Dot1q trunking

Similar Messages

• Vlan 1 on dot1q trunks, cross-vtp-domain

  Hello all,
  trying to transport vlan 1 via .1Q between a c6500 (IOS) and a c35xx. The idea is to access the c35xx for management purposes.
  Vlan 1 does not seem to work; neither the c35xx nor any devices attached to it can be seen in the vlan 1 cloud.
  The 2 catalysts are members of different vtp domains. Both domains do include their vlan 1 definitions.
  Any ideas?

  When using dot1q trunking you must specify what the native vlan is on BOTH sides of the trunk if it is different from 1. If you want the Interface VLAN1 on your 3750 be accessible then it must be in the same network as VLAN1 on your 6509. If you have a different vlan on your 3750 for users but want to keep VLAN1 for management this is how you need to set it up: Using VLAN 25 for users and VLAN 1 for management Example below using GiX/Y for uplink interface to 3750:
  interface Vlan25
  ip address 172.30.25.2 255.255.255.0
  ip helper-address 172.30.X.Y
  no ip redirects
  standby 1 priority 110 preempt
  standby 1 ip 172.30.25.1
  no shutdown
  Interface GiX/Y
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,25
  switchport mode trunk
  no shutdown
  On 3750:
  interface VLAN1
  decription "Management Interface"
  ip address 172.30.25.5 255.255.255.0
  interface GigabitEthernet1/0/1
  description "Trunk to 6509"
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,25
  switchport mode dynamic desirable
  By NOT including: "switchport trunk native vlan 25"
  on both sides of the trunk you are making VLAN 1 the native VLAN but still allowing VLAN 25 traffic

• Dot1q Trunk between Catalyst 6500 and HP Blade Enclosures

  We have a requirement to configure trunks to a 6500 and HP GbE2 interconnect switch in a blade enclosure.
  The interconnect switches and the 6500 are connected as in the attachment.
  The configuration was done using the documentation provided by HP for connecting these trunks to the 6500, but there seems to be some problem with STP.
  All the network remains stable for a time and then falls over, traffic counts on the trunk interfaces shoots up to crazy values.
  The access layer (consisting of 2950s) hanging off the 6500 also falls over and the interfaces on the trunks become err-disabled. This happens eventhough we are not trunking the 102-108 vlans that are trunked to the HP switches to these switches.
  We need to run dot1q trunks to the HP blade switches, because of the requirement to have the servers within the blade enclosure in different VLANS. The vlans were configured as per the document provided by HP and the server ports assigned accordingly.
  Has anyone managed to configure etherchannel trunks (dot1q) to HP blade switches? Any guidelines and findings will help

  Forgot the attachment....

• 3750 metro series switch does not support dot1q trunking?

  Folks,
  I have a 3750 metro series switch and i am trying to use it to do inter vlan routing. I do not see an option for "encapsulation dot1q" under sub interface?? why is it not supported??
  Thanks

  Narvin,
  if you want inter-vlan routing, the interface Vlan nn itself specify vlan.I think you confuse with router subinterface where you must specify what Vlan a subinterface must use ( and encaps type ). Encaps type ( dot1q or ISL ) is used at trunk level, and whatever trunk use you can do intervlan routing using vlan interface.
  maurizio

• 3750 Metro series do not dot1q trunking??

  Folks,
  I have a 3750 metro series switch and i am trying to use it to do inter vlan routing. I do not see an option for "encapsulation dot1q" under sub interface?? why is it not supported??
  Thanks

  Navin,
  The 3750 Metro series switch does not support Layer 3 trunks; you cannot configure subinterfaces or use the encapsulation keyword on Layer 3 interfaces. The switch does support Layer 2 trunks and Layer 3 VLAN interfaces, which provide equivalent capabilities.
  For more information, see the note under Table 12-5 on this page: http://www.cisco.com/en/US/products/hw/switches/ps5532/products_configuration_guide_chapter09186a00803960dc.html#wp1326724.
  Cheers,
  Josef.

• Problems with vlan and dot1q trunking port

  Dear Folks,
  i have problems with my AccessPoint Konfiguration.
  Even when i set the Catalyst Port to trunk, i can only connect to VLAN 1 but not to VLAN 10.
  and if i change the port to statik vlan 10 i can not connect to the ap but it works...
  config below:
  User Access Verification
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname 1200_PP_1
  logging queue-limit 100
  enable secret xxxx
  clock timezone A 1
  ip subnet-zero
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid DEPACNGLW0HS
  vlan 10
  authentication shared
  infrastructure-ssid
  mobility network-id 10
  speed basic-1.0 2.0 5.5 11.0
  rts threshold 2312
  channel 2412
  antenna receive right
  antenna transmit right
  station-role root
  interface Dot11Radio0.1
  no ip route-cache
  interface Dot11Radio0.10
  encapsulation dot1Q 10 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 port-protected
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  speed 100
  full-duplex
  ntp broadcast client
  interface FastEthernet0.1
  encapsulation dot1Q 1
  no ip route-cache
  bridge-group 254
  no bridge-group 254 source-learning
  bridge-group 254 spanning-disabled
  interface FastEthernet0.10
  encapsulation dot1Q 10 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.2.2.222 255.255.255.0
  no ip route-cache
  ip default-gateway 10.2.2.2
  ip http server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/122-15.JA/1100
  ip radius source-interface BVI1
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local
  line vty 5 15
  login
  end
  it would be fine if anyone could help me....

  You configure Layer 3 Mobility with WLSM. No trunking is required on the CAT switch. However, you need to set the switch port on the CAT switch as access port in VLAN 10.
  Please post the WLSM and SUP720 configuration. Also, which VLAN do you want to access the AP?
  The following URL may be useful for you to verify the configuration:
  http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/prod_technical_reference09186a00802a86a7.html

• Dot1q-Trunk Cisco - Enterasys Matrix E7

  Hi,
  we're trying to build a 802.1q-Trunk between a Cisco Catalyst 3550 and an Enterasys Matrix E7 (6H352-25).
  The untagged (native: 1) VLAN works but the tagged VLANs don't.
  The Cisco Interface (Gi0/1) is configured as usual:
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport nonegotiate
  It doesn't look like a STP problem.
  Does anybody have any experience with that combination or ideas how to make it work?
  Thanks in advance
  Rolf Fischer

  When you connect a Cisco switch to a non-Cisco device through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the native VLAN of the trunk with the spanning tree instance of the non-Cisco 802.1Q switch. However, spanning tree information for each VLAN is maintained by Cisco switches separated by a cloud of non-Cisco 802.1Q switches. The non-Cisco 802.1Q cloud separating the Cisco switches is treated as a single trunk link between the switches. Ensure the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. If the VLAN on one end of the trunk is different from the VLAN on the other end, spanning tree loops might result. Disabling spanning tree on any VLAN of an 802.1Q trunk can potentially cause spanning tree loops.

• WCCP: Is dot1Q trunking needed on Router I/F to avoid redirection loop

  Hi everyone,
  I have a question how configure Router I/F to avoid redirection loop.
  I understand Router and WAE must not be attached to the same segment to avoid redirection loop as written in the Quick Configuration Guide.
  However the sample configuration in Quick Configuration Guide does not show necessity of whether VLAN trunking is needed or not on the Router port and Switch under following environment;
  Client
  |
  |
  Switch --- WAE
  |
  |
  Router
  |
  |
  WAN
  |
  |
  Router
  |
  |
  Switch --- WAE
  |
  |
  Server
  I think .1Q trunking is need to avoid redirection loop and it is a only way to achieve it in case of the router (core and/or edge) has just two interfaces.
  And if the router does not support .1Q trunking due to hardware limitation or software limitation, I need to get the router had more one dedicated interface to redirect WAE by adding additional network module/card if it can.
  I am afraid that if the router does not support .1Q trunking and router has up to two interfaces, I need to purchase/prepare another router to achieve it or not.
  Is my understanding correct ?
  Or are there any method to avoid redirection loop other than using .1Q trunk or adding interface that is remains just two interfaces ?
  Would you please let me know your assistance ?
  Best regards,

