cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
977
Views
0
Helpful
17
Replies

trunking vlan issue

macboy276
Level 1
Level 1

Hi Everybody,

I have pasted the whole configuration of my cisco 3760 switch.

I have having a issue with vlan trunking

on ethernet port 1/0/1 i have configured switch mode trunk.

i have used the following command

switchport trunk encapsulation dot1q

switchport trunk nativ vlan 8

switchport trunk allowed vlan 1-10

If i use nativ vlan command then i get communication with the only described vlan. I want to be able to communicate with vlan 2 and 8.

switchport trunk nativ vlan 8 ( in this case if my laptop is configured with static ip address of vlan 3 it will not work) it will only work if laptop is configured with static ip from vlan 8

switchport trunk nativ vlan 2 ( in this case if my laptop is configured with static ip address of vlan 8 it will not work)it will only work if laptop is configured with static ip from vlan 2

i want to trunk in a way that i can access both vlan depending upon laptop configuration

version 12.2

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname ABCD2013SW01

!

logging buffered 64000 debugging

no logging console

enable secret 5 ----------------------

enable password 7 -------------------

!

username badmin privilege 15 secret 5 $1$3xoh$Hpp2jaldsfjladsfj

username muadminas privilege 15 secret 5 $1$YJb6$sCdareljlkje9ff

aaa new-model

aaa authentication login CON local

aaa authentication login VTY local

aaa authentication enable default enable

aaa authorization exec default local

!

aaa session-id common

clock timezone CET -5

clock summer-time EDT recurring

switch 1 provision ws-c3750g-24ts-1u

vtp mode transparent

ip subnet-zero

no ip source-route

ip routing

ip icmp rate-limit unreachable 1000

ip domain-name xxxxxx.xxx

ip name-server 192.168.1.2

ip name-server 192.168.1.3

!

ip dhcp-server 192.168.1.3

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

--More--         !

vlan internal allocation policy ascending

!

vlan 2

name inside

!

vlan 8

name Internal_LAN

!

interface Null0

no ip unreachables

!

interface GigabitEthernet1/0/1

description **LAN**

switchport trunk encapsulation dot1q

switchport trunk nativ vlan 8

switchport trunk allowed vlan 1-10

switchport mode trunk

no logging event link-status

spanning-tree portfast

!

interface GigabitEthernet1/0/2

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/3

description *** User Port ***

switchport access vlan 8

switchport mode access

no logging event link-status

spanning-tree portfast

!

interface GigabitEthernet1/0/4

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/5

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/6

description *** User Port ***

switchport access vlan 2

switchport mode access

--More--         !

interface GigabitEthernet1/0/7

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/8

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/9

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/10

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/11

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/12

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/13

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/14

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/15

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/16

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/17

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/18

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/19

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/20

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/21

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/22

description *** User Port ***

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/23

description *** User Port ***

switchport access vlan 8

switchport mode access

!

interface GigabitEthernet1/0/24

description *** User Port ***

switchport access vlan 8

switchport mode access

!

interface GigabitEthernet1/0/25

  description **UPLINK**

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-10

switchport mode trunk

!

interface GigabitEthernet1/0/26

description **UPLINK**

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-10

switchport mode trunk

!

interface GigabitEthernet1/0/27

description **UPLINK**

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-10

switchport mode trunk

!

interface GigabitEthernet1/0/28

description **UPLINK**

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-10

switchport mode trunk

!

interface Vlan1

no ip address

no ip redirects

ip directed-broadcast

no ip proxy-arp

shutdown

!

interface Vlan2

description ** Management **

ip address 192.168.1.92 255.255.255.0

no ip redirects

ip directed-broadcast

no ip proxy-arp

!

interface Vlan8

description ** Internal_LAN **

ip address 172.168.1.92 255.255.255.0

ip helper-address 192.168.1.3

no ip redirects

ip directed-broadcast

no ip proxy-arp

!

ip default-gateway 192.168.1.1

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip http server

ip http authentication local

!

access-list 97 remark ** NTP-ACCESS **

access-list 97 remark ** NTP-Server

access-list 97 permit 192.168.1.3

access-list 97 deny   any log

access-list 98 remark ** SNMP-ny   any log

access-list 98 remark ** SNMP-ACCESS  **

access-list 98 permit 192.168.1.60

access-list 98 deny   any log

access-list 99 remark ** VTY_ACCESS **

access-list 99 deny   any log

access-list 99 permit 192.168.1.0 0.0.0.255

snmp-server community abiYHORHAEN RO

snmp-server chassis-id ABCD2013SW01

radius-server source-ports 1645-1646

!

control-plane

!

banner exec ^CCCCCCCCC

    VMWAFAR TECHNOLOGY

you are now connected to: $(hostname).$(domain)

^C

banner login ^CCCCCCCCC

********************************************************************

**      banner                                                    **

**********************WARNING***************************************

*secure                                                            *

********************************************************************

^C

!

line con 0

exec-timeout 30 0

login authentication CON

history size 30

transport output none

stopbits 1

line vty 0 4

access-class 99 in

exec-timeout 30 0

password 7 091D5EADKRCR130700

logging synchronous

login authentication VTY

length 0

history size 30

transport preferred none

transport output none

line vty 5 15

access-class 99 in

exec-timeout 30 0

password 7 091D5E080138934450

logging synchronous

login authentication VTY

length 0

history size 30

transport preferred none

transport output none

!

ntp clock-period 36028917

ntp access-group peer 97

ntp server 192.168.1.7 prefer

end

17 Replies 17

Jan Hrnko
Level 4
Level 4

Hi,

The most probable case is that you PC can't really speak 802.1q language and it can't handle tagged frames. Therefore it drops them. That's why you can communicate in native vlan without problems (because the frames are all untagged).

I guess that if you change that IP to VLAN which is not native, your packet actually makes it to the destination (switch receives the frame untagged and routes the packet to appropriate VLAN thanks to SVI) but the reponse is dropped because your PC can't handle it (it comes back tagged - it isn't routed like before, because the switch, by all rights, sends it tagged over the trunk). Have you tried to sniff the communication through wireshark or similar tool?

You don't really need trunk port if you want to communicate with other VLANs, you just need to have ip routing enabled (which you have) and configure appropriate vlan interfaces  (SVIs and I saw you have them too).

So change that port to access mode, assign it to "normal" access VLAN and you shoud be just fine. Try it. And if you want to restrict access from-to different VLANs, use access-lists.

Remember that dot1q interfaces are rarely used when interconnecting a switch and end station (there are of course special cases, such as connecting a server with subinterfaces or Router-on-a-stick). Trunks (or tagged interfaces - as other vendors call them) are designed mainly to connect switches together.

Best regards,

Jan

Thank Jan, it is usefull information but the envirment i am having issue is not just laptop. VMware  servers are also configured here. which need vlan trunking.

Hi,

aaah yeah, allright. Sorry, I thought you are trying to connect just the laptop through that port - my apologies for all the basic info you surely know. So did you try to sniff some information through WShark or something similar? There could be many reasons why it doesn't work. And do you have servers alongside with laptops on that interface? Do these servers have issues as well? Also make sure that you have VMware configured for trunking. The thing is that end stations have to be able to understand dot1q - otherwise they will drop such frames. I know that you can configure that in Linux but I don't know which OS do you use.

Best regards,

Jan

Hi Jan,

on vmware guest operating system is windows 2008 server. Which value do i need to watch on wireshark

i also used show interface trunk

It gives me the following reply

vlans in spanning tree forwarding state and not pruned

Don't know whether this doc will help depending on what you are running VMware on -

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004252

Note that the native vlan must match on both ends of the trunk.

Jon

thanks jon

on vmware end it is set like the article

I'm not a VMware person so i don't know if that is exactly the server/version you are running but i thought it might help. Yes it is for the NIC on the server, nothing to do with the Cisco switch end.

Jon

it is not vm issue because if i connect my laptop it did not work either.

But, as Jan says, your laptop may not be understanding the vlan tags because on the switch end it is a trunk.

So if your NIC on the laptop was not running trunking and the WMware server is not set to trunk then it is a VMware server issue. Again, as Jan pointed out, it worked when you set your laptop was in the native vlan because the native vlan does not have a tag appled to the frames, but if it wasn't in the native vlan it didn't work, probably because it doesn't under the vlan tags.

Jon

Hi,

vlans in spanning tree forwarding state and not pruned

That's interesting... I just noticed that you have spanning-tree portfast configured under that interface but that is in place only if the port is in access mode. Try to configure it with spanning-tree portfast trunk instead.

Best regards,

Jan

Hi Jan

I changed to spanning-tree portfast trunk, no positive result


Hi,

I am not sure but that output from trunk is just not right. Either stp or pruning seems to be blocking the vlans for some reason. But you haven't got pruning enabled according to your configuration... and spanning tree is not blocking the vlans on that port, right?

Best regards,

Jan

sh interface trunk gives the following results. Yes, did not enabled prunning

Port        Mode         Encapsulation  Status        Native vlan

Gi1/0/1     on           802.1q         trunking      1

Gi1/0/3     on           802.1q         trunking      1

Gi1/0/25    on           802.1q         trunking      1

Port        Vlans allowed on trunk

Gi1/0/1     2,8

Gi1/0/3     2,8

Gi1/0/25    1-10

Port        Vlans allowed and active in management domain

Gi1/0/1     2,8

Gi1/0/3     2,8

Gi1/0/25    1-2,8

Port        Vlans in spanning tree forwarding state and not pruned

Gi1/0/1     2,8

Gi1/0/3     2,8

Gi1/0/25    1-2,8

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: