Vlan Interface state constantly disabled

Similar Messages

• 6500 VLAN Interface (SVI) Throughtput

  Guys,
  Very quick one, does anyone have any stats on throughputs on a VLAN Interface on a 6500 MSFC2
  I just remember the old days where if you had an RSM, and it had a VLAN interface, the throughtput was 400Mbps (or sommat like that)
  Can a 6500 MSFC2 SVI run at a full gig?
  Sorry if this sounds a little crazy.
  Kindest regards,
  Ken

  That makes a lot of sense.
  I just did some research, and yes it was 400M on a 5500 and now 1000 for the 6500 with an MSFC 2, so yes, they have not increased it that much becuase As you say, it should all be cef-based MLS or traditional MLS based
  Many thx all,
  Ken
  on a 6500 switch
  Switch sh port 15/1
  * = Configured MAC Address
  Port Name Status Vlan Duplex Speed Type
  15/1 MSFC connected trunk full 1000 Route Switch
  Port Trap IfIndex
  15/1 disabled 5
  Port Status ErrDisable Reason Port ErrDisableTimeout Action on Timeout
  15/1 connected - Enable No Change
  Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize
  15/1 0 0 0 0 0
  Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants
  15/1 0 0 0 0 0 0 -
  Port Last-Time-Cleared
  15/1 Sat Jul 23 2005, 20:11:34
  Idle Detection
  on a 5505 switch
  Console> show port status
  A response, similar to the following, is displayed:
  Port Name Status Vlan Level Duplex Speed Type
  1/1 connected 523 normal half 100 100BaseTX
  1/2 notconnect 1 normal half 100 100BaseTX
  2/1 connected trunk normal half 400 Route Switch
  3/1 notconnect trunk normal full 155 OC3 MMF ATM
  5/1 notconnect 1 normal half 100 FDDI
  5/2 notconnect 1 normal half 100 FDDI

• ACE - Query VLAN Interfaces Status

  Hi,
  I am wondering what the status of the query vlan interface means in the command 'show ft peer detail':
  Query Vlan IF State          : UP, Manual validation - please ping peer
  I am pretty sure that I did not see this status when I configured query vlan last time. Current version is A2(2.3).
  Unfortunately this status does not seem to be documented anywhere on CCO.
  I appreciate any help!
  Thanks,
  Daniel

  Hi Daniel,
  The FT Query VLAN interface is an optional, yet very good, feature to be used when using redundant ACE modules or appliances. Without it, if the FT VLAN was to go down, the standby ACE will no longer receive FT heartbeats from the active ACE and therefore take the active role.  However, if the active ACE is still running fine in the active role, then you don't want the standby ACE to take over as active because that will put them into an active/active scenario, which may lead to connectivity issues.
  This is where the FT Query VLAN interface comes in.  If the FT VLAN goes down, the standby ACE will notice this, but before taking the active role, it will ping it's peer IP address configured on the interface that is designated as the FT Query VLAN.  If the ping is successful, then it will stay in the standby role, thereby saving you some headaches.
  The status that you are seeing is the ACE's way of telling you that the interface is UP, but if you want to know if it can successfully ping the peer IP address, then you would have to manually ping the peer IP address from the CLI.  The ACE does not periodically check the ping connectivity through any automatic mechanism.  The automatic mechanism is only triggered by the FT VLAN going down.
  Does this help?
  Sean

• 2960 Plus VLAN Interface

  Hi, i have a 2960 which i need to replace as it is now end of life, the replacement Cisco recommendes is the WS-C2960+24TC-L which is one of the new 260 Plus models, can you tell me if you can create a VLAN interface on this switch as it states that this is a layer 2 switch only??
  Thanks

  Yes, you can create VLAN interfaces.

• How do you keep a VLAN interface up?

  Is there a method that enables you to keep a vlan "UP", even when none of the physical interfaces assigned to that vlan are connected?

  If you are using vtp, you can "force" the VLAN active using those commands; depending on the switch you are using, this is done a number of different ways.
  newer IOS switch running native mode -
  conf t
  vlan 1
  state active
  exit
  wr mem
  older IOS switch
  From an enable prompt -
  vlan database
  [enters vlan database mode)
  [Note: Newer IOS warns that this is deprecated and will not show help -- the help is as follows -
  switchname#vlan database
  % Warning: It is recommended to configure VLAN from config mode,
  as VLAN database mode is being deprecated. Please consult user
  documentation for configuring VTP/VLAN in config mode.
  switchname(vlan)#?
  VLAN database editing buffer manipulation commands:
  abort Exit mode without applying the changes
  apply Apply current changes and bump revision number
  exit Apply changes, bump revision number, and exit mode
  no Negate a command or set its defaults
  reset Abandon current changes and reread current database
  show Show database information
  vlan Add, delete, or modify values associated with a single VLAN
  vtp Perform VTP administrative functions.
  switchname(vlan)#vlan ?
  <1-1005> ISL VLAN index
  switchname(vlan)#vlan 1 ?
  are Maximum number of All Route Explorer hops for this VLAN
  backupcrf Backup CRF mode of the VLAN
  bridge Bridging characteristics of the VLAN
  media Media type of the VLAN
  mtu VLAN Maximum Transmission Unit
  name Ascii name of the VLAN
  parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs
  ring Ring number of FDDI or Token Ring type VLANs
  said IEEE 802.10 SAID
  state Operational state of the VLAN
  ste Maximum number of Spanning Tree Explorer hops for this VLAN
  stp Spanning tree characteristics of the VLAN
  tb-vlan1 ID number of the first translational VLAN for this VLAN (or zero
  if none)
  tb-vlan2 ID number of the second translational VLAN for this VLAN (or zero
  if none)
  switchname(vlan)#vlan 1 state ?
  active VLAN Active State
  suspend VLAN Suspended State
  switchname(vlan)#vlan 1 state active (enter)
  This will make the VLAN active.
  Note that it "works" even when there is no help.
  There's a way to do it for CAT OS, but I only have VTP clients on my few remaining Cat OS switches.
  Good luck -
  Nick
  (PS - if this helps, please 'rate' the answer ! :-) )

• 3550 VLAN Interfaces Problem

  I was setting up two VLAN interfaces for my 3550. I had two VLAN interfaces. One for VLAN 10 and one for VLAN 15. After configuring each VLAN Interface, VLAN 15 was down and wouldnt come up. VLAN 10 was up however. After issuing the no shutdown command for VLAN 15, it said VLAN 15 is not shutdown, but, when i checked the interface again, the VLAN interface was up. Now, I would think, if I had to do the no shutdown command on VLAN 15, why didnt I have to do that on the VLAN 10 interface? With switches, is the first VLAN interface automatically always up and all later VLAN interfaces automatically shut down.

  A 'feature' of all the newer Catalyst switches and newer IOS is that the logical VLAN interface will remain down until a port in that VLAN is up.
  The VTP config/status can also complicate this as a VTP client doesn't have the VLANs that the IOS config actually has because the VTP client hasn't learned the VLANs yet. In other words, the switch is in a state in which the IOS config puts a port in a VLAN that doesn't yet exist because VTP hasn't downloaded the VLAN database.
  Keep in mind that VTP requires an operating trunk and if it is 802.1q then the native VLANs must match (so a native VLAN other than 1 will not work if the VLAN database hasn't been dowloaded by VTP or has been corrupted).
  Not that you are running into the VTP issue, but in the effort of full disclosure...
  Hope that helps...

• Loopback on vlan interfaces

  Hi there,
  do anyone know about the utility of the "loopback set" flag under the Vlan interface command. Could it help to keep a vlan in up/up state for example?
  Thanx.

  A vlan interface is indeed "virtual". Setting the loopback will have little effect.
  A vlan interface will be up/up when there is at least one member port for the vlan with an active link. A single active trunk port will suffice as well to get the interface active.
  Regards,
  Leo

• HSRP Issues on VLAN interfaces

  We are experiencing an issue with HSRP and VLANS. We have the VLANS tracked to physical interfaces, with the default decrement value of 10.
  When we physically fail the fiber circuit (pull fiber transmit) the physical port reports down condition. The VLAN reports that it is still up. BOTH routers report that they are the active router and connectivity is lost.
  When the physical port is shut down, the failover takes place and the routers report their state as predicted.
  Any help would be greatly appreciated.
  These routers are 4506's running 12.1(19)EW code
  on WS-X4515 module.

  If there are still active ports, then I would expect the VLAN interface to stay UP on both routers. However, I would not normally expect both routers to be ACTIVE. Could it be that when you take down these physical links, that the routers lose sight of each other as far as the Hellos are concerned?
  About the "If there are still active ports" bit ... don't gorget that a trunk can also constitute an active port in this sense. So if you have go any access switches uplinked to these 4506s, the trunks will be enough to keep the VLAN interface alive.
  Remember also that HSRP has a hold time of only 9 seconds by default, whereas 802.1d Spanning Tree has a convergence time up to 50 seconds by default. So it is possible that if the link you are disconnecting is the active root port of a switch, that the two HSRP routers will lose sight of each other. In that case,they can both become active for a few seconds. Effectively, during the STP convergence the VLAN can be partitioned. It all depends on your topology.
  You are pulling only the transmit fiber. I wonder if enabling UDLD would help here.
  As Georg says, it would be useful to know a bit more about the topology and the configuration.
  Kevin Dorrell
  Luxembourg

• Could I use "vlan interface" as a tunnel source of DMVPN ?

  I have a router R2811 with a 9 port FE Switch module(HWIC-D-9ESW).
  Could I use vlan interface as a tunnel source when configuring DMVPN ?
  The vlan ports is on the 9 port FE Switch module.
  Because it's used now in production,I can't try it.

  Hello.
  I think there is no restriction on software routers like 2811.
  PS: using loopback could be a better idea.

• Netflow on 6509 in Native Mode from Vlan Interface

  I'm trying to get a 6509-E, running Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.
  2(33)SXI9, RELEASE SOFTWARE (fc2), to send netflow traffic from a vlan interface to a Solarwinds server.
  The server is not seeing all the vlan traffic, but does see all the traffic on the layer 2 ports (not netflow).
  I've seen that a command, ip flow ingress layer2-switched vlan, needs to be enabled, but the OS I have does not support that command.
  Or could it be that MLS is not configured except for a couple commands:
  mls netflow interface
  mls cef error action reset 
  netflow setup:
  Flow export v5 is enabled for main cache
    Export source and destination details :
    VRF ID : Default
      Source(1)       10.31.101.1 (Vlan52)
      Destination(1)  10.30.2.196 (2055)
    Version 5 flow records
    14927339 flows exported in 615072 udp datagrams
    0 flows failed due to lack of export packet
    0 export packets were sent up to process level
    0 export packets were dropped due to no fib
    0 export packets were dropped due to adjacency issues
    0 export packets were dropped due to fragmentation failures
    0 export packets were dropped due to encapsulation fixup failures
    0 export packets were dropped enqueuing for the RP
    0 export packets were dropped due to IPC rate limiting
    0 export packets were dropped due to Card not being able to export  
  interface:
  interface Vlan52
   description AN.VDI.stu
   ip address 10.31.101.1 255.255.255.0
   ip helper-address 10.31.149.200
   no ip redirects
   ip flow ingress
   ip flow egress
   ip pim neighbor-filter 98
   ip pim sparse-dense-mode
   ip cgmp

  Enabling MLS was the fix.
  mls netflow interface
  mls flow ip interface-full
  mls nde sender version 5
  mls cef error action reset   

• VLAN Interface Command

  Ok, I thought I had the reason for the VLAN interface command down. I thought it was either used for switch management or routing between VLANS? However, now I realized that some communication wont work with out this command which doesnt make sense. If I have a VLAN, then the switch will only switch packets to ports on the same VLAN. The only way, communication would work between VLANS is if I either enabled routing between VLANs with the VLAN Interface command, connected the switch to another multi-layer switch that did do routing between VLANS, or connected the switch to a router which routed between the VLANs.
  However, I just got this new 3550 switch in, configured the correct ports with the assigned VLANs, and the only way my cisco ip phone would work is if the VLAN Interface for my voice-ip VLAN was configured. The 3550 is connected to a 4507. Now, can someone tell my why this is? You shouldnt have to configure the VLAN Interface, right?(unless I wanted to route between VLANs, which could be done by the 4507)

  Sounds to me like you either dont have the dot1q trunk interface between your 4506 and 3550 working properly, or your 3550 is running the enhanced image which allows routing.
  It would be nice to see your config on both the 3550 and the 4500 to determine the reason. Just a stab at how it should be configured is that on your 4506, you have it running VTP server or transparent with the defined Data and Voice Vlan's. You have a port configured for trunking (which connects to the 3550). On your 3550, you have configured it as a vtp client or transparent and have verified that it has received (or if transparent VTP you have configured) the appropriate VLAN's. You than specified "interface VLAN #" or whatever number for switch management and configured the port that connects to the 4500 as a trunk. Your port connected to the port has the auxillary or voice vlan configured. If this is how your equipment is configured and it still does not work, than look for the line "ip routing" in your 3550 and negate it with "no ip routing".
  If still no worky worky, post your config.
  Cheers,

• Cat6509 - SNMP OIDs for interface stats

  Hello,
  I have a Catalyst 6509-E-VSS with IOS 12.2(33)SXI3.
  I'm looking for OIDs to retrieve the same counters I get with the commands
  "show interface stats" and "show interface switching".
  I want to graph the number of packets that are process switched.
  The OIDs from IF-MIB (  ifInOctets, ...) show only the total number of octets not the
  switching path.
  Thanks for help
  Mike

  After a long time silence on this frontier the problem is comming up again.
  My goal is still to find out, what interface causes process switched traffic.
  There is usualy a lot of traffic handled in software but sometimes (of course on weekend midnight) it seems to increase the cpu load (IP Input process).
  Regarding the Cisco document "Troubleshooting High CPU Utilization Due to the IP Input Process" I want to monitor traffic by switching path.
  So again - does anybody has an idea to get these counters with snmp ?
  Update: IOS is now 12.2(33)SXJ3

• WLC - 4402/4 - Vlan Interface Addressing

  I currently have 7 WLCs with the same Vlan interfaces defined across all 7 controllers. Does anyone know the best practice for addressing these interfaces on each of the WLCs. I currently have each unique Vlan interface assigned with the same IP address across all 7 WLCs. This is working. Should I leave it this way or should I assign each controller with a different address for the Vlan interface?

  The controllers, assuming you have it configured as such, act as dhcp relay agents. Presumably, if the router got the wrong mac address in its arp entry, the dhcp message would be lost.
  Clients could have taken a while before getting a dhcp addr (race condition for router arp entry) and not been able to work if dhcp was required.
  That said, I've seen the controllers work with the dhcp server set to 255.255.255.255 so the ip helper addresses on the routers would pick up the requests.

• High VLAN Interface utilization (6500/sup720)

  Can anyone tell me why a VLAN interface would show 100% utilization for a givin VLAN? This is a sup720 we're talking about.
  I understand that the bandwidth of a virtual interface is 1Gig but I thought this was more related to routing metric.
  Users were actually seeing performance issues until we changed how the servers on this particular interface were replicating. Once we did this the VLAN interface utilization went down and performance went up.
  It doesn't make sense to me that the VLAN interface would limit the actual throughput of the various ports that are mapped to it. Throughput should be related to the switch module 61xx, 65xx, 67xx and how it interfaces to the backplan and the backplan speed itself.
  Any insights would be helpful......

  If the layer 3 SVI was showing 100% that means it had a lot of traffic that was being layer 3 processed switched instead of hardware switched . Normally most traffic is hardware switched within the ASICS and never even gets passed up to that layer . What would cause this I'm not sure .

• VLAN interface on ME2600X

  I'm trying to configure a VLan interface on my ME2600X (for inband management), but the switch won't accept the command.
  What am I missing? I need a way to combine layer-2 services and a management vlan on the same dot1q trunk into the ME2600X.
  Geir Jensen

  Hello Geir,
  You can use service instances e.g.:
  interface GigabitEthernet0/3
  switchport trunk allowed vlan none
  switchport mode trunk
  dampening
  mtu 9100
  load-interval 30
  media-type rj45
  service instance 5 ethernet
  description Management VLAN
  encapsulation dot1q 5
  rewrite ingress tag pop 1 symmetric
  bridge-domain 5             – this will pop up message:
  Bridge-domain 5 created
  VLAN 5 does not exist, creating vlan
  interface Vlan5
  description Management VLAN
  ip address 10.0.0.1 255.255.255.0
  ip access-group MNGT-ACL in
  end
  adam