01-24-2015 04:07 AM
prcswitch01#show running-config
config-file-header
prcswitch01
v1.3.5.58 / R750_NIK_1_35_647_358
CLI v1.0
set system mode router
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end XXXXXX
!
vlan database
vlan 12-15,20
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp pool network Workstations
address low 10.0.12.20 high 10.0.12.100 255.255.255.0
lease infinite
default-router 10.0.12.1
dns-server 10.0.15.200 8.8.8.8
exit
bonjour interface range vlan 1
hostname prcswitch01
username cisco password encrypted XXXXXXX privilege 15
ip ssh server
!
interface vlan 1
ip address 192.168.1.2 255.255.255.0
no ip address dhcp
!
interface vlan 12
name Workstations
ip address 10.0.12.1 255.255.255.0
!
interface vlan 13
name Management
ip address 10.0.13.1 255.255.255.0
!
interface vlan 14
name Public
ip address 10.0.14.1 255.255.255.0
!
interface vlan 15
name Private
ip address 10.0.15.1 255.255.255.0
!
interface vlan 20
name Storage
ip address 10.0.20.1 255.255.255.0
!
interface gigabitethernet3
switchport mode access
switchport access vlan 12
!
interface gigabitethernet4
switchport mode access
switchport access vlan 12
!
interface gigabitethernet5
switchport mode access
switchport access vlan 20
!
interface gigabitethernet6
switchport mode access
switchport access vlan 20
!
interface gigabitethernet7
switchport trunk allowed vlan add 13-15
!
interface gigabitethernet8
switchport trunk allowed vlan add 13,20
switchport trunk native vlan 12
!
interface gigabitethernet9
switchport trunk allowed vlan add 13-15
!
interface gigabitethernet10
switchport trunk allowed vlan add 13,20
switchport trunk native vlan 12
!
interface gigabitethernet11
switchport trunk allowed vlan add 13-15
!
interface gigabitethernet12
switchport trunk allowed vlan add 13,20
switchport trunk native vlan 12
!
interface gigabitethernet13
switchport mode access
switchport access vlan 12
!
interface gigabitethernet14
switchport mode access
switchport access vlan 12
!
interface gigabitethernet15
switchport mode access
switchport access vlan 12
!
interface gigabitethernet16
switchport mode access
switchport access vlan 12
!
interface gigabitethernet17
switchport mode access
switchport access vlan 12
!
interface gigabitethernet18
switchport mode access
switchport access vlan 12
!
interface gigabitethernet19
switchport mode access
switchport access vlan 12
!
interface gigabitethernet20
switchport mode access
switchport access vlan 12
!
exit
ip default-gateway 192.168.1.1
prcswitch01#
01-25-2015 03:19 AM
I have managed to get my second Layer 2 switch to talk to the Layer 3 switch but still having issues with getting the vlans working. I have setup a single vlan 20 as a test on my Layer 2 switch but cant talk to the device I have connected
These are the steps I've followed so far
-- Configure Trunk Port prcswitch01 to connect to prcswitch02
config t
interface gi2
switchport trunk allowed vlan add all
end
copy start run
-- Configure Vlan 20 prcswitch02
config t
int vlan 20
name Storage
end
copy start run
-- Config Port Membership prcswitch02
config t
int gi19
switchport trunk allowed vlan add 20
end
copy start run
NAS on IP 10.0.20.196 SN 255.255.255.0 GW 10.0.20.1
I am able to ping the management interfaces from prcswitch02
ping 10.0.20.1
But cant ping the NAS I have connected to port gi19
Please can someone help me with configuring these switches to work together.
Thanks
Paul
01-25-2015 05:10 AM
Ok, think I have sussed it.
I've made the following changes
Trunk between prcswitch01 port gi2 ------> prcswitch02 port gi1
Both have been given access to all vlans I want across the devices using TAGGED VLANS
I have then configured the ports which are attached to my QNAP NAS to allow access to VLAN 20 my storage VLAN and have configured them as UNTAGGED
I can now ping my QNAP NAS across my network.
Think this is the correct way to do it, can someone please pass some comments is this the correct way to do this.
Thanks
Paul
01-25-2015 11:58 PM
Hi Paul,
Exactly how it suppose to be. Note:
-> Trunk ports are used between infrastructure devices mainly and require one native VLAN untagged, matching Port VLAN ID and all the other VLANs need to be tagged so that both ends can distinguish which packet belongs to which VLAN;
-> Access ports are used to connect edge devices such as host, printers etc. when the device is not able to send tagged traffic, also it is good practice for security reason;
LAG may be good idea if:
1. the bottle neck on the network is link between two switches and traffic goes via this link;
2. there are many users accessing the same server - LAG is using MAC source/destination and IP source/destination algorithm thus it would not identify difference between two sessions from the same host to the same server;
I hope it helps,
Aleksandra
01-26-2015 10:32 AM
01-27-2015 05:44 AM
Hi Paul,
All depends really where the connection breaks.
1. if you cannot access NAS from the same subnet that may indicate that trunk between switches or switch and NAS is not working as expected; you may check mac address-table on switch port by port which are interconnecting devices used for testing;
2. if you cannot ping NAS being on different subnet but it works on the same subnet you have to check routing device on your network; please check default gateway for PC and NAS; you may also use tracert command to check how many routers the traffic passes through
I hope it helps a bit to narrow down,
Aleksandra
01-27-2015 10:13 AM
Hi Aleksandra,
I have been having a play with my switch and moved my esxi server to another couple of ports.
The interface that talks to the NAS on VLAN 20 via the management gateway on VLAN 13 is now able to talk to the NAS.
The only difference between this port and the port that doesnt work is that the new port has 1UP, 13T, 20T
Where the other port just has 13T 20UP
I try to change the PVID to 1 and all the vlans are removed. What is the relevance of having a PVID set to 1.
Thats the only difference I can see.
Thanks
Paul
01-28-2015 12:04 AM
Hi Paul,
PVID Port VLAN ID is plays important role. In a simple way this is the VLAN ID which is given to egress traffic when the traffic does not contain any VLAN tag.
Note tagged traffic is not modified at all on trunk ports.
Other information such as 13T and 20U it is more sort of the access control for ingress traffic. 13T would indicate that only tagged traffic with 13 tag is allowed otherwise any untagged traffic would be treated as VLAN 20.
In the most extreme setup when PVID does not match untagged traffic on the port such as 20U and 1P it would create scenario when host on this port can receive traffic on VLAN 20 but sends it on VLAN 1. This is how Private VLAN ports actually works.
Going back to your tests it could mean that port with 13T 20UP has set "admit tagged only".
Or there is a mismatch between layer 2 isolation (VLAN) and layer 3 addressing (subnet). When hosts in the same subnet are outside one broadcast domain.
Regards,
Aleksandra
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide