2950-EI vlan issue
Hi,
Originally someone else setup the switch, gave it a vlan of 6, an ip on the vlan interface, and assigned all the ports to vlan 6. I added a vlan 7. Assigned it to one port (nothing was plugged into it), and the telnet session dropped out. Now I cannot telnet to the switch via the ip setup on vlan 6.
Can someone explain to me how I telnet to this switch once again?
Thanks in advance
Hi Jschar,
I was sure that was the problem because you updated in your first post that you have assigned vlan 7 to unused port.
2950 is a layer 2 switch so only one vlan with an ip can be active on it. Actually layer 2 switch only need an ip on interface vlan just to manage it remotely as you are doing via telnet.
So as soon as you assign or create any other vlan and assign any ip to it it will remain in line protocl down state but as soon as you assign any port to that new vlan the line protocl will come up and it will bring down the other interface vlan (vlan 6 in your case) as that was the reason you lost the telnet connection.
Yes you are very right you can create many vlans at layer 2 and it will be active and work fine. And if you create a trunk on a port which is already in vlan 6 it will definetely allow all the vlan including your vlan 7 till the time you manually restrict it.
I will suggest just let the interface vlan 6 with an ip address so that you cxan telnet it anytime for remote management and craete a trunk to allow other vlans to pass through the network.
HTH
Ankur
Similar Messages
-
7936 not showing software version and vlan issue
I have a 7936 that does not show the software version. I have installed the newest load on the callmanager, but still cannot see what version it is running on the phone.
My main issue with the phone is that I have to set the switchport access vlan to the voice vlan, if I try to let the phone use the swithport voice vlan, it will pull an IP address off of the data vlan and not the voice vlan.
Any help with either of these issues would be greatly appreciated. I do rate all helpful posts.
Thanks,
RobertHi Robert,
Here is some info that may help;
Verifying Firmware Version Information
You can obtain information about the firmware version installed on the IP Conference Station.
Follow these steps to verify the firmware version on an IP Conference Station:
Step 1 Press the Menu button.
Step 2 Press the Up or Down scroll button to select the Admin Setup menu.
Step 3 Press the Select button.
Step 4 Enter the administrator password. (The default administrator password is **#.)
Step 5 Press the Enter softkey.
Step 6 Press the Up or Down scroll button to select System Information.
Step 7 Press the Select button.
Step 8 Press the Up or Down scroll button to select SW Version.
The firmware version number is displayed.
Or if that is not working try accessing this way;
Using the Web Interface
Follow these steps to access the Cisco IP Conference Station 7936 web interface:
Step 1 Open your web browser.
Step 2 In the address field enter:
http:// IP address of the IP Conference Station:
Configuration information applies to the specific IP Conference Station associated with the IP address you enter.
Note If you changed the HTTP port number, you need to use that number as a suffix to the IP address. If you did not change the HTTP port number, then you do not need to enter a suffix.
The web interface appears, and the initial login page is displayed.
Step 3 To log in as the administrator, enter the administrator password and click Login.
The default administrator password is **#.
Note When logged in to the IP Conference Station web pages, the web pages will time out after approximately 20 minutes of inactivity. You will then have to log back in.
Step 4 To log off, click Administrator Logout.
Information Available on All Web Pages
The top right portion of the Cisco IP Conference Station 7936 web interface includes a separate section that displays consistent information for all of the web pages.
This section contains the following information; example text appears next to each item in the list:
Software Version: 3.3(2.00)
Protocol Type: SCCP
Boot Load ID: PC0503031418
Application Load ID: CMTERM_7936.3-3-2-0
IP Address: 10.1.1.11
MAC Address: 00c742655892
Local Number: 2022
As far as the VLAN issue goes, this has always been the case for our 7935's as well and I'm sure the 7936 is the same.
Switchport mode access
Switchport access VLAN XXX
Hope this helps!
Rob
Please remember to rate helpful posts........ -
Cisco 2950 - 3350 Trunking issue - Port not lighting up
Hi There,
I have two switches I am trying to connect a 2950 and a 3350. I have a crossover cable connecting them from fa0/24 to fa0/24 setup as a trunk,
however they won't connect and the port on both switches is down, (e.g no port light coming on on switch)
here is some show commands from both switches.. does anyone know where I am going wrong.. thanks in advance
2950#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.0.11 YES NVRAM up up
FastEthernet0/1 unassigned YES unset up up
FastEthernet0/2 unassigned YES unset down down
FastEthernet0/3 unassigned YES unset down down
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/24 unassigned YES unset down down
2950#sh vlan
VLAN Name Status Ports
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
Primary Secondary Type Ports
2950#sh run
Building configuration...
Current configuration : 1278 bytes
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname 2950
enable secret 5 $1$JKXw$gcYpfOaSQRiQqcCuVF5371
ip subnet-zero
ip ssh time-out 120
ip ssh authentication-retries 3
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
interface FastEthernet0/1
interface FastEthernet0/2
interface FastEthernet0/3
switchport mode access
interface FastEthernet0/4
interface FastEthernet0/24
switchport mode access
speed 100
duplex full
interface Vlan1
ip address 192.168.0.11 255.255.255.0
ip http server
line con 0
line vty 0 4
password cisco
login
line vty 5 15
login
end
2950#
3350#sh vlan
VLAN Name Status Ports
1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
Primary Secondary Type Ports
3350#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.0.12 YES NVRAM up up
Vlan200 unassigned YES NVRAM down down
FastEthernet0/1 unassigned YES unset down down
FastEthernet0/2 unassigned YES unset up up
FastEthernet0/3 unassigned YES unset down down
FastEthernet0/24 unassigned YES unset down down
GigabitEthernet0/1 unassigned YES unset down down
GigabitEthernet0/2 unassigned YES unset down down
3350#sh run
Building configuration...
Current configuration : 1728 bytes
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname 3350
enable secret 5 $1$ojzz$X.gjyIj/4JDGAUDXYP5ie1
ip subnet-zero
ip routing
spanning-tree mode pvst
spanning-tree extend system-id
interface FastEthernet0/1
no ip address
interface FastEthernet0/2
no ip address
interface FastEthernet0/3
switchport mode access
no ip address
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
duplex full
speed 100
interface GigabitEthernet0/1
no ip address
interface GigabitEthernet0/2
no ip address
interface Vlan1
ip address 192.168.0.12 255.255.255.0
interface Vlan200
no ip address
ip classless
ip http server
line con 0
line vty 0 4
password cisco
login
line vty 5 15
login
end
3350#Hi Karthick,
I had a look under the interface however I don't appear to have any command for mdix-auto?
2950(config-if)#?
Interface configuration commands:
arp Set arp type (arpa, probe, snap) or timeout
bandwidth Set bandwidth informational parameter
carrier-delay Specify delay for interface transitions
cdp CDP interface subcommands
channel-group Etherchannel/port bundling configuration
channel-protocol Select the channel protocol (LACP, PAgP)
default Set a command to its defaults
delay Specify interface throughput delay
description Interface specific description
dot1x Interface Config Commands for 802.1x
down-when-looped Force looped interface down
duplex Configure duplex operation.
exit Exit from interface configuration mode
fair-queue Enable Fair Queuing on an Interface
help Description of the interactive help system
hold-queue Set hold queue depth
ip Interface Internet Protocol config commands
keepalive Enable keepalive
lacp LACP interface subcommands
load-interval Specify interval for load calculation for an interface
logging Configure logging for interface
mac-address Manually set interface MAC address
macro Command macro
mls mls interface commands
mvr MVR per port configuration
no Negate a command or set its defaults
pagp PAgP interface subcommands
random-detect Enable Weighted Random Early Detection (WRED) on an
Interface
rmon Configure Remote Monitoring on an interface
shutdown Shutdown the selected interface
snmp Modify SNMP interface parameters
spanning-tree Spanning Tree Subsystem
speed Configure speed operation.
storm-control storm configuration
switchport Set switching mode characteristics
timeout Define timeout values for this interface
transmit-interface Assign a transmit interface to a receive-only interface
tx-ring-limit Configure PA level transmit ring limit
udld Configure UDLD enabled or disabled and ignore global UDLD
setting
2950(config-if)# -
Here is the problem we are having , we have a 2950 hooked to a 6509 hybrid dist box with approx 90 vlans on it . We hook up a new 2950 and we get the following message, Dec 21 19:47:45.116: %SPANTREE_VLAN_SW-2-MAX_INSTANCE: Platform limit of 64 STP instances exceeded. No instance created. Ok , I know about the spanning tree issues with the 2950 only having limited PVST instances . But up at the dist side we have "manually pruned off all but 5 vlans on the trunk feeding this 2950 with the "clear trunk" command . I thought manually pruning off the vlans from the trunk would eliminate this problem , maybe i have a misunderstanding of how this works. Also the message on the 2950 complains about it only having 64 instances of spanning tree yet when you do a "show vtp status it says it supports 250 instances locally so whats up with that , 2950 running 12.1.22EA4 . So I guess I'm asking is there any way around this for the 2950 . Also in client/server mode do you have to manually prune off the vlans on both the server side and the client side ??
Hello Glen,
I guess instead of manually pruning the VLANs off the trunk, you could also try and enable VTP pruning globally on the 6509 (set vtp pruning enable). I assume you have the 6509 configured as the VTP server (set vtp mode server) ?
I am not sure if CatOS and IOS defaults to the same VTP version, can you check this (with 'show vtp domain' for CatOS and 'show vtp status' for the IOS switch) ?
Also, in a purely IOS environment, manually pruning VLANs off a trunk requires doing that only on the server side, but with a mix of CatOS and IOS, it might have to be done on both sides, you might want to give it a try and use the 'switchport trunk allowed' command on the 2950 as well...
Regards,
GP -
Native VLAN issue on 2900XL/3500XL
I currently have TAC case open on this but I thought I would go ahead and start a thread here and see what others think...
We currently have over 200 2900/3500XL's left in our production environment. We recently finished our yearly IOS upgrade and moved all these series switches to the latest IOS (WC13), most of them had WC10.
After the upgrade (reload of the switches) we noticed many of the switches lost their CDP neighbor info. The switches are otherwise working fine, trunks are still up and users are having no issue. However this is wreaking havco on Cisco works "Topology Services". The CDP neighbor info is simply gone. Also when you do a debug CDP packet on the switches you never see any of the switches "receive" CDP packets back only send them.
Our standard config is to use a native VLAN of 999 and not include it on the trunks (per Cisco best practice). Basically what we have noticed is the only way to get CDP to work with any WC IOS past 10 is to include the native VLAN on the trunk.
My question is why would Cisco revert back to this as a default (non best practice)?
One more interesting thing is when a 2900/3500XL running WC13 is trunked (connected) to anything else (2950, 3750, 4506, etc) the CDP info works and shows up fine.We have seen some of this also , just on nontrunked links back to routers or mls's . A lot of the time i have been to get them to work by doing a "clear interface F0/X on both sides . I don't know if this would be disruptive on a trunk link or not as we don't trunk these old boxes . You have to do the clear command on both sides of the link if one side does not work , you may have to wait for the cdp timers after the clear command to see if it worked or not . May not work at all on a trunk link I don't know but it's something to try to if it will kick start the cdp process. Personally I think it is a bug but they probably won't fix it because these are EOL and EOS .
-
QoS / Native VLAN Issue - Please HELP! :)
I've purchased 10 Cisco Aironet 2600 AP’s (AIR-SAP2602I-E-K9 standalone rather than controller based).
I’ve configured the WAP’s (or the first WAP I’m going to configure and then pull the configuration from and push to the others) with 2 SSID’s. One providing access to our DATA VLAN (1000 – which I’ve set as native on the WAP) and one providing access to guest VLAN (1234). I’ve configured the connecting DELL switchport as a trunk and set the native VLAN to 1000 (DATA) and allowed trunk traffic for VLAN’s 1000 and 1234. Everything works fine, when connecting to the DATA SSID you get a DATA IP and when you connect to the GUEST SSID you lease a GUEST IP.
The problem starts when I create a QoS policy on the WAP (for Lync traffic DSCP 40 / CS5) and try to attach it to my VLAN’s. It won’t let me attach the policy to VLAN 1000 as it’s the native VLAN. If I change VLAN 1000 on the WAP to NOT be the native VLAN I can attach the policies however wireless clients can no longer attach to either SSID properly as they fail to lease an IP address and instead get a 169.x.x.x address.
I'm sure I'm missing something basic here so please forgive my ignorance.
This is driving me insane!
Thanks to anyone that provides assistance. Running config below and example of the error...
User Access Verification
Username: admin
Password:
LATHQWAP01#show run
Building configuration...
Current configuration : 3621 bytes
! Last configuration change at 02:37:59 UTC Mon Mar 1 1993 by admin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname LATHQWAP01
logging rate-limit console 9
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
no ip routing
dot11 syslog
dot11 vlan-name Data vlan 1000
dot11 vlan-name Guest vlan 1234
dot11 ssid LatitudeCorp
vlan 1000
authentication open
authentication key-management wpa version 2
wpa-psk ascii
dot11 ssid LatitudeGuest
vlan 1234
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii
crypto pki token default removal timeout 0
username admin privilege 15 password!
class-map match-all _class_Lync0
match ip dscp cs5
policy-map Lync
class _class_Lync0
set cos 6
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1234 mode ciphers aes-ccm
encryption vlan 1000 mode ciphers aes-ccm
ssid LatitudeCorp
ssid LatitudeGuest
antenna gain 0
stbc
station-role root
interface Dot11Radio0.1000
encapsulation dot1Q 1000 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.1234
encapsulation dot1Q 1234
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
service-policy input Lync
service-policy output Lync
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 1234 mode ciphers aes-ccm
encryption vlan 1000 mode ciphers aes-ccm
ssid LatitudeCorp
ssid LatitudeGuest
antenna gain 0
no dfs band block
stbc
channel dfs
station-role root
interface Dot11Radio1.1000
encapsulation dot1Q 1000 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.1234
encapsulation dot1Q 1234
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
service-policy input Lync
service-policy output Lync
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0.1000
encapsulation dot1Q 1000 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.1234
encapsulation dot1Q 1234
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
no bridge-group 255 source-learning
service-policy input Lync
service-policy output Lync
interface BVI1
ip address 10.10.1.190 255.255.254.0
no ip route-cache
ip default-gateway 10.10.1.202
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
transport input all
end
LATHQWAP01#conf
Configuring from terminal, memory, or network [terminal]? t
Enter configuration commands, one per line. End with CNTL/Z.
LATHQWAP01(config)#int dot11radio1.1000
LATHQWAP01(config-subif)#ser
LATHQWAP01(config-subif)#service-policy in
LATHQWAP01(config-subif)#service-policy input Lync
set cos is not supported on native vlan interface
LATHQWAP01(config-subif)#Hey Scott,
Thank you (again) for your assistance.
So I' ve done as instructed and reconfigured the WAP. I've added an additional VLAN (1200 our VOIP VLAN) and made this the native VLAN - so 1000 and 1234 are now tagged. I've configure the BVI interface with a VOIP IP address for management and can connect quite happily. I've configured the connecting Dell switchport as a trunk and to allow trunk vlans 1000 (my DATA SSID), 1200(native) and 1234 (MY GUEST SSID). I'm now back to the issue where when a wireless client attempts to connect to either of my SSID's (Guest or DATA) they are not getting a IP address / cannot connect.
Any ideas guys? Forgive my ignorance - this is a learning curve and one i'm enjoying.
LATHQWAP01#show run
Building configuration...
Current configuration : 4426 bytes
! Last configuration change at 20:33:19 UTC Mon Mar 1 1993 by Cisco
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname LATHQWAP01
logging rate-limit console 9
enable secret 5
no aaa new-model
no ip source-route
no ip cef
dot11 syslog
dot11 vlan-name DATA vlan 1000
dot11 vlan-name GUEST vlan 1234
dot11 vlan-name VOICE vlan 1200
dot11 ssid LatitudeCorp
vlan 1000
authentication open
authentication key-management wpa version 2
mobility network-id 1000
wpa-psk ascii
dot11 ssid LatitudeGuest
vlan 1234
authentication open
authentication key-management wpa version 2
mbssid guest-mode
mobility network-id 1234
wpa-psk ascii
no ids mfp client
dot11 phone
username CISCO password
class-map match-all _class_Lync0
match ip dscp cs5
policy-map Lync
class _class_Lync0
set cos 6
bridge irb
interface Dot11Radio0
no ip address
encryption vlan 1000 mode ciphers aes-ccm
encryption vlan 1234 mode ciphers aes-ccm
ssid LatitudeCorp
ssid LatitudeGuest
antenna gain 0
stbc
mbssid
station-role root
interface Dot11Radio0.1000
encapsulation dot1Q 1000
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
service-policy input Lync
service-policy output Lync
interface Dot11Radio0.1200
encapsulation dot1Q 1200 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.1234
encapsulation dot1Q 1234
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 spanning-disabled
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
service-policy input Lync
service-policy output Lync
interface Dot11Radio1
no ip address
encryption vlan 1000 mode ciphers aes-ccm
encryption vlan 1234 mode ciphers aes-ccm
ssid LatitudeCorp
ssid LatitudeGuest
antenna gain 0
peakdetect
no dfs band block
stbc
mbssid
channel dfs
station-role root
interface Dot11Radio1.1000
encapsulation dot1Q 1000
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
service-policy input Lync
service-policy output Lync
interface Dot11Radio1.1200
encapsulation dot1Q 1200 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.1234
encapsulation dot1Q 1234
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 spanning-disabled
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
service-policy input Lync
service-policy output Lync
interface GigabitEthernet0
no ip address
duplex full
speed auto
interface GigabitEthernet0.1000
encapsulation dot1Q 1000
bridge-group 255
bridge-group 255 spanning-disabled
no bridge-group 255 source-learning
service-policy input Lync
service-policy output Lync
interface GigabitEthernet0.1200
encapsulation dot1Q 1200 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.1234
encapsulation dot1Q 1234
bridge-group 254
bridge-group 254 spanning-disabled
no bridge-group 254 source-learning
service-policy input Lync
service-policy output Lync
interface BVI1
mac-address 881d.fc46.c865
ip address 10.10. 255.255.254.0
ip default-gateway 10.10.
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
sntp server ntp2c.mcc.ac.uk
sntp broadcast client
end
LATHQWAP01# -
Strange VLAN issue on aironet access points
I'm setting up some access points for WPA. I've ran into a strange issue. The client VLAN (VLAN that the users will be put into) is 1, and the native VLAN is 10. The RADIUS server is in VLAN 1 (but I have a test RADIUS server in VLAN 10 as well). I can connect from the access point to a RADIUS server in either VLAN, and from the RADIUS servers to the access point as well. When I point to a RADIUS server in VLAN10 authentication works fine. If I point to a RADIUS server that is located in VLAN1, and I put the wireless clients in VLAN10 it works fine. But for some reason when I have the RADIUS server and the clients in VLAN (1) and the native (BVI1) interface in VLAN 10 the authentication packets never seem to get to the RADIUS server. It is as if the authentication is being sources out of the wrong VLAN. I can?t find any docs to say that this isn?t a supported configuration.
Hi Shannon,
have a look here:
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#apconfig
- - - Snipp - - -
Significance of Native VLAN
When you use an IEEE 802.1Q trunk port, all frames are tagged except those on the VLAN configured as the "native VLAN" for the port. Frames on the native VLAN are always transmitted untagged and are normally received untagged. Therefore, when an AP is connected to the switchport, the native VLAN configured on the AP must match the native VLAN configured on the switchport.
Note: If there is a mismatch in the native VLANs, the frames are dropped.
This scenario is better explained with an example. If the native VLAN on the switchport is configured as VLAN 12 and on the AP, the native VLAN is configured as VLAN 1, then when the AP sends a frame on its native VLAN to the switch, the switch considers the frame as belonging to VLAN 12 since the frames from the native VLAN of the AP are untagged. This causes confusion in the network and results in connectivity problems. The same happens when the switchport forwards a frame from its native VLAN to the AP.
- - - Snapp - - -
Best regards,
Frank -
The device doing the routing between the vlans should know how to get to each vlan, either by explicit or dynamic routes being set to the ingress/egress point of this vlan. Or by being directly connected, so the routing device would Ideally in a small network on one site would have an IP in vlan 200 and be the default gateway, and ip for communication on the original network and an ip to communicate with the firewall or if firewall is inbuilt on the internet. You should have a route for 0.0.0.0 set to the external next hop. Start from the device doing the routing and see if it can ping devices in each subnet.
From there ensure the default gateway for the devices are on the same vlan and in the same subnet as the vlan interface for the device doing the routingOk, so I have asked vlans questions before and I thank you all for your help.My issue today is odd. I've scratched my brain for awhile on this.Here is the scenario.I added VLAN 200 to our router and all switches in the house.Gateway is the router at 10.20.x.1Only thing that has changed hardware wise is I added a HP 2920 for a SAN/Vmware implementation.I am not able to ping/communicate with devices in VLAN 200 from other VLANs.If I try from my PC which is in VLAN122, I can only ping the router/gateway 10.20.x.1If I setup a laptop in VLAN200 and plug into our "main switch" which the router is connected to directly, I can ping the VLAN200 devices, but I CANNOT ping the router interface of 10.20.x.1It makes no sense to me at all, and I have had a reliable IT contact look at the issue as well, and it's been a hassle.I need to access VLAN200...
This topic first appeared in the Spiceworks Community -
Nexus 1010 + 1000v control vlan issue
Hi,
I have Nexus 1000v installed on nexus 1010. The nexus 1010 is in cluster and working fine. I have made network uplink option 3.
My VSM is configured to be on L3 mode. Hence I set control and packet vlan to 1 (on vsm). while creating the VSB too I have choosen control and packet vlan to be 1 (keeping in mind my mode will be L3).
Now The vsm is not coming up in HA. The redandancy log says degraded mode is true.
Is it because, the control packet coming from VSM after reaching the N1010, the packets are getting tagged with vlan 1. Since I have not set any native vlan on 1010, might be control vlan 1 is also tagged one. Is it this the case ?
help needed on this issue.
regards
Prasad KControl vlan is a totally seperate VLAN then your System Console. The VLAN just needs to be available to the ESX host through the upstream physical switch and then make sure the VLAN is passed on the uplink port-profile that you assign the ESX host to.
We only need an interface on the ESX host if you decide to use L3 control. In that instance you would create or use an existing VMK interface on the ESX host. -
I have 2 Cisco 2950 switches one for each network in my office. One switch is full the other only has 8 ports used. Since both swithches are 24 port I though I might be able to split the switch on the underused network and allocate 12 ports on it to the other busy network.
I assume I have to create 2 Vlans on the switch, but can I assign 1 vlan with the same IP as the other switch and simply patch them together.Hi Mark,
first of all i have a question.... Why do u need ip adresses on your switch? just to manage them?
If so here is my suggestion...
u should assign 3 vlans not 2... make one of them your management vlan and assing an ip addresses from a diffent subnet than your nodes. Then configure a trunk between the two switches. Remember to make your management vlan the native vlan (switchport trunk native vlan ).
Next u assign each port to the appropriate vlan and your done.
If u manage the switches via console port, forget about ip adresses... u dont need one. just make two vlans and assign the ports (dont forget the trunk).
Regards,
Sebastian -
1532 Autonomous Outdoor link DFS and vlans issue
Hi all,
I have a fresh installation of a Point to Point (1km distance) link using autonomous Aps 1532 and directional antennas 14dbi.
The regulatory domain is Europe and the only usable channels are 100 104 108 112 116 132 136 140 (DFS channels).
The link is near military area and DFS is triggered very often which causes frequent disconnections near every minute.
From the logs i see that there is no available channel:
%DOT11-6-DFS_TRIGGERED: DFS: triggered on frequency 5540 MHz
%DOT11-2-NO_CHAN_AVAIL_NON_OCCP: Interface Dot11Radio1, no channel available.
So if all channels are occupied by the radars why carrier busy test does show anything?
ROOT#dot11 dot11Radio 1 carr bu
Frequency Carrier Busy %
5500 0
5520 0
5540 0
5560 0
5580 0
5660 0
5680 0
5700 0
The second issue is regarding vlans.
3 Vlans: Data vlan 1 ,Voice vlan 2 , Management vlan 100 (native vlan for bridging).
After rebooting the non-root bridge data vlan 1 doesn't works even though management and voice are ok.
The workaround i found is to manually change the bridge group to different number.
After the change connectivity is comes back... (maybe bug???)
interface Dot11Radio1.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 spanning-disabled
interface Dot11Radio1.4
encapsulation dot1Q 1
bridge-group 4
bridge-group 4 spanning-disabled
interface Dot11Radio1.100
encapsulation dot1Q 100 native
bridge-group 1
bridge-group 1 spanning-disabled
Any thoughts?
Best regards,
Christos.Below is the output from one of my APs in the -E regulatory domain:
Carrier Set: ETSI (OFDM) (EU) (-E)
Uniform Spreading Required: Yes
Configured Frequency: 0 MHz Channel 0
Allowed Frequencies: 5180(36) 5200(40) 5220(44) 5240(48) 5260(52) 5280(56) 5300(60) 5320(64) 5500(100) 5520(104) 5540(108) 5560(112) 5580(116) 5660(132) 5680(136) 5700(140)
Listen Frequencies: 5180(36) 5200(40) 5220(44) 5240(48) 5260(52) 5280(56) 5300(60) 5320(64) 5500(100) 5520(104) 5540(108) 5560(112) 5580(116) 5660(132) 5680(136) 5700(140) 5745(149) 5765(153) 5785(157) 5805(161) 5825(165)
It seems to be a limitation of the 1530 series:
http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1530-series/data_sheet_c78-728356.html
Frequency Band and 20-MHz Operating Channels
-E Domain:
● 2.401 to 2.4835 GHz; 13 channels
● 5.470 to 5.725 GHz; 8 channels
Regarding your issue with vlan 1, I can't see anything wrong in your configuration. This could indeed be a bug. I made a little research in the bug tool, but couldn't find anything related.
However, you should check the following before opening a case with the TAC:
check the logs from the AP immediately after a reboot
check your switch port status on each side
Is the bridge setting a loop in your network? I have worked on architectures with redundant wireless bridge uplinks using STP. A STP blocked port for vlan 1 could be a lead in that case.
Moreover, in your configuration, I can't see the usual bridge-group configuration under your subinterfaces. Not sure if this is of any use here as you have a 1532 AP, but I would try to add it for each subinterface:
interface GigabitEthernet0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface Dot11Radio0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled -
Hi
I have different vlans spread out edge switches, recently i had issues with a specific vlan. some switchports that are assigned to this vlan stop working, they appear connected ( green ) but don't respond to ping requests even with clients on the same vlan, actually they are access control readers also they can't communicate with their controller. I tried my laptop on the same switchports with ip of the same vlan i still cannot ping to any thing except my gateway ( virtual interface) on core switch. when i use these switchports with another vlan they just working normally !!
any help ?Hi saad.mahmoud,
I'm trying to understand the issue you're having and need some clarification. What do you mean by the switchports stopped working? Can a host connected to one of these edge switches, assigned to the specific VLAN, ping the SVI on the same edge switch?
Are only some switchports assigned to this specific VLAN are having problems, or is it all ports assigned to the VLAN? -
Cisco 2950 switch config issues
WOOHOO that worked! Have been on another site for a week trying to get this done.
Now, how do I change the default SSH port from 22 to the port I want?Hello,I have a Cisco 2950 switch that I am trying to get working correctly. I want to be able to make console and SSH connections, but not Telnet.
Texten!config tusername admin secret Pa55w0rden secret Pa55w0rd!line con 0password Pa55w0rdlogin local!line vty 0 4password Pa55w0rdlogin localtransport input ssh!hostname GEMSWI0001ip domain-name domain.localntp server 192.168.217.10!crypto key generate rsa2048username admin priv 15 secret Pa55w0rdaaa new-model!service password-encryption!ip http serverip http port 65410!!vlan 128name Officeint vlan128ip address 192.168.128.254 255.255.255.0shut!vlan 217name GEMint vlan217ip address 192.168.217.254 255.255.255.0shut!vlan 999name GEM-Adminint vlan999ip address 192.168.255.251 255.255.255.248no shut!int fa0/47description GEMCON0000-1switch access vlan 999switchport mode accessswitchport...
This topic first appeared in the Spiceworks Community -
Hi, I need a help!
I have a Catalyst 2950 with 24 ports.
How Can I add 2 or more vlans in an interface? This interface is connected with a Firewall.
With Catalyst 2900 no problem, I use switchport.
Thks.With 2950, you will need to configure the port to "trunk" if you want to carry more than one VLAN over it. Does your firewall support trunking?
-
CAT 2950 console terminal issue
I recently picked up a CAT 2950 switch, everything "seems" to run fine, LEDs are green and I am able to make a console connection. My issue is that the console connection does not last more than 15 seconds before closing/timing out, also the close time seems to be varible but never more than 15 seconds. I am able to enter exec mode, global configuration mode along with configuring the console interface to never timeout but that does not seem to help.
I was wondering if anyone has any suggestions, I am unable to clear
I was able to initiate the "write erase" command and sucessfully reload the swtich.
Switch#write eraseErasing the nvram filesystem will remove all configuration files! Continue? [confirm][OK]Erase of nvram: completeSwitch#reloa00:15:38: %SYS-7-NV_BLOCK_INIT: Initalized the geometry of nvramdSystem configuration has been modified. Save? [yes/no]: yBuilding configuration...[OK]Proceed with reload? [confirm]00:15:44: %SYS-5-RELOAD: Reload requested
Here is about 15 seconds worth of the IOS booting, after I had to create a new console terminal connection to see it.
User mode:
Switch>Switch>Switch>Switch>
So it operates just for 15 seconds.
Any suggestions?Write erase clears the startup-config in nvram but you must not save the running config afterwards.
Just "wr era" and power cycle or reload.
regards,
Leo
Maybe you are looking for
-
Apple TV (1st Gen) can't find update...
I recently got a 1st gen Apple TV from a friend who no longer wanted it. In order to completely reset it for my use, i ran a system restore using the Menu + - combination and it restored to 1.0 (It was one of the first 40GB units released) The issue
-
IPod Touch (2nd Gen) not charging properly and apps won't update
Hi, I'm not really sure if or how these problems can be linked, but I thought I'd put them together just in case... My first problem is that my apps aren't updating properly. When I try to apply the updates, I get the "waiting" come up but then it j
-
need help
-
How can i know the version of autoconfig ?
hi I am on 12.1.1 to determine my autopatch version i used Note 390666.1 i ran SET head off Lines 120 pages 100 col n_patch format A10 col bug_number format A10 col patch_name format A10 spool LACF_ptch_level.txt select ' LACF ' FROM dual; select bug
-
In regards to Users & Groups, & Login items- in System Prefs...
In automatic Login items, what is iTunesHelper???