Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
870
Views
0
Helpful
4
Replies

VLAN access Issue

paul.tim681
Level 1
Level 1

‎10-25-2011 05:45 AM - edited ‎03-07-2019 03:02 AM

Hi

On Catalyst 4500 switch I configured 4 VLANS and on access switch there is command "Switchport trunk allowed vlan" ;

From any server in vlan 3 I cannot access RDP to a user PC on vlan 2  ;  but vice-versa from any PC on vlan 2 I can RDP to Server in VLAN 3

4500 configuration

vlan 2

name users

vlan 3

name server

vlan 4

name management

vlan 5

name guest

interface vlan 2

ip address 10.10.10.1 255.255.255.0

interface vlan 3

ip address 192.168.1.1 255.255.255.0

interface vlan 4

ip address 10.10.100.1 255.255.255.0

interface vlan 5

ip address 192.168.100.1 255.255.255.0

The port which connects to the Access switch is configured

switchport trunk encap dot1q

switchport mode trunk

on 2960 access switch

int gi 0/0

switchport mode trunk

switchport trunk allowed vlan 2

all FastEthernet ports are configured as

switchport mode access

switchport access vlan 2

Any input how to tackle this issue.

cheers

Paul

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎10-25-2011 05:52 AM

Hi,

Can you provide the configs for vlan 3 on the 2960 switch?

If you have multiple vlans configured on the 2960 (vlan 1,2,...) then you need to allow them in your uplink or just do a

switchport mode trunk to allow all.

HTH

0 Helpful

paul.tim681
Level 1
Level 1
In response to Reza Sharifi

‎10-25-2011 06:33 AM

Hi

2960 access switch is conffigured as VTP Client mode. show vlan displays all vlan created including vlan 3.

when i configure managment vlan on access switch to manage the switch, i cannot access it as well.

Switchport trunk allowed vlan 2

4500--------------trunk---------------2960

any host behind 2960 access-switch can access all host/server in all vlan

only host in vlan2 can communicate with host behind 2960 switch other host in different vlan cannot?

how does this work "Switchport trunk allowed vlan 2"

Looking at the wording it only allows vlan2 but both direction or one direction

cheers

Paul

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to paul.tim681

‎10-25-2011 06:45 AM

Hi Paul,

You need to allow the vlans you have configured on your 2960 on your trunk port. Right now you are only allowing vlan 2 and not 3 or 4.  The 2960 is a layer-2 switch only and can only have one svi configured for management.

vlan 2 is allowed both direction.

HTH

0 Helpful

JohnTylerPearce
Level 7
Level 7
In response to Reza Sharifi

‎10-25-2011 07:10 AM

Use the following command on the trunk links.

switchport trunk allowed vlan add 3-5

If you just use the command 'switchport trunk allowed vlan x' it will get rid of all the vlans you have allowed

as of date and replace it with whatever the command is

the 'switchport trunk allowed vlan ADD" command will ADD the vlan to the list of vlans allowed on

that trunk link.

I hope they helped you better understand the two commands. And Reza is 100% correct, that should

fix your problem.

0 Helpful
Customers Also Viewed These Support Documents