Ajiva, In your 'show interface fa 0/2[2,3] trunk' output I don't see vlan 105 and this is most likely because it's not created. This might be why vlan 5 works and 105 doesn't.
Try: > en # conf t # vlan 105 # exit Thanks, Kevin S On 2/27/13 4:22 AM, "Ajiva Fan" <aji.zq...@gmail.com> wrote: >thanks you for reply >special thanks to Aaron Rosen > >the situation is that: >1) openstack is in vlan mode >2) switcher is in trunk mode, all vlan id is allowed >3) vlan in switcher's allowed list, active list and (not pruned) list >can communicate with each other. vlan only in allowed list but not in >the other two list is isolated >4) i tried the way which is from official site guide to set pruned >list but it does not work, the switcher just ignore the prune command >and hold the original config ( i will ask our network administrator >and find more help from cisco site ) > > >now i think openstack is running fine ( at least from my point of view) >and i think swither trunk port is running basically correct > >here is my env: > >switcher port {22,23} >sw-31#show interfaces fastEthernet 0/22 trunk > >Port Mode Encapsulation Status Native vlan >Fa0/22 on 802.1q trunking 1 > >Port Vlans allowed on trunk >Fa0/22 1-4094 > >Port Vlans allowed and active in management domain >Fa0/22 >1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,6 >00,602,700,800,1000-1001 > >Port Vlans in spanning tree forwarding state and not pruned >Fa0/22 >1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,6 >00,602,700,800,1000-1001 > >from openstack control node terminal: ># nova-manage network create --label admin-network-01 >--fixed_range_v4=10.0.12.0/24 --vlan=105 --project_id=<admin_id> ># nova-manage network create --label admin-network-02 >--fixed_range_v4=10.0.13.0/24 --vlan=101 --project_id=<admin_id> ># nova boot --image cirros --flavor 1 --availability_zone nova:control >test01 ># nova boot --image cirros --flavor 1 --availability_zone nova:compute >test02 > >now test01 and test02 get two vlan ip addr, and control node and >compute node get two bridge >NOTE: *** vlan101 *** is in switcher's active list and "spanning tree >forwarding state and not pruned" list, but vlan105 is not, vlan105 >just in allowed list > >control node: >br105 10.0.12.6 >br101 10.0.13.6 >compute node >br105 10.0.12.4 >br101 10.0.13.4 > >from control node i can ping 10.0.13.4 but cannot ping 10.0.12.4 >so the root cause may be the active list and the pruned list of switcher > >is there any one meet such problem? >maybe i'm fool or i'm just fooled by some odd issue > >please help me > >On 2/27/13, Salvatore Orlando <sorla...@nicira.com> wrote: >> I'm not sure I followed the thread correctly from the beginning, but I >> read that you have configured you NIC for private VM networking, in >> VLAN mode, on VLAN 105. >> Is that correct? >> >> In general trunking all your switch ports used for VM networking will >> save you the hassle of adding the VLANs you are using in your setup >> one by one. >> Also, there's quite a difference between VLAN access mode and trunk >> mode. I rarely use Cisco switches, but when I do I always put them in >> trunk mode explicitly. >> The list of allowed vlan is a sort of filter that you apply on a trunk >> port. So perhaps you might want to put all your ports in trunk mode >> and use the vlan range defined in nova.conf as allowed vlan list. >> >> Salvatore >> >> On 27 February 2013 10:18, Ajiva Fan <aji.zq...@gmail.com> wrote: >>> thank you very much. >>> >>> actullaly, i have already try these command yesterday, it does not >>>work. >>> >>> currently, i find that vlan id in active list and not pruned list can >>> be passed by switcher, vlan id not in the two list cannot will be >>> droped even they are in allowed list..... >>> but the network administrator (and the internet pages) tells me that >>> if vlan is in allowed list, it can go through trunk mode port..... >>> >>> >>> >>> >>> there is some hardware info may not be useful, but i list it here, >>> hope it will help someone else. >>> cisco catalyst 2950 switcher only hava >>> """sw-31(config)#interface gigabitEthernet 0/2? >>> . : <0-2> """ >>> so i just operate on fastEthernet 0/22 >>> """sw-31(config)#interface fastEthernet 0/22? >>> . : <0-24> """ >>> and 2950 defaultly >>> 1)allowed all vlan id on trunk mode >>> 2)only support 802.1q on trunk mode >>> so the following commands: >>>> switchport trunk encapsulation dot1q >>>> switchport trunk allowed vlan 1-4094 >>> will not work. >>> >>> >>> On 2/27/13, Aaron Rosen <aro...@nicira.com> wrote: >>>> Perhaps: >>>> >>>> interface gigbbit 0/22 >>>> switchport mode trunk >>>> switchport trunk encapsulation dot1q >>>> switchport trunk allowed vlan 1-4094 >>>> interface gigbbit 0/23 >>>> switchport mode trunk >>>> switchport trunk encapsulation dot1q >>>> switchport trunk allowed vlan 1-4094 >>>> >>>> >>>> >>>> On Wed, Feb 27, 2013 at 12:02 AM, Ajiva Fan <aji.zq...@gmail.com> >>>>wrote: >>>>> >>>>> since i notice that in switcher: >>>>> sw-31>show interface fastEthernet 0/22 trunk >>>>> >>>>> Port Mode Encapsulation Status Native vlan >>>>> Fa0/22 on 802.1q trunking 1 >>>>> >>>>> Port Vlans allowed on trunk >>>>> Fa0/22 1-4094 >>>>> >>>>> Port Vlans allowed and active in management domain >>>>> Fa0/22 >>>>> >>>>>1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-3 >>>>>03,600,602,700,800,1000-1001 >>>>> >>>>> Port Vlans in spanning tree forwarding state and not pruned >>>>> Fa0/22 >>>>> >>>>>1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-3 >>>>>03,600,602,700,800,1000-1001 >>>>> >>>>> the vlan 5 is active in management domain but 105 is not, so i try >>>>>the >>>>> same workflow as before but change vlan id 5 to 110, ping gets no >>>>> reply as vlan105 >>>>> >>>>> so may be i should add vlan105 to active list ? sorry i'm a green >>>>>hand >>>>> to switcher and got confused. >>>>> 1) what the different between the allowd list and active list >>>>> 2) if i should add active list manually, so does the cloud admin, if >>>>> he create a vlan for a tenant, he should add to switcher active list >>>>> too? is there any way automatically recoginize the vlan tag and allow >>>>> it pass? >>>>> maybe add a range to active list, for example, 100-4000? it's >>>>> ugly...... >>>> >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : openstack@lists.launchpad.net >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >> > >_______________________________________________ >Mailing list: https://launchpad.net/~openstack >Post to : openstack@lists.launchpad.net >Unsubscribe : https://launchpad.net/~openstack >More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp