cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
233
Views
5
Helpful
4
Replies

Connection lost when converting from trunk to access mode

tombrowning
Level 1
Level 1

Obligatory "I am new to configuring Cisco switches" comment and I apologise if I am asking a silly question.

The issue in a nutshell is that when configuring a stack of two Catalyst 3850 switches, if I convert a trunk port with one VLAN allowed to an access port with the same VLAN I can no longer ping it.

Here is the environment. 

Server A is a Windows 2012 server with NICs connected to ports g1/0/1 and g2/0/1 of the switch stack.  An etherchannel is configured, the ports are in mode active and in trunk mode with VLANs 101 and 102 allowed.  On the server side the NICs are teamed and VLAN tagging is enabled for two interfaces, management (101) and production (102).  The management interface has an address of 192.168.0.1.  Everything seems fine with this configuration.  The etherchannel is up with both interfaces in status P.

Server B is an ESX server. The management interface (VLAN 101) has two NICs connected to ports g1/0/2 and g2/0/2 of the same switch stack.  The NICs are not teamed.  IP address of the interface is 192.168.0.2.  On the switch no etherchannel is configured, the ports are in mode trunk allowed VLAN 101.

With the above configuration I can ping from server A to server B.  But if I set the ports g1/0/2 and g2/0/2 to mode access VLAN 101 I cannot ping.  Why not?

Also what is the downside (if any) to have the ports in trunk mode instead of access mode?

Whilst troubleshooting I have shutdown port g2/0/2 to simplify the configuration but with the same result, server A cannot ping server B unless

4 Replies 4

acampbell
VIP Alumni
VIP Alumni

Hi,

When you were in trunk mode even with only ONE vlan allowed
the traffic in that vlan is TAGGED towards your device.

When you remove the tunk mode and make it an access mode to
also remove the TAGGING for that VLAN outbound towards your
device.

So Server B must be expecting TAGGED traffic.

You will need to look at server B with respect to TAGGING.

Regards
Alex

Regards, Alex. Please rate useful posts.

Yes, that's correct.  The ESX server is configured for VLAN 101 on that interface. 

So, packets sent from ports g1/0/1 and g2/0/1 to port g2/0/2 on VLAN 101 will be forwarded to the server without VLAN tagging and I should remove the VLAN 101 configuration from the server interface, is that correct?

Hi,

If you are setting your switchports to access mode and in vlan 101 you wil NOT send the the vlan 101 tag.

So yes you will need to stop the server from expecting the vlan tag.

Regards

Alex

Regards, Alex. Please rate useful posts.

Great!  Thanks for your help Alex. 

Review Cisco Networking for a $25 gift card