Solved: Configuring trunk between Layer2 and Layer3Switch

Ferdinand83 · ‎08-18-2022

Hi,

I'm completely new to networking and I found a config lab excersise on Wendell Odom's blog for the CCNA

I need to configure a trunk link between a Layer2(acces1) and Layer3(dist1) switch as shown in the image. If Iwant to allow all vlans through this trunk should I use?

switchport mode trunk

switchport trunk allowed vlan 10,20,30,40,50

how do I allow all vlans without having to list them all? can I do this with only one command on each switch?

thanks for your help

Richard Burts · ‎08-19-2022

I agree with the other comments about not being clear what this environment is. The diagram seems to suggest a routed link between the distribution switches. If that is the case then there is no need for vlans 30 and 40 to be present on access/distribution 1. But if there are 2 vlans on each access switch and one connection between the access switch and its distribution switch then that does need to be a trunk.

The original post asks a question that has not yet been addressed "how do I allow all vlans without having to list them all?". The answer is that when you configure switch mode trunk by default it allows all vlans on the trunk. You would use switchport trunk allowed vlan when you want some vlans on the trunk but not all vlans. So if you want all vlans on the trunk do not use this command.

HTH

Rick

View solution in original post

balaji.bandi · ‎08-19-2022

You have Dist1 and Dist2 connected with Layer 3 or Layer2 Trunk with VLAN Interface of 50 (you need to clarify that)

If they configured Layer3 between Dist1 to Dist2 Then :

you do not need all the VLAN allowed in the Trunk from

Dist2 to Access 2 switch :(both the sides) - allow 30 40 is good enough

switchport mode trunk

switchport trunk allowed vlan 30,40

Dist1 to Access 2 switch :(both the sides) - allow 10 20 is good enough

switchport mode trunk

switchport trunk allowed vlan 10,20

Note : - i take as all Layer 3 VLAN config will be added in distribution switch Dist2 and Dist2 (for the respected VLAN)

you may need static Route between Dist1 to Dist2 and Dist2 to Dist1 for all nodes to communicate (make sure ip routing enabled on dist1 and dist2 switch).

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

New-York Network · ‎08-19-2022

Hi there,

I am currently configuring a c888 series router.

I have a Lan network at 192.168.10.0/24 (Native Vlan 1 by default - ETH0-1-2-3).

An interface TO WAN THROUGH DIALER 1, the default route is via this DIALER 1 interface.

I configured a loopback10 interface:

ip address 10.0.0.1 255.255.255.255 !!! (Not real IP is just for example)

Outgoing nat performed:

ip nat inside source list 10 interface Loopback10 overload

I need to access from the outside to a machine which is on the LAN network, IP of the machine: 192.168.10.3/24.

I did port forwarding:

ip nat inside source static tcp 192.168.10.3 443 10.0.0.1 8083 extendable

I now need to filter incoming traffic so that certain public IPs can access this port forwarding:

I configured a standard Access-list 50

access-list 50 permit 99.20.10.63
access-list 50 permit 85.24.20.54

I added this access-list on the VLAN1 interface:

ip address 192.168.10.1 255.255.255.0
ip access-group 50 out
ip nat inside
ip virtual-reassembly in
no autostate

Port forwarding works and filtering by ip too. The problem is that the machine 192.168.10.3/24 cannot access the internet following this configuration while I can ping: ping 8.8.8.8 source vlan1.

Could you help me ?

Thanks

MHM Cisco World · ‎08-19-2022

No need allow VLAN in trunk since both ACCESS SW have different VLAN.
between the Dis1 and Dis2 run trunk and NOW allow VLAN 50
config the SVI for VLAN 50, this make Dis1 and Dis2 can connect to each other,
run ip routing in both Dis1 and Dis2
then you can run any routing protocol or run static route to make both Dis forward traffic destination to VLAN of other Dis via Trunk SVI VLAN 50

Richard Burts · ‎08-19-2022

I agree with the other comments about not being clear what this environment is. The diagram seems to suggest a routed link between the distribution switches. If that is the case then there is no need for vlans 30 and 40 to be present on access/distribution 1. But if there are 2 vlans on each access switch and one connection between the access switch and its distribution switch then that does need to be a trunk.

The original post asks a question that has not yet been addressed "how do I allow all vlans without having to list them all?". The answer is that when you configure switch mode trunk by default it allows all vlans on the trunk. You would use switchport trunk allowed vlan when you want some vlans on the trunk but not all vlans. So if you want all vlans on the trunk do not use this command.

HTH

Rick

Ferdinand83 · ‎08-19-2022

Hi Rick,

I'm trying to build the network on packet tracer. Do you have any idea what "native vlan mismatch" refers to? see image.It appears on both CLI multilayer switches Dist1 and Dist2. How can I solve this?

Thanks

MHM Cisco World · ‎08-19-2022

only one note here,
are you use native VLAN other than 1 in your config ?

also
try allow vlan 1 (or other VLAN if you config it as native VLAN ) in trunk

Richard Burts · ‎08-20-2022

I have several comments:

- the message about mismatch native vlan is generated by CDP and does not necessarily indicate anything that really impacts the network.

- it would help us understand the issue better if you would post the config of g0/1 on both switches. Also it might help if you would post the output of show interface trunk from both switches.

HTH

Rick