Solved: Re: C3560 VLANs with SG300 issue

danny.williams · ‎06-20-2012

Hi

I have configured a Cat560 with mulitple vlans, intervlan routing and IP helpers to allow our DHCP server to issue different subnets from different scopes.

On anything connected directly to the 3650 works as expected and can connect to both subnets, route traffic, pickup the correct IP etc.

If I connect a slave switch and configure with VLAN1 (native) it works correctly, however setting ports with VLAN10 tagging doesnt. I have setup the trunk ports on both switches and the C3650 is reporting trunk enabled and VLANs enabled over the trunk, but anything connected to the SG300 switch in a tagged VLAN10 port cannot communicate. Untagged VLAN1 works OK.

Am I missing anything on the SG300 regarding passing the correct VLAN10 traffic back to the 3650?

The network also has come older Cisco Small Business switches with VLAN100 configured for Voice in what appears to be an identical setup and they are passing both VLANs over the trunks correctly.

Thanks for any help.

Config;

C3650

!

ip routing

!

interface GigabitEthernet0/5

switchport trunk encapsulation dot1q

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

auto qos voip trust

flowcontrol receive desired

!

interface Vlan1

description DATA

ip address 192.168.168.53 255.255.255.0

ip helper-address 192.168.168.13

no ip redirects

!

interface Vlan10

description DATA-Subnet2

ip address 192.168.10.53 255.255.255.0

ip helper-address 192.168.168.13

no ip redirects

!

ip route 0.0.0.0 0.0.0.0 192.168.168.254 (1800 router)

SG300

vlan database
vlan 1,10
exit

interface vlan 1
ip address 192.168.168.32 255.255.255.0
exit
ip default-gateway 192.168.168.53

interface gigabitethernet1

no macro auto smartport

switchport mode general

switchport general allowed vlan add 10 tagged

switchport general ingress-filtering disable

exit

interface gigabitethernet2

no macro auto smartport

switchport mode general

switchport general allowed vlan add 10 tagged

switchport general ingress-filtering disable

exit

interface gigabitethernet3

switchport mode general

switchport general allowed vlan add 10 untagged

switchport general ingress-filtering disable

exit

interface gigabitethernet17

no macro auto smartport

switchport trunk allowed vlan add 10

exit

C3560 port 5 is trunked to SG300 port 17.

citadeltheatre · ‎06-21-2012

Hi Dan,

I managed to figure it out i cant post my config the SG200 doesnt have a command line like the 300.

So Port 1 is my connection to my desktop it is set as General 10UP (untagged pvid)

Then i went to my Trunk Port, Port 50, and then had to add all the vlans so it is now 1UP 10T 20T 99T

On my 3560 the only 2 commands i did was switchport trunk encapsulation dot1q and switchport mode trunk.....

Well it was working and then i tried a different vlan and now nothing is working again Ignore this last bit apparently i havent had enough coffee and was pinging IP's that dont exist. The above config should work.

Message was edited by: Paul Thorburn

View solution in original post

citadeltheatre · ‎06-20-2012

Hi Dan,

I ran into a simlar issue today setting up my 3560 trying to talk to an SG200 but i didnt have a chance to really look into it. I am a bit rusty on configuring switches but it looks like you are missing switchport mode trunk from your interface GigabitEthernet0/5. Dont you need to set that and the encapsuatlion?

Paul

danny.williams · ‎06-21-2012

Hi Paul

I have tried with and without the switchport mode trunk setting. Show Int Trunk does report it as a trunked connection with all VLANs enabled. But still no joy.

If i change the port to Switchport Mode Access and set the VLAN to 10, then I can get the VLAN traffic to pass through, but this is a bit of a fudge. It also restricts my SG300 to only VLAN10.

Regards

Dan

citadeltheatre · ‎06-21-2012

Hi Dan,

I managed to figure it out i cant post my config the SG200 doesnt have a command line like the 300.

So Port 1 is my connection to my desktop it is set as General 10UP (untagged pvid)

Then i went to my Trunk Port, Port 50, and then had to add all the vlans so it is now 1UP 10T 20T 99T

On my 3560 the only 2 commands i did was switchport trunk encapsulation dot1q and switchport mode trunk.....

Well it was working and then i tried a different vlan and now nothing is working again Ignore this last bit apparently i havent had enough coffee and was pinging IP's that dont exist. The above config should work.

Message was edited by: Paul Thorburn

danny.williams · ‎06-22-2012

Hi

Setting the ports to VLAN10 Untagged PVID sorted it.

I think i was over complicating things by trying to have VLAN1 Untag and VLAN10 Tag, when all I needed was VLAN 10 on the access port in question.

Thanks for your help.

Dan