Wired Intelligent Edge

 View Only
  • 1.  5400 Port Problem

    Posted Aug 11, 2017 09:58 PM

    Seemlinly simple problem here. I've got a 5400 as our core switch and have a 3500 attached to one of the ports. I was adding a vlan, 103, and configuring it across the switches. The 3500 was on port F10 with a few vlans already setup. Added 103 as tagged and configured it on the 3500 as such. No traffic passed between them on that vlan. I tried a few different things on the 3500 with no luck. Out of desparation I moved the 3500 to port F11 on the 5400 and configured it the same as F10 and it all starts magically working. Thoughts? Anything no the config print out that could cause the issue? Here's the config of the 5400:

     

    ; J8697A Configuration Editor; Created on release #K.15.02.0005


    time timezone -8
    time daylight-time-rule Continental-US-and-Canada
    console inactivity-timer 60
    ip access-list extended "Restricted-1"
    10 permit udp 0.0.0.0 255.255.255.255 10.1.4.50 0.0.0.0 eq 67
    20 permit tcp 0.0.0.0 255.255.255.255 10.1.4.50 0.0.0.0 eq 53
    30 permit udp 0.0.0.0 255.255.255.255 10.1.4.50 0.0.0.0 eq 53
    40 permit tcp 0.0.0.0 255.255.255.255 10.1.4.51 0.0.0.0 eq 53
    50 permit udp 0.0.0.0 255.255.255.255 10.1.4.51 0.0.0.0 eq 53
    60 permit tcp 0.0.0.0 255.255.255.255 10.1.4.57 0.0.0.0 eq 443
    70 permit tcp 0.0.0.0 255.255.255.255 10.1.4.54 0.0.0.0 eq 80
    80 permit tcp 0.0.0.0 255.255.255.255 10.1.4.55 0.0.0.0 eq 80
    90 permit tcp 0.0.0.0 255.255.255.255 10.1.4.55 0.0.0.0 eq 443
    100 permit tcp 0.0.0.0 255.255.255.255 10.1.4.59 0.0.0.0 eq 443
    110 permit tcp 0.0.0.0 255.255.255.255 10.1.4.60 0.0.0.0 eq 8880
    120 permit tcp 0.0.0.0 255.255.255.255 10.1.4.60 0.0.0.0 eq 8843
    130 permit tcp 0.0.0.0 255.255.255.255 10.1.4.54 0.0.0.0 eq 8880
    140 permit tcp 0.0.0.0 255.255.255.255 10.1.4.54 0.0.0.0 eq 8843
    150 permit tcp 0.0.0.0 255.255.255.255 10.1.5.8 0.0.0.0 eq 80
    160 permit tcp 0.0.0.0 255.255.255.255 10.1.5.8 0.0.0.0 eq 443
    161 permit tcp 0.0.0.0 255.255.255.255 10.1.5.8 0.0.0.0 eq 1640
    162 permit tcp 0.0.0.0 255.255.255.255 10.1.5.8 0.0.0.0 eq 2195
    163 permit tcp 0.0.0.0 255.255.255.255 10.1.5.8 0.0.0.0 eq 2196
    200 deny ip 0.0.0.0 255.255.255.255 10.1.4.0 0.0.3.255
    210 deny ip 0.0.0.0 255.255.255.255 10.1.8.0 0.0.3.255
    220 deny ip 0.0.0.0 255.255.255.255 10.1.12.0 0.0.3.255
    230 deny ip 0.0.0.0 255.255.255.255 192.168.7.0 0.0.0.255
    300 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
    exit
    ip access-list extended "D8"
    exit
    qos dscp-map 101110 priority 6
    module 1 type J8702A
    module 2 type J8705A
    module 3 type J8702A
    module 4 type J8705A
    module 5 type J8702A
    module 6 type J9535A
    interface B23
    speed-duplex 100-full
    exit
    interface C23
    name "Reception Phone Console PC"
    exit
    interface D17
    poe-lldp-detect enabled
    exit
    interface D23
    name "B Bldg Fiber"
    exit
    interface D24
    name "D Bldg"
    exit
    interface F10
    name "Modular"
    exit
    interface F22
    name "C Bldg Fiber"
    exit
    trunk D21,F24 Trk1 LACP
    ip default-gateway 192.168.10.1
    ip routing
    vlan 1
    name "DEFAULT_VLAN"
    no untagged A1-A24,B1-B24,C1-C24,D1-D20,D22-D24,E1-E24,F1-F23,Trk1
    no ip address
    exit
    vlan 10
    name "MCDATA"
    untagged A1-A17,A19,A22,A24,B2,B4,B6,B8-B24,C1-C14,C16,C18-C22,C24,D1-D20,D22-D24,E1-E8,E10-E24,F1,F3-F23,Trk1
    ip forward-protocol udp 10.1.11.255 9
    ip address 10.1.4.1 255.255.252.0
    exit
    vlan 11
    name "NCDATA"
    untagged E9
    ip helper-address 10.1.4.50
    ip address 10.1.8.1 255.255.252.0
    tagged A9
    exit
    vlan 50
    name "INTERNET"
    ip address 192.168.10.254 255.255.255.0
    tagged A9
    exit
    vlan 12
    name "WIRELESS"
    ip helper-address 10.1.4.50
    ip address 10.1.12.1 255.255.252.0
    tagged A9,A18,A20-A21,A23,B1,B3,B5,B7,C15,C17,D22-D24,E9,F10-F11,F20,F22,Trk1
    exit
    vlan 13
    name "RESTRICTED"
    ip helper-address 10.1.4.50
    ip address 10.0.0.1 255.255.240.0
    tagged A9,A18,A20-A21,A23,B1,B3,B5,B7,C15,C17,D22-D24,E9,F10-F11,F20,F22,Trk1
    ip access-group "Restricted-1" vlan
    exit
    vlan 14
    name "TECH"
    ip helper-address 10.1.4.50
    ip helper-address 10.1.5.8
    ip address 192.168.7.1 255.255.255.0
    tagged A9,A18,A20-A21,A23,B1,B3,B5,B7,C15,C17,D22-D24,E9,F10-F11,F20,F22,Trk1
    exit
    vlan 91
    name "AV C212"
    ip helper-address 10.1.4.50
    ip address 192.168.91.1 255.255.255.0
    tagged A9,F22
    exit
    vlan 90
    name "VLAN90"
    no ip address
    exit
    vlan 92
    name "AV NC190"
    ip helper-address 10.1.4.50
    ip address 192.168.92.1 255.255.255.0
    tagged A9,E9
    exit
    vlan 93
    name "AV Fireside"
    ip helper-address 10.1.4.50
    ip address 192.168.93.1 255.255.255.0
    tagged A9
    exit
    vlan 150
    name "Commons Crestron"
    ip address 192.168.1.1 255.255.255.0
    tagged A9,F22,Trk1
    exit
    vlan 94
    name "AV DAMP"
    ip helper-address 10.1.4.50
    ip address 192.168.94.1 255.255.255.0
    tagged A9,D24
    exit
    vlan 95
    name "AV NC-AMPH"
    ip helper-address 10.1.4.50
    ip address 192.168.95.1 255.255.255.0
    tagged A9,E9
    exit
    vlan 96
    name "Worship Center Sound Board"
    ip address 192.7.7.1 255.255.255.0
    tagged A9
    ip proxy-arp
    exit
    vlan 97
    name "AV NC180"
    ip helper-address 10.1.4.50
    ip address 192.168.97.1 255.255.255.0
    tagged A9,E9
    exit
    vlan 98
    name "BBldg AppleTV"
    ip helper-address 10.1.4.50
    ip address 192.168.98.1 255.255.255.0
    tagged A9,D23
    exit
    vlan 99
    name "ABldg AppleTV"
    ip helper-address 10.1.4.50
    ip address 192.168.99.1 255.255.255.0
    tagged A9
    exit
    vlan 100
    name "VOIP"
    untagged C23,F2
    qos priority 6
    ip helper-address 10.1.4.50
    ip address 10.1.100.1 255.255.255.0
    tagged A2-A24,B1-B24,C1-C22,C24,D1-D20,D22-D24,E1-E24,F1,F3-F23,Trk1
    voice
    exit
    vlan 101
    name "AC"
    ip helper-address 10.1.4.50
    ip address 192.168.101.1 255.255.255.0
    tagged A9,F22,Trk1
    exit
    vlan 102
    name "Outdoor Plugs"
    ip helper-address 10.1.4.50
    ip address 192.168.102.1 255.255.255.0
    tagged A9,D22-D24,F22,Trk1
    exit
    vlan 103
    name "AP Manage"
    untagged A18,A20-A21,A23,B1,B3,B5,B7,C15,C17
    ip helper-address 10.1.4.50
    ip address 192.168.103.1 255.255.255.0
    tagged A7,A9,D22-D24,E9,F10-F11,F22,Trk1
    exit
    qos type-of-service diff-services
    dhcp-snooping
    dhcp-snooping authorized-server 10.1.4.50
    dhcp-snooping authorized-server 10.1.5.8
    dhcp-snooping authorized-server 192.168.7.17
    dhcp-snooping vlan 10-14
    power-over-ethernet pre-std-detect
    radius-server host 10.1.4.50
    timesync sntp
    sntp unicast
    sntp server priority 1 10.1.4.50
    ip timep manual 10.1.4.50
    ip route 0.0.0.0 0.0.0.0 192.168.10.2
    ip route 192.168.8.0 255.255.255.0 192.168.7.205
    ip route 192.168.9.0 255.255.255.0 10.1.4.5
    ip route 192.168.20.1 255.255.255.255 192.7.7.240
    ip route 192.168.20.2 255.255.255.255 192.7.7.240
    interface A9
    dhcp-snooping trust
    exit

    aaa authentication port-access eap-radius
    aaa port-access authenticator active
    spanning-tree Trk1 priority 4
    spanning-tree priority 0
    no autorun
    no dhcp config-file-update
    no dhcp image-file-update
    password manager
    password operator

     



  • 2.  RE: 5400 Port Problem

    Posted Aug 12, 2017 07:51 AM

    Truly hard to understand the root cause of your issue...but, looking at your Switch running software version (K.15.02.0005), as it appears on reported configuration:


    @David_Corrigan wrote:

    ; J8697A Configuration Editor; Created on release #K.15.02.0005

    a thing is pretty clear: your Switch is running an almost 7 years old firmware (K.15.02.0005 was released on October 2010)...please correct me if I'm wrong here (a show flash and show version would clear things up with that regard)...so anything "strange" is truly possible...especially considering how many releases (K.15.xx and newer K.16.xx) were published in that very long timeframe.

    I suggest you to revise old Release Notes (of K.15.04 or K.15.06. software branches, as example) - it's a time consuming task - to look for if a similar issue involving VLAN tagging was found and eventually fixed...but then, if you find it, don't limit yourself to upgrade to the nearest (old) fixing version...instead go ahead - that's a relatively fast procedure - and decide to keep your Switch software current (as example updating it to latest K.15.18 or better to latest K.16.02).