Vlans and Trunk Ports

johnnywi43 · ‎09-16-2013

The pervious network admin configured all of the uplink ports as access ports instead of trunk ports. We now need a second vlan on a switch. My boss (the old network admin) prefers that I just configure static routes to make it work instead of a trunk port. But I trying to get the trunk port to work.

Right now we have 1 WS-C4506 and then we have all of our switches connected to it.

We need to go from the 4506 to a WS-C3560G-24TS which will then connect to another switch that will be on a different (new) vlan.

Vlan 2 and 3 needs to access the new vlan 5.

I configured the trunk but vlan 2 and 3 can ping the gateway (configured on the 4506) for vlan 5 but cannot access the test machine plugged into the 3560. (I'm using a test machine until the switch is ready to be configured and installed). I can access machines on the 3560 on vlan 2. Vlan 2 is the native vlan.

4506-----

interface GigabitEthernet2/4

description uplink

switchport trunk encapsulation dot1q

switchport trunk native vlan 2

switchport trunk allowed vlan 2,5

switchport mode trunk

interface Vlan5

description *** SLC Cloud ***

ip address 10.10.5.1 255.255.255.0

ipx network 5

C 10.10.5.0 is directly connected, Vlan5

And the vlans are displayed under show vlan

3560------

vlan 2

name vlan A

!

vlan 5

name Vlan B

interface GigabitEthernet0/1

description uplink

switchport trunk encapsulation dot1q

switchport trunk native vlan 2

switchport trunk allowed vlan 2,5

switchport mode trunk

interface GigabitEthernet0/22

switchport access vlan 5

switchport mode access

switchport nonegotiate

interface Vlan2

ip address 10.10.2.2 255.255.255.0

ip helper-address 10.10.3.3

no ip route-cache

!

ip default-gateway 10.10.2.1

Does anyone have any ideas why the trunk isnt' working.

glen.grant · ‎09-16-2013

Check your setup. On both switches do a show vlan to make sure both vlan 2 and 5 show active . Also on the second switch how are addresses being alocated, static or dhcp. If using dhcp then on the users port add the "switchport host" command ,all user ports should have this. Do you have L1 connections, do the ports show active ? How do you know the trunk isn't working ??? One of the problems with forcing on a trunk is you don't really know if the trunk is working . you could try " switchport mode dynamic desirable" on each side and see what happens . The config looks ok to me . Maybe you can post a show int trunk for both sides and show cdp neigh for both sides.

johnnywi43 · ‎09-17-2013

The devices on vlan 5 are using static IPs. The devices on subnet 2 are using DHCP and they work. The ports do show active. Vlan 5 works on the core switch( (4506) but doesn't work as an additional vlan on the 3560.

Thanks for taking time to look at my question.

devils_advocate · ‎09-17-2013

Can you provide the full configs on both switches (omitting any passwords etc)?

I am guessing you can ping the SVI of Vlan 5 from the switch?

Can you do a #show int trunk on both switches and post the results?

Does the MAC address of the Vlan 5 SVI appear in the ARP cache of the 4506?

johnnywi43 · ‎09-17-2013

Show int trunk 4506----

Port Mode Encapsulation Status Native vlan

Gi2/4 on 802.1q trunking 2

Port Vlans allowed on trunk

Gi2/4 2,5

Port Vlans allowed and active in management domain

Gi2/4 2,5

Port Vlans in spanning tree forwarding state and not pruned

Gi2/4 2,5

Show int trunk 3560----

Port Mode Encapsulation Status Native vlan

Gi0/1 on 802.1q trunking 2

Port Vlans allowed on trunk

Gi0/1 2,5

Port Vlans allowed and active in management domain

Gi0/1 2,5

Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 2,5

The Mac address of the machine on vlan 5 does show in the ARP cache on 4506.

4506 Config (removed ports to limit the size of output):

! Last configuration change at 13:28:20 MDT Mon Sep 16 2013 by

! NVRAM config last updated at 09:06:21 MDT Tue Sep 17 2013 by

!

version 15.0

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

service compress-config

!

boot-start-marker

boot system bootflash:cat4500-entservicesk9-mz.150-2.SG4.bin

boot-end-marker

!

aaa new-model

!

aaa session-id common

clock timezone MST -7

clock summer-time MDT recurring

ip subnet-zero

no ip domain-lookup

ip vrf mgmtVrf

!

appletalk routing

ipx routing 000d.65f3.1bc0

!

power redundancy-mode redundant

!

spanning-tree mode mst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 2

!

interface GigabitEthernet2/4

description uplink

switchport trunk encapsulation dot1q

switchport trunk native vlan 2

switchport trunk allowed vlan 2,5

switchport mode trunk

!

interface Vlan2

ip address 10.10.2.1 255.255.255.0

ip helper-address 10.10.3.20

ipx network 2

!

interface Vlan3

ip address 10.10.3.1 255.255.255.0

ip helper-address 10.10.3.20

ipx network 7

!

interface Vlan5

ip address 10.10.5.1 255.255.255.0

ipx network 5

!

ip forward-protocol udp 10001

ip route 0.0.0.0 0.0.0.0 10.10.1.3

no ip http server

no ip http secure-server

!

snmp-server community RO

snmp-server community RW

!

control-plane

!

line con 0

stopbits 1

line vty 0 4

password 7 x

transport input ssh

line vty 5 15

transport input ssh

!

ntp clock-period 17179720

ntp server 10.10.3.15

end

3560----

!

! Last configuration change at 13:28:12 MDT Mon Sep 16 2013 by

! NVRAM config last updated at 09:07:28 MDT Tue Sep 17 2013 by

!

version 15.0

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

boot-start-marker

boot-end-marker

!

aaa new-model

!

aaa session-id common

clock timezone MST -7 0

clock summer-time MDT recurring

system mtu routing 1500

vtp domain NULL

vtp mode transparent

ip domain-name dtint.com

ip name-server 10.10.3.64

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2

name A

!

vlan 5

name B

!

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 2

!

interface GigabitEthernet0/1

description Uplink

switchport trunk encapsulation dot1q

switchport trunk native vlan 2

switchport trunk allowed vlan 2,5

switchport mode trunk

!

interface GigabitEthernet0/22

switchport access vlan 5

switchport mode access

switchport nonegotiate

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

interface Vlan2

ip address 10.10.2.2 255.255.255.0

ip helper-address 10.10.3.20

no ip route-cache

!

ip default-gateway 10.10.2.1

no ip http server

no ip http secure-server

!

logging esm config

snmp-server community RO

!

line con 0

password 7 x

line vty 0 3

password 7 x

length 0

transport input ssh

line vty 4

password 7 x

transport input ssh

line vty 5 14

password 7 x

transport input ssh

line vty 15

transport input ssh

!

ntp server 10.10.3.15

end

Thanks-

glen.grant · ‎09-17-2013

I don't see any L3 SVI on the 4506 for vlan 5 unless it's a misprint .

johnnywi43 · ‎09-17-2013

I think I figured out. There isn't any L3 routing configured.

Thanks everyone who look at my question.