Re: Trunk port not connecting other than default vlan - Page 2

erdene · ‎10-18-2023

I have a router on a stick set-up. Router is connected to the main switch (cisco 2960x series) via trunk port. Which accepts default vlan1 and vlan30,40 etc. I want to connect multiple vlans on one switchport and still connect to the network.

Router configuration below.

interface GigabitEthernet0/0/1

ip address 192.168.2.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface GigabitEthernet0/0/1.30

description vlan 30

encapsulation dot1Q 30

ip address 192.168.3.1 255.255.255.0

!

interface GigabitEthernet0/0/1.40

encapsulation dot1Q 40

ip address 192.168.4.1 255.255.255.0

Switch configuration below

interface GigabitEthernet0/1

switchport trunk allowed vlan 1,30,40

switchport mode trunk

Access ports which allowed vlan 30 or 40 (access ports accept one vlan only) connect vlan 30 or 40 devices just fine.

As soon as I configure one of the switchports to trunk and allow vlan 1,30,40 only devices from vlan1 connects to the network but not from vlan 30 or 40 devices.
Port configuration below

interface FastEthernet0/4

switchport trunk allowed vlan 1-2,30,40

switchport mode trunk

Essentially, I want to connect any vlan device to any switch port and still connect to my network.

Thank you

Martin L · ‎10-18-2023

then all ports are in vlan 1 on unmanaaged switch; those PCs will communicate only with other PCs in the same vlan 1 and on the same subnet.

Make sure you use crossover cable between switches

Regards, ML
**Please Rate All Helpful Responses **

erdene · ‎10-18-2023

@Martin L In that case directly connecting vlan30 device to mainswitch fa0/4 interface (simulating unmanaged no VLAN capable switch or even hub) should connect to network and it's not connecting. Connecting any VLAN device to the network is the main problem for me.

Regular access ports allow single VLAN. In my understanding that access port tags VLAN ID and connects the router via trunk port. But I want to make it accept multiple VLANs. In other words ingress tag multiple VLANs on switchport.

MHM Cisco World · ‎10-18-2023

UnmgmtSW-SW-R

UnmgmtSW to SW

SW must config with access vlan x (not make it as defult becuase defualt is vlan1)

SW-Router

Config SW as trunk.

Martin L · ‎10-18-2023

Check cable -should be crossover between switches; take your cable and connect 2 PCs together (same network/subnet).

Check unmanaged switch for operation; Connect 2 PCs on unmanaged switch. if they are on the same network/subnet, it should be ok.

Disable firewalls on PCs

Force managed port to be trunk 802.1Q on link to unmanaged switch.

What brand is unmanaged switch ?

Regards, ML
**Please Rate All Helpful Responses **

erdene · ‎10-19-2023

@MHM Cisco World thank you, unmanaged switch is literally not possible to configure. As on the uploaded PT file fa0/4 is already trunk. As long as fa0/4 accepts devices from VLAN1 and VLAN2 without separate configuration my issue is solved.

@Martin L I changed cable to crossover even all my switches have auto-MDIX. fa0/4 is already in trunk mode, what is a force trunk?

Thank you all

MHM Cisco World · ‎10-19-2023

Sorry this PT or real network?

Martin L · ‎10-19-2023

than check firewall on PCs and make sure they have same subnet/network mask. i.e. PC1 and PC2 have 192.168.2.x 255.255.255.0 and are on the same vlan 1. their default gateway is 192.168.2.1 .

My guess is that unmanaged switch only supports and runs only vlan 1. which is native vlan for all (cisco switches as well)

Forced trunk is port made trunk manually by manual config, not automatic DTP negotiation. Non-Cisco switches only support Dot1Q encapsulation and not Cisco ISL

Regards, ML
**Please Rate All Helpful Responses **

MHM Cisco World · ‎10-19-2023

My guess is that unmanaged switch only supports and runs only vlan 1. which is native vlan for all (cisco switches as well)

That confuse you and @erdene

Any SW can not config trunk send traffic through its ports as UNTAG

Sw2960 receive this untag traffic

Here why I mention you need to config access port with vlan x

When sw 2960 recieve untag traffic it will assume that this traffic is for vlan x (not vlan1).

So only make port connect to unmanaged sw as access with vlan x and all hosts connect to unmgmt sw will be in vlan x

Martin L · ‎10-19-2023

I see, so u saying if all PCs on unmanaged switch belong to vlan x and are on same subnet x, then force port connecting unamaged to Sw2960 as access port in vlan x on Sw2960 - even thou is became trunking port.

If u leave Sw2960 port to unamagned port as trunk port; it will accept only vlan 1 traffic (aka native vlan )

erdene · ‎10-19-2023

Thank you all,

@MHM Cisco World It's real-life network simplified in PT.

@Martin L All network devices are cisco devices. All network configrations and firewalls are configured correctly.

This network used to work with very simple setup and minimal configuration. RV082 router on a stick. RV082 has no CLI but has built-in VLAN capability. This old set-up used bunch of forking unmanaged switches and multiple VLANS. Without configuring any trunking. Cisco RV082 handled all routing, DHCP and vlan segmenting etc. You can say it was almost like a multi-layer switch configruation. Based on this, unmanaged switches do not tag any frames, just broadcast. Any VLAN can connect to any switch port. But when network grew RV082 no longer can handle the load.

With new set up my understanding is that

1. Trunk ports do not tag frames, only allow multiple VLANs to traverse.

2. Ingress VLAN tagging (incoming frame tag) is done on access ports by specifiying which vlan it's associated with command "switchport access vlan 30" etc. And access ports do not allow more than 1 VLAN. Atleast on my cisco2960 x-series.

3. That's why 2nd trunk port needs to receive already tagged frames.

This is my conclution and completely stumped.

Since RV082 can tag incoming frames without trunk port and solving everything internally, combination of ISR4331 and 2960 SW should get the job done.

Martin L · ‎10-19-2023

1, Trunk ports carry multiple vlans and should tag frames except the native vlan ones; 1 native vlan per 1 link, so one vlan is not tag but all other vlans are.

2, Yes, tagging happens on ingress at access port and there is 1 vlan for data and 1 for voice on access port ; so technically speaking there are 2 vlans per access port. switchport voice vlan x and switchport access vlan y

If a trunk gets untagged frame, it assumes it is native vlan (by default 1 unless u change number);

Regards, ML
**Please Rate All Helpful Responses **

MHM Cisco World · ‎10-19-2023

Sorry' I can not follow you

You mention first SW and Router and the you add unmgmt SW not small business router!!

I need to see your topolgy.

MHM

erdene · ‎10-20-2023

I uploaded PT file previously. As long as I can connect vlan30 or vlan1 device to mainswitch fa0/4 interface I'm happy.