing the default gateway IP of the Actiontec from 192.168.1.1 to 192.168.x.1, you will need to [ ipconfig /release ] and [ ipconfig /renew ] from Command Prompt, so your computer can quickly reconnect to the Actiontec. I changed this to 192.168.0.5 because my DHCP starts at 50. The Fios default is 192.168.0.1 and not .1.1.
  5. Log back in to Actiontec router with new IP and new password you previously set.
  6. Top Menu – Wireless Settings – Side Menu – Basic Security Settings – Wireless Off – Apply 7. Top Menu – Firewall Settings – Side Menu – General – Minimum – Apply
  8. Top Menu – My Network – Side Menu – Network Connections – Advanced 9. Top Menu – My Network – Side Menu – Network Connections – Broadband (Coax) – Settings – Release – Apply
  *NOTE*: If your IP address is not released properly you will need to wait 2 hours for your lease to expire or you’ll need to call Verizon Tech and get them to restart your system.
  10. Broadband (Coax) – Settings – IP Distribution – Disable – Apply 11. Broadband (Coax) – Settings – DNS Server – No DNS Server – Apply 12. Broadband (Coax) – Settings – IP Address – No IP Address – Apply
  13. Top Menu – My Network – Side Menu – Network Connections – Network (Home/Office) – Settings – IP Distribution – Disable – Apply 14. Network (Home/Office) – Settings – DNS Server – No DNS Server – Apply 15. Network (Home/Office) – Settings – UNcheck Box to Left of Wireless – Apply
  *NOTE*: The old guide will tell you to uncheck the box to the left of “Coax” here. Unfortunately, in the Rev. I, Ethernet and Coax are stuck together as “Ethernet/Coax” and you can’t split the two. If you uncheck the box to the left of “Ethernet/Coax”, you will lose connection with the Actiontec Router and you will be forced to hard reset and start all over again.
  16. Network (Home/Office) – Settings – Check Box to Left of Broadband (Coax) – Apply 17. Network (Home/Office) – Settings – Check STP Box to Right of Broadband(Coax) – Apply The Quantum Gateway didn't have an STP box to uncheck. I ignored this step with no adverse effects. 18. Network (Home/Office) – Settings – Network – Broadband Connection – Apply
  19. Top Menu – Advanced – MAC Cloning – Set Mac of Device – Broadband (Coax) Using the information you gathered at the beginning: a. Set the WAN MAC of your selected Router to the MAC address listed here. b. Set the Address here to the WAN MAC of your selected router that will be connected to the Actiontec to avoid conflicts.
  20. Plug the cable from Actiontec LAN Port 1 to your Routers WAN Port. Your router should be getting a WAN IP from Verizon. Test to make sure your WAN is established and that you can connect onto the internet, browse pages. Run a speed test to make sure everything is peachy.
  *NOTE*: If your router did not get a WAN IP, you have a problem. I would recommend trying to re-trace your steps to see if you missed anything or just start all over and hard reset. :\
  21. If everything worked out fine, connect a cable from your Router’s LAN Port 4 to the Actiontec LAN port 4. Again, I was using Port 1. But it shouldn't matter. I haven't tried other ports.
  22. Power cycle your STB if you wish. You should see your STB show up in your DHCP list and it should be getting VOD/Widgets. This wasn't neccessary for me as I don't use Verizion TV service. Your millage may very. -V

  NOTE: about bridging the Quantum Gateway G1100 Information about this is in DSLReports.com - Verizon FiOS FAQ.  SEE: Verizon Online FiOS FAQ -> 3.2 Moca -> Can I get an ethernet connection in a room with only coax? There is a list of instructions for bridging routers, but the Verizon Quantum Gateway is not included there. Follow down the instructions and at step 2.5 here is added information that is not in the FAQ yet. 
  Instruction 2.5...
  2.5a) The Verizon Quantum Gateway G1100 is slightly different from the Actiontec MI424wr. If your primary router's broadband connection is provisioned over coax, you need to disable the remote router's coax WAN connection to prevent it from attempting to become the primary router. If your broadband connection from the ONT to your primary router is ethernet, this step may be unnecessary.
  Click on the MY NETWORK icon at the top.
  Select NETWORK CONNECTIONS from the menu on the left.
  If you’re using the Verizon Quantum Gateway G1100 as the remote router the Network Connections panel will show Broadband Connection (Ethernet/Coax) instead of Broadband Connection (coax).
  Click on Broadband Connection (Ethernet/Coax)
  The next panel displays Broadband Connection (Ethernet/Coax) Properties as its title. There is a Disable button at the top of the panel. There is also a Settings button at the bottom of the panel. You will come back to the Disable button.
  Click on the Settings button.
  The next panel displays the same title as the prior panel: Broadband Connection (Ethernet/Coax) Properties
  In the middle of the panel next to the heading Enable/Disable Coax Link: there is a button labeled Disable.
  Click on Disable.
  Click on the Apply button at the bottom of the panel.
  You will be taken to the Broadband Connection (Ethernet/Coax) Properties panel that you saw before.
  At the top of this screen there is a button labeled Disable
  Click on Disable
  Click on the Apply button at the bottom of the screen.

• Newbe question about SG300-20 dropping port to Router

  Hello to you all
  Today I received my new SG 300-20 managed switch to replace an unmanaged switch with some faulty ports.
  I want to use it in a a combined Home / Small Office environment. It is my first purchase and use of a managed switch so am still new at it.
  I come from an IT-background but more from the software side than the hardware side of things, but I feel comfortable with hardware and network things.
  I was planning to start using the switch in its most basic configuration first and gradually start learning the finer details of its configuration, with the ultimate purpose of setting up several VLANs for business, private use and media playing and to do some IPv6 experimenting.
  All my attached devices are Gigabit network capable.
  The issue is when connecting the cable to my router (an ISP provided FritzBox 7340 (an ISP version comparable to 7390) which is IPv6 capable) the SG 300-20 keeps dropping the port.
  The log show the following messages repeated 3 times:
  2147483597   2011-Mar-18 17:08:53 Warning   %LINK-W-Down: g8 
  2147483598   2011-Mar-18 17:08:50 Warning   %STP-W-PORTSTATUS: g8: STP status Forwarding 
  2147483599   2011-Mar-18 17:08:46 Informational   %LINK-I-Up: g8
  It doesn't matter which port I use the same thing happens each time.
  All other devices connected to the SG 300-20 just work fine.
  When I connect the router to my old switch it also just works fine.
  When I connect my old switch with router attached to the SG 300-20 it works fine and the DHCP on my router will provide the SG 300-20 with an IP-address.
  I just can't connect the router directly to the SG 300-20.
  I'm a bit at a loss of where to look for a solution.
  As I said all is still in default settings.
  Can anybody point my to a solution or way of finding out what is the problem why the port is being dropped?
  Thank you
  Alwin

  This is a gateway device.....also known as a modem/router. It combines the functions of a separate modem and router in one package.
  The Q1000 is the main router on your network, so any port forwarding (Apple calls it Port Mapping) must be done on the ActionTec device.
  The Time Capsule is in Bridge Mode. In this type of setting, all ports are automatically already open. So, there is no need to "open" a port that is already "open".
  The Time Capsule will simply pass through any information that it receives from the ActionTec gateway to other connected devices on the network.

• Is it better to use router port versus vlan member port?

  Hi CSC,
  This is more of a philosophical or "best practices" question.
  I have a Cisco 3550 at the home office. Connected to the 3550 is a number of branch offices by way of T1 circuits or VDSL modems. They all come to the home office, where we have a central internet connection and server farm for our entire organization.
  Except for one special case branch office, we don't forsee the need for appearances of the  home office vlan at the branch office sites. In that case, we bring it  into a trunk port at the home office, and at the special case branch office we have a dell 3024  switch and tag some ports as vlan 18 (the home office) or vlan 27 (the  special case branch office).
  We also do not forsee a need for the vlan from one branch office to appear at another branch office.
  They are all (except for the special case mentioned above) currently configured something like this:
  interface FastEthernet0/1
  description home office
  switchport access vlan 18
  switchport mode access
  interface FastEthernet0/2
  description t1 to branch office 1
  switchport access vlan 19
  switchport mode access
  interface Vlan18
  description subnet for home office
  ip address 192.168.18.1 255.255.255.0
  interface Vlan19
  description subnet for branch office 1
  ip address 192.168.19.1 255.255.255.0
  Is it better, in terms of reduced network complexity or performance on my 3550, to do something like this instead?
  That is, to make the interfaces router ports as opposed to vlan member ports?
  Of course, if we ever DID need to have appearances of the home office vlan at branch office sites, or appearances of one branch office's vlan at another branch office, we would lose that flexibility.
  interface FastEthernet0/1
  description home office
  switchport access vlan 18
    switchport mode access
  interface FastEthernet0/2
  description t1 to branch office 1
  ip address 192.168.19.1 255.255.255.0
  interface Vlan18
  description subnet for home office
  ip address 192.168.18.1 255.255.255.0
  no vlan 19

  Hello,
  In my opinion there is no 100% right answer here. I think it depends also about network forecast. I'll try to add here some thoughts:
  - if you use trunk interfaces from home to branch and SVI for L3 connection, in terms of scalability is much easier to expand (you have now only one p2p L3 link, but in future you'll need another one; if the port is a trunk one, you just configure another SVI interface, allow vlan on trunk and your good to go)
  - trunk interfaces involve more configuration (L2 interface and SVI L3 interface)
  - if you add in the home office another switch to existing one, and for some reason you have misconfiguration in STP / VTP, then you can run into problems like loops, vlan database modification (e.g. VTP server mode and the new added switch has a higher revision number than existing one)
  - L3 physical interfaces are easier to configure and less complex, but in case you want to scale to additional p2p link will be harder
  - L3 configuration is easier to troubleshoot as you avoid the L2 complexity
  - in terms of packet exchange a L3 interface will exchange less packets than a L2 trunk with SVI (I'm talking here about control traffic, not user traffic)
  - with L2 trunk you can have other problems like if somebody is "smart enough" to add a new switch into the existing switch (if you have a switch there) at the branch location; imagine that the new switch due to misconfigurated STP became root bridge; you have a large STP domain.
  As I said, there is no good or bad approach. You have to guide yourself about forecasts in your network. For example if you know that a branch location will not be extended in the next 2 years, then go ahead with L3 interface and that's it. On the other hands if you have doubts you can add for another location L2 trunk with SVI. You can mix this two solution to obtain the best results for your network characteristics.
  Cheers,
  Calin

• Unsure of proper configuration for SF300-24 & router

  Hello,
  Our company lost a switch and replaced it with a SF300-24.  The other components are a Westell modem and an Amped Wireless R10000G router.
  The current configuration has the Westell DLS modem going into the R10000G router, the router is the DHCP server and from there it is plugged into port 1 of the switch (DHCP is off on the switch).
  I am not sure who set this up but apparently we have no one around that is able to fix the situation.
  So the problem is the computers on the network randomly drop off the network during the day and sometimes upon booting them up in the morning won't even see the local network.  If I unplug the R10000G and then plug back in that fix's the problem for a few hours but then sooner or later the computers randomly drop off.
  There is one network printer set to a static IP address.  It never seems to have an issue.  I have tried setting some of the computers to static but they still have connection issues at some point.
  Would anyone have some suggestions on how this configuration "should be" properly setup?
  Thank you for your time and help,
  Matt

  I checked the spanning tree area and there are many interface settings none of which came right out and had a port fast option.
  However under STP Status & Global Settings there were the following options.
  Global Settings:
  Spanning tree state: Enabled
  STP Operation Mode:
  Classic STP
  Rapid STP (currently checked)
  Multiple STP
  BPDU Handling:
  Filtering
  Flooding (currently checked)
  Path Cost Default Values:
  Short
  Long (currently checked)
  Bridge Settings:
  Priority: 32768
  Hello Time: 2sec
  Max Age: 20sec
  Forward Delay: 15sec
  Thanks again for your time!
  Matt

