Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2304
Views
5
Helpful
5
Replies

vlan tagging problems / questions

it_enovia
Level 1
Level 1

‎05-14-2016 03:58 AM - edited ‎03-08-2019 05:46 AM

Hi all

We have a problem with our configuration: in our business we have some switches (3 cisco series 35XX, 3 L3 of other brand) with 2 VLANs configured, and 7 cisco 1850 AP with WLC mobility express controller image; the VLANs are configured actually as:

VLAN 301: voip

VLAN 302: PCs

All the switches and the APs are connected with trunk ports on the switch configured like:

interface range Gigabitethernet 0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 301,302
switchport trunk native vlan 1 (-> redundant, not necessary)
exit

And the ports to the PCs/hosts are configured as:

interface range FastEthernet 0/1-48
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 301,302
switchport trunk native vlan 302
exit

because of the configuration of the VoIP phones (spa504g), that tags their packets with vlan 301 and tags the PC port with vlan302, all the ports are in trunking mode.

The APs will tag the WiFi SSID to vlan302, leaving the management on vlan1.

Now, the problem is that randomly some PCs get from vlan 1 (that is for management purpose) IP address and stay inside the wrong VLAN.

Do you have experienced the same problem?

Studying the problem, I think I could solve the problem tagging the ports between the switches with a "bin" VLAN , with this conf

interface range Gigabitethernet 0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 1,301,302
switchport trunk native vlan 500
exit

But in that case I couldn't connect the APs to the trunk port because the management of AP would be in the wrong VLAN 500, right?

I tried configuring a 3560x for testing with this configuration

interface range Gigabitethernet 0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 1,301,302
switchport trunk native vlan 500
exit

and the problem was that I was not able to connect to the management console of the switch, even tagging packets to VLAN1.

Any other had the same issue? Can you find errors on my configurations?

Thanks for your support!

Paolo

Labels:
0 Helpful
5 Replies 5

Paul Chapman
Level 4
Level 4

‎05-14-2016 10:25 AM

Hi Paolo -

Do you have CDP enabled on the phones?  Are all the phones connected to the Cisco switches?  If yes to both, then your client ports should be in access mode, not trunk and use the "voice vlan" command.

In terms of the trunks, "native vlan" means untagged traffic.  If the switch receives untagged traffic on a port it places the traffic in that VLAN for internal forwarding.  Same for the reverse.

In the switch-to-switch links as long as both sides agree on what is native and what is tagged, traffic will flow.

This is generally what I'd expect to see:

vlan 1
 name MANAGEMENT
vlan 301
 name VOIP
vlan 302
 name PCs
!
! Switch to Switch
interface gi0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 ! VLAN filter optional (Must include VLAN 1 since it is used for management)
 switchport trunk allowed vlan 1,301,302
!
! Switch to AP
interface gi0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk native vlan 1
 ! VLAN filter optional (Must include VLAN 1 since it is used for management)
 switchport trunk allowed vlan 1,302
!
! Switch to Phone/PC (Phone using CDP)
interface gi0/3
 switchport mode access
 switchport access vlan 302
 switchport voice vlan 301

PSC

0 Helpful

it_enovia
Level 1
Level 1
In response to Paul Chapman

‎09-05-2016 07:12 AM

after 4 months the problem still persist... We cannot use CDP because there are some voip phones that doesn't support CDP.

It seems that the pcs that takes wrong DHCP address are only connected from WiFi

Paul Chapman
Level 4
Level 4
In response to it_enovia

‎09-05-2016 08:46 AM

Hi Paolo -

I've heard some reports of issues with the 1850 Mobility Controller.  I recommend opening a TAC case to resolve.  You may need a code change on the AP.

PSC

0 Helpful

Furose M
Level 3
Level 3

‎05-14-2016 10:42 AM

in which Vlan the DHCP server is present? do you have "ip helper" configured in Vlan 1?

if the PCs are randomly getting IP address that belongs to Vlan 1, there is something wrong with the DHCP server or relay agent or the switch/

i am suspecting either 1 or 2 as the culprit.  how do you fix it when this happens?

when this happens, are you learning the MAC address in the switch in proper vlan? i am hoping so.

0 Helpful

it_enovia
Level 1
Level 1
In response to Furose M

‎05-14-2016 04:09 PM

Hi Furose,

the DHCP server is installed in a linux box; here is the /etc/network/interfaces configuration; on monday I'll send to you the DHCPD conf

auto eth0
auto eth0 inet static
  address 192.168.1.1
  netmask 255.255.255.0
  gateway 192.168.1.254

auto eth0.301
auto eth0.301 inet static
  address 192.168.2.1
  netmask 255.255.255.0
  gateway 192.168.2.254
auto eth0.302
auto eth0.302 inet static
  address 192.168.3.1
  netmask 255.255.255.0
  gateway 192.168.3.254

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card