Multiple VLANs on the Same Port on Cisco Catalyst 3508G XL Aggregation Switch

selahattin_cilek · ‎09-04-2017

On my old Catalyst 2508G-XL, I am trying to achive this:

Ports 1-2 -> Port Group 1, Trunked with a newer HP Switch

Ports 3-4 -> Port Group 2, Trunked with a newer HP Switch

Port 6-7-8 -> Port Group 3, Trunked with pfSense Router (Load Balanced LAGG, VLAN 1 - VLAN 2)

This is my configuration:

3508G-XL#show running-config
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3508G-XL
!
enable secret 5 ***************************************
!
!
!
!
!
!
ip subnet-zero
ip name-server 192.168.0.1
!
!
!
interface GigabitEthernet0/1
 port group 1 distribution destination
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no cdp enable
!
interface GigabitEthernet0/2
 port group 1 distribution destination
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no cdp enable
!
interface GigabitEthernet0/3
 port group 2 distribution destination
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no cdp enable
!
interface GigabitEthernet0/4
 port group 2 distribution destination
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no cdp enable
!
interface GigabitEthernet0/5
 switchport trunk allowed vlan 1,2,1002-1005
 switchport mode trunk
 no cdp enable
!
interface GigabitEthernet0/6
 port group 3 distribution destination
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no cdp enable
!
interface GigabitEthernet0/7
 port group 3 distribution destination
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no cdp enable
!
interface GigabitEthernet0/8
 port group 3 distribution destination
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no cdp enable
!
interface VLAN1
 ip address 192.168.0.3 255.255.252.0
 no ip directed-broadcast
 no ip route-cache
!
ip default-gateway 192.168.0.1
no cdp run
snmp-server engineID local 000000090200000AF4E6AC80
snmp-server community private RW
snmp-server community public RO
!
line con 0
 transport input none
 stopbits 1
 speed 115200
line vty 0 4
 login
 transport input none
line vty 5 15
 login
 transport input none
!
end

Here is my problem:

I have an old Lenovo T400 laptop. Its Intel 82567LM Ethernet card supports VLAN tagging. And there are two VLANs defined: VLAN 1, VLAN 2.

VLAN 1 address -> 192.168.0.2/22

VLAN 2 address -> 10.0.0.2/8

I want to connect this laptop to Port 5 on the switch. I want both VLANs to work on the same port so that I can use this laptop for multiple purposes.

How should I configure Port 5 so that the Lenovo T400 can communicate on both VLANs?

"This new learning amazes me, Sir Bedevere. Explain again how sheep's bladders may be employed to prevent earthquakes." King Arthur

selahattin_cilek · ‎09-04-2017

After a lot of trial&error, I finally got it to work!

It seems putting the port in access mode will not do the trick. What needs to be done is to put it in trunk mode:

interface GigabitEthernet0/5
 port group 4 distribution destination
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no cdp enable

This is identical to the configuration of the other ports exccept for the port group number.

I also had to configure the laptop's Intel card:

VLAN_MAIN -> Untagged

VLAN_INFO -> ID 2

Now it works like a charm.

"This new learning amazes me, Sir Bedevere. Explain again how sheep's bladders may be employed to prevent earthquakes." King Arthur

Seb Rupik · ‎09-04-2017

Hi there,

Since you do not have a port-channel to your laptop you can lose the port group command. Also you should specifify the VLANs you want to trunk to the laptop. The switchport should look like this:

!
interface GigabitEthernet0/5
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,2
  switchport mode trunk
  no cdp enable
!

cheers,

seb.

selahattin_cilek · ‎09-04-2017

Thank you very. I'll give that a try and keep you informed.

But what do you mean by "your laptop you can lose the port group command"? What can go wrong with the current configuration?

"This new learning amazes me, Sir Bedevere. Explain again how sheep's bladders may be employed to prevent earthquakes." King Arthur

selahattin_cilek · ‎09-04-2017

That worked too. But this time, when I tried to ping my laptop's DHCP-assingned IP, I got this:

# ping -S 192.168.0.1 192.168.0.109
PING 192.168.0.109 (192.168.0.109) from 192.168.0.1: 56 data bytes
64 bytes from 192.168.0.109: icmp_seq=0 ttl=128 time=0.298 ms
64 bytes from 192.168.0.109: icmp_seq=0 ttl=255 time=1.100 ms (DUP!)
64 bytes from 192.168.0.109: icmp_seq=1 ttl=128 time=0.191 ms
64 bytes from 192.168.0.109: icmp_seq=1 ttl=255 time=1.037 ms (DUP!)
64 bytes from 192.168.0.109: icmp_seq=2 ttl=128 time=0.200 ms
64 bytes from 192.168.0.109: icmp_seq=2 ttl=255 time=1.059 ms (DUP!)
64 bytes from 192.168.0.109: icmp_seq=3 ttl=128 time=0.198 ms
64 bytes from 192.168.0.109: icmp_seq=3 ttl=255 time=1.042 ms (DUP!)
64 bytes from 192.168.0.109: icmp_seq=4 ttl=128 time=0.233 ms
64 bytes from 192.168.0.109: icmp_seq=4 ttl=255 time=1.065 ms (DUP!)
64 bytes from 192.168.0.109: icmp_seq=5 ttl=128 time=0.206 ms
64 bytes from 192.168.0.109: icmp_seq=5 ttl=255 time=1.033 ms (DUP!)
^C

That did not happen with the previous configuration.

And it does not happen with the other DHCP-assigned IP:

# ping -S 10.0.0.1 10.0.0.4
PING 10.0.0.4 (10.0.0.4) from 10.0.0.1: 56 data bytes
64 bytes from 10.0.0.4: icmp_seq=0 ttl=128 time=0.235 ms
64 bytes from 10.0.0.4: icmp_seq=1 ttl=128 time=0.244 ms
64 bytes from 10.0.0.4: icmp_seq=2 ttl=128 time=0.244 ms
64 bytes from 10.0.0.4: icmp_seq=3 ttl=128 time=0.225 ms
64 bytes from 10.0.0.4: icmp_seq=4 ttl=128 time=0.235 ms
64 bytes from 10.0.0.4: icmp_seq=5 ttl=128 time=0.252 ms
64 bytes from 10.0.0.4: icmp_seq=6 ttl=128 time=0.249 ms 
...

What is happening?

"This new learning amazes me, Sir Bedevere. Explain again how sheep's bladders may be employed to prevent earthquakes." King Arthur