• Computer-to-computer via PATCH-STP cable

  I am struggling with a few kinds of, computer-to-computer network issues.
  I am trying to do some sharing between a Mac Pro Intel (late 2007 2 x 2.66 GHz Dual-Core) and a white MacBook (early 2010 2.26 GHz Intel Core 2 duo), both OSX 10.6.5 via a cable.
  The MacBook can connect to the Mac Pro but not vice versa, the file sharing 'works' in both direction but only from the MacBook's desktop. The Mac Pro 'sees' the MacBook as a server to which it can't connect, the MacBook has no problem in finding and connecting to the Mac Pro.
  Internet sharing is impossible too, by Patch-STP cable (not by AirPort what I don't use), in both directions.
  The strangest thing of all is that it worked before in the very same configuration till, after a trouble with LR3.3, I had to restore the OSX wit the Snow Leopard install disc.
  Both computers can connect to the internet separately, on by one, through the same cable, that's why I want to share the internet from the Mac Pro to the MacBook.
  I think that the issue might be situated in the System preferences —> Network settings, but I can't identify the problem nor can I correct it. The sharing settings seems to be OK, I hope so...
  Any ideas, please?
  Thanks,
  Philippe
  P.S. Do forgive my very weak English.

  Buy a router. They are cheap and designed for what you want to do. It doesn't need to be an apple router.

• Interface Vlan is not installed in routing table

  Dear All, 
  Today I faced a strange problem and I want to share it with you to find what is the problem ? 
  we have a VRF for one customer and we use interface vlan to define customer's branch.
  The customer interface is  VLAN 422 and it is defined under customer VRF probably . 
  PE#sh running-config vrf  V3056:RIYADHBANK
  Building configuration...
  Current configuration : 1321 bytes
  ip vrf V3056:RIYADHBANK
   rd 65000:3887
   maximum routes 1400 80
   route-target export 65000:5405
   route-target import 65000:5405
   route-target import 65000:5406
  interface Vlan422
   description By *****
   ip vrf forwarding V3056:RIYADHBANK
   ip address 172.29.12.97 255.255.255.252
   service-policy input 2M_IN
  PE#sh vlan id 422
  VLAN Name                             Status    Ports
  422   422                                 active    Gi3/0/11 efp_id 422
  VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
  422  enet  100422     1500  -      -      -        -    -        0      0   
  Remote SPAN VLAN
  Disabled
  Primary Secondary Type              Ports
  PE#
  we can see the interface vlan is up 
  PE-L3Agg-Khu-107-2#sh int vlan 422 description 
  Interface                      Status         Protocol Description
  Vl422                          up             up       ****
  PE#
  and we can see the vlan 422 belongs to the correct VRF
  PE#sh vrf V3056:RIYADHBANK
    Name                             Default RD          Protocols   Interfaces
    V3056:RIYADHBANK                 65000:3887          ipv4        Vl627
                                                                     Vl775
                                                                     Vl422
  PE#
  when we tried to troubleshoot the customer routing we found :
  PE-L3Agg-Khu-107-2#ping vrf V3056:RIYADHBANK 172.29.12.97
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 172.29.12.97, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  PE-#
  we could not ping the ip address of interface vlan 422.
  PE#sh ip route vrf V3056:RIYADHBANK 172.29.12.97
  Routing Table: V3056:RIYADHBANK
  % Subnet not in table
  PE#
  PE#show ip route vrf V3056:RIYADHBANK connected 
  Routing Table: V3056:RIYADHBANK
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
         + - replicated route, % - next hop override
  Gateway of last resort is 192.168.111.16 to network 0.0.0.0
        172.29.0.0/16 is variably subnetted, 338 subnets, 2 masks
  C        172.29.12.44/30 is directly connected, Vlan627
  L        172.29.12.45/32 is directly connected, Vlan627
  PE-L3Agg-Khu-107-2#
  PE-L3Agg-Khu-107-2#
  My question is: Why the interface vlan 422 is not installed in VRF Table as it is UP ?? 
  thanks in advance!
  Rashed Wardi.

  what platform is this? can you please paste the output of show version  and show run?
  Also when you tested this was int Gi3/0/11  up/up?
  Best Regards,
  Bheem

• SF200 vs C3560-X and per-VLAN RSTP: Turn off STP on SF200s?

  I have a network with pairs of 3560-X switches servicing nearly 150 access switches (44 access switches per pair) and several hundred clients. The access switches are a mixture of SF100-D (unmanaged) and SF200 (managed). I have an odd business requirement that no more than 100 clients can reside in a LAN, so I have VLANs set up on the 3560-X pairs. They're doing load balancing between the VLANs using per-VLAN rapid spanning-tree protocol, and for the SF100-D endpoints this load balancing is working out as I planned. Failover works as intended whether that be a cable failure or a 3560-X failure.
  With the SF200s, that load balancing is not working, instead sending all traffic to one 3560-X for all VLANs, and it's because the SF200s do not support per-VLAN RSTP. So I thought, why not just turn STP off on the SF200s? That would take them out of the spanning tree process and make them behave like SF100-Ds.
  When I try that, I can observe ports on the 3560-Xs forwarding or blocking VLANs as I intended; even if I accept traffic on alternating VLANs on the SF200, the 3560-Xs show me it's blocking or forwarding each VLAN on those ports as I wanted them to. Multicast filtering still works, as does other SF200 functionality.
  But is this a good idea? MSTP isn't an option for me since the SF200 doesn't support MSTP either, and the sheer volume of access switches make the 200s a better bargain than 300s. I found an example here that explains how to do it with MSTP and SG300s but I don't like the idea of access switches being STP root, and there would be too many of them to manage that.
  (As an aside, the 3560-X pairs do IP routing up to our cores, so any STP traffic remains isolated to that pair and any access switch that speaks STP. This way, I don't affect the cores with any STP or cabling mistakes caused to a given pair.)

  Thanks for confirming what I found. I'll keep the setup like this, then.
  As for port security, the access switches are in locked cabinets at their locations, and the distribution switches are in locked and ventilated closets. Getting to either of those requires signing keys out, someone watching behind whoever's working in there, audit trails, and so on.
  And even with all of that, endpoint devices get changed too often that port security would be a big, big support headache. So I think we're good.
  (I practice port security in other locations that are more accessible, and that has caught some users thinking they can cheat the system.)

• Stp loop, Not able to trace source

  Hello,
  I am new to cisco switches and learning about cisco switches now. we have a LAN with 6509 as core router and 2950s/3550s as access switches.
  When I ran wireshark on my machine, I saw an stp loop repeating from a cisco device. I have noted down the MAC-address and tried in vain to find the same in our LAN. I am seeing packets like Address: "Spanning-tree-(for-bridges)_00" and "loop reply". I am not able to see any of the MAC addresses found in this loop conversation, on my LAN. I read that these loops are not good for the network. Where can I start to resolve this problem?
  Thanks in advance for your advice.

  There is likely no problem at all. ;-)
  If you were really experiencing a loop, you would have other problems.
  Best for you will be to start making a study of spanning tree (STP) and it's inner workings. Here is a good starting point:
  http://www.cisco.com/en/US/tech/tk389/tk621/tsd_technology_support_protocol_home.html
  Armed with this knowledge you can try to analyze the traffic that was observed by wireshark.
  regards,
  Leo

• Extending VLANs across routed interfaces

  Hello;
  I'm trying to create a L3 core network. The core equipment will be Cisco 3750 enhanced. My idea is make each link between core 3750 a routed interface, with /30 IP addresses.
  The problem is the customer needs some VLANs extended across the full enterprise. Is there any way to encapsulate the VLAN inside routed interface?
  Thanks in advance.

  I realize this thread is 5+ years old, but I feel like commenting anyway.
  If you want to encapsulate the vlan across that link, you won't be able to use routed interfaces.  You will need to use a layer 2 trunk(dot1q).  Therefore, I wouldn't bother with the /30 addresses unless you want to monitor that specific link by IP.  In that case, use a special VLAN just for those two interfaces and put your /30 addresses on the vlan interfaces.
  If you want fast fail over on a layer 2 link, well then, use Rapid STP.  The goal should be to get rid of those flat VLANs that span the core and switch to your original plan of routed interfaces using EIGRP or OSPF.