09-26-2017 12:50 PM - edited 03-21-2019 11:16 AM
Ok I have quite a few of these SG300 switches installed and I can't for the life of me get devices on VLAN 1 to negotiate. The port comes up but they don't pass any traffic. In this example I am setting port 9 and port 8 to vlan 1 (the default vlan) and port 10 is my uplink to a Cisco 3750.
The vlan this switch resides on is 100
If I try and add vlan 1 to GE10's trunk, I get
switch222(config-if)#switchport trunk allowed vlan add 1,23,31,66,91,100
VLAN 1 : VLAN was not created by user
If I try add it to the database:
switch222(config-vlan)#vlan 1
VLAN 1: VLAN is occupied for internal usage after reset.
How do I use vlan1 on a port on this ?
Vlan91 is a voice vlan
Here's my full config (sanitized).
config-file-header
switch222
v1.4.7.6 / R800_NIK_1_4_194_194
CLI v1.0
set system mode switch
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 23,31,66,91,100
exit
voice vlan id 91
voice vlan state oui-enabled
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
errdisable recovery cause port-security
hostname switch222
line console
exec-timeout 30
exit
line ssh
exec-timeout 0
exit
line telnet
exec-timeout 30
exit
no passwords complexity enable
username xxx password encrypted blah blah blah
privilege 15
ip ssh server
ip ssh password-auth
snmp-server server
ip http timeout-policy 1800
clock timezone " " -4
clock source sntp
clock source browser
ip domain name versaterm.com
!
interface vlan 23
name users
!
interface vlan 31
name "Guest Vlan"
!
interface vlan 66
name "Demo Vlan"
!
interface vlan 91
name Voice
!
interface vlan 100
name routing
ip address xx.xx.xx.xx 255.255.255.0
no ip address dhcp
!
interface gigabitethernet1
spanning-tree link-type point-to-point
spanning-tree bpduguard enable
switchport trunk allowed vlan add 91
switchport trunk native vlan 66
!
interface gigabitethernet2
storm-control broadcast enable
storm-control broadcast level 10
storm-control include-multicast
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
spanning-tree bpduguard enable
switchport trunk allowed vlan add 91
switchport trunk native vlan 66
macro description ip_phone_desktop
!
interface gigabitethernet3
spanning-tree bpduguard enable
switchport trunk allowed vlan add 91
switchport trunk native vlan 23
!
interface gigabitethernet4
storm-control broadcast enable
storm-control include-multicast
port security max 10
port security mode max-addresses
spanning-tree portfast
spanning-tree bpduguard enable
switchport trunk allowed vlan add 91
switchport trunk native vlan 23
macro description guest
!
interface gigabitethernet5
spanning-tree bpduguard enable
switchport trunk allowed vlan add 91
switchport trunk native vlan 23
!
interface gigabitethernet6
spanning-tree bpduguard enable
switchport trunk allowed vlan add 91
switchport trunk native vlan 23
!
interface gigabitethernet7
spanning-tree portfast
spanning-tree bpduguard enable
switchport trunk allowed vlan add 91
switchport trunk native vlan 23
!
interface gigabitethernet8
spanning-tree portfast
spanning-tree bpduguard enable
switchport trunk allowed vlan add 91
!
interface gigabitethernet9
speed 100
no negotiation
spanning-tree bpduguard enable
switchport trunk allowed vlan add 91
!
interface gigabitethernet10
switchport trunk allowed vlan add 23,31,66,91,100
switchport default-vlan tagged
!
exit
macro auto disabled
macro auto processing type host enabled
macro auto processing type switch disabled
macro auto processing type ap disabled
macro auto built-in parameters ip_phone_desktop $max_hosts 10 $native_vlan 23
ip default-gateway <3750 Switch IP>
09-26-2017 01:08 PM
Mike,
An internal VLAN is allocated automatically when creating a Layer 3 interface on the switch. You can use 'sh vlan internal usage' to see which interface is using VLAN 1. However, using VLAN 1 isn't really a good idea in the first place and should be avoided if possible.
09-26-2017 01:12 PM
This is sort of a special case use for this vlan. We only use it for printers and other admin type things. How do I enable the use of it?
switch222#show vlan internal usage
Prohibit Internal Usage VLAN list after reset:
Current Prohibit Internal Usage VLAN list:
VLAN Usage
------ ----------
4094 802.1x
switch222#
09-27-2017 07:20 AM
Ok so I changed the default vlan over to 100, and now layer 2 seems to be working, but I still can't get IP connectivity to the printer. I've tried setting the port as an access port, to no avail.
This works fine on our catalyst switches
09-27-2017 08:42 AM
Brain fart, I had set it to DHCP and I was trying to ping the old hardcoded IP
It's working as expected. Access port in vlan 1, default vlan is changed to 100, backend switch native vlan is set to 100.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide