Re: Trunking from SG350 to Catalyst 3750-E

mattwsrogers · ‎05-23-2021

Hi I wondering if anyone might be able to help me with a port trunking issue I can't seem to wrap my head around!

I am very new to networking and Cisco switches in particular - I have had a dabble with HP switches in the past mainly the ProCurve range. I've followed quite a few guides but am unable to get a working trunk link between my SG350 that I'm using as my Layer 3 switch to my Catalyst 3750-E.

I previously had a trunk working properly between a HP 2910al and the SG350 which passed all my VLANs over it and I could ping each SVI configured on my SG350. Since changing to a Catalyst i'm struggling to pass VLANs over my trunk. My SG350's management VLAN is VLAN (101 10.100.101.1) and my Catalyst management is on VLAN 101 (10.100.101.2). They can however ping each other because they are in the same VLAN, 10.100.101.1 can ping 10.100.101.2 and vice versa.

I just can't seem to ping my other VLAN interfaces 10.1.1.1, 10.1.55.1 etc

I did think it might be something to do with Native VLAN mismatch as the SG350 was giving me some errors but so far I've tried everything I know of to make it work and had a quick Google around but with no avail! Hopefully someone can point me in the right direction!

-------------------------------------------------------------------------------------------------------

SG350 Configuration

-------------------------------------------------------------------------------------------------------

config-file-header
Cisco-SG350
v2.5.7.85 / RCBS3.1_930_871_059
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
vlan database
vlan 10,55,100-101
exit
voice vlan state auto-triggered
voice vlan oui-table add 0001e3 Siemens_AG_phone
voice vlan oui-table add 00036b Cisco_phone
voice vlan oui-table add 00096e Avaya
voice vlan oui-table add 000fe2 H3C_Aolynk
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone
voice vlan oui-table add 00e075 Polycom/Veritel_phone
voice vlan oui-table add 00e0bb 3Com_phone
arp timeout 60000
ip dhcp server
ip dhcp pool network "Home Devices"
address low 10.1.55.50 high 10.1.55.100 255.255.255.0
default-router 10.1.55.1
dns-server 8.8.8.8
exit
no boot host auto-config
no boot host auto-update
hostname Core-Switch-SG350
username cisco password encrypted $15$AkvMTSQ1TNPO63p1$+WMCCRs4cIntdkw0Jbw5P4dsF/MjeMzCnll95fO8c3Uz6gw0bxX+r+KzdT9w1xu+9gY5Vvlgx971kvyHQq3ZIg== privilege 15
ip ssh server
clock timezone J 0 minutes 0
!
interface vlan 1
no ip address dhcp
!
interface vlan 10
name Servers
ip address 10.1.1.1 255.255.255.0
!
interface vlan 55
name Home_Devices
ip address 10.1.55.1 255.255.255.0
!
interface vlan 100
name SAN_Mgmt
ip address 10.100.100.1 255.255.255.0
!
interface vlan 101
name Switch_Mgmt
ip address 10.100.101.1 255.255.255.0
!
interface GigabitEthernet1
switchport access vlan 10
!
interface GigabitEthernet2
switchport access vlan 10
!
interface GigabitEthernet3
switchport access vlan 10
!
interface GigabitEthernet4
switchport access vlan 10
!
interface GigabitEthernet5
switchport access vlan 10
!
interface GigabitEthernet6
switchport access vlan 10
!
interface GigabitEthernet7
switchport access vlan 10
!
interface GigabitEthernet8
switchport access vlan 55
switchport trunk allowed vlan 2-4094
!
interface GigabitEthernet9
switchport access vlan 10
!
interface GigabitEthernet10
switchport mode trunk
switchport access vlan 101
switchport trunk native vlan 101
switchport trunk allowed vlan 10,20,50,55,99-101,192,200
switchport nni ethtype dot1q
!
exit
macro auto controlled
arp 10.1.1.254 c4:7d:4f:82:53:12 vlan10
arp 10.1.55.254 c0:c9:e3:85:35:56 vlan55
arp 10.100.101.2 00:25:45:02:b4:41 vlan101
ip default-gateway 10.1.1.254
Cisco-SG350#

-------------------------------------------------------------------------------------------------------

Catalyst 3750-E

-------------------------------------------------------------------------------------------------------

Current configuration : 2004 bytes
!
! Last configuration change at 01:07:14 UTC Mon Jan 2 2006
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
switch 1 provision ws-c3750e-24td
system mtu routing 1500
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
switchport trunk encapsulation dot1q
switchport trunk native vlan 101
switchport mode trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface Vlan1
no ip address
!
interface Vlan10
no ip address
!
interface Vlan100
no ip address
!
interface Vlan101
ip address 10.100.101.2 255.255.255.0
!
ip forward-protocol nd
!
!
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.100.101.1
!
!
!
!
!
line con 0
line vty 5 15
!
!
end

Switch#

Any help would be appreciated!

