I have a client with servers connecting to my Cisco Nexus switches on trunked interfaces. The switch ports are configured with a native VLAN, being the server's primary VLAN for PXE boot, and a second VLAN for VM clients. The client would like to be able to identify the VLANs allowed on the trunk from the server-end, so he can verify the configuration when troubleshooting PXE boot or VM connectivity issues. Is there a protocol that is transmitted, or can be transmitted, in broadcast that should allow a packet capture to reveal all VLANs permitted on a trunk? I know we can learn the native VLAN, but I'm looking for a way for the server to "hear" the whole VLAN range. everyone's help is greatly appreciated. Dan asked 04 Oct '13, 11:19 Dan Walker |
3 Answers:
VLANs can be (are probably the majority of the time) configured statically. So in the case you just will see packets like ARPs being sent with the different VLAN tags. Protocols that advertise VLAN configuration include Cisco's proprietary VTP and the open standard GVRP. But these would need to be turned on at your switch. I'm not sure whether they advertise unless they know (maybe through STP) that the other side is a switch. Not really a Wireshark oriented question (though obviously WS will help you see what is going on), but I hope this is useful. Of course the real solution to your problem is to use some "operational orchestration" in your environment that configures your virtualisation platform AND your network at the same time ;-) answered 04 Oct '13, 18:25 martyvis |
The Nexus should support VTP, which could allow you to advertise vlan info on trunk links (only), as untagged multicast frames with the same destination MAC as CDP (0100:0ccc:cccc). To clarify the other answer, the control is on whether a trunk has been formed and what VTP mode the switch is in, and is not dependent on STP to detect a switch on the other side. However, configuring VTP does more than just give the server this info. That protocol is the spawn of the devil IMO, and even Cisco design curriculum suggests against its use in general. You should be hard-coding your vlan information on your trunk links, and you should know/document what those vlan numbers are. For an initial integration effort, I hear you (misconfigured vlan numbers between end systems can be a pain). One way to check though with Wireshark is have the client and server send each traffic type to each other with Wireshark running between them, so you can easily see who is tagging what. answered 04 Oct '13, 20:32 Quadratic edited 04 Oct '13, 20:35 |
If the servers themselves are connected on a vlan tagged interface you can create a vlan tagged port on the vSwitch inside the server and create a VM on it to capture the (arp) traffic. It will show the vlan tags (assuming the NIC in the VM is configured correctly to not strip the vlan tag, see http://wiki.wireshark.org/CaptureSetup/VLAN). The client can then configure the appropriate vlan portgroups on the vSwitch and attach the VMs to them. answered 05 Oct '13, 00:42 SYN-bit ♦♦ |