VLAN trunk from switch to router

Similar Messages

• VLAN trunking from Cisco Catalyst 3750 to Cisco SF300-48P issue and related

  Hello expert,
  I'm having difficulties to configure VLAN trunking between Cisco Catalyst 3750 switch with Cisco SF300-48P switch and my workstation unable to get any DHCP IP from our DHCP server via Cisco SF300-48P switch. Below is the snippet of configuration on both switches:
  [Cisco Catalyst 3750 Switch]
  interface GigabitEthernet1/0/45
   description NCC-CC-1stFlr
   no switchport trunk encapsulation dot1q
   no switchport trunk allowed vlan 101-103
   spanning-tree portfast
  [Cisco SF300-48P Switch]
  interface fastethernet48
   spanning-tree link-type point-to-point
   switchport trunk allowed vlan add 101-103
   macro description switch
   !next command is internal.
   macro auto smartport dynamic_type switch
  interface fastethernet29
   switchport mode general
   switchport general allowed vlan add 103 tagged
   switchport general pvid 103
  Are these are correct? Kindly advice!
  Thank you very much!
  Regards,
  Alex

  Hi Alex,
  for the trunk port on Catalyst on port GE 1/0/45, we need to enable the trunk and for on encapsulation dot1q because this catalyst model is ISL capable also and the SF300 working only with Dot1q Encapsultion
  The configuration on catalyst should :
  #config terminal
  #interface Gi 1/0/45
  # switchport encapsulation 
  #switchport trunk encapsulation dot1q
  #switchport mode trunk 
  #switchport trunk allowed vlan 101-103
  #spanning-tree portfast
  For SF300 the port trunk it looks fine but for the port where the PC should receive an IP address
  #interface fastethernet29
   #switchport mode access
   #switchport ccess vlan 103
  Please let me know after this configuration
  Thanks
  Mehdi
  Please rate or mark as answered to help other Cisco Customers

• Having problem pinging from Switch to Router and between different VLANs

  It has been resolved.

  Hi Asif,
  Can you provide the following output:
  On the router:
  sh cdp neigh
  sh int trunk
  sh ip int br
  sh int status | inc conn
  Assuming the switch config is identical apart from the VLAN99 SVI's, from SW1:
  sh int trunk
  sh ip int br
  cheers,
  Seb.

• Using Cisco MDS 9148 switch for switching and routing

  Hi Gurus,
  Can you please advice me! Can i configure interface trunking, routing and dhcp services on the Cisco MDS 9148 switch?
  Thanks for your response!!

  Tommy,
  MDS9148 is a Storage SAN Fibre Channel switch, it doesn't support Ethernet, IP, VLANs, VLAN trunking, 802.1Q, IP routing, DHCP. It's meant for Fibre Channel connectivity between Fibre Channel server HBAs and Fibre Channel storage.
  Roman

• Help config vlan and inter routing vlan on 2 switches SF300-24 ???

  Dear Cisco!
  now we have 2 switches: SF300-24
  on one SF300-24 we config it at layer 3 mode with VLAN configuration same as following
  VLAN ID 2 (ports: 2 -6) have ip interface  192.168.2.254/24
  VLAN ID 3 (ports: 7 - 10) have ip interface  192.168.3.254/24
  VLAN ID 4 (ports 11- 15 ) have ip interface  192.168.4.254/24
  and VLAN 1 default have IP address: 192.168.1.200
  DHCP relay  - DHCP server 192.168.3.1
                     - DHCP relay: VLAN2; VLAN3; VLAN4
  ip route: 0.0.0.0   0.0.0.0  192.168.3.1
  all ports of VLAN2, VLAN3, VLAN4 set access mode.
  and another SF300-24
  was configed at layer 2. We config VLAN ID 2 ̣̣̣have ports  2 -6; VLAN ID 3 ports 7 -10; VLAN ID 4 port 11-15 ,too.
  And we use port 26 on 2 switches SF300-24 is trunk mode then we connect both SF300-24 switches.
  But on SF300-24 layer 2 cann't inderstand VLAN from Sf300-24 layer 3!!!
  Could you please help me check this situation?
  How to config VLAN on 2 switches SF300-24 Layer 3 and SF300-24 layer 2?
  Thanks!
  See you soon!

  Son Nquyen,
  First i would upgrade to 1.1.8 since the 1.0.0.27 was beta code.
  Next when when connecting both switches together each port will need set via Trunk mode with proper native vlan and tagged vlan traffic. What's the configuration of your trunk ports on each switch?
  Thanks,
  Jasbryan.

• How to route two vlans on two switches that are connected only on one router?

  Suppose that any of the trunk links fails or if you want, suppose that there is no link between SW1 (G0/1) and SW2 (G0/1). How can you make computers in Vlan 10 to see computers in Vlan 20 and viceversa?. I tried creating a bridge group on the router for G0/0.10-G1/0.10 and another for G0/0.20-G1/0.20. Then define interface BVI10 and BVI20. Interfaces came up but you can not configure dot1q on them and switches can not see them. Anyways with one interface on the bridge group going down the BVI interface goes down as well so that's not an option. Router should be 10.10.10.1 and 20.20.20.1 and each computer have that as gateway respectively.

  Jody thanks very much!
  Indeed the encapsulation was done in the sub-interfaces, as posted in the OP you can not [encap dot1q X] on the BVI interface. Even though, the switches didn't established the trunk with the BVI. Anyways using bridge groups is not an acceptable solution because with the failure of any interface of the trunk links in the router, the BVI interface goes down as well.
  You said "if I want to handle it at layer 2" How will you do it at layer 3? I though something like HSRP or VRRP but that doesn't apply since it is only one router. Remember, the router must be able to route between vlan10 and vlan20 for computers on both switches in case of one of the trunk link failure.
  This is for learning purposes so I started with Packet Tracer but PT doesn't support bridge groups. Then I tried GNS3. I will try with the router in GNS3 with a switch module but I'm not clear. that will be like having a 3rd switch, right?  What I mean is that I will not be using routed interfaces between the router and the switches, right?

• Private VLAN Promiscuous Trunk Port - Switches which support this function

  Can anyone confirm if the "Private VLAN Promiscuous Trunk Port" feature is supported in any lower end switches such as Nexus 5548/5672 or 4500X? According to the feature navigator support seems to be restricted to the Catalyst 4500 range (excluding the 4500X) as shown below. If the feature is going to be supported in the Cat 3850 this would be good to know, thanks

  4500x Yes
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
  Nexus 5k Yes
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
  3850s
  They dont support pvs at all yet
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
  Restrictions for VLANs
  The following are restrictions for VLANs:
  The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
  The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
  Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
  Private VLANs are not supported on the switch.
  You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches.

• Ping to router from switch Un-sucessfull ?

  1) configured router with sub-interfaces and assigned vlan's to every sub-interface using dot1q
  2)configured switch ports with vlan's and attachd Pc's to every vlan.
  3)pc's from all vlan can ping all the subinterface and other vlans's.
  4)I can't ping the router sub-interfaces from the switch
  do we have to configure any more on switch or router to make switch ping all the router sub-interfaces?

  In order to have your switch ping the router sub-interfaces, you'll have to enable IP routing on the switch (if it is capable) and either:
  a: put an IP Address on the switch that belongs in a VLAN directly connected to the router of the same subnet, or
  b: create an SVI (switched virtual interface) on the switch that will allow your switch to participate in routing so it can communicate with other VLANs.
  Please see the following link for a good example and more info on configuring interVLAN routing on your switch:
  http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml
  (this link is for 37xx/36xx/35xx switches but the concept is the same for all SVI capable switches)
  (your switch model may not support IP routing so please verify. EMI version IOS on your switch supports IP routing if your switch has it.)

• Etherchannel trunking between 2970 switch & 2851 router

  Hi.
  I'm planning to do router on a stick with my Catalyst 2970 and my Cisco 2851 router. I got it working to do router on a stick with one physical link to do interVLAN routing, but when I try to configure it using an etherchannel trunk between them, I can't get it working. Please help. Here's my running config for the switch and router:
  2970 Switch:
  <removed irrelevant info>
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 10
  switchport mode trunk
  duplex full
  interface GigabitEthernet0/23
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 10
  switchport mode trunk
  duplex full
  channel-group 1 mode on
  interface GigabitEthernet0/24
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 10
  switchport mode trunk
  duplex full
  channel-group 1 mode on
  interface Vlan1
  no ip address
  no ip route-cache
  interface Vlan10
  ip address 172.16.1.18 255.255.255.240
  no ip route-cache
  ip default-gateway 172.16.1.17
  2851 Router:
  interface Port-channel1
  no ip address
  duplex full
  speed 1000
  interface Port-channel1.10
  encapsulation dot1Q 10 native
  ip address 172.16.1.17 255.255.255.240
  interface Port-channel1.20
  encapsulation dot1Q 20
  ip address 172.16.2.1 255.255.255.240
  interface Port-channel1.30
  encapsulation dot1Q 30
  ip address 172.16.3.1 255.255.255.240
  interface GigabitEthernet0/0
  no ip address
  channel-group 1
  interface GigabitEthernet0/1
  no ip address
  channel-group 1
  Thank you.

  The following is a similar example , try some debuging to find encapsulation errors.
  http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_example09186a00800ef797.shtml
  Also see whether you are meeting the following requirements
  http://www.cisco.com/en/US/tech/tk389/tk213/technologies_tech_note09186a0080094646.shtml

• Encrypting vlan-trunk traffic between switches

  Hi,
  Can anyone guide me to some papers or other resources on how to encrypt traffic between 2 switches. The switchces will be connected with fiber and use dot-1q tagging. And I wan't to encrypt all of the trunked traffic.
  I was thinking of L2TP, but I haven't found any good description on how to implement this. I have two 3750 switches I thought I might use.
  Thanks for any input,
  Regards,
  Oyvind Mathiesen
  mnemonic
  Norway

  Hi,
  Thanks for the response. I had a look at MACsec and it looks good. I would have liked to employ something P2P though, to also limit the ammount of MAC addresses broadcasted on the "wire". But let me first give you an understanding of the task:
  We have two sites, connected via fibre and we want to create a VLAN trunk across and order to expand the broadcast domains to te other site.
  The IDIOT carrier, has a limitation on the number of MAC addresses they allow on the fibre service, 100.
  We also need to encrypt the datatraversing this connectivity.
  MACsec wuold work 100% exept the source and dstination MAC addresses are still sent (at least according to https://docs.google.com/viewer?a=v&q=cache:LEf2qOmYZyYJ:www.ieee802.org/1/files/public/docs2011/bn-hutchison-macsec-sample-packets-0511.pdf+&hl=en&gl=za&pid=bl&srcid=ADGEESgmAHXpDOY0RBAE-Rv1HDpu_C_gkeSPN4cv6NGgyP0M1aXVu0UqzCfxo8t_P41ep6J37k4OLKnjfp1M9hoTDHxY22WGz2h7yB7YRLyPvRUbGS8TICzvEMlG92xqbhy6RWFugmnj&sig=AHIEtbTfu0LQIJejdYidE6yzq4lpPifxjQ
  And that would cause me to eat into the 100 MAC limit.
  Ridiculous I know, but we are looking for an out-of-the-norm plan...
  Thanks

• Branch office setup with L3 switch and router with IOS security

  Hello,
  I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
  I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
  Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
  I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
  If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
  Any input would be appreciated.
  Thanks,
  Austin

  Thanks for the input.
  1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
  2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3. 
  3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
  Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid.  

• VLAN between SFE2000P switches

  Dear friends,
  I've connected two sites with the following configuration:
  Site 1:
  Stack Linksys SFE2000P - Firmware version 1.0.0.X
  Port 1/g3 connected to a FO link to site 2
  Oficina 2:
  Stack Linksys SFE2000P - Firmware version 3.0.0.X
  Port 1/g3 connected to a FO link to site1
  I've tried to create a VLAN to communicate only a few ports of both sites:
  4/e23 y 4/e24 of site 1
  7/e23 y 7/e24 of site 2
  To do this, I tried the following:
  Port 1/g3 (site1) -> VLAN 50 (tagged) - Trunk
  Port 1/g3 (site 2) -> VLAN 50 (tagged) - Trunk
  Port 4/e23 y 4/e24 (site1) -> VLAN 50 (untagged)
  Port 7/e23 y 7/e24 (site 2) -> VLAN 50 (untagged)
  It doesn't work!!!. In the same stack of each site it works without problems. Could you help me??? There is some misconfiguration???
  I've stablished other VLANs between Linksys and 3Com Switches, but now it doesn't work at all.
  Thanks in advance!

  I Did find a same article on this forum. Maybe this would help you. an article coming from GV.
  * access mode: an access mode port connects to a normal device like a desktop, printer, or similar. An access mode port can be member of a single VLAN only, i.e. you have to decide to which VLAN it is supposed to belong to. In your case, you configure an access mode port for either VLAN 10 or VLAN 20.
  With a single switch things are clear now: some ports are VLAN 10 and some ports are VLAN 20. VLAN 10 can talk to each other. VLAN 20 can talk to each other. No traffic passes between VLAN 10 and VLAN 20.
  Of course, now you want to connect this switch to some other network devices, in particular the second SRW because you need additional ports or you have an additional location. And there is the ASA which provides internet access for these VLANs.
  * trunk mode: This is where trunk mode comes in. A trunk mode port can carry multiple VLANs on a single port. This is done using 802.1q tags. 802.1q tagged ethernet frames have an additional field for the VLAN to which the frame belongs to. With this, a switch can send frames for VLAN 10 and VLAN 20 through a single port to another switch or router. Each frame sent is tagged with 10 or 20 depending on which VLAN the frame belongs to. The receiver will accept each frame and assign it to the corresponding VLAN on the receiving side. This way the receiving switch or router is able to keep those VLANs strictly separated.
  So let's say you want two VLANs 10 & 20 in your network. You would create VLANs 10 & 20 on your ASA and both SRWs. (Create only means that the device knows this VLAN exists and is able to handle traffic for this VLAN). You would configure LAN port 1 of your ASA as trunk with members VLAN 10 & 20. You configure port 1 & 24 of your first SRW in trunk mode with members VLAN 10 & 20. You configure port 1 of your second SRW in trunk mode with members VLAN 10 & 20. Now you wire port 1 of your ASA to port 1 of your first SRW. Then you wire port 24 of your first SRW to port 1 of your second SRW.
  This creates the VLAN trunk through your network. Traffic in both VLANs can travel through this trunk between the switches and to the ASA and from there, if properly routed, into the internet.
  here is the Link
  As the SFE2000P is now part of Cisco Small Business I would recommend you ask your question in the Cisco Small Business Support Community. There are a few Cisco people over there which maybe able to reproduce your problem in a lab environment and check with the developers...

• Does the 8540 support VLAN Trunking

  I would like to VLAN trunk four VLANs(8540 bridge-groups) from an 8540 switch router to a Cat 5000. I have not seen in Cisco's documentation anything that indicates that the 8540 supports VLAN trunking.

  8540 supports both ISL and 802.1q VLAN trunking
  http://www.cisco.com/univercd/cc/td/doc/product/atm/c8540/12_1/pereg_1/quick_cg/layer3.htm#39775

• Layer3 switch and router

  I have a network that I need to connect to the internet. All internal vlans point to a couple of layer 3 switches. On the layer 3 switch I connected a router for internet access.
  On the inside interface of the router I gave it an ip address of 10.1.0.1 - this is the ip address I want all my lan traffic to route to for internet access.
  1. Do I have to give the layer 3 switch interface port a static ip address or just connect it with a cable (the other side is the internal interface of the router 10.1.0.1)?
  2. On the layer 3 switch what command do I use to forward all lan traffic to this router, is it "ip route 0.0.0.0. 0.0.0.0 10.1.0.1?
  3. Do I use that above command on both of my layer 3 switches or just the one connected directly to the router?
  Thanks.                 

  I cant even ping the router, not sure what else to do. To make it even simpler I removed the layer 3 switch connected to the router above and now have only one layer 3 switch (10.1.0.6) and still cant ping the router. All internal hosts can communicate with each other, just need to get all the vlans routed to the internet.
  Below I pasted the show run from the layer 3 switch connected to the router and the show ip route and show ip int brief from the router.
  Layer 3 switch:
  hostname Switch
  ip routing
  spanning-tree mode pvst
  interface FastEthernet0/1
  switchport mode access
  interface FastEthernet0/24
  switchport mode access
  interface GigabitEthernet0/1
  switchport access vlan 100
  interface GigabitEthernet0/2
  switchport access vlan 100
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface Vlan1
  no ip address
  shutdown
  interface Vlan10
  description SERVERS_VLAN
  ip address 10.1.10.1 255.255.255.0
  interface Vlan20
  description SALES_VLAN
  ip address 10.1.20.1 255.255.255.0
  interface Vlan30
  description ACCOUNTING_VLAN
  ip address 10.1.30.1 255.255.255.0
  interface Vlan40
  description IT_VLAN
  ip address 10.1.40.1 255.255.255.0
  interface Vlan50
  description VOICE_VLAN
  ip address 10.1.50.1 255.255.255.0
  interface Vlan100
  ip address 10.1.0.6 255.255.255.0
  ip classless
  ip route 0.0.0.0 0.0.0.0 10.1.0.1
  line con 0
  line aux 0
  line vty 0 4
  login
  end
  ROUTER:
  interface GigabitEthernet0/0
  ip address 10.1.0.1 255.255.255.0
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  no ip address
  duplex auto
  speed auto
  shutdown
  interface FastEthernet0/0/0
  switchport mode access
  shutdown
  interface FastEthernet0/0/1
  switchport mode access
  shutdown
  interface FastEthernet0/0/2
  switchport mode access
  shutdown
  interface FastEthernet0/0/3
  switchport mode access
  shutdown
  interface Serial0/1/0
  no ip address
  shutdown
  interface Serial0/1/1
  no ip address
  show IP route
  Router#show ip route
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
         i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
         * - candidate default, U - per-user static route, o - ODR
         P - periodic downloaded static route
  Gateway of last resort is not set
       10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C       10.1.0.0/24 is directly connected, GigabitEthernet0/0
  L       10.1.0.1/32 is directly connected, GigabitEthernet0/0
  Show ip int brief
  Router#show ip int brief
  Interface              IP-Address      OK? Method Status                Protocol
  GigabitEthernet0/0     10.1.0.1        YES manual up                    up
  GigabitEthernet0/1     unassigned      YES unset  administratively down down
  FastEthernet0/0/0      unassigned      YES unset  administratively down down
  FastEthernet0/0/1      unassigned      YES unset  administratively down down
  FastEthernet0/0/2      unassigned      YES unset  administratively down down
  FastEthernet0/0/3      unassigned      YES unset  administratively down down
  Serial0/1/0            unassigned      YES unset  administratively down down
  Serial0/1/1            unassigned      YES unset  administratively down down
  Vlan1                  unassigned      YES unset  administratively down down

• VLAN trunking

  I have a 2950T-48-SI, a 3508G-XL, and a 3548-XL.
  The 2950T and the 3508 are connected via Gig0/1 on the 2950 and Gig0/7 on the 3508.
  The 3548 and the 3508 are connected via Gig0/1 on the 3548 and Gig0/1 on the 3508.
  I have been using only the default VLAN for all of my devices. I now want to add a new VLAN (#10) and I want to be able to move each workstation port to a specific VLAN as needed.
  Devices on the 2 VLANS do NOT need to communicate with each other and each VLAN has it’s own router.
  I’ve created the new VLAN on all switches. The VLAN10 router is connected to the 2950, as is a port in my office. When I assign that port in my office to VLAN10, I get a DHCP address from my VLAN10 router and I get out to the world correctly (through the VLAN10 router and not the VLAN1 router). So I know that the basic VLAN10 is working properly, getting to the correct router, etc.
  The problem comes when I try to reconfigure the remote switches (the 3508 and the 3548) to use the new VLAN (in addition to the default VLAN). I can get the 3548 to talk to the 3508 correctly on VLAN10, but I can’t get the 3508 to talk to the 2950 on VLAN10.
  The options for Administrative Mode and Administrative Encapsulation on the Gigabit ports are different on the 2950 switch than they are on the 3500XL series, and I guess I don’t know how to set them up correctly.
  On the 2950, the only Administrative Encapsulation choice is 802.1Q. The Administrative Mode choices are:
  Static Access
  Dynamic Access
  Dynamic Desirable
  Dynamic Auto
  802.1Q Trunk
  802.1Q Trunk NonNegotiate
  On the 3508 and 3548, the only Administrative Encapsulation choice is ISL. The Administrative Mode choices are:
  Static Access
  Multi-VLAN
  Dynamic Access
  ISL Trunk
  802.1Q Trunk
  It seems like the Encapsulation settings should match on both ends, but that doesn’t seem to be possible on these switches …
  Can someone help educate me ?
  Thanks, Susan

  Hi Susan,
  The encapsulation settings need not be same through out the network and it should be same on 2 oints connected to each other.
  Yes 2950 only supports dot1q
  So when you connect 2950T and the 3508 via Gig0/1 on the 2950 and Gig0/7 on the 3508 you can use dot1q encapslation and just issue a command
  switchport mode trunk
  When you connect 3548 and the 3508 via Gig0/1 on the 3548 and Gig0/1 on the 3508 you can also use dot1q trunk or ISL trunk your wish but better to use dot1q.
  config t
  interface interface_id
  switchport mode trunk
  switchport trunk encapsulation dot1q
  If you issue this config on all the switches connected to each other it should definetely form a trunk.
  Only thing is when you put this commands on 2950 switch need not put dot1q as it only supports dot1q
  config t
  interface interface_id
  switchport mode trunk
  HTH, if yes please rate the post.
  Ankur