Sunday, May 4, 2008

How to use extended-range vlans in the NM-16ESW

In case that you don't already know, in the latest IOS (> 12.4(15)T) you can use extended-range vlans (1006-4094) in your dynamips router/switch (using the NM-16ESW module). Also the vlan database mode is not recommended anymore and you can use the latest config-vlan submode. That way you can replicate more closely the various vendor labs.

I'm using a 3725 as switch, so this is its config in the net file:


[[3725]]
image = /usr/share/cisco-ios/c3725-adventerprisek9-mz.124-15.T5.extracted.bin
ram = 148
disk0 = 8
disk1 = 0
# The idlepc value hasn't been tested extensively, so it might not work in your case.
idlepc = 0x6148b594


The tricky part is that you don't get any indication of this capability; it's like a hidden command. But if you try to configure it, it'll be accepted and it'll work fine.


SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vlan ?
accounting VLAN accounting configuration
ifdescr VLAN subinterface ifDescr

SW1(config)#vlan 2567
SW1(config-vlan)#name VLAN-2567
SW1(config-vlan)#^Z
SW1#


Configure this vlan under an interface:

SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int f1/1
SW1(config-if)#switchport access vlan ?
<1-4094> VLAN ID of the VLAN when this port is in access mode

SW1(config-if)#switchport access vlan 2567
SW1(config-if)#^Z
SW1


Verify the vlan:

SW1#sh vlan-sw br

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0, Fa1/4, Fa1/5, Fa1/6
Fa1/7, Fa1/8, Fa1/9, Fa1/10
Fa1/11, Fa1/12, Fa1/13, Fa1/14
Fa1/15
13 VLAN0013 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
2567 VLAN-2567 active Fa1/1


Verify the spanning-tree:

SW1#sh spanning-tree vlan 2567

VLAN2567 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address c200.04f8.0001
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag set, detected flag set
Number of topology changes 2 last change occurred 00:00:19 ago
from FastEthernet1/2
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 1, topology change 16, notification 0, aging 300

Port 42 (FastEthernet1/1) of VLAN2567 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.42.
Designated root has priority 32768, address c200.04f8.0001
Designated bridge has priority 32768, address c200.04f8.0001
Designated port id is 128.42, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 193, received 0


Extended-range VLANs are not saved in the VLAN database; they are saved in the switch that runs the configuration file.


SW1#sh run | b vtp
vtp mode transparent
!
vlan 2567
name VLAN-2567
!


If you get the following message while trying to configure the vlan under an interface, try to shut the interface, reenter the vlan and then unshut the interface:


SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int f1/1
SW1(config-if)#switchport access vlan 2567
% Warning: port will be inactive in non-ethernet VLAN
SW1(config-if)#^Z

SW1#sh int f1/1 switchport
Name: Fa1/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Disabled
Access Mode VLAN: 2567 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 2567
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none


SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int f1/1
SW1(config-if)#shut
SW1(config-if)#no switchport access vlan 2567
SW1(config-if)#switchport access vlan 2567
SW1(config-if)#no shut
SW1(config-if)#^Z

SW1#sh int f1/1 switchport
Name: Fa1/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Disabled
Access Mode VLAN: 2567 (VLAN-2567)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 2567
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none


Also, as you may already know, vtp must be in transparent mode if you want to configure extended-range vlans:


SW1#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 36
Number of existing VLANs : 6
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xF5 0xBA 0x45 0x80 0xA7 0x6B 0x76 0x88
Configuration last modified by 0.0.0.0 at 3-1-02 00:07:07
Local updater ID is 0.0.0.0 (no valid interface found)

SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vlan 2567
SW1(config-vlan)#name VLAN-2567
SW1(config-vlan)#exit
% Failed to create VLANs 2567
Extended VLAN(s) not allowed in current VTP mode.
%Failed to commit extended VLAN(s) changes.
SW1(config)#
*Mar 1 00:02:23.247: %SW_VLAN-4-VLAN_CREATE_FAIL: Failed to create VLANs 2567: extended VLAN(s) not allowed in current VTP mode


If you get the following error while trying to change vtp mode, you can erase and then squeeze the flash in order to fix it:


SW1#conf t
SW1(config)#vtp mode server
Setting device to VTP SERVER mode
% not enough space on flash to store vlan database. trying squeeze...
squeeze in progress...
% error squeezing flash - (Unknown error 0)

SW1#squeeze flash:
Squeeze operation may take a while. Continue? [confirm]
squeeze in progress...
%Error squeezing flash (Unknown error 0)


SW1#erase flash:
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device... ...NOT erased
Erase of flash: complete

SW1#squeeze flash:
Squeeze operation may take a while. Continue? [confirm]
Squeeze of flash complete


At the end, reload this switch from inside dynagen and everything should be fine.

