Dynamic Vlan-Trunk port

Hi,
Is posible to configure a Switchport like dynamic vlan port and in the same time to be trunk port?

Hi,
Static ports that are trunking cannot become dynamic ports. You must turn off trunking on the trunk port before changing it from static to dynamic.
You can find more info here.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007f2ec.html
HTH,
Sundar

Similar Messages

VLAN trunking/access

Hello - I am in the process of creating a trunk between an HP ProCurve, and a linksys srw2048. I created the tagged port on the hp to pass vlan60 traffic across port 22 to the linksys, and enabled GVRP.
When I login to the Linksys all the vlans have been dynamically created however, when I go to ports to vlan or vlan to ports I cannot assign any ports to vlan60. I have setup port 1 as a trunk in the port settings page.
Any ideas why I cannot assign any ports to dynamic vlans?

You cannot assign dynamic VLANs statically to a port. That would make configuration impossible. Just think what happens if the dynamic VLAN disappears.
Static VLAN assignments require static VLANs.
Dynamic VLANs can be used to connect VLANs dynamically through trunk ports.
As the SRW is now part of Cisco Small Business I would suggest you ask further questions in the Cisco Small Business Support Community here. There are some Cisco people over there which should know better about the capabilities of these switches.

Wlc2112-k9 802.1x dynamic vlans on multiple ports

I have a wlc2112-k9. I have succesfully setup a WLAN with 802.1x authentication and dynamic VLAN assignment. The issue I have (and maybe it isn't an issue and just the way the controller works) is that if the vlan interfaces I have defined are connected to different ports from which the default interface for the WLAN it doesn't work.
So for instance, I create my WLAN and set the interface to the management interface (which is connected to port 1). I then define all my other vlan interfaces that could be returned by my radius server.
     ex: vlan_102 connected to port 2
           vlan_104 connected to port 3
           vlan_106 connected to port 4
And so forth.
Port 1 is configured on the switch on vlan 21. If the radius server returns a VLAN ID of 102, 104 or 106 my client successfully connects to the WLAN but it gets put on VLAN 21. However if I move the vlan interfaces above over to port 1 the client correctly gets put on the correct VLAN.
All ports on the switch are configured as trunk with the native vlan set to the corresponding value that is set on the WLC.
Is this just the way the controller functions? That it can't assign a client to a different interface that is connected to a different port from the default one setup when the WLAN is created? I would have just though that if the radius server returned VLAN 102 that it would find that interface and connect the user session via that interface regardless of the port it is configured on.
Thanks

dynamic vlan assignment should work with the controller
by returing the standard IETF attributes
64,65, and 81
You said that you have configured the native vlan on each trunk port to be exactly the same as the vlan assigned to dynamic interface on the neighbor controller port. Make sure to have the native vlan something else specially i guess that you have tagged the vlans on those dynamic interfaces.
Please make sure to rate correct answers

How to configure a port channel with VLAN trunking (and make it work..)

We're trying to configure a port channel group with trunked ports to connect a NetApp HA pair. We want to create two data LIFs and connect them to the switch stack. We are trying to create 2 data lifs, one for cifs and one for nfs that are on different vlans.
We want the same ports to be able to allow multiple vlans to communicate. (trunked)
These data lifs should be able to fail over to different nodes in the HA pair and still be able to communicate on the network.
What this means is that we have to connect 4 ports each for each node in the NetApp HA Pair to the switches and create a port channel of some type that allows for trunked vlans. When we configure the ports, the configuration is as follows (below):
We are only able to configure an IP on one of the vlans.
When we configure an IP from another vlan for the data lif, it does not respond to a ping.
Does anyone have any idea what I'm doing wrong on the Cisco switch?
interface GigabitEthernet4/0/12
description Netapp2-e0a
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,511,519
channel-protocol lacp
channel-group 20 mode active
end
interface GigabitEthernet4/0/13
description Netapp2-e0c
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,511,519
channel-protocol lacp
channel-group 20 mode active
end
interface GigabitEthernet6/0/12
description Netapp2-e0b
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,511,519
channel-protocol lacp
channel-group 20 mode active
end
interface GigabitEthernet6/0/13
description Netapp2-e0d
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,511,519
channel-protocol lacp
channel-group 20 mode active
end
interface Port-channel20
description Netapp2-NFS
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,511,519
spanning-tree portfast
spanning-tree bpduguard enable
end

Our problem was fixed by the storage people. They changed the server end to trunk, and the encapsulation / etherchannel.
I like all the suggestions, and they probably helped out with the configuration getting this to work.
Thanks!
interface Port-channel20
description Netapp2-NFS
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,511,519
switchport mode trunk
interface GigabitEthernet4/0/12
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,511,519
switchport mode trunk
channel-protocol lacp
channel-group 20 mode active
interface GigabitEthernet4/0/13
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,511,519
switchport mode trunk
channel-protocol lacp
channel-group 20 mode active
interface GigabitEthernet6/0/12
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,511,519
switchport mode trunk
channel-protocol lacp
channel-group 20 mode active
interface GigabitEthernet6/0/13
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,511,519
switchport mode trunk
channel-protocol lacp
channel-group 20 mode active

Dynamic WDS Discovery over VLAN-Trunk

Hi i have two wds ap each connected to a trunk-port. each has its bvi 1 interface connected to int f0.201 which is mapped to vlan 201. i can access the accesspoint by telnet, but the either do not exchange wlccp information, so everyone ends up as Standalone WDS. If i send updates on f0.201 they exchange wlccp information, but they stock in INIT-Phase. Here my config and the sh wlccp wds:
dot11 vlan-name SVL-WDSC24 vlan 201
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.0.201.2 255.255.255.0
no ip route-cache
wlccp wds priority 2 interface f0.201
WDSP57-1U-11-03#sh wlccp wd
MAC: 0013.7f24.36e2, IP-ADDR: - , Priority: 2
Interface FastEthernet0, State: INITIALIZATION
Does anyone have a guess?
thanks, regards dave

Unfortunately the Aironet's Cisco IOS supports BVI interface only on native VLANs.
You have to configure "encapsulation dot1Q 201 native" on the FastEthernet0.201 subinterface and then you should modify coherently the configuration on the switching infrastructure.
Regards,
Fabrizio

How to add VLAN to trunk port on Cisco SF200-24

Hello All,
I have question want to ask:
I have Cisco switch SF200-24 I want to configuration VLAN as below:
Port 1 to 10 = Vlan 100
Port 11 to 21 = Vlan 200
Port 22 to 24 = Vlan 300
Port GE1 = Trunking (Primary)
Port GE2 = Trunking (Secondary)
How to add all VLAN 100, 200, 300 go through Trunking Primary and Secondary?
Which port can I connect for management switch?
Thanks

> How to add all VLAN 100, 200, 300 go through Trunking Primary and Secondary?
firstly set those ports as trunks via "VLAN Management" -> "Interface settings" - click on corresponding port, click on "edit.." button and select "Trunk" from list.
Once those ports (GE1 and GE2) are as trunks, you can now assign them all desired VLANs via "VLAN Management" -> "Port VLAN Membership". Select first port (GE1), click "join VLAN" and select all desired VLANs from left list and put them to right list.
and you are done.
> Which port can I connect for management switch?
by default, switch management IP is a part of default VLAN1. If you wanted to keep access to your switch, assign "VLAN1" to one of access ports, or change management VLAN to different number than 1 - but in this case dont forget to apply correct IP settings in order to meet subnet assigned in new VLAN.

Private VLAN Promiscuous Trunk Port - Switches which support this function

Can anyone confirm if the "Private VLAN Promiscuous Trunk Port" feature is supported in any lower end switches such as Nexus 5548/5672 or 4500X? According to the feature navigator support seems to be restricted to the Catalyst 4500 range (excluding the 4500X) as shown below. If the feature is going to be supported in the Cat 3850 this would be good to know, thanks

4500x Yes
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
Nexus 5k Yes
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
3850s
They dont support pvs at all yet
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
Restrictions for VLANs
The following are restrictions for VLANs:
The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
Private VLANs are not supported on the switch.
You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches.

Authenticating Trunk Ports - VLAN list

I have a requirement to authenticate trunk ports to wireless access-points on our Cisco switch, By default all ports are access ports and we run MAB authentication. I have managed to change the port to a trunk using Cisco-av-pair attribute in ACS (cisco-av-pair = deivce-traffic-class=switch)
My problem now is that I need to add a VLAN allowed list on the port once it has changed to a trunk port (switchport trunk allowed vlan x,y,z). ideally we would not want to statically assign the VLAN's on each port as an AP could be on any port and may wish to authenticate other trunk ports using different VLAN's in the future. Below is the configuration used on the ports.
cisp enable
interface FastEthernet0/2
description *** Client Device ***
switchport access vlan 2
switchport mode access
no logging event link-status
authentication event fail action next-method
authentication event server dead action reinitialize vlan 3
authentication event server alive action reinitialize
authentication order mab dot1x webauth
authentication priority mab dot1x webauth
authentication port-control auto
authentication fallback GUEST_FALLBACK
mab eap
dot1x pae authenticator
dot1x timeout tx-period 3
dot1x timeout supp-timeout 10
dot1x max-reauth-req 1
dot1x timeout auth-period 600
no cdp enable
spanning-tree portfast
Any help will be greatly appreciated.
Thanks
John

Hello
I would suggest the following:
>> Arrange for some physical enclosure (locked) or any other physical security control to ensure authorized access to the device. Any technical work-around or band-aid solution should only be temporary. What is someone just switches of your switches? DOS attack!! This could also be done by mistake, resulting in an unstructred threat.
>> Enable monitoring for these switches (ICMP,SNMP) so that you are alerted when they are unplugged.
>> Change the NATIVE VLAN from the default (VLAN 1)
>> Disable Trunk negotiation (ON mode)
Regards
Farrukh

Trunked port active in vlan

Maybe there's an obvious answer, but I have this strange thing;
Switchport config
interface GigabitEthernet0/2
description Trunk to CORE02
switchport mode trunk
shutdown
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
sh vlan brie
VLAN Name                             Status    Ports
1    default                          active    Gi0/2
Why is it that this port, which is configured as a trunk port, shows up as active in vlan1? Also when I do a show interfaces trunk, this specific port is not listed as a trunked port. By the way I had to shutdown the port because it was causing issues. It's a redundant link, when enabled I would expect spanning tree to do it's magic, but somehow it does not and instead causes half of our lan to become unreachable. Not sure why.

in my switch I can not delete it
Switch Ports Model SW Version SW Image
* 1 52 WS-C2960S-48TS-L 12.2(58)SE2 C2960S-UNIVERSALK9-M
interface GigabitEthernet1/0/41
description 2960_24_POE_5_24
switchport mode trunk
spanning-tree portfast
_Cat_2960s_5_1#sh vla br
VLAN Name Status Ports
1 default active Gi1/0/41,
_Cat_2960s_5_1#
_Cat_2960s_5_1#sh runn all | b interface GigabitEthernet1/0/41
interface GigabitEthernet1/0/41
description 2960_24_POE_5_24
switchport
switchport access vlan 1
switchport private-vlan trunk encapsulation dot1q
switchport private-vlan trunk native vlan tag
switchport mode trunk
no switchport nonegotiate
no switchport protected
no switchport block multicast
no switchport block unicast
switchport port-security maximum 1
no switchport port-security
_Cat_2960s_5_1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
_Cat_2960s_5_1(config)#interface GigabitEthernet1/0/41
_Cat_2960s_5_1(config-if)#no switchport access vlan 1
_Cat_2960s_5_1(config-if)#^Z
_Cat_2960s_5_1#
_Cat_2960s_5_1#
_Cat_2960s_5_1#
_Cat_2960s_5_1#
_Cat_2960s_5_1#
_Cat_2960s_5_1#
_Cat_2960s_5_1#sh runn all | b interface GigabitEthernet1/0/41
interface GigabitEthernet1/0/41
description 2960_24_POE_5_24
switchport
switchport access vlan 1
switchport private-vlan trunk encapsulation dot1q
switchport private-vlan trunk native vlan tag
switchport mode trunk
another trunk port with native vlan configured is not in vlan 1

Dedicated VLAN ID's on trunk ports

I was reading the SAFE:Security Blueprint for Enterprise Networks. This document addresses in its "Switches are targets" section on Page 6 that "Always use a dedicated VLAN ID for all trunk ports"...
I am trying to understand this concept fully.
If I consider my trunk ports, most are physical fiber "links" that interconnect the switches. Some trunk links connect Distribution L to Access L; some Distribution to Core.
Where do I put the VLAN ID on thes?? Should I translate this to mean that on Gig0/0 on SW.1 i place this interface in VLAN 23 and on the switch on the other end of the link I also place the Gig0/0 in VLAN 23 as well??
Also I am not sure why this helps secure the switch. Can someone pls assist. I am grateful.

Hi,
This is not actually the VLAN pruning.This is just specifically allowing some vlans on the trunk ports and removing other unwanted vlans.
Prunning works in a diff way and it will save the bandwidth on the trunk links by prunning the unwanted broadcast on the trunks for a particular vlan if no host is active on that vlan on a particular switch. I.e If you dont have any active host on a vlan on a particular switch and if there is a broadcast on that vlan which will come over the trunk so if no host is active that broadcast is prunned on the trunk where no host is active on the switch.
HTH,
-amit singh

Dynamic VLAN/SSID assignment using 4402/MS IAS

Greetings,
In short we have a WLC4402 (50 AP license) and approx 30 1252s LAPs in place. Right now we have three VLANs/SSIDs in place - one for admin, one for teachers and one for students. The WLC uses a MS Windows 2003 server running IAS for PEAP authentication. The clients are Windows XP, the SSID is entered manually based on "pre-designation" of the laptop's "type" (either admin, teacher or student).
This is working fine. However more and more frequently our users have been "sharing" laptops so a student may need to use a teacher's laptop and vice-versa. In short we would like to use dynamic VLAN/SSID assignment so that if a student does have a teacher's laptop the "student" VLAN/SSID would be assigned to them when log in (and the proper ACLs, QoS policies, etc would be applied)
We have found documentation on how to perform this with an ACS but is there anything available for this configuration with a MS IAS server.
Any input/information would be greatly appreciated.
Joe

Shaun,
My LAG - etherchannel interface
interface Port-channel8
description WLC-portchannel
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3,24-26
switchport mode trunk
end
My 2 WLC Fiber ports:
Current configuration : 382 bytes
interface GigabitEthernet7/47
description CiscoWLC-LAG-Ports
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3,24-26
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust cos
auto qos voip trust
tx-queue 3
bandwidth percent 33
priority high
shape percent 33
spanning-tree bpdufilter enable
channel-group 8 mode on
end
2200-3A#sh run int g7/48
Building configuration...
Current configuration : 382 bytes
interface GigabitEthernet7/48
description CiscoWLC-LAG-Ports
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3,24-26
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust cos
auto qos voip trust
tx-queue 3
bandwidth percent 33
priority high
shape percent 33
spanning-tree bpdufilter enable
channel-group 8 mode on
end
I use vl1 for ap mgmt, vl3 for hotspot, and vl24-26 for WPA2 clients and wireless voip devices.
One of my AP switchports on the same switch. I let the trunk port to the AP carry a range of vlan's, and then a manage the vlans assigned to clients with IAS and the WLC.
interface FastEthernet4/48
description AP-PoE
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-1004
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust cos
auto qos voip trust
tx-queue 3
bandwidth percent 33
priority high
shape percent 33
end
Jim

Dynamic vlan assignment does not work

Hello,
I have been trying to configure dynamic vlan assignment for the employee wlan. Trying to put the employee on vlan 20
Here are the components used
WLC: 2100 Software version: 7.0.240.0
AP: 3502I IOS version: 12.4 Mini IOS version: 7.0
Radius server: tried mutiple radius servers (rsa radius , free radius)
On the WLC:
1. Created a AAA server.
2. Along with management interface(vlan 10), configured dynamic interfaces (vlan 20, vlan 30)
3. AP manager interface is on vlan 40
4. Created WLAN assigned to management interface-- WPA2 (AES) , 802.1x
5. on AAA servers tab - checked authentication servers and assigned the AAA server. authentication priority order is set to only radius
Here, I have 2 options for radius overwrite.
one on the AAA servers tab
second on the Advanced tab
I have selected both. or one at a time
Ports between WLC and switch is a trunk
On the AP:
1. Local mode
2. Port between AP and switch switchport access - vlan 40
On radius server:
configured WLC's management interface as client
and assigned the following attributes
tunnel-type := vlan
tunnel-medium-type = ieee-802
tunnel-private-group-id = 20
When i try to authenticate with an iphone it is successful. But it puts me on the same interface as management interface (vlan10). When i do the packet capture i do see the access-accept but i dont see the attributes.
when i use a radius test utility against the radius server I do receive all the attributes.
Im a newbie on this. Iam i missing something here? any help will be much appreciated.

Kindly check the following link for reference.
sample configuration link
http://www.cisco.com/c/en/us/td/docs/wireless/controller/5700/software/release/3se/security/configuration_guide/b_sec_3se_5700_cg/b_sec_1501_3850_cg_chapter_01110.html
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70/c70intf.html
Trouble shooting link
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113485-acs5x-tshoot.html

SG200-26: dynamic VLAN - 802.1X

Last week I got my SG200-26 (SLM2024T-EU). The Data Sheet says, that the switch works with dynamic VLAN assignment over 802.1X.
IEEE 802.1X
(Authenticator role)
802.1X: RADIUS authentication and accounting, MD5 hash
Supports time-based 802.1X
Dynamic VLAN assignment
The authentication on freeRADIUS works. I client could get access to the network after entering username and password but the client is not assigned to a VLAN. I used wireshark to sniff the authorisation process between the switch and the freeRADIUS server and the VLAN information were transmitted to the switch.
I would appreciate if some could give me some help how to configure the switch to work with dynamic VLAN assignment and freeRADIUS. If you need some more information, please let me know. I will add them here as far as possible.
Thank you very much!
Alexander
Edit

Hello Nico,
Thank you for your reply.
I will show you my scenario a little more in detail and explain, what I have configured:
I have got one server/router with a VLAN capable NIC connected to Port g1 on the switch. On the router I created 2 VLANs with VLAN-ID 5 and VLAN-ID 6.
Both VLAN "NICs" have a static IP address and there is running a DHCP server for each VLAN. On the same server there is runninga freeRADIUS server.
Now I did the following configuration on the switch:
1. I assigned a static IP on the switch.
2. SECURITY -> RADIUS:
I added the RADIUS Server IP address and the key string (same on switch and freeRADIUS) and I ticked Usage-Type: 802.1X
3. SECURITY -> 802.1X -> Properties
Port-Based Authentication: Enabled is ticked
RADIUS
4. SECURITY -> 802.1X -> Port Authentication
Administrative Port Control: Auto is ticked
5. VLAN-Management --> Create VLAN
VLAN-ID 5
Descr. VLAN5
VLAN-ID 6
Descr. VLAN6
I think, to this point the configuration is correct, isn't it ?
I would appreciate very much, if you could give me advice for the further steps like Port Mode Access, Trunk or General for the clients which connect to the switch and if tagged or untagged.
I have port g1 in trunk mode and VLAN5 and VLAN6 is tagged because my NIC is VLAN capable. But the other clients which connect to the switch do not have a VLAN capable NIC and these clients should get their VLAN assigned dynamically.
I attached the pcap file which contains the authentication between freeRADIUS and the SG200-26 (Port g1)
Thank you very much in advance!
Alexander

Cat 3750 with Voice VLAN and Dynamic VLANs

Morning,
Has anyone had any success with configuring a Catalyst 3750 with a Voice VLAN (Cisco phones) and 802.1x dynamic VLANs?
Is a RADIUS server able to provide values to change the native vlan?
Is there a decent tech note knocking about for configuring 'dynamic VLAN assignment through MAC addresses'?
Thanks,

Voice VLAN's don't require trunk ports to be configured (unless you are talkling about 2900XL/3500XL switches). Cisco added the ability to trunk a single 802.1q VLAN down an access port in addition to the access vlan - so in 2950 or above the only config you need is:
interface FastEthernet0/1
switchport
switchport mode access
switchport access vlan 10
switchport voice vlan 100
This is effectively the same as:
interface FastEthernet0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 10
switchport trunk allowed vlan 10,100
The only difference is the CDP message with the first config will advertise the Voice VLAN capability and the tag.
With the older 2900XL/3500XL switches you had to configure the interfaces like the second example (plus adding the command switchport voice vlan xx for CDP to inform the IP Phone of the voice vlan).
QoS is not detailed anywhere here and that obviously plays an important role with voice.
In your scenario I am not sure ACS can do what you describe as this will require 802.1x supplicants on the client PC's (I may be wrong here and I do remember someone talking about switches being able to do an 802.1x 'proxy' using the MAC address on behalf of non 802.1x capable devices). This seems to me more of a VMPS application.
Personally I would reconfigure the network each time and charge the occupants a small fee for network setup.....
HTH
Andy

Catalyst 2960 - IBM/Cisco IGESM - Trunk port configuration

Good day all!
I am new in Cisco world and try to configure a trunk between a Catalyst 2960 switch and a IBM Blade Center IGESM switch (manifactured by Cisco).
Unfortunately, it seems that the network traffic doesn't cross the trunk link.
I have followed (at least, I think so) the instructions given on the different Cisco documentation papers but I can't find the mistake in my configuration (lack of experience :-( !).
Both switches are using IOS. 2960 uses IOS 12.2(25)FX and IGESM uses IOS 12.2(22)EA8.
The ports are connected through a cross-over cable Cat5e.
Please find below the configuration for each ports:
Catalyst 2960:
Name: Gi0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 200 (Workstation VLAN)
Trunking Native Mode VLAN: 200 (Workstation VLAN)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,99,200
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
IBM/Cisco IGESM:
Name: Gi0/20
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 200 (Workstation VLAN)
Trunking Native Mode VLAN: 200 (Workstation VLAN)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,99,200
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
For my test, I try to ping a blade (connected to IGESM) in VLAN 200 from a workstation connected to Catalyst 2960 (in VLAN 200 too). From a network anaylser (ethereal), I can see the ARP broadcast from each side but none are going across the trunk link.
I am a bit lost about this problem and would be grateful for any assistance in solving it!
Many, many thanks in advance for your time!
Best regards,
Fabian

Hi Glen!
Both switches (Catalyst 2960 & IGESM) are brand new and most ports are still reflecting manufacturer's default configuration. Vlan 2 is the default native vlan for IGESM ports (excluding ports used for switch management which use vlan 1 as most Cisco switches).
I changed the native vlan for g0/5 on IGESM to 200. Now, ports g0/5 (access mode) and g0/20 (trunk mode) are on native vlan 200. On g0/5 is installed Windows 2003 instance (firewall disabled). The only purpose is to receive and send ping request to test connectivity.
My workstation is connected to 2960 switch on port fa0/1 (please find the configuration below). I can successfully ping other vlan 200 machines connected on the same switch. For testing purpose, I try to ping the blade machine connected on port g0/5 on IGESM.
Configuration of fa0/1:
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 200 (Workstation VLAN)
Trunking Native Mode VLAN: 200 (Workstation VLAN)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Is there any other information I could provide to better help you to understand the configuration?
Cheers!
Fabian

Dynamic Vlan-Trunk port

Similar Messages

Maybe you are looking for