09-10-2018 08:41 AM - edited 03-08-2019 04:07 PM
Hi,
We have a problem with vlan tag and we want to know if it’s the way we build our network who’s incorrect of if it’s the function isn’t fully supported on our equipment.
We have a core switch Catalyst 3750 with ip service activated, so it’s the core switch act as layer 3 for one of our building.
All the vlan is configurated on this switch. We have setup an ip address on the vlan 1 and we access is by telnet with the vlan 1 ip address.
The switch is connected thru other switch (2960 model) by a config switchport mode trunk
I need to activate a global config “vlan dot1q tag native” on my core. But when I make this, all my network goes down, even in console of my 3750 switch, I can’t no more access all my other 2960 switch thru my vlan 1. If I disable the “vlan dot1q tag native” all the network become available and I can manage all my switch thru is vlan 1 ip address.
I make the same setup in other building except the core switch is a 3850 instead of 3750. Can it be the problem?
Is is a part of the config
Switch CORE 3750
Ios version : Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(50)SE, RELEASE SOFTWARE (fc1)
The trunk port thru my other switch (2960)
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/4
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
On my 2960 switch:
Ios version : Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
Config of trunk port:
interface Port-channel1
switchport mode trunk
!
interface GigabitEthernet1/0/42
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/47
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/48
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
09-10-2018 10:14 AM - edited 09-10-2018 10:17 AM
In IOS, the command "vlan dot1q tag native" should have the effect of tagging outbound traffic on the native vlan. It will also have the effect of dropping inbound untagged traffic (reference). I'm suspecting that 3750 was dropping traffic from 2960 if you configured only on the 3750 side.
3850 should have the same behavior, but there was a bug opened because the platform was not implementing the feature properly. Please see CSCvc14778. Fixed release 15.2(3)E5 = 03.07.05E. I'm not sure what version of IOS-XE you're running on 3850.
If you enable this command on 3750, then you need to enable on 2960 as well.
09-10-2018 10:53 AM
Hi Matt,
I can't enable this command on 2960 switch, the command isn't present.
in config mode, the only listed command with "vlan" is
In the reference you pointed me, they said that these command need to be enable
"spanning-tree bpdufilter enable"
Can it be the problem?
On my 3750, only these command is enabled
09-10-2018 11:13 AM
Hello Guillaume.chartrand,
I checked and unfortunately it looks like the 2960 platform doesn't support tagging native vlan. So your implementation of tagging the native vlan won't work with the 2960 switch. You could force VLAN 1 to be non-native on both sides. But you'd have to be mindful of the vlan that you choose to be native for the trunk, it would effectively not be able to pass traffic to 3750 with native vlan tagging enabled.
The BPDUfilter config was a recommendation for service provider edge routers so that customer STP BPDU's don't interfere with the provider's internal STP implementation.
09-10-2018 12:01 PM
Ok,
instead of changing the native vlan, we don't need to use vlan 1 as management vlan for our switch. it's a config who was created very long time ago and persist with no specific utility. I will create another vlan for management and assign an ip in that vlan for all my switch and I will be able to enable vlan tagging, right?
09-10-2018 12:05 PM
Hello Guillaume.chartrand,
That should work. Please note that all non-native vlans on a trunk are already using a vlan tag. It's the native vlan which is sent/received untagged by default. The "vlan dot1q tag native" command tells the switch to set vlan tag for native vlan, which is not the default setting.
09-10-2018 03:59 PM - edited 09-10-2018 04:14 PM
Hello
If you going to tag the native vlan globally then you need to apply this to every switch in your estate that connects to the L3 core switch, and not just the core switch, even if you create a another unused vlan it still will become tagged if you use this command.
The other alternative is as you have stated is to create and use a used vlan other than vlan 1 and make that native without tagging it
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: