Re: Question on 802.1q trunks and L2TPv3

spfister336 · ‎07-07-2008

I've got a 3640 router that's connected to a 3550 switch. The trunking is set up as dynamic desirable, and I need to change it to be a dot1q trunk. I'm having a little trouble getting that done. I tried doing a:

switchport trunk encapsulation dot1q

switchport mode trunk

and the switch became unreachable. Do I need to add something like:

switchport trunk native vlan 77

?

Parts of the config are included below...

Thanks!

router

-------

interface FastEthernet0/0

no ip address

no ip redirects

no ip proxy-arp

ip pim sparse-mode

ip route-cache flow

speed 100

full-duplex

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 10.77.0.1 255.255.0.0

no snmp trap link-status

no cdp enable

!

interface FastEthernet0/0.77

encapsulation dot1Q 77

no snmp trap link-status

no cdp enable

xconnect 192.168.7.1 77 pw-class pw-dynamic

Switch

--------

interface FastEthernet0/48

switchport access vlan 77

switchport mode dynamic desirable

speed 100

duplex full

spanning-tree portfast

!

interface Vlan77

ip address 10.77.0.10 255.255.0.0

!

ip default-gateway 10.77.0.1

Edison Ortiz · ‎07-07-2008

The switch became unreachable because on the router you have Vlan 1 associated to subnet 10.77.0.1 while in the switch you have the SVI on Vlan 77 on that subnet.

You need to remove the IP address under Vlan 77 and apply it under Vlan 1 at the switch.

The reason is working in 'access vlan 77' is because the switch is sending the packets untagged and the router is receiving such packets on its native Vlan (Vlan 1).

HTH,

__

Edison.

Please rate helpful posts

spfister336 · ‎07-07-2008

But would that work? The 10.77.0.1 subnet is associated with vlan 77 elsewhere.

Edison Ortiz · ‎07-07-2008

where is 'elsewhere'? I'm only seeing 2 devices.

The router is not listing 10.77.0.0/16 as Vlan 77, it's listing it as Vlan 1.

__

Edison.

spfister336 · ‎07-07-2008

Sorry... I think I got a little bit confused. Most of our (older ATM-connected) remote sites have a 8500 switch, a 3640 router, plus some number of 2900/3500 series access switches. This particular site I'm dealing with only has one access switch. I thought there were others.

Anyway, I meant that most of the ports on this switch are assigned to vlan 77. It won't be a problem to move the 10.77.0.10 address from vlan 77 to vlan 1? I guess there's no way to do this remotely then?

Having the f0/0.77 interface on the router was a fairly late addition, put in while setting up a L2TPv3 tunnel. I was told that I'd need to take the ip address off the main interface and move it to a subinterface. I couldn't put it on the f0/0.77 interface, so that's when I created f0/0.1

Thanks for your help!

andrew.prince · ‎07-07-2008

AFAIK - the router will not negotiate a trunk port.

Your router interface config is wrong, change to the below:-

!

interface FastEthernet0/0.1

no encapsulation dot1Q 1 native

encapsulation dot1Q 77

!

The router is sending "un-tagged" packets into the switch, but the switch vlan 77 - is tagging them with 77, the switch will ignore them. the router will ignore the replies with the tagged "77" frames. Also change the switch port config to:-

interface FastEthernet0/48

no switchport access vlan 77

switchport trunk encapsulation dot1q

switchport mode trunk

speed 100

duplex full

no spanning-tree portfast

!

HTH.

spfister336 · ‎07-07-2008

I can try that again, but with FastEthernet0/0.77 using 'encapsulation dot1q 77' also, I think it gave me some sort of error and wouldn't do it. I can try it again and post the error that it gave me.

Edison Ortiz · ‎07-07-2008

Don't change the router side, change the switch side as I instructed, please.

The IP address in the switch is for management only, changing the Vlan and IP in the router is more disruptive for your network design.

HTH,

__

Edison.

andrew.prince · ‎07-07-2008

If it gave you an error - it means that the IOS version you have does not support dot1q sub-interfaces.

In this case - you cannot have the switch connected to the router interface as a trunk. You need to d/l an image that supports this feature.

HTH.

Edison Ortiz · ‎07-07-2008

Andrew,

It gave him an error because f0/0.77 is also using Vlan 77.

You can't have 2 subinterfaces on the same Vlan.

Your instruction is missing the 'clearing' the dot1q information from f0/0.77 prior applying the changes under f0/0.1

In the same token, I'm in disagreement on making the changes in the router while the solution is a lot simpler by changing the switch's SVI IP address which is only used for management, not routing.

__

Edison.

andrew.prince · ‎07-07-2008

Edison,

All fair comments I suppose, however - we all do things differently, which is the reason for theses forums! To get advise and seek solutions.

Regards,

Andrew.