Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Vlan Trunking Question

Status
Not open for further replies.
mrgauth

mrgauth

Technical User
Jul 19, 2002
64
US
I have a 2950 switch that I want to create two vlans on and put the first 12 ports in vlan 67 and the last 12 in vlan 68. I want to connect the switch to my 2951xm router and trunk the two vlans across the link. I have created the vlans, put the ports in the appropriate vlans with these commands in the switch:

interface FastEthernet0/1
description Link to router; FA0/0
switchport trunk allowed vlan 67,68
switchport mode trunk
no ip address
duplex full
speed 100

As for the ports themselves I used the 'switchport access vlan' command to put the ports in the appropriate vlans. Won't bother showing all of that here.

On the router I have these commands for the other end of the trunk:

interface FastEthernet0/0
description Link to OKONETASUB-SW1; Port FA0/1
no ip address
no ip redirects
ip pim sparse-dense-mode
duplex auto
speed auto
!
interface FastEthernet0/0.67
description Link to okonetasub-sw1 for local AEP connections
encapsulation dot1Q 67
ip address 10.120.67.254 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface FastEthernet0/0.68
description Link to okonetasub-sw1 for Adesta connections
encapsulation dot1Q 68
ip address 10.120.68.254 255.255.255.0
no ip redirects
ip pim sparse-dense-mode

There must be something wrong here because from the switch I cannot ping the router and vice versa. Why can't I talk between the two. Show vlans on the switch shows both vlans to be 'active', and the sh interface command shows all of these interfaces to be up up. What am I missing? I am new at this, so, I would not be surprised to be missing alot, but any advice would be appreciated. Need more info, let me know. Thanks in advance.

Mike in Tulsa
 
Sort by date Sort by votes
The configuration looks OK - For the speed & duplex you either need to leave both ends at Auto-Speed and Auto-Duplex or fix them both at 100/Full otherwise you will have a mis-match. You should set the switch end of the trunk to 'nonegotiate' (switchport nonegotiate) as the router doesn't support DTP. There is no need for the 'ip pim sparse-dense-mode' on the major interface (FastEthernet0/0) as it isn't running IP. I assume you have created the VLANs in global configuration and also created the management 'interface VLAN 67' (or 68) on the switch and shut down the VLAN 1 interface? Other than that it looks OK....

There is always the possibility that it is a bug? - more likely to be the router IOS than the switch though.

Andy
 
Upvote 0 Downvote
I had NOT done the switchport nonegotiate command on the switch and had NOT shutdown the vlan1 interface.

Should there be any changes to the native or just leave everything at default vlan1?

 
Upvote 0 Downvote
One other thing, I can only do a 'no shut' on one of the two vlan interfaces in the switch. There is a vlan67 and a vlan68 and when I 'no shut' one the other automatically goes down. No matter what I try I cannot have them both up at the same time which makes no sense whatsoever since I know you can multiple vlans. That is the whole point of trunking in the first place.

Therefore, I am only able to ping from the router the address of the one that happens to be up. I HAVE to be able to reach both or how on earth will the devices connected to both vlans ever talk to the network?

One other thing, what should I set the default-gateway to in the switch? Since we are looking at two vlan subinterfaces with a 67.254 address on one vlan and a 68.254 address on the other, I don't know what to set the default-gateway to on the switch since I can only have one.

 
Upvote 0 Downvote
I assume you are not using VLAN 1? If so it should be OK to leave this as the Native. We used to set the Native to be a unique VLAN on each Trunk but i think this is a bit overkill if you aren't actually using VLAN 1 for data.

The 2950 is only a Layer-2 switch and can only have a single Layer-3 VLAN interface - this is it's management interface and nothing more. You can have multiple Layer-2 VLAN's but only a single Active Interface VLAN X.

Your PC's default gateways will be the 2651XM IP addresses as this will do the inter-vlan routing NOT the 2950 as it can't.

The default gateway of the switch should be the IP address of the subinterface that coresponds to the VLAN the switch management is using - i.e. if you Make Interface VLAN 67 active then its default gateway should be 10.120.67.254.

Andy
 
Upvote 0 Downvote
One more question. If I can only have one interface vlan X (let's say interface vlan67), then how do the ports on vlan 68 work and what would be the gateway for the devices connected to the ports in vlan68.

Let's say I remove the int vlan68 stuff and only have vlan67 and shutdown vlan1. Then I put ports 1-12 in vlan67 and ports 13-24 in vlan68. If I then give my pc a vlan68 ip, will I be able to ping the router on the other end of the trunk link?

By the way, I really appreciate your explanations. You are very concise, yet make much more sense than some of the responses I have had on some of the forums. Thanks again.
 
Upvote 0 Downvote
The 2950 cannot route between the VLAN's it is only a layer-2 device. The routing must be done by a layer-3 device - in your case the 2651XM router. The default gateway for devices in vlan 67 will be the IP address of subinterface FastEthernet0/0.67 on the 2651XM and the default gateway of devices in vlan 68 will be the IP address of subinterface FastEthernet0/0.68 on the 2651XM.

This is the 'router-on-a-stick' scenario - it doesn't matter what VLAN the 2950 management interface is on as long as you can reach it. All traffic between the VLAN's is router by the 2651XM.


Andy
 
Upvote 0 Downvote
Thanks. All is good now. Appreciate it.
 
Upvote 0 Downvote
I think you got your explanation its very simple that its just a Layer 2 machine and the only job that it can do is to take the packets to the correct vlan
there can only be 1 only one interface for management purpose only and can have an ip address and passwords for only one can access and configure your Vlan..
Not pinging the switces interfaces is obvies bcause its a layer -2 machine and a good one if you want your Vlans to comunicate with each other you have to use a router or a Layer 3 switch ..
hope i helped you keep going
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
210
Zero6
Zero6
cheikhdtn
  • Locked
  • Question
VLAN
Replies
3
Views
139
iggsterman
iggsterman
Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
175
burtsbees
burtsbees
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
117
mikey789
mikey789
netguy2000
  • Locked
  • Question
C2960TTL multiple Trunk ports with same VLAN
Replies
1
Views
139
chieftan
chieftan

Part and Inventory Search

Sponsor

Back
Top