Cisco VTP/VLAN issue



  • We have been using PFSense in both our offices and our production environment at a colo data center happily since the founding of our company. Unfortunately our production environment has out grown PFSense and I am tasked with migrating to Cisco ASA 5510s and Catalyst 4507 layer 3 switch cabs. I finally got the IPSec tunnel working between our office PFSense router (YEA!) using the same supernet config we had in place before. As part of a staged migration however, we had plugged the production PFSense router into the 4507 cabs and moved all of our servers onto those switch blades to get the increase in bandwidth. That has been working fine and the only road block was the IPSec tunneling issue. When I tried to cut over and unplugged the production PFSense router from the switch however I found I could not route internally on the layer 3 switch. This was working fine in testing prior to pluging in the PFSense router to those switches. The issue appears to be a corrupted VTP VLAN database on the Catalyst 4507s. The reason I am posting here is that VTP reports it was last updated on 8/8/2011 by address IP x.x.132.2, which is the day we plugged in the PFSense router, and is also the IP address of the PFSense router. We lost half the VLANs, and VTP does not seem to able to remove or add new ones.

    Has anyone else run into this? Is there a known issue with PFSense and Cisco VLANs? Does anyone have a sugestion on how to fix this? Unplugging the PFSense router and rebooting the switches does not have an effect, but based on the date and IP of the last update, it seems almost certain that PFSense is the cause of the issue. There is no VLAN service running on PFSense either, so I don't understand what or why this happened.

    Thanks in advance!

    Here is the relevant output from Cisco:

    show vtp status

    VTP Version capable            : 1 to 3
    VTP version running            : 2
    VTP Domain Name                : corp
    VTP Pruning Mode                : Disabled
    VTP Traps Generation            : Disabled
    Device ID                      : 0017.5abd.a700
    Configuration last modified by x.x.132.2 at 8-30-11 17:39:31 - (from me… bold IP and date match PFS router and date it was plugged into switch)
    Local updater ID is 10.0.132.4 on interface Vl1 (lowest numbered VLAN interface found)

    Feature VLAN:

    VTP Operating Mode                : Server
    Maximum VLANs supported locally  : 1005
    Number of existing VLANs          : 6
    Configuration Revision            : 1

    show vlan

    VLAN Name                            Status    Ports


    1    default                          active    Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi3/3, Gi3/4, Gi4/2, Gi4/3, Gi4/4, Gi4/5, Gi4/6, Gi4/7
                                                    Gi4/8, Gi4/9, Gi4/10, Gi4/11, Gi4/12, Gi4/13, Gi4/14, Gi4/15, Gi4/16, Gi4/17, Gi4/18
                                                    Gi4/19, Gi4/20, Gi4/21, Gi4/22, Gi4/23, Gi4/24, Gi4/25, Gi4/26, Gi4/27, Gi4/28
                                                    Gi4/29, Gi4/30, Gi4/31, Gi4/32, Gi4/33, Gi4/34, Gi4/35, Gi4/36, Gi4/37, Gi4/38
                                                    Gi4/39, Gi4/40, Gi4/41, Gi4/42, Gi4/43, Gi4/44, Gi4/45, Gi4/46, Gi4/47, Gi4/48
    30  VLAN0030                        active    Gi3/17, Gi3/18, Gi3/19, Gi3/20, Gi3/21, Gi3/22, Gi3/23, Gi3/24, Gi3/25, Gi3/26
                                                    Gi3/27, Gi3/28, Gi3/29, Gi3/30, Gi3/31, Gi3/32
    1002 fddi-default                    act/unsup
    1003 trcrf-default                    act/unsup
    1004 fddinet-default                  act/unsup
    1005 trbrf-default                    act/unsup

    VLAN Type  SAID      MTU  Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2


    1    enet  100001    1500  -      -      -        -    -        0      0 
    30  enet  100030    1500  -      -      -        -    -        0      0 
    1002 fddi  101002    1500  -      -      -        -    -        0      0 
    1003 trcrf 101003    4472  -      -      -        -    -        0      0 
    1004 fdnet 101004    1500  -      -      -        ieee -        0      0 
    1005 trbrf 101005    4472  -      -      -        ibm  -        0      0

    VLAN AREHops STEHops Backup CRF


    1003 0      0      off

    Remote SPAN VLANs

    Primary Secondary Type              Ports


    The 2 missing VLANs are the production VLANs, 10 & 20 respectively, but routing between existing VLANs also appears to be an issue now. All VLANs were there prior and routing between them was working fine. Thanks Again!



  • You haven't nearly outgrown the project if you're replacing with a 5510, only time that's remotely feasible is if you're at the point where you need a 5580.

    There is nothing on pfSense that can affect VTP in any way.


Log in to reply