Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1246
Views
5
Helpful
5
Replies

Firewall trunk interface not working on switch

SabeelShakeel00430
Level 1
Level 1

‎05-04-2022 08:09 AM

Hi,

 

We have a checkpoint firewall with a one vlan trunked on an interface. The interface is plugged into a trunk port on a catalyst 9300 switch, but doesnt seem to receive traffic. after including the native vlan in the interface config, it starts working.

 

Can someone explain why we need a native vlan for these two interfaces to pass traffic? the native vlan shouldn't be used if the vlan is being trunked.

 

Best Regards,

 

Sabeel

5 Replies 5

David Ruess
VIP
VIP

‎05-04-2022 08:15 AM

Hello,

 

The purpose of the native vlan is to let the switch know that it will send 1 vlan untagged, the "native vlan". Switch access ports dont tag vlans so by default their native vlan is the vlan its configured for (however on access ports its not called native vlan, its just a vlan).

 

My best guess is that 1 VLAN coming from the firewall is untagged, therefore once it reaches the 9300 it comes in untagged. So configuring the native VLAN on the 9300 allows the untagged vlan to pass through.

 

-David.

0 Helpful

paul driver
VIP
VIP

‎05-04-2022 08:31 AM

Hello
By default as stated vlan 1 is untagged, it could be that the CP Fw is untagging a vlan that isn't untagged on your switch so when you set that specific switch interconnect to be native you began receiving traffic.

Pease note you can have multiple different native vlans on the same switch on multiple switch interconnects because they are not switch specific but interface specific, it is not recommended but its is viable.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

MHM Cisco World
VIP
VIP

‎05-04-2022 02:59 PM

traffic use native VLAN or other VLAN, it seem work but I think it use native VLAN.

0 Helpful

paul driver
VIP
VIP
In response to MHM Cisco World

‎05-04-2022 03:59 PM

@MHM Cisco World Can you elaborate on this please as I don't understand what you are stating?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

SabeelShakeel00430
Level 1
Level 1

‎05-06-2022 01:45 AM

Hi Paul,

 

The interface on the CP has one vlan on it and is the only virtual interface. that exact same VLAN was trunked on the switch without a native vlan statement when it wasn't working. see below:

 

CP(Eth1.951) -------- switch (Gi1/0/4)

 

Eth1.951 vlan 951 is the only vlan on Eth1.

 

Switch (Gi1/0/4) interface contains switchport trunk command, switchport trunk allowed vlan 951 (and is administratively enabled).

 

With Gi1/0/4 set up like this: the vlan was not accessible by the site. When the Native vlan statement was added then all started working.

 

The native vlan is 999, but shouldn't be used as i specified the vlan on both ends.

 

Hope that clears things up a bit.

 

Best Regards,

 

Sabeel

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card