Re: VLAN trunking issue

chaunce · ‎09-18-2012

Hi,

I'm having an issue allowing VLan 2 access on interaface Gi0/15. I've configured interface Gi0/15 with (switchport access vlan 2) on a 2960G-E Access switch. I've also configured the Access switch Trunk interface (Gi0/45) using switchport trunk allowed vlan add 2 as well as the Trunk interface the Access switch is connected to (Gi1/2) on a 4503 Distribution switch, but when I plug a device into Gi0/15 (I've tried multiple laptops that work when plugged into a different port albeit different VLans) on the Access switch, I see no meaningful traffic being passed. Any help troubleshooting this would be appreciated. If there are further commands you'd like me to execute, please let me know.

Thanks much,

Chauncey

DISTRIBUTION SWITCH

D301A-Cisco4503#sho int gi1/2 trunk

Port Mode Encapsulation Status Native vlan

Gi1/2 on 802.1q trunking 7

Port Vlans allowed on trunk

Gi1/2 1-3,6-7

Port Vlans allowed and active in management domain

Gi1/2 1-3,6-7

Port Vlans in spanning tree forwarding state and not pruned

Gi1/2 1-3,6-7

ACCESS SWITCH

D303-2960G-E#sho int gi0/45 trunk

Port Mode Encapsulation Status Native vlan

Gi0/45 on 802.1q trunking 7

Port Vlans allowed on trunk

Gi0/45 1-3,6-7

Port Vlans allowed and active in management domain

Gi0/45 1-3,6-7

Port Vlans in spanning tree forwarding state and not pruned

Gi0/45 1-3,6-7

login as: admin

Using keyboard-interactive authentication.

Password:

D303-2960G-E>en

Password:

D303-2960G-E#sho int gi0/45 trunk

Port Mode Encapsulation Status Native vlan

Gi0/45 on 802.1q trunking 7

Port Vlans allowed on trunk

Gi0/45 1-3,6-7

Port Vlans allowed and active in management domain

Gi0/45 1-3,6-7

Port Vlans in spanning tree forwarding state and not pruned

Gi0/45 1-3,6-7

D303-2960G-E#sho int gi0/15

GigabitEthernet0/15 is up, line protocol is up (connected)

Hardware is Gigabit Ethernet, address is 0023.acf6.250f (bia 0023.acf6.250f)

MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

2542731 packets input, 785961867 bytes, 0 no buffer

Received 290742 broadcasts (84742 multicasts)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 84742 multicast, 0 pause input

0 input packets with dribble condition detected

194896063 packets output, 141853440400 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 pause output

0 output buffer failures, 0 output buffers swapped out

D303-2960G-E#sho int gi0/15 status

Port Name Status Vlan Duplex Speed Type

Gi0/15 connected 2 full 1000 10/100/1000BaseTX

John Blakley · ‎09-18-2012

What's doing the routing for vlan 2?

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

chaunce · ‎09-18-2012

We're using an ASA 5520.

Jon Marshall · ‎09-18-2012

Can you ping the default-gateway ie. the ASA vlan 2 interface, from the PC you have connected to gi0/15 ?

Jon

chaunce · ‎09-18-2012

Unfortunately, I can't test it right now, but I do remember trying this and receiving time outs or destination host unreachable. I'll be able to test this tomorrow and report back.

Sent from Cisco Technical Support iPhone App

Jon Marshall · ‎09-18-2012

No problem.

Also, how is the firewall configured in terms of vlan 2 ie. do you have the inside interface supporting multiple vlans and if so is the connection from the 4500 to the firewall a trunk link that also allows vlan 2. I'm assuming the firewall is connected to the 4500.

Jon

chaunce · ‎09-19-2012

Hi Jon,

Sorry for the delay. Pings to the ASA VLan 2 interface timeout from the PC connected to Gi0/15.

The inside/ASA VLan 2 interface only has VLan 2 on it. The firewall is connected to the 4500 (Gi3/3<->Gi0/2). BTW, pinging another host on VLan 2 from the ASA is successfull -100 percent repsonse.

D303-ASA5520(config)# sho int gi0/2

Interface GigabitEthernet0/2 "inside", is up, line protocol is up

Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)

Input flow control is unsupported, output flow control is off

Description: VLan 2

MAC address 001e.13f0.1750, MTU 1500

IP address 10.1.20.1, subnet mask 255.255.255.0

10982499084 packets input, 8973093431008 bytes, 0 no buffer

Received 830936 broadcasts, 0 runts, 0 giants

23868 input errors, 0 CRC, 0 frame, 23868 overrun, 0 ignored, 0 abort

0 pause input, 0 resume input

0 L2 decode drops

7015135541 packets output, 1807805273466 bytes, 0 underruns

0 pause output, 0 resume output

0 output errors, 0 collisions, 1 interface resets

0 late collisions, 0 deferred

0 input reset drops, 0 output reset drops, 0 tx hangs

input queue (blocks free curr/low): hardware (255/230)

output queue (blocks free curr/low): hardware (255/8)

Traffic Statistics for "inside":

10982499086 packets input, 8774054509024 bytes

7015135541 packets output, 1667986841803 bytes

5758914 packets dropped

1 minute input rate 456 pkts/sec, 309106 bytes/sec

1 minute output rate 323 pkts/sec, 72207 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 584 pkts/sec, 300367 bytes/sec

5 minute output rate 489 pkts/sec, 159776 bytes/sec

5 minute drop rate, 0 pkts/sec

D301A-Cisco4503#sho int gi3/3 trunk

Port Mode Encapsulation Status Native vlan

Gi3/3 off negotiate not-trunking 1

Port Vlans allowed on trunk

Gi3/3 2

Port Vlans allowed and active in management domain

Gi3/3 2

Port Vlans in spanning tree forwarding state and not pruned

Gi3/3 2

D301A-Cisco4503#sho int trunk

Port Mode Encapsulation Status Native vlan

Gi1/2 on 802.1q trunking 7

Gi2/1 on 802.1q trunking 7

Gi2/2 on 802.1q trunking 7

Gi2/3 on 802.1q trunking 7

Gi2/4 on 802.1q trunking 7

Gi2/5 on 802.1q trunking 7

Gi2/6 on 802.1q trunking 7

Gi3/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi1/2 1-3,6-7

Gi2/1 1-2,4,7

Gi2/2 1,6-7

Gi2/3 1,7

Gi2/4 1,7-8

Gi2/5 1,3,6-7

Gi2/6 1,3,6-7

Gi3/1 1,3-4,6

Port Vlans allowed and active in management domain

Gi1/2 1-3,6-7

Port Vlans allowed and active in management domain

Gi2/1 1-2,4,7

Gi2/2 1,6-7

Gi2/3 1,7

Gi2/4 1,7-8

Gi2/5 1,3,6-7

Gi2/6 1,3,6-7

Gi3/1 1,3-4,6

Port Vlans in spanning tree forwarding state and not pruned

Gi1/2 1-3,6-7

Gi2/1 1-2,4,7

Gi2/2 1,6-7

Gi2/3 1,7

Gi2/4 1,7-8

Gi2/5 1,3,6-7

Gi2/6 1,3,6-7

Gi3/1 1,3-4,6

Thanks,

Chauncey

cadet alain · ‎09-19-2012

Hi,

can you post sh run interface gig3/3 on the 4503 switch.

Regards.

Alain

Don't forget to rate helpful posts.

chaunce · ‎09-19-2012

Hi Alain,

Here you go.

Thanks,

Chauncey

D301A-Cisco4503#sh run int gi3/3

Building configuration...

Current configuration : 139 bytes

!

interface GigabitEthernet3/3

description ASA FW VLAN 2

switchport access vlan 2

switchport mode access

speed 1000

duplex full

end