Trunking Between Router and Switch

[zGreenGhostz]

I have been trying for a while to get this to work. I am at wits end. If anyone can help me it would be greatly appreciated.

Cisco 2924 connected to a Cisco 2651 (via f/0 cable)

I have 5 vlans created on the switch and 5 corresponding subinterfaces on the router.

Dot1q on the router subinterfaces and Dot1q on port 24 of the switch.

On the switch only one vlan (33) is up. Rest remain administratively down and won't come up.

I have another switch (cisco 2822 - also connected via f/o cable) from int fa2 (on 2822) to fa0/23 (on 2924)

ISL on this link

Router cfg seems fine so I set my acl to log

Pinging from the router to the 2924 shows "encapsulation failed"

On the 2924:

KYUL001#vlan database
KYUL001(vlan)#show current
VLAN ISL Id: 1 <- all vlans dislplay "vlan isl" like this

Q: is this just a designated name or does it refer to the actual encapsulation?


Can someone help me troubleshoot this in a methodical way? I will get the 2924's cfg up on here shortly. Meanwhile what do I look for first?

 

[zGreenGhostz]

@Vince:

So it should be like this:

!
interface FastEthernet1/0.15
encapsulation dot1Q 15
ip address 192.168.8.129 255.255.255.224
ip helper-address 192.168.8.99
no ip redirects
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface FastEthernet1/0.20
encapsulation dot1Q 20
ip address 192.168.8.97 255.255.255.224
ip helper-address 192.168.8.99
no ip redirects
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface FastEthernet1/0.33
encapsulation dot1Q 33 native
ip address 192.168.8.225 255.255.255.224
ip helper-address 192.168.8.99 <-keep it here also?
no ip redirects
ip nat inside
ip virtual-reassembly
!

I thought it would only have to be on the trunk to work...

 

[zGreenGhostz]

I added the ip helper-address command to each subinterface on the router but I still cannot get machines to aquire IP addresses (when connected to ports assigned to vlans other than vlan20.

I didn't know if it was an ACL issue or a DHCP issue.

So I connected my machine to the management port on one of the switches (2822) and give it a static IP.

It worked. I had complete connectivity. So I guess it's not an ACL issue?

I'm still doing something wrong with DHCP.

Any help is appreciated.

 

[VinceWhirlwind]

1. Have you added VLAN33 to your trunk on the switch?

2. Have you patched your PC into a switchport that is configured as an access port in VLAN33?

 

[zGreenGhostz]

VinceWhirlwind (TechnicalUser)
4 Nov 11 19:25
1. Have you added VLAN33 to your trunk on the switch?

Yeah they're added, I copied part of the config from the switch that I had pasted above:

!
interface FastEthernet0/23
description **FibreTrunk**
switchport trunk native vlan 33
switchport trunk allowed vlan 1,5,1002-1005
switchport trunk pruning vlan 5
switchport mode trunk
!
interface FastEthernet0/24
description **FibreTrunk**
switchport trunk encapsulation dot1q
switchport trunk native vlan 33
switchport trunk allowed vlan 1,5,1002-1005
switchport mode trunk
!

2. Have you patched your PC into a switchport that is configured as an access port in VLAN33?

Yes, that's the port I was testing in the previous post. I manually assaigned the IP: 192.168.8.233 /27

But you know what... I'm looking at the config for int 24 that I just pasted right now....

Looks like some vlans are not added as allowed vlans. Let me test that.

 

[zGreenGhostz]

I found part of the problem.

The dhcp service was disabled.

I enabled it but didn't configure any dhcp. If I'm not mistaken, the relay agent will also be disabled if the service is disabled, right?

I guess some mistakes are dumber than others...

 

[zGreenGhostz]

Machines in other vlans than vlan20 are still not getting ip's.

I did a show mac-address-table on the 2924:

KYUL001#show mac-address-table
Dynamic Address Count: 8
Secure Address Count: 0
Static Address (User-defined) Count: 0
System Self Address Count: 50
Total MAC addresses: 58
Maximum MAC addresses: 2048
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0002.55d4.a884 Dynamic 20 FastEthernet0/4
0002.55f4.cdc4 Dynamic 20 FastEthernet0/2
0006.d780.4b70 Dynamic 1 FastEthernet0/24
0006.d780.4b70 Dynamic 20 FastEthernet0/24
001b.217f.1400 Dynamic 20 FastEthernet0/20
001d.ba5d.051d Dynamic 10 FastEthernet0/8
001e.8cb7.e617 Dynamic 20 FastEthernet0/21
0090.2b56.90db Dynamic 1 FastEthernet0/23


Fa0/23 & Fa0/24 are the trunks. They are showing vlan1. Isn't that wrong?

 

[chieftan]

Very quickly, I may be reading this wrong I dont know, but all of your switchports appear to be outside the scope of the allowed VLANs across the trunk as per here:

switchport trunk allowed vlan 1,5,1002-1005

Are you trying to connect from one of the other ports on the actual switch?

 

[zGreenGhostz]

chieftan,

"all of your switchports appear to be outside the scope of the allowed VLANs across the trunk"

Yes that's part of the symptom and I can't seem to resolve that.

On the interfaces (23&24) I'm issueing:

KYUL001(config-if)#switchport trunk allowed vlan except 1

and it's accepting the command but doesn't change the config of the switch: ie: vlan 1 is still listed as an allowed vlan.

The other thing is this:

KYUL001#sho ip int brief
Any interface listed with OK? value "NO" does not have a valid configuration

Interface IP-Address OK? Method Status Prot
ocol
VLAN1 unassigned NO unset up down

VLAN5 unassigned YES manual administratively down down

VLAN10 unassigned YES manual administratively down down

VLAN15 unassigned YES manual administratively down down

VLAN20 unassigned YES manual administratively down down

VLAN33 192.168.8.227 YES manual up up


See how vlan 1 NO / up down ?

So I don't know why it's behaving like that...

Any help is appreciated.

 

[zGreenGhostz]

chieftan,

Machines connected to ports assigned to vlans other than vlan 20 are now getting ips from the dhcp server. The thing is, only vlan 33 can access the internet. The other machines get an ip now but can't surf.

So I'm still at it here.

 

[ADB100]

The Layer-3 interfaces WILL display as down as only one can be up at a time because it is a layer-2 only switch - haven't we been through this already?
Do a show VLAN and see that they are 'Active'. The Layer-3 functionality is on the 2651 - make sure that all the VLANs are allowed on the trunk from the switch to the 2651

switchport trunk allowed vlan all

You can restrict what you don't need later if need be but this is a small setup that should probably be ok like this.

Andy

 

[ADB100]

zGreenGhostz (IS/IT--Management) 8 Nov 11 9:35
chieftan,

Machines connected to ports assigned to vlans other than vlan 20 are now getting ips from the dhcp server. The thing is, only vlan 33 can access the internet. The other machines get an ip now but can't surf.

So I'm still at it here.

So you are now missing some NAT configuration on the 2651....

 

[zGreenGhostz]

Thank you.