Solved: Re: 2960 and vlan access

rkovelman · ‎09-04-2013

Hi all,

I am trying to set up a 2960 that is on vlan 20, as all machines get an IP for that vlan but also allow all other vlans to connect to it. Below is the configuration I have for the uplink and all computers plugged into the interfaces. As of right now I do get an IP address from the DHCP server, which I think I need to tag the uplink port for vlan 20 but I also need to allow all vlans to connect to any other computers connected to the switch.

interface GigabitEthernet0/23

switchport access vlan 20

switchport trunk native vlan 20

switchport trunk allowed vlan 20-29

interface Vlan20

ip address 192.168.20.2 255.255.255.0

ip default-gateway 192.168.20.1

Does the 2960 not allow you to tag the native vlan? Is my config wrong?

Thank you

glen.grant · ‎09-04-2013

If you are just trying to trunk what you have on that switch the following should work on each end. Originally you had vlans 20-29 on it but the only vlans that shows on the switch is 1,2,,5,10,20 so that's all that needs to be allowed across the trunk to the layer 3 router.

interface GigabitEthernet0/24

switchport access vlan 20 ---> this does nothing while in trunk mode but doesn't hurt anything by being there. can be removed if wanted.

switchport trunk native vlan 20

switchport trunk allowed vlan 1,2,5,10,20

switchport mode trunk

switchport nonegotiate

Access port

switchport

switchport mode access

switchport access vlan XXX

switchport host ----> turns on portfast for client links.

View solution in original post

glen.grant · ‎09-04-2013

You tagged the native vlan with the command switchport trunk native vlan 20 . Guess I'm a little vague on the question . The native can really be any vlan as long as it matches on either end . If it's nontagged (native) then it really doesn't even need to be allowed across the trunk , you could just allow 21-29 .

rkovelman · ‎09-04-2013

Maybe I should word my question differently so my appologies on the confusion. I want to make sure all packets for a computer are untaged but the uplink port should be tagged correct? If that is true and int 24 is the uplink then this would be correct right?

interface GigabitEthernet0/24

switchport access vlan 20

switchport trunk native vlan 20

switchport trunk allowed vlan 20-29

Now if I have a computer plugged into interface 0/3 does that config need to change?

Thank you

barweiss45 · ‎09-04-2013

If port 24 is the trunk port (uplink to the next device such as a distrobution layer device or core), then all you need is:

int Gi0/24

!

! you can statically assign the trunking mode as I did below

!

switcport mode trunk

!
!if you want to prune the vlans for 20 through 29 only

!

switchport trunk allowed vlan 20-29

There is no need to have the command "Switchport Access vlan 20" on a trunk port as this is a trunk port, which carries multiple vlans. The native command tells the switch that packets that are not tagged are vlan 20 on the trunk. (See answer in https://learningnetwork.cisco.com/thread/8721)

Then on the ports the computers are plugged into all you will need is

int fa0/x

switchport mode access

switchport access vlan 20 -> when the switch receives traffic from this port it will tag it with vlan 20 when it goes out the trunk. When traffic is sent from the switch from this port it removes the 802.1q tag before sending it to the device on the access port.

I hope that helps clarifies it a little.

rkovelman · ‎09-04-2013

That is correct and what I thought but I want to confirm the programming side. Can you confirm this is correct for me?

interface GigabitEthernet 0/1-0/23 - Blank no configs

interface GigabitEthernet0/24

switchport trunk native vlan 20

!

interface Vlan1

no ip address

shutdown

!

interface Vlan20

ip address 192.168.20.2 255.255.255.0

!

ip default-gateway 192.168.20.1

Thank you

glen.grant · ‎09-04-2013

Uplink doesn't have to be tagged for vlan 20 as long as it's the native it should still pull an address ont he devices. It should work either way , whether it's tagged as part of the trunk or if it was untagged as part of the native vlan .

rkovelman · ‎09-04-2013

I tried that and was not able to pull from the dhcp server. I have essentally removed all configs for the ports to start over again. What should the upling port, port 24, have? What should all the other ports have? OR configured...?

rkovelman · ‎09-04-2013

Maybe this will help you help me

BackboneServerSwitch#sh int trunk

Port Mode Encapsulation Status Native vlan

Gi0/24 on 802.1q trunking 20

Port Vlans allowed on trunk

Gi0/24 1-4094

Port Vlans allowed and active in management domain

Gi0/24 1-2,5,10,20

Port Vlans in spanning tree forwarding state and not pruned

Gi0/24 1-2,5,10,20

BackboneServerSwitch#sh vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active

2 Voice active

5 VLAN0005 active

10 VLAN0010 active

20 VLAN0020 active Gi0/1, Gi0/2, Gi0/3, Gi0/4

Gi0/5, Gi0/6, Gi0/7, Gi0/8

Gi0/9, Gi0/10, Gi0/11, Gi0/12

Gi0/13, Gi0/14, Gi0/15, Gi0/16

Gi0/17, Gi0/18, Gi0/19, Gi0/20

Gi0/21, Gi0/22, Gi0/23

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

glen.grant · ‎09-04-2013

If you are just trying to trunk what you have on that switch the following should work on each end. Originally you had vlans 20-29 on it but the only vlans that shows on the switch is 1,2,,5,10,20 so that's all that needs to be allowed across the trunk to the layer 3 router.

interface GigabitEthernet0/24

switchport access vlan 20 ---> this does nothing while in trunk mode but doesn't hurt anything by being there. can be removed if wanted.

switchport trunk native vlan 20

switchport trunk allowed vlan 1,2,5,10,20

switchport mode trunk

switchport nonegotiate

Access port

switchport

switchport mode access

switchport access vlan XXX

switchport host ----> turns on portfast for client links.

rkovelman · ‎09-04-2013

Correct this is what I have and works fine.

interface GigabitEthernet0/1-23

switchport access vlan 20

interface GigabitEthernet0/24

switchport trunk native vlan 20

switchport mode trunk

switchport trunk allowed vlan 1,2,5,10,20 -> This is by default no?

switchport nonegotiate - What is this?

I did not do this although I have in the past. Everything on this switch is more server based then desktop level so I did not. Of course the servers have static IP's.

Access port

switchport

switchport mode access

switchport access vlan XXX

switchport host ----> turns on portfast for client links.