cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
647
Views
15
Helpful
23
Replies

Absolutely lost on how to make this VLAN work

sicjp0
Beginner
Beginner

I've been trying for a few hours now to get a trunked VLAN to work on my topology. I'll attach a photo of what I'm working with. So to break it down, I want to set three vlan levels: 50, 60, and 75. If looking at the photo I posted, I only began working on the right side (SD - F1). Everything is dual-stacked outside of anything labeled "unused". Without the VLANs, I can get a ping from F1:SD Laptops to anywhere in the current San Diego network and everything else in the overall domain via OSPF+OSPFv3.

 

When I start assigning vlan interfaces and split the switch, it breaks my whole network and I can't even get a ping from F1:SD Laptops to the San Diego Main router let alone anywhere else in the San Diego network. I've tried doing RoaST with just one gi connection, tried two switches, tried the current setup with making the second line an encapped sub-interface, nothing works. I'm going post below the show runs for the router and switch below.

 

SD-F1 Switch

version 15.0

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname LAF1switchDB

!

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

enable password cisco

!

!

!

no ip domain-lookup

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface FastEthernet0/1

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/21

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/22

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/23

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/24

switchport access vlan 75

switchport mode access

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

switchport trunk allowed vlan 1-49,51-59,61-74,76-1005

switchport mode trunk

switchport port-security mac-address sticky

!

interface Vlan1

no ip address

shutdown

!

banner motd ^CNetwork maintenance Fri-Sun^C

!

!

!

line con 0

password enter

logging synchronous

login

exec-timeout 0 0

!

line vty 0 4

password telnet

login

line vty 5 15

login

!

!

!

!

end

 

San Diego Main Router

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname SDmainDB

!

!

!

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

enable password cisco

!

!

!

!

!

!

no ip cef

ipv6 unicast-routing

!

no ipv6 cef

!

!

!

!

license udi pid CISCO2911/K9 sn FTX1524RA0P-

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0

description Cnx to F1 only

ip address 193.169.30.126 255.255.255.128

duplex auto

speed auto

ipv6 address FE80::2 link-local

ipv6 address 2001:DB8:A:3A::1/64

ipv6 ospf 10 area 0

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1.1

description manage native vlan 1

encapsulation dot1Q 1 native

ip address 193.169.1.1 255.255.255.0

!

interface GigabitEthernet0/1.50

description Legal

encapsulation dot1Q 50

ip address 193.169.50.1 255.255.255.0

!

interface GigabitEthernet0/1.60

encapsulation dot1Q 60

ip address 193.169.60.1 255.255.255.0

!

interface GigabitEthernet0/1.75

description staff

encapsulation dot1Q 75

ip address 193.169.75.1 255.255.255.0

!

interface GigabitEthernet0/2

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/2/0

description Cnx to R2R SD Aux only

ip address 193.169.30.210 255.255.255.252

ipv6 address 2001:DB8:A:3D::2/64

ipv6 ospf 10 area 0

!

interface Serial0/3/0

description Cnx to New York

ip address 173.18.0.214 255.255.255.252

ipv6 address 2001:DB8:A:4B::2/64

ipv6 ospf 10 area 0

clock rate 2000000

!

interface Serial0/3/1

description Cnx to Chicago

ip address 193.169.30.213 255.255.255.252

ipv6 address 2001:DB8:A:4C::1/64

ipv6 ospf 10 area 0

!

interface Vlan1

no ip address

shutdown

!

router ospf 10

router-id 2.2.2.2

log-adjacency-changes

auto-cost reference-bandwidth 1000

network 193.169.30.212 0.0.0.3 area 0

network 173.18.0.212 0.0.0.3 area 0

network 193.169.30.0 0.0.0.127 area 0

network 193.169.30.208 0.0.0.3 area 0

!

ipv6 router ospf 10

router-id 2.2.2.2

log-adjacency-changes

!

ip classless

!

ip flow-export version 9

!

!

!

banner motd ^CNetwork Maintenance Fri-Sun^C

!

!

!

!

!

line con 0

exec-timeout 0 0

password enter

logging synchronous

login

!

line aux 0

!

line vty 0 4

password telnet

login

!

!

!

end

 

If any other show is needed, please let me know. I'm going on hour 3 right now trying to get this to work. Thank you!

23 Replies 23

Flavio Miranda
Advisor
Advisor

Hi

 Did you try without Port-Security on trunk port?

 

no switchport port-security mac-address sticky

Just tried and it didn't work. 

Can you share the .pkt file so we try to help?  I know you already share the config , but, if possible, let me take a look on the file.

You need to zip it first.

Sure thing, I'll upload it to this reply. 

Passwords are in the pkt file itself as a comment to right. 

sticky macs should be showing up in the running config

I had no problem configuring vlan ont that trunk.  Did you get somewhere?

David Ruess
Rising star
Rising star

Hello,

 

Is there a reason you blocked those 3 vlans from being allowed to the router?

 

On SD-F1 switch to router:

 

interface GigabitEthernet0/2

switchport trunk allowed vlan 1-49,51-59,61-74,76-1005 (you haven't allowed the 3 VLANs you created)

switchport mode trunk

switchport port-security mac-address sticky <- remove this

 

You might also have to make the native vlan 1 on the trunk of the Switch since on the router you have it for the dot1q encapsulation.

 

Secondly. The interface you configured for Router on a Stick is not the same interface in the diagram. You configured g0/1.50, etc but the interface is  g0/0 so it should be the g0/0.50 interface that gets the IP and configuration.

 

If it is correct and something is labeled wrong then add the VLANs to the trunk

 

switchport trunk allowed vlan add 50 , 60 , 75

 

-David.

 


@David Ruess wrote:

Hello,

 

Is there a reason you blocked those 3 vlans from being allowed to the router?

 

On SD-F1 switch to router:

 

interface GigabitEthernet0/2

switchport trunk allowed vlan 1-49,51-59,61-74,76-1005 (you haven't allowed the 3 VLANs you created)

switchport mode trunk

switchport port-security mac-address sticky <- remove this

 


I have no idea why I did that. I took off the address sticky and I just went back and did switchport trunk allowed vlan add x for 50, 60, and 70 but now I get this. 

LAF1switchDB#show int trunk

Port Mode Encapsulation Status Native vlan

Gig0/2 on 802.1q trunking 1




Port Vlans allowed on trunk

Gig0/2 1-1005




Port Vlans allowed and active in management domain

Gig0/2 1,50,60,75




Port Vlans in spanning tree forwarding state and not pruned

Gig0/2 1,50,60,75

Is this supposed to be right?  

 

You might also have to make the native vlan 1 on the trunk of the Switch since on the router you have it for the dot1q encapsulation.

 

Secondly. The interface you configured for Router on a Stick is not the same interface in the diagram. You configured g0/1.50, etc but the interface is  g0/0 so it should be the g0/0.50 interface that gets the IP and configuration.


Would it be better to eliminate the native vlan 1 encaps then?

It's double wired out of the router to the switch with the normal IPv4 and 6 routing going through gi0/0 to the switch's gi0/1. Am I able to use just one wire from the router to the switch? 

Yes you can use the same link for IPv4 and IPv4 networks.

 

I believe you have to have the dot1 encapsulation type so the VLAN coming from teh switch is translated out of the correct sub interface on the router.

 

The trunk link is normal. The only reason you have those vlans on the port in forwarding state means those are the only ones active on the switch. 1 is the default and 50, 60, 75 are the only ones with ports assigned. 

 

-David

Georg Pauwen
VIP Master VIP Master
VIP Master

Hello,

 

is this the interface connected to the router ?

 

interface GigabitEthernet0/2

switchport trunk allowed vlan 1-49,51-59,61-74,76-1005

switchport mode trunk

switchport port-security mac-address sticky

 

try the most basic config as below. As it is right now, you are blocking the Vlans you want to be trunked.

 

interface GigabitEthernet0/2

switchport mode trunk

Yes, that's the interface. I unblocked the appropriate vlans but I'm getting this for my int trunk on the switch

LAF1switchDB#show int trunk

Port Mode Encapsulation Status Native vlan

Gig0/2 on 802.1q trunking 1




Port Vlans allowed on trunk

Gig0/2 1-1005




Port Vlans allowed and active in management domain

Gig0/2 1,50,60,75




Port Vlans in spanning tree forwarding state and not pruned

Gig0/2 1,50,60,75

So I'm not sure if it's even allowing any of the VLANs through other than 1-1005?