Thanks, Matt

balaji.bandi · ‎05-23-2021

Which switch acting as main device here ? 3750 or SG350 ?

change below on SG 350

interface GigabitEthernet10
switchport mode trunk
no switchport access vlan 101
switchport trunk native vlan 101
switchport trunk allowed vlan 10,20,50,55,99-101,192,200
switchport nni ethtype dot1q

as per SG350 concern, it has a default gateway towards 10.1.1.254

I do not see any IP routing here (so thinking that still this act as Layer 2 Only) - so there is no routing take place.

Enable Routing whichever switch acting as Routing device.

check to make sure you ping VLAN 101 able to ping each other before you proceed further.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mattwsrogers · ‎05-24-2021

Thanks for your reply

Apologies I should have stated that the SG350 is connected to a firewall with it's inside interface set as 10.1.1.254. All my default traffic will go to the Firewall and out for Internet Access.

The SG350 is acting as my 'Core' Layer 3 switch.

IP routing is enabled on the GUI but it doesn't look like its showing up in the running-config which is odd so I'll double check that!

I do want to use the SG350 as my routing device though - ultimately I'm going to have quite a simple setup with about 6 VLANs

interface GigabitEthernet10
switchport mode trunk
no switchport access vlan 101
switchport trunk native vlan 101
switchport trunk allowed vlan 10,20,50,55,99-101,192,200
switchport nni ethtype dot1q

I'll make this change tonight to see if it fixes the problem - is there a reason why I have to use the no switchport access vlan 101 on the SG350 - does that port not need to be a member of VLAN 101? The interface GigabitEthernet10 is itself 10.100.101.1 and connected with a trunk directly to port 24 on the Catalyst 3750-E which should have the IP address 10.100.101.2

Sorry for my confusion!

Thanks, Matt

balaji.bandi · ‎05-24-2021

If the SG350 is your Layer 3 Device then you need to enable Layer 3 device, and use ip route command instead of default gateway.

Look at the video how to make Layer 3

https://www.youtube.com/watch?v=xK5HmMlaIlg

https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5724-configure-ipv4-static-routes-settings-on-a-switch-through-th.html

make sure you also route back from FW towards SG350 back. for the IP address behind SG350 Switches.

s there a reason why I have to use the no switchport access vlan 101

this become Access Port - if you like to be trunk allow VLAN you need to remove that Line.

Hope this make sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mattwsrogers · ‎05-24-2021

In the end I had a bit of a play around and came to the conclusion that the command no switchport access vlan 101 isn't a command that can be used on the SG series of switches as it's not running IOS but rather a Linksys CLI (please correct my if i'm wrong though!)

After some playing around and making some tweaks I figured it probably had something to do with the SG350 config and potentially the Native VLAN as this was a consistent warning on the SG350 when I brought the switchport up that trunked the SG350 to the Catalyst.

Going through the configs line by line I noticed that I had no default gateway set on the Catalyst 3750-E and was setting a default route instead - amateur mistake..Doh!

So i've added ip default-gateway 10.100.101.1 and I can finally ping the VLAN interfaces on the SG350.

My only question and I guess my confusion that I'm hoping someone could shed some light on is that when I added the command switchport trunk native vlan 101 to the interface connecting my switches via a Trunk it changed the switchport from tagged to untagged on VLAN 101 (see untagged 101.PNG) and this also gave the running-config output of:

interface GigabitEthernet10
switchport mode trunk
switchport trunk native vlan 101
switchport trunk allowed vlan 2-4094

When I change the switchport back to tagged or add no switchport trunk native vlan 101 it changes the port back to untagged and gives the running-config output of:

interface GigabitEthernet10
switchport mode trunk
switchport trunk allowed vlan 2-4094

I guess both configurations allow me to achieve the same goal which is to create a Trunk between the SG350 and Catalyst 3750-E and allow the SG350 to carry out my Inter-VLAN routing and use it as a 'Core' switch but from everything I've read so far the best practice is to have both sides of the Trunk 'tagged'.

So I guess my question is what is different about each configuration and which what impact does the Native VLAN have on trunking? And what is considered to be 'best practice' when configuring a Trunk between switches?

Thanks in advance

Matt

Martin Aleksandrov · ‎05-25-2021

Hello mattwsrogers,

That behaviour of the switch when entering on the trunk interface switchport trunk native vlan XX is reasonable. The switchport trunk native vlan XX interface command defines the native VLAN for a trunk interface. By default on SG350 switch, native VLAN is the default VLAN and using the no form of this command restores the default native VLAN. (https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350xg/cli_guide/CLI_Tesla_SG350X_SG350XG_2_2_5.pdf page 1288)

Remember native VLAN on both trunk interfaces must be the same. Here is a simple guide on how to configure VLANs and Trunk ports. Keep in mind not all IOS commands are 100% identical and available in SG350 series switches. The Cisco Small Business and Cisco Business switches are non-Cisco IOS-based devices but use a proprietary Cisco software that runs similar to the Cisco classic IOS commands.

Regards,

Martin