  Hello,
  Note that this requirement will be changing in the very near future. Please reach out to your account team or overlay specialists for more details.
  Best regards,
  Joel

• FCoE storage and dot1q trunking

  We have direct attached Netapp  storage to the FIs configured as fcoe storage ports, the FIs are in  FC-switch mode. I see the netapp flogied into the FIs so the FC part  looks good. On the netapp side we have one 10g interface, e1a, with an ip address on it.  We have another 10g interface, e1b, with vlans attached to it so that interface sends and receives dot1q tagged frames.
  All the documentation seems to imply that ip traffic won't work at all on an FCOE storage port.  Yet, e1a works fine while e1b does not.  
  Question 1:  My theory is the plain ethernet on e1a works ok but the dot1q tagging on e1b is what actually doesn't work on the FCOE storage port.  Am I correct?
  Question 2:   I think to get dot1q working I need to switch to change the FI port type from FCOE storage to Appliance port.  Is that just as simple as chaning the port type via ucs manager?  Does that take the FCOE link offline or anything?

  Hello Tod,
  Please make sure you have dot1q on Netapp and necessary FCoE VLANs are tagged as native on both FI and Netapp.
  Below docs can serve as reference.
  UCS Local Zoning guide
  http://www.cisco.com/en/US/products/ps10281/products_configuration_example09186a0080c09983.shtml
  Flexpod deployment guide ( Instead of connecting to N5K, we are connecting Netapp directly to UCS FI. Netapp configuration would be similar )
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/Virtualization/flexpod_deploy.html
  Padma

• Dot1q trunk from single switch to multiple switches

  Hi,
  Hope you can help please !
  I have a single switch with 6 vlans and one trunk port at the main site  This has to connect to a 3 separate locations each with its own switch with a trunked port via a microwave network.
  I have run it in packet tracer using a hub as the microwave network.  It works fine in that, I just want to check it would 'actually' work or could it cause problems ?
  Diagram from PT below with 3 vlans just for clarification.

  First of all   'This is not a school related work' Leo Laohoo. There is no conspiracy here, calm yourself down.  
  We are loosing quite a few E1 circuits and they are being replaced with only a few ethernet, so we need to conserve them.
  It is indeed a L2 network.  The VLANs don't need to communicate with each other and will terminate into a firewall.  I used the PC's on the left as an interface just.
  I was concerned about having one trunk port connect to 3 other switches.  I wasn't sure how they would react as I've ever only used trunks point to point.  
  Hence why I used the hub in PT to break a single trunk into 3.  I just wasn't sure how the switches would react to this.
   Thanks !
  Mark

• Private vlan over dot1q trunks with etherchannels

  Dear Freinds,
  I need to know whether can i use trunks in etherchannel for Private Vlans.
  regards
  Manish Shamjee

  Hello manish,
  You would need to elaborate more on that.
  Are you trying to 'trunk' primary private vlan's or secondary private vlans? Or are you trying to configure private vlans on ports that are etherchannels?
  Read this "Do not configure private VLAN ports as EtherChannels. While a port is part of the private VLAN configuration, any EtherChannel configuration for it is inactive"
  The above is from the pvlan guidelines and restrictions found here:
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/pvlans.htm#wp1090979

• Dot1q trunk causes block port go to forwarding

  Hi
  I have three 3560 switches in a fully-meshed scenario, an access switch and 2 distribution switches. when connecting these switches in the triangle topology, since STP running by default one of port go to blocking mode and then loop is prohibited. But when in access switch i set tow ports connected toward distribution switches in trunk mode with command "switch port mode trunk" the Blocked port go to forwarding and i can't understand why?because i think the loop there is yet and spanning tree must block one of ports.
  Spanning tree mode is PVST+ and there are 8 VLANs on switches.
  The question is how does this situation occur? i couldn't find reason of this situation.
  Thanks in advance

  Hi, 
         It would be good that if you can provide the configuration that you had on each switch ports.
  Cheers
  Zarni

• Dot1q trunk between WS-C3548-XL and WS-C2950G-48-EI

  Cdp works , but no IP traffic.
  Vlan active on both sides.
  Its a provider xdsl layer 2 link.
  Any ideas ?
  Regards Bjornarsb

  cdp works both ways.
  sh int trunk is only supported on one end:
  #sh interfaces trunk
  Port Mode Encapsulation Status Native vlan
  Fa0/1 on 802.1q trunking 1
  Fa0/2 on 802.1q trunking 1
  Fa0/47 on 802.1q trunking 1
  Fa0/48 on 802.1q trunking 1
  Gi0/1 on 802.1q trunking 1
  Gi0/2 on 802.1q trunking 1

• VLAN DOT1Q, SWITCHPORT TRUNK NATIVE VLAN, and VLAN1

  Hi All,
  L2 security documents suggest to avoid using vlan1 and tagging all frames with vlan IDs using the global configuration of vlan dot1q. Other Cisco non-security documents suggest using the switchport trunk native vlan # which removes any vlan tagging. It seems to me that the global vlan dot1q command and the interface switchport trunk native vlan # are contradictory; therefore, both should not be used. Furthermore, my understanding is to avoid using vlan 1 to tighten L2 security. When vlan 1 is removed from all trunked uplinks, user access ports are other than vlan 1, and no spanning-tree vlan 1 operations exists, what is the native vlan 1 actually used for?. The output of show interface gi0/1 trunk shows the native vlan as 1.
  Thanks,
  HC

  Hi HC,
  the command "switchport trunk native vlan" is used to define the native (untagged vlan) on a dot1q link. The default is 1, but you can change it to anyting you like. But it does only change the native vlan, all the others vlan on the trunk are of course tagged (and it only applies to dot1q, as ISL "taggs/encapsulates" all the vlans). The command "vlan dot1q tag native" is mostly used in dot1qindot1q tunnels, where you tunnel a dot1q trunk within a dot1q trunk. Thats something mostly service Providers offer to there customers. There it is important that there is no untagged traffic, as that would not work with dot1qindot1q. This command tagges the native vlan traffic, and drops all traffic which is not tagged.
  Whatfor is the native VLAN? Switches send control PDU such as STP,CDP or VTP over the native VLAN.
  If you don't happen to be a service Provider for L2 metropolitan Ethernet, you wan't need the "vlan dot1q tag native" command. For my part I'm trying not to use vlan 1 everywhere in my campus, because it gives a huge spanningtree topology and if you ever get a switch to blow a heavy load of traffic into it, you have your whole campus network degradet. I try to keep Vlan's a small as possible and to have as much L3 separaton as possible, that's good for the stability!
  Simon

• Does the dot1q native VLAN need to be defined on the switch?

  I understand the issues with using VLAN 1 as the native VLAN on a dot1q trunk. I follow best practices and change the native VLAN to a VLAN that does not carry any other traffic (switchport trunk native vlan x). I usually go a step further and do not define the VLAN in the switch configuration. This way if traffic bleeds into the native VLAN because it is untagged then it cannot go anywhere.   So if I use VLAN 999 as the native VLAN, I do not create VLAN 999 on the switch.   I’m curious if anyone else does this or if there are any thoughts on whether this is a good or bad practice? 

  If you are tagging your native VLAN but do not have that VLAN in the vlan database - it makes no difference if the VLAN exists or not in my opinion. All the vlans on your trunks would be tagged anyway.
  It seems like a clever idea, but not sure if it provides any benefit.