Vlan trunking question

I have 2 switches set up as a VTP server and client. When I assign a vlan to a port on the server, is the same vlan always going to be assigned to the same port number on the client switch ? I have vlan 2-6 on ports 2-6 of the VTP server switch and see the same port assignment on the client switch when using show vlan. Is this how it is supposed to work ?

Your VTP server switch sends BPDU to your VTP client switch. The vlan's you create and port assignment you create on your server switch are propagated to your client switch. This is the correct action of the server client relationship, VTP is use mostly in large network to make vlan assignment easier and less chances for config errors. Each time you make a config change the revision number will increment by one, if a client switch receives a BPDU with a higer revision number than it's own, it will change it's config according to the info in the BPDU. You can place the client switch in transparent mode and it will forward BPDU but will not change config. You should look into vlan pruning or usingthe "vlan allowed" command.

Similar Messages

  • WRVS4400N VLAN trunking question

    Hi all,
    I just got a SRW224G4 today my main objective is to trunk 30 VLAN(s) to my WRVS4400N for interVLAN communication. So far I set G1 on my SRW as a trunk port and linked it to port 2 on my WRVS4400N (which is also set as a trunk).
    So far no good when I go into LAN settings I do not see an option wheree I can set DHCP addresses or gateways for these VLAN(s). Is this even possible with the WRVS4400N I meen if Linksys is going to provide a small business solution atleast their equipment should support VLAN trunking with each other.
    If anybody knows the solution to this please let me know.
    Cheers

    From what I know, although the WRVS4400N has support for port based VLAN setup, it does not give you the option to set different DHCP addresses for each of the 4 VLANS.

  • SG200 vlan trunking?

    Hello,
    does SG200 supoort VLAN Trunking?

    Hello, I think there is support:
    I found this site too which shows how to configure it: http://lachlanmiskin.com/blog/2012/08/01/cisco-sg-200-08-trunking/
    Cisco's datasheet says it supports tagging 802.1q.
    http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps11229/data_sheet_c78-667827.html
    Hope this helps.
    Please rate useful posts and remember to mark any solved questions as answered. Thank you.

  • Two SA520 VLAN Scenario Question

    I had a scenario based question and was wondering if it can be solved.
    - Two SA520's
    - Two Internet connections per SA520 (4 separate Internet connections total)
    - Two VLANs per SA520 (4 VLANs total)
    - Each VLAN is bound to a WAN port for Internet (keeps each VLAN on a different Internet connection)
    For this scenario let:
    VLAN A & B be on the first SA520.
    VLAN C & D be on the second SA520.
    VLAN A & B come in as a trunk to the first SA520.
    VLAN C & D come in as a trunk to the second SA520.
    Is it possible to route between all VLANs?
    Edited: 01/12/10 10:10
    Added VLAN Trunk Info.

    No, the VPN policies do not handle that.  They only will handle the traffic from one SA500 to the other SA500.  Internally, the VLAN's are routed to each just by adding the VLAN to the router.  If you have something else, that is not directly connected to the router, you could add a static route or use RIP to discover another subnet.

  • Does the 8540 support VLAN Trunking

    I would like to VLAN trunk four VLANs(8540 bridge-groups) from an 8540 switch router to a Cat 5000. I have not seen in Cisco's documentation anything that indicates that the 8540 supports VLAN trunking.

    8540 supports both ISL and 802.1q VLAN trunking
    http://www.cisco.com/univercd/cc/td/doc/product/atm/c8540/12_1/pereg_1/quick_cg/layer3.htm#39775

  • Encrypting vlan-trunk traffic between switches

    Hi,
    Can anyone guide me to some papers or other resources on how to encrypt traffic between 2 switches. The switchces will be connected with fiber and use dot-1q tagging. And I wan't to encrypt all of the trunked traffic.
    I was thinking of L2TP, but I haven't found any good description on how to implement this. I have two 3750 switches I thought I might use.
    Thanks for any input,
    Regards,
    Oyvind Mathiesen
    mnemonic
    Norway

    Hi,
    Thanks for the response. I had a look at MACsec and it looks good. I would have liked to employ something P2P though, to also limit the ammount of MAC addresses broadcasted on the "wire". But let me first give you an understanding of the task:
    We have two sites, connected via fibre and we want to create a VLAN trunk across and order to expand the broadcast domains to te other site.
    The IDIOT carrier, has a limitation on the number of MAC addresses they allow on the fibre service, 100.
    We also need to encrypt the datatraversing this connectivity.
    MACsec wuold work 100% exept the source and dstination MAC addresses are still sent (at least according to https://docs.google.com/viewer?a=v&q=cache:LEf2qOmYZyYJ:www.ieee802.org/1/files/public/docs2011/bn-hutchison-macsec-sample-packets-0511.pdf+&hl=en&gl=za&pid=bl&srcid=ADGEESgmAHXpDOY0RBAE-Rv1HDpu_C_gkeSPN4cv6NGgyP0M1aXVu0UqzCfxo8t_P41ep6J37k4OLKnjfp1M9hoTDHxY22WGz2h7yB7YRLyPvRUbGS8TICzvEMlG92xqbhy6RWFugmnj&sig=AHIEtbTfu0LQIJejdYidE6yzq4lpPifxjQ
    And that would cause me to eat into the 100 MAC limit.
    Ridiculous I know, but we are looking for an out-of-the-norm plan...
    Thanks

  • Cisco VLAN Trunking Protocol Vulnerability

    I have got a cisco 2821 model router with a c2800nm-advipservicesk9-mz.151-2.T4 IOS, and was reported with 'Cisco VLAN Trunking Protocol Vulnerability'.
    Though the device is in server mode, I do not have any domain name or trunk port configured.
    Is my device really vulnerable? If yes, whats next?

    Hi Alex,
    for the trunk port on Catalyst on port GE 1/0/45, we need to enable the trunk and for on encapsulation dot1q because this catalyst model is ISL capable also and the SF300 working only with Dot1q Encapsultion
    The configuration on catalyst should :
    #config terminal
    #interface Gi 1/0/45
    # switchport encapsulation 
    #switchport trunk encapsulation dot1q
    #switchport mode trunk 
    #switchport trunk allowed vlan 101-103
    #spanning-tree portfast
    For SF300 the port trunk it looks fine but for the port where the PC should receive an IP address
    #interface fastethernet29
     #switchport mode access
     #switchport ccess vlan 103
    Please let me know after this configuration
    Thanks
    Mehdi
    Please rate or mark as answered to help other Cisco Customers

  • VLAN Trunking and GVRP

    Decided we'd give the Cisco 300 series switches a try and see
    what we think about them compared to our Cisco Catalyst 2960 switches.
    I'm already stumped on setting up VLAN trunking between 4 switches. Do I have to manually setup all the VLAN's on each switch? I set them up on the first switch and was expecting GVRP would propagate them to the others like VTP.
    Denny

    Decided we'd give the Cisco 300 series switches a try and see
    what we think about them compared to our Cisco Catalyst 2960 switches.
    I'm already stumped on setting up VLAN trunking between 4 switches. Do I have to manually setup all the VLAN's on each switch? I set them up on the first switch and was expecting GVRP would propagate them to the others like VTP.
    Denny

  • How many VLANs supported via MACsec VLAN-trunk link?

    Hi,
    Any one know how many VLANs maximum allowed across a MACsec link between two C6500 with Sup2Ts or between two N7K respectively?
    As far as I know, C3750X has limitation of 8 VLANs, according to
    •Cisco TrustSec enforcement is supported only on up to eight VLANs on a VLAN-trunk link. If there are more than eight VLANs configured on a VLAN-trunk link and Cisco TrustSec enforcement is enabled on those VLANs, the switch ports on those VLAN-trunk links will be error-disabled.
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_2_se/configuration/guide/3750x_cg/trustsec.html
    Thanks,
    Cedar

    Hi,
    Any one know how many VLANs maximum allowed across a MACsec link between two C6500 with Sup2Ts or between two N7K respectively?
    As far as I know, C3750X has limitation of 8 VLANs, according to
    •Cisco TrustSec enforcement is supported only on up to eight VLANs on a VLAN-trunk link. If there are more than eight VLANs configured on a VLAN-trunk link and Cisco TrustSec enforcement is enabled on those VLANs, the switch ports on those VLAN-trunk links will be error-disabled.
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_2_se/configuration/guide/3750x_cg/trustsec.html
    Thanks,
    Cedar

  • VLAN trunk via MPLS

    Is it possible to run a VLAN trunk (DOT1Q) from a Central site to a remote over a MPLS connection?

    You can do that either by using dot1q tunnelling or port based EoMPLS. For a description of these two features, please refer to the following document:
    http://www.cisco.com/en/US/products/sw/iosswrel/ps5013/products_feature_guide09186a0080088187.html
    Hope this helps,

  • VLAN trunking newbie SRW208MP to SRW2008MP

    Hello All,
    Just need a simple setup - 2 VLANs, a few ports each, on each unit, trunked together (ultimately on SFP module). Tried what seems to be right but (natch) not working. Just need simple guidelines to see where am going wrong. Thanks!

    OK, well, using that example, as well as another thread here (Cisco SLM224P
    VLAN TRUNKING), I reset and redid all the VLAN related settings.
    There are 2 subnets in play here -
    10.51.0.0/255.255.252.0 - VLAN 1 - Used as the Management VLAN.
    10.51.4.0/255.255.255.0 - VLAN 5 - A subnet for Wireless LAN POE connection and management.
    And 2 switches -
    198 is a SRW208MP, remote unit. will have single WAP and various devices.
    199 is a SRW2008MP, at head end near subnet(s) source. Will have up to 4 WAPs and the
    connections required to provide for both subnets.
    For purposes of discussion, the planned fiber SFP interconnect is being played by a copper trunk.
    Setups follow:
    198 VLANs-
    198 Port Setting-
    198 Ports to VLAN 1-
    198 Ports to VLAN 5-
    198 VLAN to Ports-
    Unit 2 - 199
    199 VLANs-
    199 Port Settings-
    199 Ports to VLAN 1-
    199 Ports to VLAN 5-
    199 VLAN to Ports-
    The configuration as posted does not provide the expected results.
    I am convinced I am overlooking something simple. Usually is!
    The net results are that the Management VLAN (1) is present and accounted for on both switches, but that could even be because they are acting as switches do.
    The VLAN 5, however, does not function at either end. The 'Local' switch, 199, shows traffic on the WAP ports but no traffic of any consequence is traversing and the WAPs are nonresponsive.
    Ditto Remote switch. Management VLAN yes, 5 VLAN no.
    Any suggestions greatly appreciated.

  • Vlan trunk problem

    Hi,
    Im configuring a vlan trunk between 2 switches but I'm having a problem somehow.
    Switch 1 a Cisco 3750G n
    name: alrswcc00
    interface GigabitEthernet1/0/28
     description Uplink Alrswcc20
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 1-30
     switchport mode trunk
    end
    Name: Gi1/0/28
    Switchport: Enabled
    Administrative Mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: On
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 1 (default)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: none
    Administrative private-vlan host-association: none
    Administrative private-vlan mapping: none
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk Native VLAN tagging: enabled
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk private VLANs: none
    Operational private-vlan: none
    Trunking VLANs Enabled: 1-30
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL
    Switch 2 a Cisco 2960S
    name: alrswcc20
    interface GigabitEthernet1/0/25
     description Uplink Alrswcc00
     switchport trunk allowed vlan 1-30
     switchport mode trunk
    end
    Name: Gi1/0/24
    Switchport: Enabled
    Administrative Mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: On
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 10 (Inactive)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: none
    Administrative private-vlan host-association: none
    Administrative private-vlan mapping: none
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk Native VLAN tagging: enabled
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk associations: none
    Administrative private-vlan trunk mappings: none
    Operational private-vlan: none
    Trunking VLANs Enabled: 10,20,30,40
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Then lastly on switch 2 I created a port for an Ubiquiti access point with following settings.
    interface GigabitEthernet1/0/24
     switchport trunk native vlan 10
     switchport trunk allowed vlan 10,20,30,40
     switchport mode trunk
    end
    But my AP doesn't seem the get an IP. Where as if I plug it in on Switch 1 it does with the same settings.
    So I am assuming there is something wrong with my trunk. What am I doing wrong?
    Thank you,
    Michael

