Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2392
Views
0
Helpful
9
Replies

Access port VLAN mismatch

BigDawgFelton
Level 1
Level 1

‎10-25-2012 07:14 PM - edited ‎03-07-2019 09:41 AM

Hey guys,

Quick question. I know it's not best practice but I have a network that currently all on VLAN 1 and can't be migrated to a new VLAN easily. Can I connect an access port in VLAN 1 to and access port on VLAN 20 on another switch? It's all the same subnet. I was seeing connectivity issues after doing this so I assume its not supposed to work.

Can I make this work?

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
9 Replies 9

Richard Burts
Hall of Fame
Hall of Fame

‎10-25-2012 08:35 PM

You have not supplied much detail about the switches and how they are configured. And there may be aspects of the configuration that are impacting this.

But on the face of it I would think that it should work. An access port is assigned to a VLAN but that is not indicated in the frames that it forwards. The access port just forwards normal Ethernet frames (and no tags etc with VLAN information). So I would expect that an access port in the first switch could communicate with an access port in the second switch without a problem, even if they are assigned to different vlans.

I wonder if there is some VTP issue or some negotiation issue that is impacting connectivity.

HTH

Rick

HTH

Rick
0 Helpful

johnlloyd_13
Level 9
Level 9

‎10-25-2012 08:52 PM

Theoretically no. You'll need a Layer 3 device (router or an L3 switch) for inter-vlan communication.

Sent from Cisco Technical Support iPhone App

0 Helpful

sunny.choudary
Level 1
Level 1
In response to johnlloyd_13

‎10-25-2012 09:20 PM

Johnlloyd_13 is partially right...

VLAN 1 is a special and it has is special use (DTP, VTP, STP, CDP etc..).

Connecting an access port in VLAN 1 to and access port on VLAN 20 on another switch will result in no connectivty. If it was any other vlan than VLAN 1 on then it will work.

0 Helpful

Hemakumar Sampath
Level 1
Level 1

‎10-26-2012 12:53 AM

Hi  Elton Babcock,

This wont work as it was rightly said by john, you need a Layer device to route the traffic.

0 Helpful

mlund
Level 7
Level 7

‎10-26-2012 01:44 AM

Hi

I agree with Rick.

This will work, it is only normal l2 frames that will be transported, no tagged frames.

But be aware of what Sonny mentioned about control packets, it will  be problem

vtp is only running on trunk ports, dtp can be turned off. cdp is a good idea to turn off, otherwise the switches will complain about "native vlan mismatch" although this is just an informational "error".

/Mikael

0 Helpful

glen.grant
VIP Alumni
VIP Alumni

‎10-26-2012 04:40 AM

As long as it's not trunked it will work. If you plan on trunking then i would straighten out the mismatched vlans. Not sure why it would be a problem to switch your Vlan 1 switch to vlan 20 , it would take all of 2 seconds with the interface range command .  Then everything would match up and be easier to troubleshoot and not be confusing to someone else looking at it .

0 Helpful

BigDawgFelton
Level 1
Level 1

‎10-26-2012 05:38 AM

Unfortunately I can't change the rest of the switches on this network from VLAN1. These switches also connect to switches that aren't managed by me and getting all of these switches to match would take a lot of coordination. Things were setup very poorly before I was assigned to this network.

Anyways the switches are a 2960 and a 2950. The 2960 would use a VLAN1 access port and the 2950 would use the VLAN20 access port. I am using VTP in transparent mode on both switches and will turn CDP off on those ports.

The isn't any routing that needs to take place between the two Vlans as it is all technically the same subnet just different VLAN numbers. Off of the VLAN 20 is a layer 3 NAT outside interface that I need users to access to get to a web server. This also is in the same subnet.

I just want to make sure I clear up anything such as control traffic like STP that might cause issues because of the different VLAN numbers.

Sent from Cisco Technical Support iPhone App

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to BigDawgFelton

‎10-26-2012 08:40 AM

Hello Elton,

I agree with Rick and Mikael.

The proposed setup will work between access ports.

I did the same in the past some years ago to join two management Vlans and it worked.

STP is not an issue on access ports because the IEEE standard version of BPDUs is used on access ports and the standard version has no embedded info about the vlan for which the STP instance is running.

As recommended disable CDP on both sides, and DTP.

Hope to help

Giuseppe

0 Helpful

schaef350
Level 1
Level 1

‎10-26-2012 08:53 AM

Here is an article that somewhat pertains to your situation that addressed a similar issue for me.  Its definatly not eligent but works.  Just be careful.

http://technologyordie.com/moving-a-subnet-to-a-different-vlan

- Be sure to rate all helpful posts
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card