Michael McNamara https://blog.michaelfmcnamara.com technology, networking, virtualization and IP telephony Sat, 30 Oct 2021 18:05:42 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.2 LACP Configuration Examples (Part 7) https://blog.michaelfmcnamara.com/2016/06/lacp-configuration-examples-part-7/ https://blog.michaelfmcnamara.com/2016/06/lacp-configuration-examples-part-7/#comments Mon, 06 Jun 2016 22:55:53 +0000 https://blog.michaelfmcnamara.com/?p=5729 Over the past few weeks I’ve been working with HP switches so I decided I would extend my series on LACP trunking to include HP switches. In my lab I used HP 2810 switches which are dated but the concepts are the same for any of the newer HPE switch equipment. I cabled the HP switches to a pair of Cisco 2950s, you may noticed that I’ve changed some of the ports I’m using from the previous lab examples (check the diagram).

I noticed while working on setting up this lab that the MST digest between the Cisco and HP switches didn’t match. After some quick research it appears that the Cisco 2950s I have in the lab operate with a pre standard MST operation. Other Cisco switches identify them as such and are interoperable but you may have issues with third-party devices that are expecting the 802.1s standard. You can see both digests from the Cisco 3750 below and they match both the Cisco 2950 and the HP 2810 switches.

C3750-SW1#show spanning-tree mst configuration digest
Name      [AcmeNetworks]
Revision  1     Instances configured 3
Digest          0x6DA4B50C4FD587757EEF0356753605E1
Pre-std Digest  0x421D7D23BF9562A0C35E46CA1BE8A75C

Example Topology

VLAN-Post v2

You’ll notice the HP switches at the bottom of the diagram. It was pretty straight forward but here’s what I needed to do.

Cisco Catalyst 2950 Switch 1 & 2

First we needed to configure the ports on the Cisco 2950s that would be connected to the HP switches. I used Port Channel 3 for this and enabled LACP;

interface fas0/15
switchport mode trunk
channel-protocol lacp
channel-group 3 mode active

interface fas0/16
switchport mode trunk
channel-protocol lacp
channel-group 3 mode active

HP 2810 Switch 1 & 2

Now we need to configure the HP switches, VLANs, IP addressing, ports, trunking, MST, etc;

vlan 100
name "192-168-100-0/24"
vlan 200
name "192-168-200-0/24"

vlan 100
ip address 192.168.100.70 255.255.255.0
exit

spanning-tree
spanning-tree config-name "AcmeNetworks"
spanning-tree config-revision 1
spanning-tree instance 1 vlan 100
spanning-tree instance 2 vlan 200

trunk 1,13 trk1 lacp
trunk 23,24 trk2 lacp

vlan 100 tagged trk1
vlan 200 tagged trk1

vlan 100 tagged trk2
vlan 200 tagged trk2

That’s all well and good but I’m sure you want to see the output… is it working as expected? Well let’s check it out.

Cisco Catalyst 2950 Switch 1

We can see from the data below that LACP has established to the HP switch and Spanning Tree is working as expected;

C2950-SW1#show lacp neighbor
Flags:  S - Device is requesting Slow LACPDUs
        F - Device is requesting Fast LACPDUs
        A - Device is in Active mode       P - Device is in Passive mode

Channel group 1 neighbors

Partner's information:

                  LACP port                        Oper    Port     Port
Port      Flags   Priority  Dev ID         Age     Key     Number   State
Fa0/1     SA      32768     0064.40cf.4d80  24s    0x3     0x102    0x3D
Fa0/2     SA      32768     0064.40cf.4d80  17s    0x3     0x103    0x3D

Channel group 2 neighbors

Partner's information:

                  LACP port                        Oper    Port     Port
Port      Flags   Priority  Dev ID         Age     Key     Number   State
Fa0/31    SA      32768     0018.ba8e.4a40  22s    0x2     0x1F     0x3D
Fa0/33    SA      32768     0018.ba8e.4a40   3s    0x2     0x21     0x3D

Channel group 3 neighbors

Partner's information:

                  LACP port                        Oper    Port     Port
Port      Flags   Priority  Dev ID         Age     Key     Number   State
Fa0/15    SA      0         0026.f1df.f400  21s    0x32    0x18     0x3D
Fa0/16    SA      0         0026.f1df.f400  21s    0x32    0x17     0x3D

C2950-SW1#show spanning-tree

MST00
  Spanning tree enabled protocol mstp
  Root ID    Priority    16384
             Address     3475.c732.a400
             Cost        0
             Port        65 (Port-channel1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768  (priority 32768 sys-id-ext 0)
             Address     0019.2faa.49c0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1              Root FWD 100000    128.65   P2p
Po2              Altn BLK 100000    128.66   P2p
Po3              Desg FWD 100000    128.67   P2p Bound(RSTP)


MST01
  Spanning tree enabled protocol mstp
  Root ID    Priority    16385
             Address     54e0.322a.d441
             Cost        120000
             Port        65 (Port-channel1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0019.2faa.49c0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1              Root FWD 100000    128.65   P2p
Po2              Altn BLK 100000    128.66   P2p
Po3              Boun FWD 100000    128.67   P2p Bound(RSTP)


MST02
  Spanning tree enabled protocol mstp
  Root ID    Priority    16386
             Address     0064.40cf.4d80
             Cost        100000
             Port        65 (Port-channel1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32770  (priority 32768 sys-id-ext 2)
             Address     0019.2faa.49c0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1              Root FWD 100000    128.65   P2p
Po2              Altn BLK 100000    128.66   P2p
Po3              Boun FWD 100000    128.67   P2p Bound(RSTP)

C2950-SW1#show spanning-tree mst configuration digest
Name      [AcmeNetworks]
Revision  1
Instance  Vlans mapped
--------  ---------------------------------------------------------------------
0         1-99,101-199,201-4094
1         100
2         200
-------------------------------------------------------------------------------
Digest    421D7D23BF9562A0C35E46CA1BE8A75C

Cisco Catalyst 2950 Switch 2

We can see from the data below that LACP has established to the HP switch and Spanning Tree is working as expected;

C2950-SW2#show lacp neighbor
Flags:  S - Device is requesting Slow LACPDUs
        F - Device is requesting Fast LACPDUs
        A - Device is in Active mode       P - Device is in Passive mode
Channel group 1 neighbors

Partner's information:

LACP port Oper Port Port
Port Flags Priority Dev ID Age Key Number State
Fa0/47 SA 32768 0064.40cf.4d80 2s 0x4 0x130 0x3D
Fa0/48 SA 32768 0064.40cf.4d80 25s 0x4 0x131 0x3D

Channel group 2 neighbors

Partner's information:

LACP port Oper Port Port
Port Flags Priority Dev ID Age Key Number State
Fa0/31 SA 32768 0019.2faa.49c0 27s 0x2 0x1F 0x3D
Fa0/33 SA 32768 0019.2faa.49c0 19s 0x2 0x21 0x3D

Channel group 3 neighbors

Partner's information:

LACP port Oper Port Port
Port Flags Priority Dev ID Age Key Number State
Fa0/15 SA 0 0026.f1e1.41a0 29s 0x32 0x17 0x3D
Fa0/16 SA 0 0026.f1e1.41a0 0s 0x32 0x18 0x3D

C2950-SW2#show spanning-tree

MST00
Spanning tree enabled protocol mstp
Root ID Priority 16384
Address 3475.c732.a400
Cost 0
Port 65 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0018.ba8e.4a40
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1 Root FWD 100000 128.65 P2p
Po2 Desg FWD 100000 128.66 P2p
Po3 Desg FWD 100000 128.67 P2p Bound(RSTP)

MST01
Spanning tree enabled protocol mstp
Root ID Priority 16385
Address 54e0.322a.d441
Cost 120000
Port 65 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0018.ba8e.4a40
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1 Root FWD 100000 128.65 P2p
Po2 Desg FWD 100000 128.66 P2p
Po3 Boun FWD 100000 128.67 P2p Bound(RSTP)

MST02
Spanning tree enabled protocol mstp
Root ID Priority 16386
Address 0064.40cf.4d80
Cost 100000
Port 65 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 0018.ba8e.4a40
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1 Root FWD 100000 128.65 P2p
Po2 Desg FWD 100000 128.66 P2p
Po3 Boun FWD 100000 128.67 P2p Bound(RSTP)

C2950-SW2# show spanning-tree mst configuration digest
Name [AcmeNetworks]
Revision 1
Instance Vlans mapped
-------- ---------------------------------------------------------------------
0 1-99,101-199,201-4094
1 100
2 200
-------------------------------------------------------------------------------
Digest 421D7D23BF9562A0C35E46CA1BE8A75C

HP 2810 Switch 1

HP-SW1# show lacp

                           LACP

   PORT   LACP      TRUNK     PORT      LACP      LACP
   NUMB   ENABLED   GROUP     STATUS    PARTNER   STATUS
   ----   -------   -------   -------   -------   -------
   1      Active    Trk1      Up        Yes       Success
   13     Active    Trk1      Up        Yes       Success
   23     Active    Trk2      Up        Yes       Success
   24     Active    Trk2      Up        Yes       Success


HP-SW1# show cdp neighbors

 CDP neighbors information

  Port Device ID                     | Platform                     Capability
  ---- ----------------------------- + ---------------------------- -----------
  1    00 26 f1 e1 41 a0             | ProCurve J9021A Switch 28... S
  13   00 26 f1 e1 41 a0             | ProCurve J9021A Switch 28... S
  23   C2950-SW1                     | Cisco Internetwork Operat... S
  24   C2950-SW1                     | Cisco Internetwork Operat... S

HP-SW1# show spanning-tree

 Multiple Spanning Tree (MST) Information

  STP Enabled   : Yes
  Force Version : MSTP-operation
  IST Mapped VLANs : 1

  Switch MAC Address : 0026f1-dff400
  Switch Priority    : 32768
  Max Age  : 20
  Max Hops : 20
  Forward Delay : 15

  Topology Change Count  : 332
  Time Since Last Change : 53 mins

  CST Root MAC Address : 3475c7-32a400
  CST Root Priority    : 16384
  CST Root Path Cost   : 200000
  CST Root Port        : Trk2

  IST Regional Root MAC Address : 0026f1-dff400
  IST Regional Root Priority    : 32768
  IST Regional Root Path Cost   : 0
  IST Remaining Hops            : 20

  Root Guard Ports :
  TCN Guard Ports  :
  Protected Ports :
  Filtered Ports :

                  |           Prio             | Designated    Hello
  Port  Type      | Cost      rity  State      | Bridge        Time  PtP Edge
  ----- --------- + --------- ----- ---------- + ------------- ----- --- ----
  2     100/1000T | Auto      128   Disabled   |
  3     100/1000T | Auto      128   Disabled   |
  4     100/1000T | Auto      128   Disabled   |
  5     100/1000T | Auto      128   Disabled   |
  6     100/1000T | Auto      128   Disabled   |
  7     100/1000T | Auto      128   Disabled   |
  8     100/1000T | Auto      128   Disabled   |
  9     100/1000T | Auto      128   Disabled   |
  10    100/1000T | Auto      128   Disabled   |
  11    100/1000T | Auto      128   Disabled   |
  12    100/1000T | Auto      128   Disabled   |
  14    100/1000T | Auto      128   Disabled   |
  15    100/1000T | Auto      128   Disabled   |
  16    100/1000T | Auto      128   Disabled   |
  17    100/1000T | Auto      128   Disabled   |
  18    100/1000T | Auto      128   Disabled   |
  19    100/1000T | Auto      128   Disabled   |
  20    100/1000T | Auto      128   Disabled   |
  21    100/1000T | Auto      128   Disabled   |
  22    100/1000T | Auto      128   Disabled   |
  Trk1            | 20000     64    Forwarding | 0026f1-dff400 2     Yes No
  Trk2            | 200000    64    Forwarding | 00192f-aa49c0 2     Yes No

HP-SW1# show spanning-tree instance 1

 MST Instance Information

  Instance ID : 1
  Mapped VLANs : 100

  Switch Priority         : 32768

  Topology Change Count   : 39
  Time Since Last Change  : 53 mins

  Regional Root MAC Address : 0026f1-dff400
  Regional Root Priority    : 32768
  Regional Root Path Cost   : 0
  Regional Root Port        : This switch is root
  Remaining Hops            : 20
                                                           Designated
  Port  Type      Cost      Priority Role       State      Bridge
  ----- --------- --------- -------- ---------- ---------- -------------
  2     100/1000T Auto      128      Disabled   Disabled
  3     100/1000T Auto      128      Disabled   Disabled
  4     100/1000T Auto      128      Disabled   Disabled
  5     100/1000T Auto      128      Disabled   Disabled
  6     100/1000T Auto      128      Disabled   Disabled
  7     100/1000T Auto      128      Disabled   Disabled
  8     100/1000T Auto      128      Disabled   Disabled
  9     100/1000T Auto      128      Disabled   Disabled
  10    100/1000T Auto      128      Disabled   Disabled
  11    100/1000T Auto      128      Disabled   Disabled
  12    100/1000T Auto      128      Disabled   Disabled
  14    100/1000T Auto      128      Disabled   Disabled
  15    100/1000T Auto      128      Disabled   Disabled
  16    100/1000T Auto      128      Disabled   Disabled
  17    100/1000T Auto      128      Disabled   Disabled
  18    100/1000T Auto      128      Disabled   Disabled
  19    100/1000T Auto      128      Disabled   Disabled
  20    100/1000T Auto      128      Disabled   Disabled
  21    100/1000T Auto      128      Disabled   Disabled
  22    100/1000T Auto      128      Disabled   Disabled
  Trk1            20000     128      Designated Forwarding 0026f1-dff400
  Trk2            200000    128      Master     Forwarding 0026f1-dff400

HP-SW1# show spanning-tree instance 2

 MST Instance Information

  Instance ID : 2
  Mapped VLANs : 200

  Switch Priority         : 32768

  Topology Change Count   : 38
  Time Since Last Change  : 53 mins

  Regional Root MAC Address : 0026f1-dff400
  Regional Root Priority    : 32768
  Regional Root Path Cost   : 0
  Regional Root Port        : This switch is root
  Remaining Hops            : 20
                                                           Designated
  Port  Type      Cost      Priority Role       State      Bridge
  ----- --------- --------- -------- ---------- ---------- -------------
  2     100/1000T Auto      128      Disabled   Disabled
  3     100/1000T Auto      128      Disabled   Disabled
  4     100/1000T Auto      128      Disabled   Disabled
  5     100/1000T Auto      128      Disabled   Disabled
  6     100/1000T Auto      128      Disabled   Disabled
  7     100/1000T Auto      128      Disabled   Disabled
  8     100/1000T Auto      128      Disabled   Disabled
  9     100/1000T Auto      128      Disabled   Disabled
  10    100/1000T Auto      128      Disabled   Disabled
  11    100/1000T Auto      128      Disabled   Disabled
  12    100/1000T Auto      128      Disabled   Disabled
  14    100/1000T Auto      128      Disabled   Disabled
  15    100/1000T Auto      128      Disabled   Disabled
  16    100/1000T Auto      128      Disabled   Disabled
  17    100/1000T Auto      128      Disabled   Disabled
  18    100/1000T Auto      128      Disabled   Disabled
  19    100/1000T Auto      128      Disabled   Disabled
  20    100/1000T Auto      128      Disabled   Disabled
  21    100/1000T Auto      128      Disabled   Disabled
  22    100/1000T Auto      128      Disabled   Disabled
  Trk1            20000     128      Designated Forwarding 0026f1-dff400
  Trk2            200000    128      Master     Forwarding 0026f1-dff400

HP-SW1# show spanning-tree mst-config

 MST Configuration Identifier Information

  MST Configuration Name : AcmeNetworks
  MST Configuration Revision : 1
  MST Configuration Digest : 0x6DA4B50C4FD587757EEF0356753605E1

  IST Mapped VLANs : 1

  Instance ID Mapped VLANs
  ----------- ---------------------------------------------------------
  1           100
  2           200

HP 2810 Switch 2

HP-SW2# show lacp

                           LACP

   PORT   LACP      TRUNK     PORT      LACP      LACP
   NUMB   ENABLED   GROUP     STATUS    PARTNER   STATUS
   ----   -------   -------   -------   -------   -------
   1      Active    Trk1      Up        Yes       Success
   13     Active    Trk1      Up        Yes       Success
   23     Active    Trk2      Up        Yes       Success
   24     Active    Trk2      Up        Yes       Success


HP-SW2# show cdp neighbors

 CDP neighbors information

  Port Device ID                     | Platform                     Capability
  ---- ----------------------------- + ---------------------------- -----------
  1    00 26 f1 df f4 00             | ProCurve J9021A Switch 28... S
  13   00 26 f1 df f4 00             | ProCurve J9021A Switch 28... S
  23   C2950-SW2                     | Cisco Internetwork Operat... S
  24   C2950-SW2                     | Cisco Internetwork Operat... S

HP-SW2# show spanning-tree

 Multiple Spanning Tree (MST) Information

  STP Enabled   : Yes
  Force Version : MSTP-operation
  IST Mapped VLANs : 1

  Switch MAC Address : 0026f1-e141a0
  Switch Priority    : 32768
  Max Age  : 20
  Max Hops : 20
  Forward Delay : 15

  Topology Change Count  : 65
  Time Since Last Change : 66 mins

  CST Root MAC Address : 3475c7-32a400
  CST Root Priority    : 16384
  CST Root Path Cost   : 200000
  CST Root Port        : Trk1

  IST Regional Root MAC Address : 0026f1-dff400
  IST Regional Root Priority    : 32768
  IST Regional Root Path Cost   : 20000
  IST Remaining Hops            : 19

  Root Guard Ports :
  TCN Guard Ports  :
  Protected Ports :
  Filtered Ports :

                  |           Prio             | Designated    Hello
  Port  Type      | Cost      rity  State      | Bridge        Time  PtP Edge
  ----- --------- + --------- ----- ---------- + ------------- ----- --- ----
  2     100/1000T | Auto      128   Disabled   |
  3     100/1000T | Auto      128   Disabled   |
  4     100/1000T | Auto      128   Disabled   |
  5     100/1000T | Auto      128   Disabled   |
  6     100/1000T | Auto      128   Disabled   |
  7     100/1000T | Auto      128   Disabled   |
  8     100/1000T | Auto      128   Disabled   |
  9     100/1000T | Auto      128   Disabled   |
  10    100/1000T | Auto      128   Disabled   |
  11    100/1000T | Auto      128   Disabled   |
  12    100/1000T | Auto      128   Disabled   |
  14    100/1000T | Auto      128   Disabled   |
  15    100/1000T | Auto      128   Disabled   |
  16    100/1000T | Auto      128   Disabled   |
  17    100/1000T | Auto      128   Disabled   |
  18    100/1000T | Auto      128   Disabled   |
  19    100/1000T | Auto      128   Disabled   |
  20    100/1000T | Auto      128   Disabled   |
  21    100/1000T | Auto      128   Disabled   |
  22    100/1000T | Auto      128   Disabled   |
  Trk1            | 20000     64    Forwarding | 0026f1-dff400 2     Yes No
  Trk2            | 200000    64    Blocking   | 0018ba-8e4a40 2     Yes No

HP-SW2# show spanning-tree instance 1

 MST Instance Information

  Instance ID : 1
  Mapped VLANs : 100

  Switch Priority         : 32768

  Topology Change Count   : 11
  Time Since Last Change  : 66 mins

  Regional Root MAC Address : 0026f1-dff400
  Regional Root Priority    : 32768
  Regional Root Path Cost   : 20000
  Regional Root Port        : Trk1
  Remaining Hops            : 19
                                                           Designated
  Port  Type      Cost      Priority Role       State      Bridge
  ----- --------- --------- -------- ---------- ---------- -------------
  2     100/1000T Auto      128      Disabled   Disabled
  3     100/1000T Auto      128      Disabled   Disabled
  4     100/1000T Auto      128      Disabled   Disabled
  5     100/1000T Auto      128      Disabled   Disabled
  6     100/1000T Auto      128      Disabled   Disabled
  7     100/1000T Auto      128      Disabled   Disabled
  8     100/1000T Auto      128      Disabled   Disabled
  9     100/1000T Auto      128      Disabled   Disabled
  10    100/1000T Auto      128      Disabled   Disabled
  11    100/1000T Auto      128      Disabled   Disabled
  12    100/1000T Auto      128      Disabled   Disabled
  14    100/1000T Auto      128      Disabled   Disabled
  15    100/1000T Auto      128      Disabled   Disabled
  16    100/1000T Auto      128      Disabled   Disabled
  17    100/1000T Auto      128      Disabled   Disabled
  18    100/1000T Auto      128      Disabled   Disabled
  19    100/1000T Auto      128      Disabled   Disabled
  20    100/1000T Auto      128      Disabled   Disabled
  21    100/1000T Auto      128      Disabled   Disabled
  22    100/1000T Auto      128      Disabled   Disabled
  Trk1            20000     128      Root       Forwarding 0026f1-dff400
  Trk2            200000    128      Alternate  Blocking   0026f1-e141a0

HP-SW2# show spanning-tree instance 2

 MST Instance Information

  Instance ID : 2
  Mapped VLANs : 200

  Switch Priority         : 32768

  Topology Change Count   : 10
  Time Since Last Change  : 66 mins

  Regional Root MAC Address : 0026f1-dff400
  Regional Root Priority    : 32768
  Regional Root Path Cost   : 20000
  Regional Root Port        : Trk1
  Remaining Hops            : 19
                                                           Designated
  Port  Type      Cost      Priority Role       State      Bridge
  ----- --------- --------- -------- ---------- ---------- -------------
  2     100/1000T Auto      128      Disabled   Disabled
  3     100/1000T Auto      128      Disabled   Disabled
  4     100/1000T Auto      128      Disabled   Disabled
  5     100/1000T Auto      128      Disabled   Disabled
  6     100/1000T Auto      128      Disabled   Disabled
  7     100/1000T Auto      128      Disabled   Disabled
  8     100/1000T Auto      128      Disabled   Disabled
  9     100/1000T Auto      128      Disabled   Disabled
  10    100/1000T Auto      128      Disabled   Disabled
  11    100/1000T Auto      128      Disabled   Disabled
  12    100/1000T Auto      128      Disabled   Disabled
  14    100/1000T Auto      128      Disabled   Disabled
  15    100/1000T Auto      128      Disabled   Disabled
  16    100/1000T Auto      128      Disabled   Disabled
  17    100/1000T Auto      128      Disabled   Disabled
  18    100/1000T Auto      128      Disabled   Disabled
  19    100/1000T Auto      128      Disabled   Disabled
  20    100/1000T Auto      128      Disabled   Disabled
  21    100/1000T Auto      128      Disabled   Disabled
  22    100/1000T Auto      128      Disabled   Disabled
  Trk1            20000     128      Root       Forwarding 0026f1-dff400
  Trk2            200000    128      Alternate  Blocking   0026f1-e141a0

HP-SW2#  show spanning-tree mst-config

 MST Configuration Identifier Information

  MST Configuration Name : AcmeNetworks
  MST Configuration Revision : 1
  MST Configuration Digest : 0x6DA4B50C4FD587757EEF0356753605E1

  IST Mapped VLANs : 1

  Instance ID Mapped VLANs
  ----------- ---------------------------------------------------------
  1           100
  2           200

Cheers!

You might also want to read these other posts...

  1. LACP Configuration Examples (Part 6)
  2. LACP Configuration Examples (Part 5)
  3. LACP Configuration Examples (Part 4)

]]> https://blog.michaelfmcnamara.com/2016/06/lacp-configuration-examples-part-7/feed/ 2 IBM Tealeaf – Gigamon 802.1q Tagged Packets https://blog.michaelfmcnamara.com/2015/03/ibm-tealeaf-gigamon-802-1q-tagged-packets/ Sun, 01 Mar 2015 17:52:01 +0000 http://blog.michaelfmcnamara.com/?p=5264 I had an interesting issue this past week when I performed a software upgrade on a Gigamon GigaVUE-420. While the upgrade was fairly straight forward I ran into a problem after the upgrade with the IBM Tealeaf solution. We have multiple SPANs and TAPs feeding data into the Gigmon which then copies the traffic out to a number of solutions, including IBM’s Tealeaf. After the upgrade all the other systems seemed to be working fine with the exception of the Tealeaf Linux capture server. The model of Gigamon we have doesn’t allow for altering the actual data, we can filter the data based on anything in the headers but we can’t alter the data. The SPANs from our Cisco 6509E and 6504E switches were setup as 802.1q tagged trunks so the Gigamon would replicate the frames as 802.1q tagged packets. The issue appears to have been how the IBM Tealeaf Linux server handles 802.1q tagged packets. I was able to connect a Windows 7 laptop to the Gigamon and validate that the Gigamon was working properly. I did need to make a registry tweak to the Windows 7 laptop so it wouldn’t strip the 802.1q headers.

Unfortunately IBM support wasn’t very helpful, they were more interested in placing blame than they were in helping us understand why the Tealeaf capture server wasn’t working. They were completely focused on the fact that it worked before the upgrade so it must have been the upgrade that broke it. While that was technically true there was something else at play since I had already verified that the traffic was being forward properly by the Gigamon.

Ultimately one of the team members reconfigured the Linux NICs to support 802.1q tagging and built sub-interfaces so tcpdump could read the traffic. I never did find out what broke but I’m guessing it has something to-do with the NIC configuration on the Tealeaf Linux capture server.

Cheers!

Image Credit: John

You might also want to read these other posts...

  1. untagAll vs tagAll on Avaya Ethernet Routing Switches
  2. Packet Capture on a Blue Coat ProxySG Appliance
  3. Avaya VPN Client Release 10.06.200 for Windows 8

]]> Short Story – switchport trunk allowed vlan https://blog.michaelfmcnamara.com/2014/03/short-story-switchport-trunk-allowed-vlan/ https://blog.michaelfmcnamara.com/2014/03/short-story-switchport-trunk-allowed-vlan/#comments Mon, 03 Mar 2014 23:55:40 +0000 http://blog.michaelfmcnamara.com/?p=4181 I like sharing these stories because they help me document some really simple problems that can sometimes take a few minutes to troubleshoot and ultimately resolve. The moral of this story resolves around the much used command “switchport trunk allowed vlan x,y,z” and the often overlooked commands “switchport trunk allowed vlan add|remove x,y,z“.

I decided to write about this topic since I recently encountered operational “difficulties” with both my prior employer and my current employer that involved the same near identical mistake of a network engineer accidentally overwriting the list of allowed VLANs. In the most recent case it was a simple oversight on the engineer’s part and the problem was quickly corrected. On the prior case the engineer had issued the command “no switchport trunk allowed vlan x” which seems to have given NXOS a bit of a fit. The ports that were in that vPC needed to be shutdown and then enabled to clear what appeared to be a software bug. While the running-config indicated that the VLANs were being trunked on the ports, the MAC/FDB table had no entries of those VLANs on the affected ports.

I strongly recommend that folks prune VLANs that aren’t being used from their trunks, however, you need to be very careful with how you add and/or remove VLANs from the list once the trunk is up and running.

In the past I’ve seen folks accidentally overwrite the VLAN allowed add list by using the “switchport trunk allowed vlan” command. Look at this sample configuration;

interface port-channel2
  description VPC_CISCO_NEXUS_5010
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 150-154
  switchport trunk allowed vlan add 155
  mtu 9216
  vpc 2

Now let’s say we wanted to add VLAN 156 and we using the following command, taking the allowed VLAN list and adding VLAN 156;

switchport trunk allowed vlan 152-154,156

The problem with this is that we just missed the fact that VLAN 155 was also on that trunk and we just removed it from the trunk with the that previous command.

The morale of the story – be careful when you add/remove VLANs from trunk ports and make sure you use the switchport trunk allow vlan add|remove command.

Cheers!

Image Credit: Roger Kirby

You might also want to read these other posts...

  1. 802.1Q VLAN Tagging on a Cisco Catalyst 3750-E
  2. WS5100 v3.x Getting Started
  3. 802.1Q VLAN Tagging on an Ethernet Routing Switch

]]> https://blog.michaelfmcnamara.com/2014/03/short-story-switchport-trunk-allowed-vlan/feed/ 2 untagAll vs tagAll on Avaya Ethernet Routing Switches https://blog.michaelfmcnamara.com/2012/02/untagall-vs-tagall-on-avaya-ethernet-routing-switches/ https://blog.michaelfmcnamara.com/2012/02/untagall-vs-tagall-on-avaya-ethernet-routing-switches/#comments Sun, 12 Feb 2012 16:06:03 +0000 http://blog.michaelfmcnamara.com/?p=2671 This is probably the most often referred to topic both on the forums and here on my blog. After finding it in the top 10 keyword searches to my blog this morning I decided to try and write up a new post that would conclusively answer the question with respect to Avaya (formerly Nortel) Ethernet Routing Switches.

Definitions

Now before I get started lets define some basic terms;

  • Access port is defined as a port belonging to a single VLAN
  • Trunk port as defined in Wikipedia is a port designed to carry multiple VLANs through a single network link through the use of a “trunking protocol”. To allow for multiple VLANs on one link, frames from individual VLANs must be identified. The most common and preferred method, IEEE 802.1Q adds a tag to the Ethernet frame header, labeling it as belonging to a certain VLAN. Since 802.1Q is an open standard, it is the only option in an environment with multiple-vendor equipment.

So by it’s definition an access port can only belong to one VLAN while a trunk port can belong to multiple VLANs.

It’s important to distinguish that we’re talking about single ports. A trunk group or trunk port group is made up of multiple ports which are combined into a single virtual port. Protocols such as MultiLink Trunking (Avaya), EtherChannel (Cisco) and LACP provide the ability to combine multiple trunk ports into a single virtual interface providing redundancy and additional bandwidth.

Basic Examples

In general the majority of edge switch ports will be configured as access ports. Any port used to connect a personal computer, laptop, server, printer, etc will be configured as an access port. Any port that connects to another switch will be configured as a trunk port.

Complex Examples

With the advent of virtualization VMware servers are often configured and connected to trunk ports. Where as servers would have traditionally been connected to access ports they can also be connected to trunk ports depending on their configurations. The advent of Voice Over IP (VoIP) to the desktop has also had an impact on how edge switches are configured when the desktop or laptop is connected to the IP phone which is in turn connected to the edge switch. I’ll cover that topic in more detail later on.

Avaya Ethernet Routing Switches

Ethernet Routing Switch 2500, 4000, 5000 Series

The Avaya Ethernet Routing Switch 2500, 4000 and 5000 series switches currently offer the following options.

  • tagAll – sets the port as a trunk port tagging all frames with an 802.1Q header as they egress the port.
  • untagAll – sets the port as an access port stripping all 802.1Q headers as they egress the port.
  • tagPvidOnly – sets the port as a trunk port but only adds 802.1Q headers for the PVID VLAN as they egress the port.
  • untagPvidOnly – sets the port as a trunk port but only adds 802.1Q headers for every VLAN other than the PVID VLAN as they egress the port.

What is the PVID? The PVID is the Default VLAN ID configured for that specific port. In a typical configuration where the port is an access (untagAll) port the PVID will be set to that VLAN automatically by the switch. In a trunk port configuration the PVID will be used to determine which VLAN to bridge any received untagged frames to if DiscardUntaggedFrames is not enabled. It’s recommended to enable DiscardUntaggedFrames on any port configured as a trunk (tagAll) port to avoid any potential configuration issues which might lead to a loop and a network outage. It’s also a best practice to configure the PVID on all trunk (tagAll) ports with the VLAN ID of your management VLAN.

Ethernet Routing Switch 1600, 8600, 8800 Series

You’ll notice on the Ethernet Routing Switch 1600, 8600 and 8800 series that the options are slightly different but achieve the same outcome.

  • PerformTagging (Checked) – sets the port as a trunk port tagging all frames with an 802.1Q header as they egress the port.
  • PerformTagging (Unchecked) – sets the port as an access port stripping all 802.1Q headers as they egress the port.

Additional options include DiscardTaggedFrames, DiscardUntaggedFrames and UntagDefaultVlan. These options can be used to achieve the same results as with the Avaya Ethernet Routing Switch 2500, 4000 and 5000 series switches with the exception of tagPvidOnly.

Is the PVID equivalent to the native vlan command in Cisco switches? It is if untagPvidOnly/UntagDefaultVlan is enabled. The PVID (DefaultVlanId) by itself only acts on untagged received frames. The untagPvidOnly/UntagDefaultVlan option acts on transmitted frames and so the combination of the two equates to the “switchport trunk native vlan #” on a Cisco switch.

It’s also important to point out that Avaya only supports 802.1Q tagging. So while Cisco supports ISL and 802.1Q there is no Avaya command similar to “switchport trunk encapsulation dot1q” since this is the default behavior with Avaya switches.

IP Telephony

There are some special considerations when desktops and laptops are physically connected to the PC port on back of an IP phone and then the IP phone is cabled to the edge switch.  In this scenario the common approach is to tag the voice VLAN while leaving the data VLAN untagged. Why? It’s important that we separate the voice traffic from the data traffic so we utilize two different VLANs, one VLAN will carry the voice traffic while one VLAN will carry the data traffic destined to the desktop or laptop. The desktop or laptop probably won’t be configured for 802.1Q tagging so it won’t understand an 802.1Q tagged frame. We need to guarantee that any frames being delivered to the PC port on the back of the IP phone are untagged, if they aren’t the laptop or desktop will just discard the frame. The IP phone will tag the voice frames with an 802.1Q header so the switch will properly bridge those frames to the voice VLAN. In this scenario we need to utilize the untagPvidOnly option in combination with configuring the PVID (DefaultVlanId) as the data VLAN. This way the voice VLAN will be tagged with an 802.1Q header so the phone understands it and the data VLAN will be untagged so the desktop or laptop understands it. The IP phone will be configured with the Voice VLAN ID so it knows which ID to use when communicating with the Call Server and Media Gateways.

Cheers!

You might also want to read these other posts...

  1. Avaya Ethernet Routing Switches and non-ADAC VLANs
  2. 802.1Q VLAN Tagging on an Ethernet Routing Switch
  3. Avaya Ethernet Routing Switch 4800 Series – Configuration Template

]]> https://blog.michaelfmcnamara.com/2012/02/untagall-vs-tagall-on-avaya-ethernet-routing-switches/feed/ 27 802.1Q VLAN Tagging on a Cisco Catalyst 3750-E https://blog.michaelfmcnamara.com/2011/01/802-1q-vlan-tagging-on-a-cisco-catalyst-3750-e/ https://blog.michaelfmcnamara.com/2011/01/802-1q-vlan-tagging-on-a-cisco-catalyst-3750-e/#comments Sat, 29 Jan 2011 18:29:16 +0000 http://blog.michaelfmcnamara.com/?p=1912 In the two previous posts I covered how to create multiple VLANs, trunk those VLANs between multiple stackable Avaya Ethernet Routing Switches utilizing Multi-Link Trunking and how to create Layer 3 IP interfaces to be used for routing IP packets between those VLANs.

In this post I thought I would expand the network topology of my previous two posts to include a Cisco Catalyst 3750-E. I’ll specifically cover how to trunk (bridge) multiple VLANs between a stackable Avaya Ethernet Routing Switch and the Cisco Catalyst 3750-E and how to configure multiple interfaces in a Link Aggregation Group (LAG) utilizing LACP similar to Avaya’s proprietary MLT feature.

Avaya Ethernet Routing Switch 4548

enable
config t

Let’s start by making ports 45 and 46 trunk ports which will utilize 802.1Q tagging;

vlan ports 45,46 tagging tagAll

Let’s add the VLANs we wish to bridge across the trunk ports;

vlan members add 1 45,46
vlan members add 100 45,46
vlan members add 200 45,46

Now we’ll enable LACP on ports 45 and 46 using the same LACP key which will automatically create the LAG;

interface fastEthernet 45
lacp key 10
lacp mode active
lacp timeout-time short
lacp aggregation enable
exit

interface fastEthernet 46
lacp key 10
lacp mode active
lacp timeout-time short
lacp aggregation enable
exit

Avaya Ethernet Routing Switch 4548 – Show Commands

4548GT-PWR#show lacp port 45,46
Admin Oper         Trunk Partner
Port Priority Lacp    A/I Timeout Key   Key   AggrId Id    Port    Status
---- -------- ------- --- ------- ----- ----- ------ ----- ------- ------
45   32768    Active  A   Short   10    12298 8224   32    302     Active
46   32768    Active  A   Short   10    12298 8224   32    303     Active

4548GT-PWR#show mac-address-table
Mac Address Table Aging Time: 300
Number of addresses: 26

   MAC Address    Vid  Source         MAC Address    Vid  Source
----------------- ---- -------     ----------------- ---- -------
00-02-B3-CB-77-A2    1 Port:19     00-04-61-9E-46-7E    1 Port:21
00-0C-29-64-33-F9    1 Port:19     00-0C-29-A5-CB-54    1 Port:19
00-0F-20-95-38-D5    1 Port:11     00-18-01-EA-F4-45    1 Port: 1
00-1C-11-6B-DC-6B    1 Port: 1     00-1C-11-6D-15-27    1 Port: 1
00-1C-11-6D-15-DC    1 Port: 1     00-1E-7E-7C-2C-00    1
00-1E-7E-7C-2C-40    1             00-1F-0A-CE-BC-01    1 Trunk:1
00-1F-0A-CE-BC-40    1 Trunk:1     00-1F-D0-D0-BE-2D    1 Port:17
00-23-EE-96-AA-21    1 Port: 1     00-24-B5-F6-94-02    1 Trunk:1
00-64-40-CF-4D-AD    1 Trunk:32    00-64-40-CF-4D-AE    1 Trunk:32
00-64-40-CF-4D-C0    1 Trunk:32    00-0A-E4-76-9C-C8    2 Port:44
00-24-DC-DF-0D-08    2 Port:43     00-A0-F8-5E-CE-BC    2 Port:39
00-1F-0A-CE-BC-41  100 Trunk:1     00-24-7F-99-84-70  100 Port:25
00-64-40-CF-4D-AD  100 Trunk:32    00-1E-CA-F3-1D-B4  200 Port:26
00-1F-0A-CE-BC-43  200 Trunk:1     00-64-40-CF-4D-AD  200 Trunk:32

4548GT-PWR#show mlt
Id Name             Members                Bpdu   Mode           Status  Type
-- ---------------- ---------------------- ------ -------------- ------- ------
1  MLT_to_ERS5520   47-48                  All    Basic          Enabled Trunk
2  Trunk #2         NONE                   All    Basic          Disabled
3  Trunk #3         NONE                   All    Basic          Disabled
4  Trunk #4         NONE                   All    Basic          Disabled
5  Trunk #5         NONE                   All    Basic          Disabled
6  Trunk #6         NONE                   All    Basic          Disabled
7  Trunk #7         NONE                   All    Basic          Disabled
8  Trunk #8         NONE                   All    Basic          Disabled
9  Trunk #9         NONE                   All    Basic          Disabled
10 Trunk #10        NONE                   All    Basic          Disabled
11 Trunk #11        NONE                   All    Basic          Disabled
12 Trunk #12        NONE                   All    Basic          Disabled
13 Trunk #13        NONE                   All    Basic          Disabled
14 Trunk #14        NONE                   All    Basic          Disabled
15 Trunk #15        NONE                   All    Basic          Disabled
16 Trunk #16        NONE                   All    Basic          Disabled
17 Trunk #17        NONE                   All    Basic          Disabled
18 Trunk #18        NONE                   All    Basic          Disabled
19 Trunk #19        NONE                   All    Basic          Disabled
20 Trunk #20        NONE                   All    Basic          Disabled
21 Trunk #21        NONE                   All    Basic          Disabled
22 Trunk #22        NONE                   All    Basic          Disabled
23 Trunk #23        NONE                   All    Basic          Disabled
24 Trunk #24        NONE                   All    Basic          Disabled
25 Trunk #25        NONE                   All    Basic          Disabled
26 Trunk #26        NONE                   All    Basic          Disabled
27 Trunk #27        NONE                   All    Basic          Disabled
28 Trunk #28        NONE                   All    Basic          Disabled
29 Trunk #29        NONE                   All    Basic          Disabled
30 Trunk #30        NONE                   All    Basic          Disabled
31 Trunk #31        NONE                   All    Basic          Disabled
32 Trunk #32        45-46                  Single DynLag/Basic   Enabled Trunk

You might be looking at the output above and asking yourself what’s “Trunk 32”? Let me provide some quick background. You can have a total of 32 MLT/LAG trunks on a stackable Avaya Ethernet Routing Switch. When you create LACP trunks the switch automatically creates a LAG in the MLT table dynamically from the bottom up. While in the previous post I created “Trunk 1” by trunking ports 47 and 48 together (see above), in this post I’ve created an LACP trunk on ports 45 and 46 which will be reported it the switch as “Trunk 32”. You can also see it in the MAC/FDB table above.

Cisco Catalyst 3750-E

enable
config t

Let’s give the switch an IP address in VLAN 1 for management;

vlan 1
ip address 192.168.1.25 255.255.255.0
no shut
exit

Let’s create VLAN 100 and VLAN 200 on the switch;

vlan 100
name "192-168-100-0/24"
exit
vlan 200
name "192-168-200-0/24"
exit

Let’s add the appropriate edge ports to each VLAN;

interface range gigabitEthernet 1/0/1-12
switchport access vlan 1
exit
interface range gigabitEthernet 1/0/13-24
switchport access vlan 100
exit
interface range gigabitEthernet 1/0/25-36
switchport access vlan 200
exit

Let’s configure ports 45 and 46 as trunk ports and bond them together in channel-group utilizing LACP;

interface gigabitEthernet 1/0/45
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active

interface gigabitEthernet 1/0/46
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active

Cisco Catalyst 3750-E – Show Commands

SW-3750-E#show lacp neighbor
Flags:  S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode       P - Device is in Passive mode

Channel group 1 neighbors

Partner's information:

LACP port                        Admin  Oper   Port    Port
Port      Flags   Priority  Dev ID          Age    key    Key    Number  State
Gi1/0/45  FA      32768     001e.7e7c.2c00  16s    0x0    0x300A 0x2D    0x3F
Gi1/0/46  FA      32768     001e.7e7c.2c00  27s    0x0    0x300A 0x2E    0x3F

Switch#show mac address-table
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 All    0100.0ccc.cccc    STATIC      CPU
 All    0100.0ccc.cccd    STATIC      CPU
 All    0180.c200.0000    STATIC      CPU
 All    0180.c200.0001    STATIC      CPU
 All    0180.c200.0002    STATIC      CPU
 All    0180.c200.0003    STATIC      CPU
 All    0180.c200.0004    STATIC      CPU
 All    0180.c200.0005    STATIC      CPU
 All    0180.c200.0006    STATIC      CPU
 All    0180.c200.0007    STATIC      CPU
 All    0180.c200.0008    STATIC      CPU
 All    0180.c200.0009    STATIC      CPU
 All    0180.c200.000a    STATIC      CPU
 All    0180.c200.000b    STATIC      CPU
 All    0180.c200.000c    STATIC      CPU
 All    0180.c200.000d    STATIC      CPU
 All    0180.c200.000e    STATIC      CPU
 All    0180.c200.000f    STATIC      CPU
 All    0180.c200.0010    STATIC      CPU
 All    ffff.ffff.ffff    STATIC      CPU
   1    0004.619e.467e    DYNAMIC     Po1
   1    000c.2964.33f9    DYNAMIC     Po1
   1    000c.29a5.cb54    DYNAMIC     Po1
   1    000f.2095.38d5    DYNAMIC     Po1
   1    0018.01ea.f445    DYNAMIC     Po1
   1    001c.116b.dc6b    DYNAMIC     Po1
   1    001c.116d.1527    DYNAMIC     Po1
   1    001c.116d.15dc    DYNAMIC     Po1
   1    001e.7e7c.2c01    DYNAMIC     Po1
   1    001e.7e7c.2c2d    DYNAMIC     Po1
   1    001e.7e7c.2c2e    DYNAMIC     Po1
   1    001f.d0d0.be2d    DYNAMIC     Po1
   1    0023.ee96.aa21    DYNAMIC     Po1
   1    00a0.f85e.cebd    DYNAMIC     Po1
 100    0024.7f99.84e9    DYNAMIC     Po1
 200    0008.02e4.890a    DYNAMIC     Gi1/0/25
 200    001e.caf3.1db4    DYNAMIC     Po1
Total Mac Addresses for this criterion: 37

You might be asking why didn’t I assign the VLANs to the trunk ports on the Cisco Catalyst 3750-E… well with Cisco switches a trunk port is by default a member of all the VLANs that exist on the switch. So you don’t need to specifically add a VLAN to a trunk port, however, you can override the default behavior by telling the switch to only carry specific VLANs on a specific trunk port – this is called VLAN pruning.

Please feel free to point out any inconsistencies or errors I might have made.

Cheers!

You might also want to read these other posts...

  1. 802.1Q VLAN Tagging on an Ethernet Routing Switch
  2. Short Story – switchport trunk allowed vlan
  3. LACP Configuration Examples (Part 1)

]]> https://blog.michaelfmcnamara.com/2011/01/802-1q-vlan-tagging-on-a-cisco-catalyst-3750-e/feed/ 31