Re: Vlan 1 weirdness

Mike Elliott · ‎09-26-2017

Ok I have quite a few of these SG300 switches installed and I can't for the life of me get devices on VLAN 1 to negotiate. The port comes up but they don't pass any traffic. In this example I am setting port 9 and port 8 to vlan 1 (the default vlan) and port 10 is my uplink to a Cisco 3750.

The vlan this switch resides on is 100

If I try and add vlan 1 to GE10's trunk, I get

switch222(config-if)#switchport trunk allowed vlan add 1,23,31,66,91,100
VLAN 1 : VLAN was not created by user

If I try add it to the database:

switch222(config-vlan)#vlan 1
VLAN 1: VLAN is occupied for internal usage after reset.

How do I use vlan1 on a port on this ?

Vlan91 is a voice vlan

Here's my full config (sanitized).

config-file-header

switch222

v1.4.7.6 / R800_NIK_1_4_194_194

CLI v1.0

set system mode switch

file SSD indicator encrypted

@

ssd-control-start

ssd config

ssd file passphrase control unrestricted

no ssd file integrity control

ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0

!

vlan database

vlan 23,31,66,91,100

exit

voice vlan id 91

voice vlan state oui-enabled

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

errdisable recovery cause port-security

hostname switch222

line console

exec-timeout 30

exit

line ssh

exec-timeout 0

exit

line telnet

exec-timeout 30

exit

no passwords complexity enable

username xxx password encrypted blah blah blah

privilege 15

ip ssh server

ip ssh password-auth

snmp-server server

ip http timeout-policy 1800

clock timezone " " -4

clock source sntp

clock source browser

ip domain name versaterm.com

!

interface vlan 23

name users

!

interface vlan 31

name "Guest Vlan"

!

interface vlan 66

name "Demo Vlan"

!

interface vlan 91

name Voice

!

interface vlan 100

name routing

ip address xx.xx.xx.xx 255.255.255.0

no ip address dhcp

!

interface gigabitethernet1

spanning-tree link-type point-to-point

spanning-tree bpduguard enable

switchport trunk allowed vlan add 91

switchport trunk native vlan 66

!

interface gigabitethernet2

storm-control broadcast enable

storm-control broadcast level 10

storm-control include-multicast

port security max 10

port security mode max-addresses

port security discard trap 60

spanning-tree portfast

spanning-tree bpduguard enable

switchport trunk allowed vlan add 91

switchport trunk native vlan 66

macro description ip_phone_desktop

!

interface gigabitethernet3

spanning-tree bpduguard enable

switchport trunk allowed vlan add 91

switchport trunk native vlan 23

!

interface gigabitethernet4

storm-control broadcast enable

storm-control include-multicast

port security max 10

port security mode max-addresses

spanning-tree portfast

spanning-tree bpduguard enable

switchport trunk allowed vlan add 91

switchport trunk native vlan 23

macro description guest

!

interface gigabitethernet5

spanning-tree bpduguard enable

switchport trunk allowed vlan add 91

switchport trunk native vlan 23

!

interface gigabitethernet6

spanning-tree bpduguard enable

switchport trunk allowed vlan add 91

switchport trunk native vlan 23

!

interface gigabitethernet7

spanning-tree portfast

spanning-tree bpduguard enable

switchport trunk allowed vlan add 91

switchport trunk native vlan 23

!

interface gigabitethernet8

spanning-tree portfast

spanning-tree bpduguard enable

switchport trunk allowed vlan add 91

!

interface gigabitethernet9

speed 100

no negotiation

spanning-tree bpduguard enable

switchport trunk allowed vlan add 91

!

interface gigabitethernet10

switchport trunk allowed vlan add 23,31,66,91,100

switchport default-vlan tagged

!

exit

macro auto disabled

macro auto processing type host enabled

macro auto processing type switch disabled

macro auto processing type ap disabled

macro auto built-in parameters ip_phone_desktop $max_hosts 10 $native_vlan 23

ip default-gateway <3750 Switch IP>

Rich Uline · ‎09-26-2017

Mike,

An internal VLAN is allocated automatically when creating a Layer 3 interface on the switch. You can use 'sh vlan internal usage' to see which interface is using VLAN 1. However, using VLAN 1 isn't really a good idea in the first place and should be avoided if possible.

Mike Elliott · ‎09-26-2017

This is sort of a special case use for this vlan. We only use it for printers and other admin type things. How do I enable the use of it?

switch222#show vlan internal usage

Prohibit Internal Usage VLAN list after reset:

Current Prohibit Internal Usage VLAN list:

VLAN Usage

------ ----------

4094 802.1x

switch222#

Mike Elliott · ‎09-27-2017

Ok so I changed the default vlan over to 100, and now layer 2 seems to be working, but I still can't get IP connectivity to the printer. I've tried setting the port as an access port, to no avail.

This works fine on our catalyst switches

Mike Elliott · ‎09-27-2017

Brain fart, I had set it to DHCP and I was trying to ping the old hardcoded IP

It's working as expected. Access port in vlan 1, default vlan is changed to 100, backend switch native vlan is set to 100.