26 comments:

  1. Hi, can you let me know what idlepc value you are using for this new IOS?

    Thanks.

    ReplyDelete
  2. I have written it at the beginning (0x6148b594). Just keep in mind that i haven't tested it with full config.

    ReplyDelete
  3. Hi frnd

    when i am using the ios of 3725 what u given the link above......but it is not able create vlan in config mode...
    Router#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#vlan 3
    ^
    % Invalid input detected at '^' marker.

    Router(config)#


    again if i will create vlan thru vlan database command then it is able to create but it will not show the ports belongs to which vlan

    Router#sh vlan-sw br

    VLAN Name Status Ports
    ---- -------------------------------- --------- -------------------------------
    1 default active
    2 VLAN0002 active
    4 VLAN0004 active
    9 VLAN0009 active
    1002 fddi-default act/unsup
    1003 token-ring-default act/unsup
    1004 fddinet-default act/unsup
    1005 trnet-default act/unsup
    Router#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#int f0/0
    Router(config-if)#switch
    Router(config-if)#switchportaccess vlan 2
    ^
    % Invalid input detected at '^' marker.

    Router(config-if)#switchport access vlan 2
    ^
    % Invalid input detected at '^' marker.



    plz help this to solve it out

    ReplyDelete
  4. Make sure you have used a NM-16ESW module in your 3725:


    [[Router SW1]]
    model = 3725
    slot1 = NM-16ESW

    ReplyDelete
  5. yes i hve select nw-16esw .....actually i am testing this image thru gns3 software.....is there any problem on this software,.....?

    ReplyDelete
  6. I am having the same problem with gns3 too.

    ReplyDelete
  7. I created a test setup using GNS-3 and everything worked fine too.

    This is the .net file created by it:


    autostart = False
    [localhost:7200]
    workingdir = xxx
    [[3725]]
    ghostios = True
    image = xxx\c3725-adventerprisek9-mz.124-15.T5.extracted.bin
    ram = 144
    sparsemem = True
    idlepc = 0x6148b594
    [[ROUTER R1]]
    model = 3725
    console = 2000
    slot1 = NM-16ESW
    x = -93.0
    y = -81.0
    [GNS3-DATA]
    m11 = 1.0
    m22 = 1.0



    I guess you must be missing something.

    ReplyDelete
  8. hi Tassos,
    Your blog is very eye catching with lots of information to grasp GREAT !!!
    But i have a problem with 16ESW configuration, below is my net.file
    autostart = False
    [localhost:7200]
    workingdir = XXXXXX
    [[3725]]
    image = D:\Cisco GNS3\CISCO IOS\C3725-AD.BIN
    ram = 144
    idlepc = 0x6148b594
    [[ROUTER R0]]
    model = 3725
    console = 2000
    slot1 = NM-16ESW
    x = -228.0
    y = -169.0

    And i have this problem when trying to bind my interface to the VLAN
    see the info below :

    Router>en
    Router#config t
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#vlan 3
    Router(config-vlan)#name IT
    Router(config-vlan)#exit
    Router(config)#int f0/0
    Router(config-if)#switchport mode access
    ^
    % Invalid input detected at '^' marker.

    Router(config-if)#

    I will be very happy for ur response mate

    ReplyDelete
  9. F0/0 is 3725's built-in port.
    You have to use F1/0 - F1/15 for the NM-16ESW ports.

    ReplyDelete
  10. c3725-adventerprisek9-mz.124-18.bin is a newer version but vlans can be configured only under vlan database.

    i'm missing something ?

    ReplyDelete
  11. Simionov, the feature described isn't available in 12.4 Mainline. It's only available in 12.4T code, beginning with 12.4(15)T and later.

    I'm using c3725-ipbase-mz.124-15.T7.bin and idlepc 0x615ec0dc with 10 "switches" and my Q6600 idles around 30% CPU, though YMMV.

    Great site. Grats on the number!

    ReplyDelete
  12. it would be so appreciated if you could tell me how can i download the mentioned IOS.i've downloaded some other version but it does not work.
    regards
    ansari

    ReplyDelete
  13. Hi Tassos,.
    I have done the exact steps to configure 3725 & everythings working out fine xcept for spanning-tree.
    When i give sh spanning-tree vlan 1 cmd it says Spanning tree instance for VLAN 1 does not exist.
    I tried creating vlan 2 which it does & enable spanning-tree vlan 2 cmd but gives the same message.

    ReplyDelete
  14. @Anonymous, do you have any L2 ports on the same vlan? You can use "show vlan-switch" to find this out.

    ReplyDelete
  15. yup ! it'w works for me !

    Thnx.

    ReplyDelete
  16. Thank you now I can use more functions

    Greetings

    ReplyDelete
  17. Hi, here's my problem...
    I have a only one instance of 3725 configured as Switch1 and after creating the vlan 2567 and configuing the in f1/2 to be in that vlan, I get the following:

    for f1/2 "Operational Mode: down"
    for vlan 2567 no stp


    Switch1#sh interfaces fastEthernet 1/2 switchport
    Name: Fa1/2
    Switchport: Enabled
    Administrative Mode: static access
    Operational Mode: down
    Administrative Trunking Encapsulation: dot1q
    Negotiation of Trunking: Disabled
    Access Mode VLAN: 2567 (vlan-2567)
    Trunking Native Mode VLAN: 1 (default)
    Trunking VLANs Enabled: ALL
    Trunking VLANs Active: none
    Protected: false
    Priority for untagged frames: 0
    Override vlan tag priority: FALSE
    Voice VLAN: none
    Appliance trust: none

    Switch1#sh spanning-tree vlan 2567
    Spanning tree instance for VLAN 2567 does not exist.

    Switch1#sh vlan-sw b

    VLAN Name Status Ports
    ---- -------------------------------- --------- -------------------------------
    1 default active Fa1/3, Fa1/4, Fa1/5, Fa1/6
    Fa1/7, Fa1/8, Fa1/9, Fa1/10
    Fa1/11, Fa1/12, Fa1/13, Fa1/14
    Fa1/15
    123 vlan-123 active Fa1/0, Fa1/1
    1002 fddi-default act/unsup
    1003 token-ring-default act/unsup
    1004 fddinet-default act/unsup
    1005 trnet-default act/unsup
    2567 vlan-2567 active Fa1/2

    What am I doing wrong?
    Thanks.

    ReplyDelete
  18. Nevermind... just added one more device and stp works now.

    ReplyDelete
  19. Anonymous, you must have an interface in the UP/UP state.

    ReplyDelete
  20. Tassos Thank you very much for the help.

    ReplyDelete
  21. Hi Tassos,
    Going through your instruction, I have a concern that what is the purpose of vlan 2567? To create it, I must change vtp mode to Transparent. But the problem is, when creating new Vlans, warning says:
    SW1#vlan database
    % Warning: It is recommended to configure VLAN from config mode,
    as VLAN database mode is being deprecated. Please consult user
    documentation for configuring VTP/VLAN in config mode.

    I try to change vtp mode to server again, but impossible, because vlan 2567 still exists. Could you please guide me how to delete this Vlan or change vtp mode to server without deleting it? Thank you very much

    P.S: I just start learning CCNA for a couple of days, please forgive me if something wrong in my questions. :D

    ReplyDelete
  22. "vlan database" is the old mode of configuring vlans. New mode uses "vlan x" in global config.

    ReplyDelete
  23. what deferences beatwen T5, T7, and T12 , i have already downloaded version c3725-adventerprisek9-mz.124-15.T7.bin but it's not working same as your tutorials..

    thanks...

    ReplyDelete
    Replies
    1. Each version has more bug fixes than its previous ones.

      Delete
  24. Tnk u very much, it solved my 5-day challenge, now my lab work perfectly.
    Bravo

    ReplyDelete
  25. Tnk u very much, it solved my 5-day challenge, now my lab work perfectly.
    Bravo

    ReplyDelete

 
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Greece License.