    Here are a couple of observations:
    1.  The switchport trunk encap dot1q command was not applied on the 2960 because 802.1q trunking is the default.  The 2960 series switches do not support ISL encapsulation, as the OP observed.  There is, therefore, no need to manually specify the trunking protocol.  The show int g1/0/24 switchport command confirmed that trunking is working.  I find the show int g1/0/24 trunk command to be more informative in this context.  It tells you what VLANs are active and trunking between the connection.
    2.  You do need to define VLANS 2-30 on your second switch. You can do so manually or you can configure VLAN Trunking Protocol (VTP).  VTP is your easiest bet.  Example config:
    Switch 1
    sw1(config)# vtp mode server
    sw1(config)# vtp version 2
    sw1(config)# vtp domain MY_DOMAIN
    sw1(config)# vtp password MySecret
    Issue a show vtp status  in priv exce mode to very your settings.
    Switch 2
    sw2# show vtp status
    Do this command FIRST and make sure that the configuration revision number is smaller than the revision number of SW1.
    VTP Operating Mode                : Client
    Maximum VLANs supported locally   : 255
    Number of existing VLANs          : 25
    Configuration Revision            : 174
    If config revision on SW2 is greater than config revision of SW1, then issue following command:
    SW2(config)# vtp domain bogus
    SW2(config)# vtp domain MY_Domain
    SW2(config)# do show vtp status
    Your config revision should go back to zero.
    Now issue the same commands on SW2. 
    SW2(config)# vtp version 2  (pretty sure that is default, but I issue it anyway)
    SW2(config)# vtp mode client (means you cannot define VLANs on this switch.  Most admins prefer that only one switch be capable of creating VLANs).
    SW2(config)# do sh vtp status
    The config revision was important because injecting a switch into your network that has a higher VTP revision can overwrite your existing VLAN database.  If that happens, chances are that most of your network traffic will cease to function as all of your access ports will be in a VLAN mismatch mode.

  • (Another) Native VLAN tagging question..

    I have completed CCNA 3 course and am in 4 right now. I am still confused about VLAN native commands such as
    sw tr na vl xxx
    When this is on a trunk port, what does it mean?
    Thanks....

    "So does that mean that before the packet goes onto the trunk link it is put into the native VLAN then when it exits the trunk link (on the other side) it is stripped of the VLAN info? "
    No, what your prior quotation decribed is what a switch should do with untagged frames received on a port defined as a VLAN trunk.
    The VLAN tags informs the switch what VLAN a frames belongs to when it is received on a VLAN trunk port, but without such a tag, how does the switch know the intended VLAN? It doesn't, from the frame itself. So, we can often configure a trunk port to place any untagged frames into one VLAN of our choice. In theory, once we define what VLAN untagged frames will be considered a member of, tagged frames, for that VLAN could also be accepted. Both should be treated the same by the receiving switch.
    As for a switch sending packets out a VLAN trunk, normally you would expect all packets to be VLAN tagged although a switch might support sending one particular VLAN frames without tags to support a device, such as the PC described in your quotation, that doesn't understand how to process, or expect, tagged frames.
    If you're wondering how this all comes to be, consider a PC that knows nothing about VLAN tags is connected to an IP phone which does (which connects to the network) and you want to place the two devices on different VLANs. As the PC traffic transits the phone could, in theory, wrap/unwrap the PC traffic with VLANs tags when working with the network switch. However, if the phone fails, you can design the IP phone hardware to keep the link good from PC to the network, but then the IP phone PC VLAN processing would be lost. So for that reason, and the reason, we might want to add/remove an IP phone "in front" of the PC, we want to continue to support untagged frames to/from the PC.
    Altough the frames to the PC are untagged, since we can configure what VLAN untagged frame should be considered per port, we can have different PCs (on different ports) in different VLANs on the switch. (This is very similar to port based VLANs, but instead of being limited to one logical VLAN per port, we're limited to one untagged VLAN per port but can have multiple tagged VLANs per port.)

  • CE-500 VLAN trunks

    I have not been able to configure a VLAN trunk at a CE-500. I configure the port using CNA as router and specify the native VLAN, but I do not know where to specify the allowed VLANs. The port is connected to a Cisco Router with sub-interfaced configured. When I click on "modify" the smartport, an small windows quicky opens and closes, only leaving an option for the native VLAN. What am I doing wrong? How do I specify a port as a trunk port?
    Thanks a lot for the help.
    Juan S

    I believe you are aware of creating the standard Cisco IOS procedure for creating VLAN trunks.
    under the interface configuration mode, in which you need to create a trunk,
    switchport mode trunk
    switchport mode trunk encapsulation isl/dot1q
    switchport mode trunk native vlan
    switchport mode trunk allowed vlans
    But if you are already using these commands correctly, still you have the problem, I want you to let me know the following informations.
    1. What error message you receive at the console while implementing trunking?
    2. What is the other end device with which you are trying to establish trunk?.

  • VLAN trunking from Cisco Catalyst 3750 to Cisco SF300-48P issue and related

    Hello expert,
    I'm having difficulties to configure VLAN trunking between Cisco Catalyst 3750 switch with Cisco SF300-48P switch and my workstation unable to get any DHCP IP from our DHCP server via Cisco SF300-48P switch. Below is the snippet of configuration on both switches:
    [Cisco Catalyst 3750 Switch]
    interface GigabitEthernet1/0/45
     description NCC-CC-1stFlr
     no switchport trunk encapsulation dot1q
     no switchport trunk allowed vlan 101-103
     spanning-tree portfast
    [Cisco SF300-48P Switch]
    interface fastethernet48
     spanning-tree link-type point-to-point
     switchport trunk allowed vlan add 101-103
     macro description switch
     !next command is internal.
     macro auto smartport dynamic_type switch
    interface fastethernet29
     switchport mode general
     switchport general allowed vlan add 103 tagged
     switchport general pvid 103
    Are these are correct? Kindly advice!
    Thank you very much!
    Regards,
    Alex

    Hi Alex,
    for the trunk port on Catalyst on port GE 1/0/45, we need to enable the trunk and for on encapsulation dot1q because this catalyst model is ISL capable also and the SF300 working only with Dot1q Encapsultion
    The configuration on catalyst should :
    #config terminal
    #interface Gi 1/0/45
    # switchport encapsulation 
    #switchport trunk encapsulation dot1q
    #switchport mode trunk 
    #switchport trunk allowed vlan 101-103
    #spanning-tree portfast
    For SF300 the port trunk it looks fine but for the port where the PC should receive an IP address
    #interface fastethernet29
     #switchport mode access
     #switchport ccess vlan 103
    Please let me know after this configuration
    Thanks
    Mehdi
    Please rate or mark as answered to help other Cisco Customers

Maybe you are looking for

  • Problem with HP Photosmart C4795 Printer

    I'm having difficulties with getting my C4795 to print.  The feed rollers are operating more than usual.  Whenever I turn the printer on it feeds the paper without any job being initiated.  When I try to start a print job oftentimes the printer will

  • I can't work out how to get facetime on my macbook pro

    I can't work out how to get facetime on my macbook pro

  • Special Characters issue in DEV and QAS

    Hi, I am uploading a file that has special characters (Japanese). In the DEV system the special character is converted to #. Which the business wants. In QAS system the special character is not converted and is as it is, which makes the business user

  • FBCJ problem

    hi, While iam posting my petty cash entries through FBCJ. iam getting this error Company code 1001 is not assigned to CO area 2000 Message no. KI203 Diagnosis You created data in company 1001 and simultaneously entered controlling area 2000, or the c

  • I need help in German!!! (export lose image quality)

    Wenn ich von meinen Fotos ein Poster bestellen will, kommt die Meldung vom Fotolabor, dass die Qualität nicht brauchbar ist. Dies, obwohl die Fotos alle scharf sind. Habe es inzwischen mit einem Poster versucht, dass ich schon einmal bestellt habe. D