trunking problems connecting a 2960 to a 2950 3

[corsyl]

Hi,
I had a problem connecting 2 switches together. This is the situation:
one new 2960 switch, port f0/24 not configured in trunking mode. Just a standard port. Only this port is assigned as switchport access VLan200. The reason is that the first 12 ports are VLAN100 and port 13to24 is VLAN200.

the other switch is a 2950 (excisting switch). Port 0/24 also not configured in trunking mode. no VLAN's configured.

The ports are connected by a 10baseT/fiber optic convertor and back.(because of the distance and outside the building)

When I type sh interfaces status then it says "connected, trunking". in sh cdp neighbours both switches are shown.

My question is: why is it in trunking?? I didn't configure trunking at all. I didn't find any ways to get this connection out of trunking mode. Also, pings where not possible even the PC's at both switches where in the same subnet.

Any help explaining why this link is in trunking mode and why PC's are not able to communicate would be helpfull. How can I solve this problem?

Thank you in advance

 

[burtsbees]

More detail...what is doing the routing? You MUST set a port conected to the router as a trunk...

Burt

 

[corsyl]

Burt, if I understand right you say IF I use different VLAN's to seperate 2 networks I always have to use a router?

So, the only solution is to create VLAN200 in the 2950 as well to get it work if I don't have/use a router?

My confusion is propably that I have set the same situation for VLAN100 but used a 3Com switch at the other end and this worked well. Does this mean that if I use VLAN's using 2 cisco's I have to use routing/or keep the VLAN-ID's the same at both ends and if I use a other vendor switch connected to a Cisco, the whole VLAN id's will be ignored?

As you might notice I am quite unexperienced with this but try to figure out what my problem is.

 

[Cluebird]

The reason the ports formed a trunk is because of Dynamic Trunking Protocol which runs by default on Cisco switches.
Unless you have the switchport mode access command on the interfaces connected to each other, DTP will run because the port is a "dynamic" port. DTP has four settings: auto, desirable, on, or off. On most of the IOS switches, the default is desirable (on some the default is auto). If one side is desirable and the other is auto, DTP forms a trunk. Likewise if both sides are desirable. For most of us, we don't like trunks forming unless we explicitely nail them up between switches with "switchport mode trunk" followed by "switchport nonegotiate".

 

[burtsbees]

Those particular switches are layer 2 switches, so they themselves cannot route between vlans. If you want to do intervlan routing in those switches, you need to set up a trunk link to a router, and that router have subinterfaces on the physical interface, each defining a vlan with an IP address and encapsulation. If you need help with the config, please let us know what type of router you would use (i recommend Cisco), and a semi-detailed topology, as well as the number of users.

Burt

 

[corsyl]

Cluebird and Burt,
Thanks for your replies. It makes a lot clear to me.
The router we will use will be a cisco and will be used as a router on a stick. Configuration will be no problem.

Thanks again.

 

[burtsbees]

That's it. You got it.

Burt

 

[maczen]

Hey Clue,
I thought Dynamic Auto was ALWAYS the default DTP setting in Cisco devices... Thought theat they did that because two dyn auto ports would not trunk... Seems that a default dyn des port would be a dangerous setting... Thanks for the info.. I will keep my eye open for default dynamic desirable ports during lab setups (sometimes fast and don't perform all best practices.. LoL)

By the way I am guessing that the 3Com switch was a layer 3 and that setup that they had going completely eliminated any benefit of VLANs since they would have been broadcasting across VLANs and lost the security gain as well...

B Haines
CCNA R&S, ETA FOI

 

[vipergg]

On the 2950's or 2960's it is dynamic desirable as a default which is why if you are worried about this the first thing you do when configuring is to make them access ports and work from there .

 

[Cluebird]

Maczen,

The word "ALWAYS" used with Cisco will get you in trouble.

The defaults for one switch platform are not the same as the defaults for another, especially as IOS has "evolved" on the switching platform. It's the same issue we see with command syntax changing from one IOS version to another or one platform to another. As an example, just look at port security configuration on 2900XL/3500XL versus 2950/2960/3550/3560 on up. For CCNA studies, the router platform is the 2811. The switch platform is the 2960EI. I always warn newbies about getting cocky and thinking they know everything by just working with those two platforms.

I still keep a couple ISDN 700 series around to humble those who think they know everything Cisco! Or I'll have them configure an old 1900 or 2900XL because there are still many of those out there. Some companies never upgrade until something breaks...and Cisco is pretty bulletproof IMHO.

Cisco gives us lots of job security if we understand the differences between platforms.

 

[burtsbees]

Don't underestimate the power of the older CatOS switches and the 2500 series routers! My LAN switch here at work is a Cat2980G one of my customers gave to me---they said it was too old...lol

Burt

 

[Cluebird]

Burt,

I concur. I have a Cat 5000 and 12 1900s, 5 2900/3500XL, a bunch of 2500/2600 series, and a 7000 router that I still use for practice. Most of them are battered and beaten, but considering the 2500 and Cat5000 were the CCIE lab gear several years ago, they are still great for practice and experience. When I have a class of more experienced admins, I'll throw in curves with the older gear to make labs more interesting.

 

[maczen]

Burt always reminds me of Yoda when he gets on the CatOS subject...

Underestimate not the power of the CatOS
Strong the force is in that one... LoL

You guys have convinced me to keep the 2924XL-EN switches that I own... Was going to sell them sice I have the 2950's now but will just build another rack...

I also appreciate the advice on both syntax changes as well as the power of CatOS! LoL J/K Burt...

Thanks guys!

B Haines
CCNA R&S, ETA FOI

 

[gte861s]

Hello all, I am a new user and was doing some searching which brought me to this forum and then to this thread. I have a similar question?

I have a Cisco 2811 Router with a 16 port Gigabit ethernet switch card installed. Previously, for some test and demos, I had it setup for each interface to be on one vlan then I routed (not trunked) the gig1/0/2 port back to the router where the phones could grab their phone loads, etc....fast forward to now....I want to trunk the connection similar to what was demonstrated earlier in this post with one caveat....can I remove the Vlan Ip address I assigned on the switch card and just have anything that connects via the switchports to trunk via the gigE interface and control that same VLAN IP from the router side?

 

[maczen]

Good question..

Have you tried to trunk from G1/0/2 to the layer 2 switch and also create subinterfaces on G1/0/2 for Inter-VLAN Routing? Not sure if that will work but if you wait a few one of the gurus will answer...

B Haines
CCNA R&S, ETA FOI

 

[gte861s]

In the meantime I have managed to get my questioned setup configured.

If you treat the NME-16ES module as a separate switch, it's connected to the router through the gi1/0 network interface. This virtual network cable is connected to the switch on interface gi1/0/2.

So I setup the switch like some others were describing - I set each of the FastEthernet 1/0/1-16 port point to my desired switchport vlan 59 then I set the virtual interface gi1/0/2 to have: switchport trunk encapsulation dot1q and switchport mode trunk.

Then on the router side, I used the gi1/0 sub-interface to create my access to the vlan on the switch...

int gi1/0.59
encapsulation dot1q 59
ip address 172.20.23.1 255.255.255.0

Now I have my vlan IP management residing on the router as it should be and my switch is operating as it should, at layer 2.

My next iteration will be to separate the data and voice on their own VLANs.

 

[maczen]

Thanks for sharing gte.. I have not had an opportunity to play with one of those switch cards but figured it would have a similar setup.. appreciate the post!!!

So are you going to create g1/0.1 and make it your native (management) and separate the rest into your various voice vlans / data etc?

B Haines
CCNA R&S, ETA FOI

 

[gte861s]

I'm going to separate the voice/data vlan's, but for the way this switch card is being used on this iteration of testing, just getting the layer 3 stuff moved to the router was really all I wanted.

I can still manage the switch (not doing any SNMP management or loopbacks on this system) because of my router has the gi1/0 interface set with an ip address and then I can initiate a session from the router. The command to access the switch card from the router would look like this:

router# service-module gigabitEthernet 1/0 session

 

[maczen]

Thanks gte!

B Haines
CCNA R&S, ETA FOI