Monday, July 15, 2013

Unidentified network on teamed interface

In this case I was configuring Windows Server 2012 with two network interfaces. Both network interfaces were added to a team interface. Team was configured in switched dependent / Address Hash / LACP mode. Server was connected on Cisco Catalyst 4507. Initial port configuration was like this:

interface Port-channelX
switchport trunk encapsulation dot1q
switchport trunk allowed vlan Y
switchport mode trunk

interface GigabitEtherneta/b
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group X mode active


interface GigabitEthernetc/d
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group X mode active


After rebooting the server, Windows Server 2012 was unable to identify the network even though the server was properly configured, connected and domain joined. After disconnecting and connecting the network, the server was able to identify the network and apply the right domain firewall profile. The reason for this behavior was Network Location Awareness service, which was unable to test the network for connection type, since the network was not available during boot time. And, the reason why the network was not available, were spanning tree blocking and learning states. To change this kind of behavior, and to skip spanning tree blocking and learning states
spanning-tree portfast trunk should be added to interface Port-channelX configuration.
After adding the spanning-tree portfast trunk, the server was able to determine the network during boot, and applied the appropriate network profile, which in my case was domain firewall profile.
 
If the server was connected on Cisco switch with NXOS, the port channel should be configured with spanning-tree port type edge which will skip the spanning tree blocking and learning states. More info on http://www.cisco.com/web/techdoc/dc/reference/cli/nxos/commands/l2/spanning-tree_port_type_edge.html .

No comments:

Post a Comment