Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trunking Between Router and Switch

Status
Not open for further replies.

zGreenGhostz

IS-IT--Management
Sep 26, 2011
19
CA
I have been trying for a while to get this to work. I am at wits end. If anyone can help me it would be greatly appreciated.

Cisco 2924 connected to a Cisco 2651 (via f/0 cable)

I have 5 vlans created on the switch and 5 corresponding subinterfaces on the router.

Dot1q on the router subinterfaces and Dot1q on port 24 of the switch.

On the switch only one vlan (33) is up. Rest remain administratively down and won't come up.

I have another switch (cisco 2822 - also connected via f/o cable) from int fa2 (on 2822) to fa0/23 (on 2924)

ISL on this link

Router cfg seems fine so I set my acl to log

Pinging from the router to the 2924 shows "encapsulation failed"

On the 2924:

KYUL001#vlan database
KYUL001(vlan)#show current
VLAN ISL Id: 1 <- all vlans dislplay "vlan isl" like this

Q: is this just a designated name or does it refer to the actual encapsulation?


Can someone help me troubleshoot this in a methodical way? I will get the 2924's cfg up on here shortly. Meanwhile what do I look for first?







 
The 2924XL (like all layer-2 switches) can only have one SVI interface up. The switch only needs one Layer-3 interface as it is purely for management. The Layer-2 VLANs will be active so if you put access ports in any of the 5 VLANs they should work.

Andy
 
Hi Andy,

All the ports on the 2924 are assigned to respective vlans. The management vlan has only one port assigned to in and it's on the 2822 not the 2924. vlans are propagated with vtp with the 2822 in client mode.

I can ping machines within respecive vlans on the same switch but not across switches. I suspect the encapsulation on the trunks is the problem.

So yes the layer-2 vlans are active, have ports assigned to them and they work.

What did you want me to check?
 
oops I didn't mention that prior to configuring the subinterfaces on the router, the trunking for the switches worked fine and the vlans were propagated to the 2822.
 
You need to show the configs. And "show vlan".

When you say "On the switch only one vlan (33) is up. Rest remain administratively down and won't come up."
It sounds like you are talking about VLAN interfaces, so ADB100's suggestion is the first thing that springs to mind.
 
On early 2924's the only encapsulation they had was ISL which is cisco proprietary. So the device on the other end would have to be capable of ISL if you want to trunk to that old switch. Check to see if your router supports ISL or not .
 

VinceWhirlwind (TechnicalUser):"When you say "On the switch only one vlan (33) is up. Rest remain administratively down and won't come up."
It sounds like you are talking about VLAN interfaces"
-Exactly.

"so ADB100's suggestion is the first thing that springs to mind"
-Which is?
 
@vipergg (MIS)

This model supports ISL and Dot1q. Of course that would be the first thing to check before doing anything.

So if I wanted to, I could actually do everything in ISL right up to the router subinterfaces. But I'd rather do it as I am doing now.
 
Here's the running configuration


KYUL001#show run
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname KYUL001
!
enable password 7 xxxxxxxxxxx
!
!
!
!
!
!
no ip subnet-zero
ip domain-name YUL001
!
!
!
interface FastEthernet0/1
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 15
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 15
spanning-tree portfast
!
interface FastEthernet0/11
duplex full
switchport access vlan 5
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 5
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 5
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 5
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/21
duplex full
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/23
description **FibreTrunk**
switchport trunk native vlan 33
switchport trunk allowed vlan 1,5,1002-1005
switchport trunk pruning vlan 5
switchport mode trunk
!
interface FastEthernet0/24
description **FibreTrunk**
switchport trunk encapsulation dot1q
switchport trunk native vlan 33
switchport trunk allowed vlan 1,5,1002-1005
switchport mode trunk
!
interface VLAN1
no ip address
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN5
description **Guest**
ip address 192.168.8.194 255.255.255.224
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN10
description **Auxiliary**
ip address 192.168.8.34 255.255.255.224
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN15
description **Video**
ip address 192.168.8.130 255.255.255.224
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN20
description **Administration**
ip address 192.168.8.98 255.255.255.224
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN33
description **management**
ip address 192.168.8.227 255.255.255.224
no ip directed-broadcast
no ip route-cache
!
tftp-server NETSERVER
tftp-server 192.168.8.99
!
line con 0
password e
stopbits 1
line vty 0 4
password 7 xxxxxxxxxxxxxxxxx
login
line vty 5 15
password 7 xxxxxxxxxxxxxxxxx
login
!
ntp source FastEthernet0/24
end
 
So it looks like ADB100 was correct - you've got a number of VLAN interfaces with IP addresses on them: pick one, and then remove the IP addresses from all the rest.
 
I think you are missing some fundamental stuff here.

1. The 2924 & 2822 are only Layer-2 switches (as well as being ancient..) - they can't perform any layer-3 (routing) functionality. They require an IP address purely for management.
2. The 2651 is your ONLY layer-3 capable device, it must perform ALL the inter-VLAN routing so needs a subinterface in each VLAN as well as the VLAN being allowed on the trunk on the layer-2 switch(es). A la 'router-on-a-stick'....

Your trunks allow VLAN 1 & 5 (plus 1002-1005 that you can't remove on these ancient switches). Devices on the same switch will be able to communicate at layer-2 with other devices on the same switch in the same VLAN but that's all your going to get with that config. Devices in VLAN 1 or 5 should have some additional connectivity as they 'should' be able to reach yout 2651 router, however you haven't posted the config for this so we can't be sure.

Andy
 
VinceWhirlwind (TechnicalUser)

Thanks for the info. I'm checking on that.
 
ADB100 (TechnicalUser)

Thanks for your help.

"I think you are missing some fundamental stuff here.

1. The 2924 & 2822 are only Layer-2 switches (as well as being ancient..) - they can't perform any layer-3 (routing) functionality. They require an IP address purely for management."

I mentioned in my first post:

"Cisco 2924 connected to a Cisco 2651 (via f/0 cable)

I have 5 vlans created on the switch and 5 corresponding subinterfaces on the router. "

You may have missed that, np.

"Your trunks allow VLAN 1 & 5 (plus 1002-1005 that you can't remove on these ancient switches)."

I created vlan5, it's not a default vlan like 1, 1002-1005, but I know what you meant.

I was already aware of the layer 2 functionality of the switches. I appreciate your help.

The trunking from the router to the 2924 is dot1q and the trunking from the 2924 to the 2822 is ISL (because the 2822 doesn't support dot1q).

Anyways I had made some errors when I first configured the 2924 so I erased everthing on the switch (I saved that config anyways just in case) and I re-configured the switch from scrath.

I have conectivity now but there seems to be a problem communicating between vlans, so I will look at what vince told me.

There was also a problem with getting traffic out on the internet even though I could ping successfully.

The issue on the router, which I worked on last night and managed to fix:

The router uses PAT. Originally there was only one network. When I added the vlans on the switches, I also created the subinterfaces on the router. The thing is, I forgot to put the "ip nat inside" command on each subinterface, so the PATing was problematic.

It's working now.

Will just check the interfaces on the switch.

One question:
Why can the switch only have one IP even though they are in different subnets. Shouoldn't all the assigned IP's work?
(right now only the management ip is up up, so the trunking is functional)

Andy, if you or anyone else could answer I would appreciate it. Also looking online.

Thanks for you help, guys.



 
As I said the switches are purely layer-2. They have an IP address for management ONLY. Only one SVI interface can be active at once. If you enable an SVI interface (no shutdown) then it will disable the one that was previously enabled. This is by design, just accept it....

What issues are you seeing communicating between VLANs? If your 2651 doesn't have any ACLs attached to the subinterfaces then you shouldn't have any layer-3 issues. Can you ping between end devices in each VLAN?

Andy
 
Hi,

See here for an explanation on the difference between a layer 2 device and a layer 3 device.


Stubnski
 
Basically, a switch handles frames. It reads MAC addresses. Doing its switching job, it never sees any IP addresses.
However, to enable us to manage it, it can be assigned a host address. That address is not used to do any of its switching work.
So there wouldn't be any point at all in the switch having multiple IP addresses. They wouldn't be useful for anything.
 
So I checked my vlans and machines connected to ports assigned to vlan20 can get ip's on all of the switches. When connected to a port assigned to a vlan other than vlan20 they are not getting an ip.

The dhcp server is on vlan20. There is a scope for each vlan and I checked the ip range and it's the correct range for each subnet.

I can telnet to the router and then drill down to each swtich, so it seems like the trunking is working.

My guess is the routing is not taking place. Like I mentioned at the top on my first post the subinterfaces are created on the router. I can ping each sub interface on the router.

Also one more thing. Andy, I didn't know what you meant by an SVI interface. (Switch Virtual Interface)? That's why I didn't understand what he was saying at first, sorry buddy, my bad :)

So anyone have any ideas what to check first?


 
For your DHCP server on VLAN20 to receive DHCP requests from other VLANs, you will need to configure DHCP-helpers on each VLAN interface on your router.
 
As Vince said on the 2651 subinterfaces add an IP helper for your DHCP server:
Code:
interface FastEthernet0/1.15
 encapsulation dot1q 15
 ip helper-address 192.168.8.x

Andy
 
It's already in my config:

!
!
interface FastEthernet1/0.20
encapsulation dot1Q 20
ip address 192.168.8.97 255.255.255.224
no ip redirects
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface FastEthernet1/0.33
encapsulation dot1Q 33 native
ip address 192.168.8.225 255.255.255.224
ip helper-address 192.168.8.99
no ip redirects
ip nat inside
ip virtual-reassembly
!
!

So the DHCP server (Win2K3)ip address is 192.168.8.99 /27, on vlan20.
I put the relay agent on vlan33 because it's the trunk. Should it be on vlan20 instead?

Is that correct?

I guess I could try it at the same time as I'm asking here....


 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top