You can get lazy with Cisco switches after a while. Take the default switchport mode for Catalyst 3500-series devices, "switchport mode dynamic desirable". OK, I can configure some VLANs on some switches, connect them together, and they will form up trunks and usually do the right thing.But what if there's a router or firewall you are going to hook up to this mess, and it doesn't speak DTP or ISL?
I have a subnet with one 3500 ("SW1") and a PIX ASA5500 firewall ("PIX"), and I wanted to hang another 3500 ("SW2") off it. Only three connections - what could possibly go wrong? The interface on SW1 is set up like this:
interface GigabitEthernet0/2And the PIX interface:
switchport mode dynamic desirable
interface Vlan1
ip address 10.0.112.1 255.255.0.0
interface GigabitEthernet1/2I can ping each interface from the other. Next, I configure an interface on SW2 exactly the same as SW1 (obviously with a different IP address):
nameif 10net
security-level 60
ip address 10.1.0.2 255.255.255.0
interface GigabitEthernet0/2When I connect SW2, I immediately lose connectivity between SW1 and the PIX. What just happened?
switchport mode dynamic desirable
interface Vlan1
ip address 10.0.0.2 255.255.0.0
DTP tries to do the right thing, and sets up a trunk between SW1 and SW2. But the PIX doesn't speak ISL (and I don't think it does DTP by default but I'm not sure.) The PIX is left twisting in the wind.
Remember "switchport mode dynamic desirable" is the default. It may save you minutes of configuration time, but you may spend hours figuring out why it blew up.
[ view entry ] ( 393 views ) | permalink
Search
