Re: Routing Issue VLAN

thomas.stockklauser · ‎01-20-2018

Hay Guys,

currently i setup my first Cisco switch and have a Problem.

I go inside in the Cisco switch, with the following:

-> Buissnes Network (untagged)

-> Guest Network with VLAN40 tagged

on with way i can route the VLAN 40 Tagged Data from my Router over the Port 5 of the C2960S switch to Port 30 - 34. On this Ports i must have the untagged and the Tagged Data.

So i need on all Ports the Untagged VLAN, on the Ports 30 - 34 the Tagged VLAN 40 from the Router and the Untagged from the Router. My AP use the Tagged to route the Guest Portal.

Regards

Regards and THX

Francesco Molino · ‎01-20-2018

Hi

Sorry but not understood your issue.
Can you maybe paste a quick sketch and the config of your switch and router?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

thomas.stockklauser · ‎01-20-2018

Hay,

sorry!

Now a litte better with an Image!

Input Eth5 from Cisco C2960S is connected to my Router that sends Untagged LAN 192.168.178.xxx with DHCP and Tagged VLAN 40 at IP 192.168.178.2.1 over this Cable.

Now i must Route to all Ports the Untagged IP 192.168.178.xxx and specialy to the Ports 30-34 the VLAN40 from my Router.

Francesco Molino · ‎01-20-2018

How your router is configured?

On your design, there's a server on untagged vlan 178.... Where is the default gateway of that subnet?

On the switch this server will be part of another vlan as the subnet is different for the one you called untagged and vlan 40. This means that if the default gateway is on the router, then you won't have 2 untagged vlan. Only 1 will be the native vlan and the other 2 tagged.

Let's assume your untagged router subnet will be vlan 10 on the switch and you also have vlan 40.

Below a quick sample of the Cisco switch config:

vlan 10

name UntaggedVlan

vlan 40

name VLAN040

!

interface g0/5

description Interface to Router

switchport mode trunk

switchport trunk allowed vlan 40

switchport trunk native vlan 10

!

interface range g0/30 - 35

description To APs

switchport mode trunk

switchport trunk allowed vlan 40

switchport trunk native vlan 10

!

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

thomas.stockklauser · ‎01-20-2018

Hay,

now i think i understand it better!

Is it required to set all Ports to Native VLAN 10 to have on all other Ports the untagged incommig IP Range 192.168.178.xxxx?

Francesco Molino · ‎01-20-2018

If you are connecting a device that needs 2 vlans and one of them isn't tagged on the device then you need to configure the native vlan and tag vlans that are tagged on the device

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

thomas.stockklauser · ‎01-21-2018

So now i Try the Config, i got the Buissnes Net (untagged) on all required Ports. Also i Configure Port 48 for direct Access to the Guest Network VLAN40.

But my Ports like 11 dont can handle Data on VLAN40, i get acces over the untagged Native VLAN but not over the Trunked VLAN 40

Port 1/0/17 is the Trunk in from my Router with the untagged Buissnes and the Guest VLAN with ID 40

Port 1/0/11 is a Accesspoint that requires Acces to the Buissnes net (untagged) this works and it requires the VLAN 40 Tagged packaged (also Tagged out on this Port). But it wont work :(

Her is my config

!
interface GigabitEthernet1/0/11
 description BIERGARTEN
 switchport trunk allowed vlan 40
end

Name: Gi1/0/11
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 40
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none


!
interface GigabitEthernet1/0/17
 description TRUNK_PORT
 switchport trunk allowed vlan 40
end

Name: Gi1/0/17
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 40
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none




VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4
                                                Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8
                                                Gi1/0/9, Gi1/0/10, Gi1/0/11
                                                Gi1/0/12, Gi1/0/13, Gi1/0/14
                                                Gi1/0/15, Gi1/0/16, Gi1/0/17
                                                Gi1/0/18, Gi1/0/19, Gi1/0/20
                                                Gi1/0/21, Gi1/0/22, Gi1/0/23
                                                Gi1/0/24, Gi1/0/25, Gi1/0/26
                                                Gi1/0/27, Gi1/0/28, Gi1/0/29
                                                Gi1/0/30, Gi1/0/31, Gi1/0/32
                                                Gi1/0/33, Gi1/0/34, Gi1/0/35
                                                Gi1/0/36, Gi1/0/37, Gi1/0/38
                                                Gi1/0/39, Gi1/0/40, Gi1/0/41
                                                Gi1/0/42, Gi1/0/43, Gi1/0/44
                                                Gi1/0/45, Gi1/0/46, Gi1/0/47
                                                Gi1/0/49, Gi1/0/50, Gi1/0/51
                                                Gi1/0/52
40   Guest                            active    Gi1/0/48
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup

Francesco Molino · ‎01-21-2018

Your port 11 isn't working with your tagged vlan 40?
What type of device you have connected to it?
You need to configure this device with a vlan id to works

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

thomas.stockklauser · ‎01-21-2018

Hay,

on Port 11 i have acces to the Managment Interface of the Accesspoint in the untagged Network (192.168.178.10), but no Access to the Tagged network (VLAN40) if i connect a "unmanaged" switch betwen the Router and the Accespoint, all works fine, the Cisco blocks the Traffic / dont send the traffic to him :( i have mor ports that have the same Problem

But i can Acces the VALN40 on Port 48, its configured as Static Acces to this VLAN.

Attached you see the Config of the Router and the Accespoint, this Config works the last 2 Years without the C2960S well...

Francesco Molino · ‎01-21-2018

On your first screenshot we see that ssid 2 is tagged but on 2nd screenshot there's no vlan 40 in vlan database.
This ap is a Cisco Ap? If so can you share the config on a text file?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

thomas.stockklauser · ‎01-22-2018

Hay,

so the Router (second Image) has on VLAN3 the Config for the Tagged VLAN.
The System Works fine with an Unmanaged Netgear GS108 Switch. Only the Cisco switch dont pass the Data!

The Wireless Config from this Picture is only for the Integrated Wifi of the Router and dosent depends on this Wired Soulution / Problem.

The Cisco is Connected to Port 2, its on the Cisco the 1/0/17 Port. The Cisco Received the Tagged Data, i configure the Port 48 with Static Acces and get an IP and can communicate with this Subnet. So i think the Data are missing to the trunk ports

GigabitEthernet1/0/48 is down, line protocol is down (notconnect)
  Hardware is Gigabit Ethernet, address is a0cf.5b85.cbb0 (bia a0cf.5b85.cbb0)
  Description: VLAN40_ACCES
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 12:29:02, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     12376 packets input, 1472121 bytes, 0 no buffer
     Received 8253 broadcasts (765 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 765 multicast, 0 pause input
     0 input packets with dribble condition detected
     7182 packets output, 2547056 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

Name: Gi1/0/48
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 40 (Guest)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Francesco Molino · ‎01-22-2018

Ok let's forget the wireless. The router is the gateway on vlan 40.
If that's the case then the vlan id had to be the same. On the switch you used vlan 40 while in router you're saying that vlan tagged is vlan 3. Change this vlan by vlan 40.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

thomas.stockklauser · ‎01-22-2018

Yes, its the Gateway on the VLAN with Tag 40 with IP 192.168.2.1 and also on the untagged VLAN with 192.168.178.1

The VLAN3 is in this case only the Configuration Slot, if you look in the rigth Table, you see that te packages are Tagged with 40, and it runs without Problems on the Switch with an Static Acess configured Port but not on the Trunk Ports

Francesco Molino · ‎01-22-2018

Ok you lost me.
What is connected to this trunk port?
On this device have you tagged the vlan id?

Can you do a span (monitor session) of that trunk port to validate that frames are tagged correctly?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question