I do not understand this statement "So I'm not sure if it's even allowing any of the VLANs through other than 1-1005?" It is not allowing 1 through 1005. It is allowing 1, 50, 60, and 75. Those are the vlans that you tell us you want to work. It looks to me like they should work now.

 

HTH

Rick

Sorry, I see where I got confused.

I tried to redo it and I'm still not getting any successful pings between end devices and the router or anywhere else on the network. I've tried everyone's advice above. 

San Diego Main show run:

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname SDmainDB

!

!

!

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

enable password cisco

!

!

!

!

!

!

no ip cef

ipv6 unicast-routing

!

no ipv6 cef

!

!

!

!

license udi pid CISCO2911/K9 sn FTX1524RA0P-

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0

description Cnx to F1 only

ip address 193.169.30.126 255.255.255.128

duplex auto

speed auto

ipv6 address FE80::2 link-local

ipv6 address 2001:DB8:A:3A::1/64

ipv6 ospf 10 area 0

!

interface GigabitEthernet0/0.50

encapsulation dot1Q 50

ip address 193.169.50.254 255.255.255.0

!

interface GigabitEthernet0/0.60

encapsulation dot1Q 60

ip address 193.169.60.254 255.255.255.0

!

interface GigabitEthernet0/0.75

encapsulation dot1Q 75

ip address 193.169.75.254 255.255.255.0

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/2

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/2/0

description Cnx to R2R SD Aux only

ip address 193.169.30.210 255.255.255.252

ipv6 address 2001:DB8:A:3D::2/64

ipv6 ospf 10 area 0

!

interface Serial0/3/0

description Cnx to New York

ip address 173.18.0.214 255.255.255.252

ipv6 address 2001:DB8:A:4B::2/64

ipv6 ospf 10 area 0

clock rate 2000000

!

interface Serial0/3/1

description Cnx to Chicago

ip address 193.169.30.213 255.255.255.252

ipv6 address 2001:DB8:A:4C::1/64

ipv6 ospf 10 area 0

!

interface Vlan1

no ip address

shutdown

!

router ospf 10

router-id 2.2.2.2

log-adjacency-changes

auto-cost reference-bandwidth 1000

network 193.169.30.212 0.0.0.3 area 0

network 173.18.0.212 0.0.0.3 area 0

network 193.169.30.0 0.0.0.127 area 0

network 193.169.30.208 0.0.0.3 area 0

!

ipv6 router ospf 10

router-id 2.2.2.2

log-adjacency-changes

!

ip classless

!

ip flow-export version 9

!

!

!

banner motd ^CNetwork Maintenance Fri-Sun^C

!

!

!

!

!

line con 0

exec-timeout 0 0

password enter

logging synchronous

login

!

line aux 0

!

line vty 0 4

password telnet

login

!

!

!

end

SD-F1 Switch show run

version 15.0

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname LAF1switchDB

!

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

enable password cisco

!

!

!

no ip domain-lookup

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface FastEthernet0/1

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/21

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/22

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/23

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/24

switchport access vlan 75

switchport mode access

!

interface GigabitEthernet0/1

switchport mode trunk

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

banner motd ^CNetwork maintenance Fri-Sun^C

!

!

!

line con 0

password enter

logging synchronous

login

exec-timeout 0 0

!

line vty 0 4

password telnet

login

line vty 5 15

login

!

!

!

!

end

 

So on the Router you have the G0/0 interface configured with an IP and then you have sub interfaces configured with an IP. You need to remove the interface configuration and apply things you need to the sub interfaces. You also aren't advertising the sub interface IPs into OSPF so other devices that learn OSPF dont know where they are. You can do that 1 of 2 ways since you have everything in OSPF area 0 anyway.

 

router ospf 1

network 0.0.0.0 0.0.0.0 area 0

 

or

 

router ospf 1

network 193.169.50.0 0.0.0.255 area 0

network 193.169.60.0 0.0.0.255 area 0

network 193.169.75.0 0.0.0.255 area 0

 

Dont forget if you need IPv6 on the sub interfaces you will need to configure that as well separately. Keeping the G0/0 interface blank

 

-David

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: