VLAN Trunking with SRW2024 & Cisco 2924

Hi, I'm trying to trunk between my Cisco and Linksys switches but its not working as expected. I have 2 vlans on the Cisco VLAN1 & 2. I have set one port on each switch as a trunk and connected them together. This appears to work for VLAN1. I can't seem to get VLAN2 devices to see each other. I think this is because I am from a Cisco background and can't quite work out what the Linksys is trying to tell me or why its so difficult to force a port to a VLAN other than 1. I've tried the manual/help, but this only reiterates the "help" on the web interface, which isn't "help" but more of a dictionary of terms. What I really want it to do is to force all packets arriving at a port to VLAN2 (in much the same way a switchport access vlan does on the Cisco), and for those to be trunked to the cisco to access the other VLAN2 devices. What's the trick for doing this? Thanks, Julian.

1. The VLAN configuration of the SRW looks good.
2. Which port on the Cisco do you connect to? I guess it is the FE0/1.
3. You have to configure trunk mode on the fe0/1 port. Default is access mode. On my router I have manually added vlans. But I think the Cisco (in contrast to the Linksys) by default will accept all vlans unless configured otherwise. In summary: add the first and maybe the second line to FE0/1
switchport mode trunk
switchport trunk allowed vlan 1,2
4. Is there a VLAN router in the setup to provide internet for those VLANs?
5. How does VLAN 2 get its IP addresses? Do you have a separate DHCP server for VLAN 2?

Similar Messages

VLAN trunk to non Cisco

we have two 4503 switches configured with secondary interfaces and running RIP.
There are no vlans configured on the switch.
I have a 3com switch on a subnet not yet configured on the 4500 switches.
I want to create a trunk from the 3com to the 4500.
I have the vlan configured with the IP address I want, but I am not sure how to associate the trunk port to it.
I have the 3com connected to port g2/40 but the vlan interface does not come up unless I configure:
switchport mode access
interface GigabitEthernet2/40
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 6
switchport mode trunk
interface Vlan6
ip address 10.250.250.250 255.255.255.0
I can find anything specific on how this should be done.

Hi Rich,
Have you also configured trunk on 3com switch which I believe is not? Also if you have configured trunk on 3com switch is it showing you up and working. I believe your 3com switch por tconnected to cisco switch port is only configured for access vlan 6.
On cisco switch for any logical interface like vlan interface in your case to be up and up you need to have one physical interface attached to that vlan or you need ot have trunk interface allowing that vlan which is true in your case but if 3com switch port is not acting as trunk then trunk on cisco switch will be down and is the reason your logical interface will show you line protocol down.
because I believe your 3com switch is configured only for vlan 6 and is the reason when you configure switchport mode access on cisco switchport that physical interface get binded with that vlan and your logical interface comes up.
So cheked the port and trunk settings on 3com switch as config is fine on cisco switch end.
HTH
Ankur

Etherchannel trunk with two cisco switch

Hi, my company using only one Cisco 3750 switch with VLAN1,2,3,4,5.
Now my company bought another cisco switch and we would like to etherchannel trunk between both and create new VLAN in new switch. We look over from partner, some of them suggested we use LACP, and some of them suggest we use PAgP. We are so confuse which will be better in our environment.
Previous: Router <> 3750 switch A (VLAN 1,2,3,4,5)
Now we bought another Cisco Switch B: Router <>3750 switch A <> switch B (add more VLAN 6,7,8,9,10)
Which of below command is the best choice to suit our company ? suppose we use 2 port of gigabitethernet 1/0/1 and 1/0/2 trunk? All VLAN 1-10 need to communicate with each other.
interface GigabitEthernet1/0/1
channel-group 1 mode active <<< (use "active" or "desirable" is the best choice)
switchport mode trunk
interface GigabitEthernet1/0/2
channel-group 1 mode active
switchport mode trunk
interface Port-channel 1
switchport trunk encapsulation dot1q << (do we need put this? as we think this is by default after trunk?)
switchport mode trunk
switchport nonegotiate <<< (do we need "nonegotiate" if both switch setup same configure?)

Hello
My understanding is pagp and lacp basically perform the same features - however as PAGP is cisco propriety LACP is IEEE standard which can be used between different route/switch vendor platforms.
As for disabling DTP ( switchport nonegotiate) - i would agree to do this suggestion, As so not to have trunks being dynamically created.
Lastly i would manually prune unused vlans across trunk interfaces, to save on cpu and memory usage because of the stp instances that coild be used ( however such a small vlan database like yours would not be an issue)
So to summarise:
Cisco to Cisco ehterchannels =PAGP
Cisco to other vendors = LACP
L2 etherchannel
================
1) default physical interfaces (if possible)
2) configure port-channel in physical interfaces
-- port-channel will be created automatically
3)create trunking encapsulation or access port mode directly in port-channel interface
4)enable physical interfaces "no shut"
conf t
default int ran fa0/1 -3 ( if applicable)
int ran fa0/1 -3
shut ( if applicable)
channel-group 1 mode xxx
int port-channel 1
switchport trunk encap dot1q
switchport- mode trunk
switchport nonegotiate
switchport trunk allowed vlan 1-10
res
Paul

How many VLANs supported via MACsec VLAN-trunk link?

Hi,
Any one know how many VLANs maximum allowed across a MACsec link between two C6500 with Sup2Ts or between two N7K respectively?
As far as I know, C3750X has limitation of 8 VLANs, according to
•Cisco TrustSec enforcement is supported only on up to eight VLANs on a VLAN-trunk link. If there are more than eight VLANs configured on a VLAN-trunk link and Cisco TrustSec enforcement is enabled on those VLANs, the switch ports on those VLAN-trunk links will be error-disabled.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_2_se/configuration/guide/3750x_cg/trustsec.html
Thanks,
Cedar

Hi,
Any one know how many VLANs maximum allowed across a MACsec link between two C6500 with Sup2Ts or between two N7K respectively?
As far as I know, C3750X has limitation of 8 VLANs, according to
•Cisco TrustSec enforcement is supported only on up to eight VLANs on a VLAN-trunk link. If there are more than eight VLANs configured on a VLAN-trunk link and Cisco TrustSec enforcement is enabled on those VLANs, the switch ports on those VLAN-trunk links will be error-disabled.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_2_se/configuration/guide/3750x_cg/trustsec.html
Thanks,
Cedar

Does the 8540 support VLAN Trunking

I would like to VLAN trunk four VLANs(8540 bridge-groups) from an 8540 switch router to a Cat 5000. I have not seen in Cisco's documentation anything that indicates that the 8540 supports VLAN trunking.

8540 supports both ISL and 802.1q VLAN trunking
http://www.cisco.com/univercd/cc/td/doc/product/atm/c8540/12_1/pereg_1/quick_cg/layer3.htm#39775

WRVS4400N VLAN trunking question

Hi all,
I just got a SRW224G4 today my main objective is to trunk 30 VLAN(s) to my WRVS4400N for interVLAN communication. So far I set G1 on my SRW as a trunk port and linked it to port 2 on my WRVS4400N (which is also set as a trunk).
So far no good when I go into LAN settings I do not see an option wheree I can set DHCP addresses or gateways for these VLAN(s). Is this even possible with the WRVS4400N I meen if Linksys is going to provide a small business solution atleast their equipment should support VLAN trunking with each other.
If anybody knows the solution to this please let me know.
Cheers

From what I know, although the WRVS4400N has support for port based VLAN setup, it does not give you the option to set different DHCP addresses for each of the 4 VLANS.

Vlan routing with cisco router and linksys switch

I have a linksys switch width vlan configured, connected to a Cisco router (1841), but I cant route between vlans.
Please help me!!
It Works with a Cisco switch perfectly(with the same ip and vlan).

Yes. the linksys switch (SRW2024 24-Port 10/100/1000 Gigabit Switch) supports trunking.
If you want you can visit the link and see that the switch supports vlan, dot1q and trunking.
http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Product_C2%26cid%3D1123638180432&pagename=Linksys%2FCommon%2FVisitorWrapper

VLAN problems with SG200-8P and Cisco ASA 5505 (Sec Plus license)

Hi, I've been pulling my hair out trying to get simple vlan trunking working between these devices.
Basically, no clients on VLAN 99 (guest) will receive DHCP ip addresses when plugged into the SG200. I have the SG200<>ASA VLAN trunk configured correctly, as I know it, and I've tried numerous variations (set trunk as general tag/untagged, etc., set the ap port to general tag/untag, etc). Both AP's work properly when connected to the ASA e0/3 port but either will only pull the "inside" VLAN dhcp address when connected to the SG200 switch
VLAN 1 - inside (has separate dhcp scope assigned by ASA)
VLAN 99 - guest (has separate dhcp scope assigned by ASA)
SG200
purpose
ASA 5505 (Sec Plus license)
purpose
g2
Trunk 1UP,99T
Ubiquiti AP (VLAN 1 works, VLAN 99 does not
g3
Access port 99T
vlan 99 does not work
g8
Trunk 1UP, 99T
< Trunk between switch and ASA >
Int e0/2
switchport trunk allowed vlan 1,99
switchport trunk native vlan 1
switchport mode trunk
Int e0/3
switchport trunk allowed vlan 1,99
switchport trunk native vlan 1
switchport mode trunk
Second ubiquiti AP
Both VLAN 1 and VLAN 99 clients work properly

Frustrated - yes. Confused - maybe not as much, but I could have put some more effort into the overall picture.
There are two VLANs (1 - native) and (99 - guest). There is a trunk port between the SG200 and the ASA configured as 1-untagged 99 - tagged.
No clients connected to the SG200 on VLAN 99 are able to access the ASA VLAN 99 using either a static VLAN IP address or DHCP. The problem occurs whether I configure the SG200 with an access port 99-tagged or Trunk port 1UP, 99T or general port 1U, 99UP or any combination thereof.
Anything connected to the SG200 on the native VLAN works properly.
Anything connected to the ASA VLANs (1 or 99) works properly
I have not yet tried to see what the switch is doing with the VLAN tags but I suspect I have some mismatch with the Linksys/Cisco SG200 way of setting up a VLAN and how traditional Cisco switches work.
I was hoping someone with a working SG200 - Cisco ASA setup could share their port/trunk/VLAN settings or perhaps point me in the right direction.
SG200 g2 - trunk port (1UP, 99T) -- Access Point
SG200 g2 - access port (99U)
SG200 g8 - trunk port (1UP, 99T) connected to ASA5505 e0/3
ASA5505 e0/3 (switchport trunk allowed vlan 1,99, switchport trunk native vlan 1, switchport mode trunk)
Thanks,

Cisco VLAN Trunking Protocol Vulnerability

I have got a cisco 2821 model router with a c2800nm-advipservicesk9-mz.151-2.T4 IOS, and was reported with 'Cisco VLAN Trunking Protocol Vulnerability'.
Though the device is in server mode, I do not have any domain name or trunk port configured.
Is my device really vulnerable? If yes, whats next?

Hi Alex,
for the trunk port on Catalyst on port GE 1/0/45, we need to enable the trunk and for on encapsulation dot1q because this catalyst model is ISL capable also and the SF300 working only with Dot1q Encapsultion
The configuration on catalyst should :
#config terminal
#interface Gi 1/0/45
# switchport encapsulation
#switchport trunk encapsulation dot1q
#switchport mode trunk
#switchport trunk allowed vlan 101-103
#spanning-tree portfast
For SF300 the port trunk it looks fine but for the port where the PC should receive an IP address
#interface fastethernet29
#switchport mode access
#switchport ccess vlan 103
Please let me know after this configuration
Thanks
Mehdi
Please rate or mark as answered to help other Cisco Customers

VLAN trunking from Cisco Catalyst 3750 to Cisco SF300-48P issue and related

Hello expert,
I'm having difficulties to configure VLAN trunking between Cisco Catalyst 3750 switch with Cisco SF300-48P switch and my workstation unable to get any DHCP IP from our DHCP server via Cisco SF300-48P switch. Below is the snippet of configuration on both switches:
[Cisco Catalyst 3750 Switch]
interface GigabitEthernet1/0/45
description NCC-CC-1stFlr
no switchport trunk encapsulation dot1q
no switchport trunk allowed vlan 101-103
spanning-tree portfast
[Cisco SF300-48P Switch]
interface fastethernet48
spanning-tree link-type point-to-point
switchport trunk allowed vlan add 101-103
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
interface fastethernet29
switchport mode general
switchport general allowed vlan add 103 tagged
switchport general pvid 103
Are these are correct? Kindly advice!
Thank you very much!
Regards,
Alex

Hi Alex,
for the trunk port on Catalyst on port GE 1/0/45, we need to enable the trunk and for on encapsulation dot1q because this catalyst model is ISL capable also and the SF300 working only with Dot1q Encapsultion
The configuration on catalyst should :
#config terminal
#interface Gi 1/0/45
# switchport encapsulation
#switchport trunk encapsulation dot1q
#switchport mode trunk
#switchport trunk allowed vlan 101-103
#spanning-tree portfast
For SF300 the port trunk it looks fine but for the port where the PC should receive an IP address
#interface fastethernet29
#switchport mode access
#switchport ccess vlan 103
Please let me know after this configuration
Thanks
Mehdi
Please rate or mark as answered to help other Cisco Customers

Cisco 1941 Router-on-a-Stick w/ 11VLANs trunked to a Cisco 2960: Can Ping a device in another VLAN, that device cannot ping back

Cisco 1941 Router-on-a-Stick w/ 11VLANs trunked to a Cisco 2960: From the Switch I can Ping a device in another VLAN, that device cannot ping back. Some devices can ping devices in other VLANs and the device in the other VLAN can successfully return the Ping. Have a look at the attached diagram.
Router Config:
show run
Building configuration...
Current configuration : 7224 bytes
! Last configuration change at 09:05:48 EDT Wed Aug 6 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname ROUTER
boot-start-marker
boot-end-marker
no aaa new-model
clock timezone EDT -8 0
ip cef
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO1941/K9
object-group network Net_Obj_Group1
description This network group allows all 10.0.0.0 and Email Forwarder server through to the Plt PCs
205.191.0.0 255.255.0.0
10.0.0.0 255.0.0.0
object-group network Net_Obj_Group2
description This Network Group includes the Host IPs allowed through the Plant Router
host 10.194.28.23
host 10.194.28.25
host 10.194.28.26
host 10.194.28.27
host 10.194.28.28
host 10.194.28.29
host 10.194.28.37
host 10.194.28.39
host 10.194.28.40
host 10.194.28.70
host 10.194.28.130
host 10.194.28.131
host 10.194.28.132
host 10.194.28.133
host 10.194.28.134
host 10.194.28.135
host 10.194.28.136
host 10.194.28.137
host 10.194.28.138
host 10.194.28.139
host 10.194.28.140
host 10.194.28.141
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Port Ge0/0 to IT Enterprise network Switch GE1/0/38
ip address 10.194.28.111 255.255.255.0
ip access-group 105 in
ip access-group 106 out
ip nat outside
ip virtual-reassembly in
shutdown
duplex full
speed auto
no mop enabled
interface GigabitEthernet0/1
description Port to Plant PCN-K/L24 Sw1 Port 0/24
no ip address
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/1.102
description Port to VLAN 102
encapsulation dot1Q 102
ip address 192.168.102.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.104
description Port to VLAN 104
encapsulation dot1Q 104
ip address 192.168.104.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.105
description Port to VLAN 105
encapsulation dot1Q 105
ip address 192.168.105.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.106
description Port to VLAN 106
encapsulation dot1Q 106
ip address 192.168.106.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.107
description Port to VLAN 107
encapsulation dot1Q 107
ip address 192.168.107.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.111
description Port to VLAN 111
encapsulation dot1Q 111
ip address 192.168.111.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.117
description Port to VLAN 117
encapsulation dot1Q 117
ip address 192.168.117.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.121
description Port to VLAN 121
encapsulation dot1Q 121
ip address 192.168.121.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.125
description Port to VLAN 125
encapsulation dot1Q 125
ip address 192.168.125.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.150
description Port to to VLAN 150
encapsulation dot1Q 150
ip address 192.168.150.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.999
description Port to VLAN 999
encapsulation dot1Q 999
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
no ip http secure-server
ip nat inside source static 192.168.102.201 10.194.28.23
ip nat inside source static 192.168.121.201 10.194.28.25
ip nat inside source static 192.168.106.251 10.194.28.26
ip nat inside source static 192.168.107.245 10.194.28.27
ip nat inside source static 192.168.102.251 10.194.28.28
ip nat inside source static 192.168.150.201 10.194.28.29
ip nat inside source static 192.168.107.179 10.194.28.37
ip nat inside source static 192.168.111.201 10.194.28.39
ip nat inside source static 192.168.105.201 10.194.28.40
ip nat inside source static 192.168.106.21 10.194.28.70
ip nat inside source static 192.168.107.146 10.194.28.130
ip nat inside source static 192.168.107.156 10.194.28.131
ip nat inside source static 192.168.107.161 10.194.28.132
ip nat inside source static 192.168.107.181 10.194.28.133
ip nat inside source static 192.168.107.191 10.194.28.134
ip nat inside source static 192.168.106.202 10.194.28.135
ip nat inside source static 192.168.106.212 10.194.28.136
ip nat inside source static 192.168.117.190 10.194.28.137
ip nat inside source static 192.168.117.100 10.194.28.138
ip nat inside source static 192.168.106.242 10.194.28.139
ip nat inside source static 192.168.125.100 10.194.28.140
ip nat inside source static 192.168.125.99 10.194.28.141
ip nat outside source static 10.194.28.23 10.194.28.23
ip nat outside source static 10.194.28.25 10.194.28.25
ip nat outside source static 10.194.28.26 10.194.28.26
ip nat outside source static 10.194.28.27 10.194.28.27
ip nat outside source static 10.194.28.28 10.194.28.28
ip nat outside source static 10.194.28.29 10.194.28.29
ip nat outside source static 10.194.28.37 10.194.28.37
ip nat outside source static 10.194.28.39 10.194.28.39
ip nat outside source static 10.194.28.40 10.194.28.40
ip nat outside source static 10.194.28.70 10.194.28.70
ip nat outside source static 10.194.28.130 10.194.28.130
ip nat outside source static 10.194.28.131 10.194.28.131
ip nat outside source static 10.194.28.132 10.194.28.132
ip nat outside source static 10.194.28.133 10.194.28.133
ip nat outside source static 10.194.28.134 10.194.28.134
ip nat outside source static 10.194.28.135 10.194.28.135
ip nat outside source static 10.194.28.136 10.194.28.136
ip nat outside source static 10.194.28.137 10.194.28.137
ip nat outside source static 10.194.28.138 10.194.28.138
ip nat outside source static 10.194.28.139 10.194.28.139
ip nat outside source static 10.194.28.140 10.194.28.140
ip nat outside source static 10.194.28.141 10.194.28.141
ip route 0.0.0.0 0.0.0.0 10.194.28.1
access-list 105 permit ip object-group Net_Obj_Group1 object-group Net_Obj_Group2
access-list 106 permit ip object-group Net_Obj_Group2 object-group Net_Obj_Group1
dialer-list 1 protocol ip permit
control-plane
banner login ^CC
Login banner for Plant Router #01^C
banner motd ^CC
MOTD Banner for Plant Router^C
line con 0
password XXXXXXXXX
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password XXXXXXXXX
logging synchronous
login
transport input all
scheduler allocate 20000 1000
ntp server 10.199.100.92
end
Switch Config:
sh ru
Building configuration...
Current configuration : 6513 bytes
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname K24Sw01
boot-start-marker
boot-end-marker
no aaa new-model
clock timezone EDT -5
clock summer-time EDT recurring
udld aggressive
crypto pki trustpoint TP-self-signed-593746944
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-593746944
revocation-check none
rsakeypair TP-self-signed-593746944
4B58BCE9 44
quit
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0
no ip address
interface GigabitEthernet0/1
description Trunk port for vlans 105, 111, 125 and 999 from K24Sw01 port Ge0/1 to P22Sw01 port Ge0/24
switchport trunk allowed vlan 105,111,125,999
switchport mode trunk
interface GigabitEthernet0/2
description Trunk port for vlans 150 and 999 from K24Sw01 port Ge0/2 to N25Sw01 port Ge0/26
switchport trunk allowed vlan 150,999
switchport mode trunk
interface GigabitEthernet0/3
description Trunk port for vlans 102, 104, 106, 107, 117 and 999 from K24Sw01 port Ge0/3 to K28Sw01 port Ge0/26
switchport trunk allowed vlan 102,104,106,107,117,999
switchport mode trunk
interface GigabitEthernet0/4
description Trunk port for vlans 102, 106, 107 and 999 from K24Sw01 port Ge0/4 to H23Sw01 port Ge0/26
switchport trunk allowed vlan 102,106,107,999
switchport mode trunk
interface GigabitEthernet0/5
description Trunk port for vlans 121, 125 and 999 from K24Sw01 port Ge0/5 to M21Sw01 port Ge0/24
switchport trunk allowed vlan 121,125,999
switchport mode trunk
interface GigabitEthernet0/6
description OPEN
spanning-tree portfast
interface GigabitEthernet0/7
description OPEN
spanning-tree portfast
interface GigabitEthernet0/8
description OPEN
spanning-tree portfast
interface GigabitEthernet0/9
description OPEN
spanning-tree portfast
interface GigabitEthernet0/10
description VLan 102 access port
switchport access vlan 102
spanning-tree portfast
interface GigabitEthernet0/11
description - VLan 104 access port
switchport access vlan 104
spanning-tree portfast
interface GigabitEthernet0/12
description - VLan 105 access port
switchport access vlan 105
spanning-tree portfast
interface GigabitEthernet0/13
description - VLan 106 access port
switchport access vlan 106
spanning-tree portfast
interface GigabitEthernet0/14
description - VLan 107 access port
switchport access vlan 107
spanning-tree portfast
interface GigabitEthernet0/15
description - VLan 111 access port
switchport access vlan 111
spanning-tree portfast
interface GigabitEthernet0/16
description - VLan 117 access port
switchport access vlan 117
spanning-tree portfast
interface GigabitEthernet0/17
description - VLan 121 access port
switchport access vlan 121
spanning-tree portfast
interface GigabitEthernet0/18
description - VLan 125 access port
switchport access vlan 125
spanning-tree portfast
interface GigabitEthernet0/19
description - VLan 150 access port
switchport access vlan 150
spanning-tree portfast
interface GigabitEthernet0/20
description - VLan 999 access port
switchport access vlan 999
spanning-tree portfast
interface GigabitEthernet0/21
description OPEN
spanning-tree portfast
interface GigabitEthernet0/22
description OPEN
spanning-tree portfast
interface GigabitEthernet0/23
description OPEN
spanning-tree portfast
interface GigabitEthernet0/24
description From ROUTER Gw ge0/1
switchport trunk allowed vlan 102,104-107,111,117,121,125,150,999
switchport mode trunk
interface GigabitEthernet0/25
interface GigabitEthernet0/26
interface Vlan1
no ip address
no ip route-cache
shutdown
interface Vlan102
ip address 192.168.102.253 255.255.255.0
interface Vlan104
no ip address
no ip route-cache
interface Vlan105
no ip address
no ip route-cache
interface Vlan106
no ip address
no ip route-cache
interface Vlan107
no ip address
no ip route-cache
interface Vlan111
no ip address
no ip route-cache
interface Vlan117
no ip address
no ip route-cache
interface Vlan121
no ip address
no ip route-cache
interface Vlan125
no ip address
no ip route-cache
interface Vlan150
no ip address
no ip route-cache
interface Vlan999
no ip address
no ip route-cache
ip default-gateway 192.168.102.1
ip http server
ip http secure-server
snmp-server engineID local 00000009020000019634C2C0
snmp-server community public RO
snmp-server location
snmp-server contact
banner motd ^CCC ADMIN USE ONLY! ^C
line con 0
session-timeout 10
password xxxxxx
logging synchronous
login
stopbits 1
line vty 0 4
session-timeout 10
password xxxxxxx
login
line vty 5 15
session-timeout 10
password xxxxxxxx
login
ntp server 10.199.100.92
end
K24Sw01#

HI Mark,
Here is the my config:
Create sub-interfaces, set 802.1Q trunking protocol and ip address on each sub-interface
Router(config)#interface f0/0
Router(config-if)#no shutdown
(Note: The main interface f0/0 doesn’t need an IP address but it must be turned on)
Router(config)#interface f0/0.10
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.10.1 255.255.255.0
Router(config-subif)#interface f0/0.20
Router(config-subif)#encapsulation dot11 20
Router(config-subif)#ip address 192.168.20.1 255.255.255.0
(Note: In the “encapsulation dot1q 10″ command, 10 is the VLAN ID this interface operates in)
Configure VLAN
Switch(config)#vlan 10
Switch(config-vlan)#name SALES
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name TECH
Set ports to access mode & assign ports to VLAN
Switch(config)#interface range fa0/1
Switch(config-if)#no shutdown
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 15
Switch(config-if)#interface range fa0/3
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode access
Switch(config-if)# switchport access vlan 20
Switch(config-if)#interface range fa0/5
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode trunk
1. Please check all your port are up.
2. Check the config once again.
3. Make sure the swicth and router connection port configured as trunk and it should be up.
This config is working for me,
Regards
Dont forget to rate helpful posts.

Can no longer telnet to my Cisco 2924 xl

Hi,
I have a Cisco 2924 XL where port 24 is trunked to another port on Cisco 3750. Both interfaces are up, but I can no longer telnet til the switch. I get this error message "VLAN-4-VTP_INTERNAL_ERROR: VLAN manager received an internal error 26 from vtp function vtp_download_info: Inconsistant TLB (translational bridge) VLAN IDs". Tanks in Advance

Hi,
This is typically indicative of a corrupt vlan database.
Try this:
Rename the file on flash called vlan.dat to something different like vlan.old, then reboot the switch and rebuild your vlan database and see if the errors come back. If the errors do not come back you can delete vlan.old (or whatever you named it) and run off of the new vlan database file in flash.
HTH,
Bobby

Strange issue with new Cisco Catalyst 2960 (IOS)

Hello all,
I am upgrading a older 2950(100M) switch replacing it with a gigabit 2960. Installed it in the same rack, the configuration is practically non-existent just set the passwords and IP. We run a single VLAN flat network for this so I started out by patching it to the existing switch, after a few days we had an opportunity to migrate because there was some downtime so I disconnected the cables on the old and moved them to the new.. Everything seemed fine, there is connectivity and things operate, but a few days later we noticed that some network transfer activities are slow. There are no errors or log entries showing on the new switch or the old one, but the low throughput is persistent.
All ports show 1G Full duplex as they should, but what I see when I test is that traffic tests look almost asynchronous when passing switch boundaries with normal read speeds and slow writes. Reversing the direction of the test hosts I get slow reads and fast writes so it seems to 'stick' to one side of the traffic path. Testing the same equipment against differente targets without the switch boundary crossing does not show the problem. All Intra-switch tests look good (gig switches transfer near a gig and 100 switches near 100), but the moment there is a crossing things behave strangely regardless of the target (new switch is center backbone with most hosts, but does no routing). Network layout is essentially a T with everything radiating from the new switch. I can eliminate the old switch soon, but I still need to resolve the problem with the crossing to the other switch.
Everything seems to point at the inter switch links. One is a patch cable under two feet, and the other is a dedicated fiber site link. We had the vendor confirm that the site link showed no issues, but having the same symptoms on both links makes me suspect the switch has something odd happening..
I checked for duplex issues first, but didn't find any. I flushed the arp caches in all of the switches (3 total) and all of the computers as well, but the problem persists.
Could this be an STP issue ?   If so how can I set this switch as the STP root and force a refresh..
Any help would be greatly appreciated.

Hi Paul,
That was my concern and why I worried about making a change from remote, things are not as they should be.
Here is the output for each switch..
======================================================================
First the old switch (originally old switch connected to remote directly port 24 fixed speed/duplex and no other config)
C2950Calidad#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID    Priority    32769
             Address     0013.7f23.0000
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    32769 (priority 32768 sys-id-ext 1)
             Address     0013.7f23.0000
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300
Interface        Role Sts Cost      Prio.Nbr Type
Fa0/2            Desg FWD 19        128.2    P2p
Fa0/16           Desg FWD 19        128.16   P2p
Fa0/21           Desg FWD 19        128.21   P2p
Fa0/22           Desg FWD 19        128.22   P2p
C2950Calidad#sh run int Fa0/22
Building configuration...
Current configuration : 34 bytes
interface FastEthernet0/22
end
C2950Calidad#sh int Fa0/22
FastEthernet0/22 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0013.7f23.0016 (bia 0013.7f23.0016)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 11/255, rxload 3/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 100BaseTX
input flow-control is unsupported output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:20, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1229000 bits/sec, 716 packets/sec
5 minute output rate 4361000 bits/sec, 800 packets/sec
     1543435357 packets input, 1281752172 bytes, 0 no buffer
     Received 3977688 broadcasts (0 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 4346 ignored
     0 watchdog, 2032103 multicast, 0 pause input
     0 input packets with dribble condition detected
     2298226914 packets output, 1725074683 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
C2950Calidad#sh int Fa0/22 switchport
Name: Fa0/22
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
============================================================================
Now the new switch (at center between other two, patched to above, fiber dedicated provider link to remote)
This includes two port command sets because it's in the middle interconnecting the other switches.
CISCO-2960-48-GB-ASP#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID    Priority    32769
             Address     0013.7f23.0000
             Cost        19
             Port        48 (GigabitEthernet1/0/48)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    32769 (priority 32768 sys-id-ext 1)
             Address     f41f.c2dc.9b80
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec
Interface           Role Sts Cost      Prio.Nbr Type
Gi1/0/2             Desg FWD 19        128.2    P2p
Gi1/0/3             Desg FWD 4         128.3    P2p
Gi1/0/4             Desg FWD 4         128.4    P2p
Gi1/0/5             Desg FWD 4         128.5    P2p
Gi1/0/6             Desg FWD 4         128.6    P2p
Gi1/0/7             Desg FWD 4         128.7    P2p
Gi1/0/10            Desg FWD 4         128.10   P2p
Gi1/0/11            Desg FWD 4         128.11   P2p
Gi1/0/12            Desg FWD 4         128.12   P2p
Gi1/0/13            Desg FWD 4         128.13   P2p
Gi1/0/14            Desg FWD 4         128.14   P2p
Gi1/0/15            Desg FWD 4         128.15   P2p
Gi1/0/16            Desg FWD 19        128.16   P2p
Gi1/0/17            Desg FWD 4         128.17   P2p
Gi1/0/18            Desg FWD 4         128.18   P2p
Gi1/0/20            Desg FWD 4         128.20   P2p
Gi1/0/21            Desg FWD 19        128.21   P2p
Gi1/0/22            Desg FWD 4         128.22   P2p
Gi1/0/24            Desg FWD 4         128.24   P2p
Gi1/0/25            Desg FWD 4         128.25   P2p
Gi1/0/27            Desg FWD 19        128.27   P2p
Gi1/0/29            Desg FWD 19        128.29   P2p
Gi1/0/32            Desg FWD 19        128.32   P2p
Gi1/0/37            Desg FWD 4         128.37   P2p
Gi1/0/38            Desg FWD 19        128.38   P2p
Gi1/0/39            Desg FWD 19        128.39   P2p
Gi1/0/40            Desg FWD 19        128.40   P2p
Gi1/0/41            Desg FWD 19        128.41   P2p
Gi1/0/42            Desg FWD 4         128.42   P2p
Gi1/0/43            Desg FWD 19        128.43   P2p
Gi1/0/44            Desg FWD 19        128.44   P2p
Gi1/0/45            Desg FWD 19        128.45   P2p
Gi1/0/47            Desg FWD 19        128.47   P2p
Gi1/0/48            Root FWD 19        128.48   P2p
CISCO-2960-48-GB-ASP#show run int Gi1/0/48
Building configuration...
Current configuration : 39 bytes
interface GigabitEthernet1/0/48
end
CISCO-2960-48-GB-ASP#show int Gi1/0/48
GigabitEthernet1/0/48 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is f41f.c2dc.9bb0 (bia f41f.c2dc.9bb0)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 2/255, rxload 10/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 12712290
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 4305000 bits/sec, 801 packets/sec
5 minute output rate 1149000 bits/sec, 706 packets/sec
     2196985674 packets input, 2514470162077 bytes, 0 no buffer
     Received 28075666 broadcasts (15513358 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 15513358 multicast, 0 pause input
     0 input packets with dribble condition detected
     1534630723 packets output, 395369715690 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
CISCO-2960-48-GB-ASP#show int Gi1/0/48 switchport
Name: Gi1/0/48
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
CISCO-2960-48-GB-ASP#show run int Gi1/0/47
Building configuration...
Current configuration : 63 bytes
interface GigabitEthernet1/0/47
speed 100
duplex full
end
CISCO-2960-48-GB-ASP#show int Gi1/0/47
GigabitEthernet1/0/47 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is f41f.c2dc.9baf (bia f41f.c2dc.9baf)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 2/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:28, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 576929
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 922000 bits/sec, 233 packets/sec
5 minute output rate 453000 bits/sec, 220 packets/sec
     57257892 packets input, 17029314836 bytes, 0 no buffer
     Received 81580 broadcasts (29497 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 29497 multicast, 0 pause input
     0 input packets with dribble condition detected
     101568868 packets output, 77491607955 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
CISCO-2960-48-GB-ASP#show int Gi1/0/47 switchport
Name: Gi1/0/47
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
===========================================================================
Finally the third switch (at separate site via provider dedicated fiber link from port 47 above)
SWC2960#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID    Priority    32769
             Address     1833.9db5.cd80
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    32769 (priority 32768 sys-id-ext 1)
             Address     1833.9db5.cd80
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec
Interface           Role Sts Cost      Prio.Nbr Type
Fa0/1               Desg FWD 19        128.1    P2p
Fa0/2               Desg FWD 19        128.2    P2p
Fa0/3               Desg FWD 19        128.3    P2p
Fa0/4               Desg FWD 19        128.4    P2p
Fa0/5               Desg FWD 19        128.5    P2p
Fa0/6               Desg FWD 19        128.6    P2p
Fa0/7               Desg FWD 19        128.7    P2p
Fa0/8               Desg FWD 19        128.8    P2p
Fa0/9               Desg FWD 19        128.9    P2p
Fa0/12              Desg FWD 19        128.12   P2p
Fa0/13              Desg FWD 19        128.13   P2p
Fa0/14              Desg FWD 19        128.14   P2p
Fa0/16              Desg FWD 19        128.16   P2p
Fa0/17              Desg FWD 19        128.17   P2p
Fa0/18              Desg FWD 19        128.18   P2p
Gi0/2               Desg FWD 4         128.26   P2p
SWC2960#sh run int Gi0/2
Building configuration...
Current configuration : 36 bytes
interface GigabitEthernet0/2
end
SWC2960#sh int Gi0/2
GigabitEthernet0/2 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 1833.9db5.cd9a (bia 1833.9db5.cd9a)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 450000 bits/sec, 205 packets/sec
5 minute output rate 792000 bits/sec, 211 packets/sec
     76476638 packets input, 76487607492 bytes, 0 no buffer
     Received 528325 broadcasts (253243 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 253243 multicast, 0 pause input
     0 input packets with dribble condition detected
     59807938 packets output, 18071502348 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
SWC2960#sh int Gi0/2 switchport
Name: Gi0/2
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
There really isn't anything odd configured, but since CDP doesn't cross the fiber link I think it must be a q-q tunnel..
Dave

VLAN for Idiots - srw2024

Hi all,
can anyone post an idiots guide to setting up a VLAN on a srw2024 switch please. I need to configure a VLAN as per the following:
Switch 1 - ports 7&12 on the switch on their own VLAN (VLAN2)
Switch 2 - Ports 3&15 on the switch on the same VLAN as above (VLAN2)
enable all ports to communicate with each other.
Basically I am setting up a 2nd network that will have a DHCP server and I don't want this to conflict my existing network and DHCP Server.
I have had a look around these forums but in every post people have already seemed to have created their VLAN.
Cheers for your help

ok so here is the way I have currently got my VLAN's setup:
Switch 2 - 24 port 10/100/1000 Gigabit Switch:
VLAN ID - 2
Port Setting tab   - Port G7 set to Trunk
                           Port G8 set to Access
Ports to VLAN tab - Port G7 set to Trunk & UnTagged
                           Port G8 set to Access & Untagged
VLAN to Ports tab - Port G7, Mode - Trunk, VLAN - 2U
                           Port G8, Mode - Access, VLAN - 2U
Switch 3 48 port 10/100 + 4port Gigabit switch:
VLAN ID - 2
Port Setting tab   - Port E1 set to Trunk
                           Port E2 set to Access
Ports to VLAN tab - Port E1 set to Trunk & UnTagged
                           Port E2 set to Access & Untagged
VLAN to Ports tab - Port E1, Mode - Trunk, VLAN - 2U
                           Port E2, Mode - Access, VLAN - 2U
I did originally try to setup the trunked ports to be tagged but when I clicked on the save button I got the following error message:
Line No.   Error Type               Value Diagnostic
      1              null                                 Unknown value
                                              Might be missing parameters (join5)  in page.
And this is why i tried to set the trunked ports to untagged
thanks

VLAN Pruning with VTP Pruning

I am having a hard time understanding VTP Pruning and how broadcasts/traffic affects Trunk Ports on switches, which have VLANs in their database. I am hoping someone can explain it in a different way then what documentation is explaining.
According to the following documentation
http://www.ciscopress.com/articles/article.asp?p=29803
“By default all the VLANs that exist on a switch are active on a trunk link”.
Does this mean if I see the VLAN in the database “sh vlan”, the Trunk Port could receive traffic, even if no port is assigned to the vlan?
My Goal:
I am trying to weed out or remove unused vlans from my VTP Client switches. VTP is pulling the full database down; however, I am only using three (3) vlans on some edge (access layer) switches. I am worried, since all VLANs are in the database, if a broadcast storm happens on a different vlan that is not assigned to my particular switch - it will affect the Trunk ports of all switches.
In addition, it would make troubleshooting so much easier since the vlan database is trimmed – when running “sh vlan”.
Also, I am doing some manual pruning at my VTP server by the “vlan allowed” command on the trunk port; however, the full database is still visable on the edge (access layer) switches.
Thank you.
JJ

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
"Does this mean if I see the VLAN in the database “sh vlan”, the Trunk Port could receive traffic, even if no port is assigned to the vlan?"
Yes, and its for any traffic flooded to the VLAN, which, besides broadcast, could include unicast (for unknown destination MAC) and multicast.
VTP auto pruning is effectively doing what you do with manual pruning, i.e. block sending traffic down trunks when there are no VLANs ports downstream of that trunk. The advantage of auto pruning, it's "automatic" with addition/removal of VLAN ports on the downstream switch.
I recall there's some "gotcha" with auto pruning vs. manual tuning, but I cannot remember what it is.
BTW, the VLAN traffic that is blocked doesn't impact the VTP database, which as you've noticed, doesn't change.
[edit]
I just found two issue differences between auto pruning and manual pruning.
First, auto pruning doesn't reduce STP domains.
Second, auto pruning has issues with transparent mode VTP. It also may have issues with non-Cisco (non-VTP) switches.

VLAN Trunking with SRW2024 & Cisco 2924

Similar Messages

Maybe you are looking for