WS-C3524-XL switch with a trunked port managed vlan and access vlan 13

Unanswered Question
Feb 6th, 2007

I'm trying to set up my access switches to all be managed on Vlan 1 (172.16.1.x/24). The first switch that I'm trying to set up is giving me issues. It seems that I am unable to have an IP address for the managed IP address and have the switch port access vlan 13 for the PCs to communicate with the rest of the network.

What ends up happening is either I can have the managed vlan switch ping throughout the network, but, not the PCs. And the other way around. The PCs on the switch can ping everything, but, I can't ping the managed vlan switch on

Are these L2 switches capable of doing what I want?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 02/06/2007 - 13:19


Where are your layer 3 interfaces for vlan 1 & vlan 13 in this layout.

If the layer 3 interfaces are on another device then the uplink from your switch needs to be configured as a trunk. You say these are access layer switches, are they connecting to multilayer switches, if so do you have vlan 1 and vlan 13 interfaces configured on these.

You cannot have more than one Layer 3 interface on a layer 2 switch. The layer 3 interface is used for management of the switch only.



belenkym89 Wed, 02/07/2007 - 08:57

My layer 3 interfaces are on the 6509s using HSRP.

I do have vlan 1 and vlan 13 configured on the MLSwitches and all of the vlan interfaces are configured with an IP address.

For example...


interface vlan 13

ip address

standby 1 ip

standby 1 preempt 110

standby 1 authentication vlan13


interface vlan 13

ip address

standby 1 ip

stamdbu 1 preempt 100

standby 1 authentication vlan13

6509 A

Trunk Port dot1q 8/24 with native vlan 1

UDLD is enabled on this port

Spanningtree portfast is enabled also ( Should I turn this off If I have UDLD?)


Trunk Port dot1q FA0/1 with native vlan 1

Interface vlan 13

UDLD is enabled on this port

Spanningtree portfast is enabled also ( Should I turn this off If I have UDLD?)

All vlans are aloud

belenkym89 Wed, 02/07/2007 - 13:42

I have just been informed by the Cisco TAC that they had set up a simulation of what I have on my network with the same cisco devices and they were having the same issues, however, when they had tested with a 2900 series switch it all worked fine. They think that this is a bug on the 3500 series switches even with the latest IOS. They should be getting back to me when the get more information.

Thanks for everyone's input.

belenkym89 Wed, 02/07/2007 - 13:45

Just got a call from them and with the very latest IOS 12.0(5)WC 16 it does work.

So, I will update my IOS and then, I'll cross my fingers.

sundar.palaniappan Wed, 02/07/2007 - 13:49

Good Luck with the upgrade.

Did TAC tell you which bug is it that you are hitting. I am wondering whether it may be a bug related to VTP pruning.

belenkym89 Wed, 02/07/2007 - 13:52

They didn't specify which bug it's hitting specifically. what they did find is (when they debugged ip) that the switch was not sending anything through the ip default gateway.

sundar.palaniappan Tue, 02/06/2007 - 13:21

Yes, you should be able to do that.

Configure all the ports connecting the users to be on vlan 13 and you may have done that already. Configure 'int vlan 1' and assign an IP address from the corresponding vlan 1 block. Then, configure the connection between this switch and the upstream switch as a trunk port as it has to carry traffic for multiple VLANs. VLAN 1 is created by default and the switch seems to be aware of VLAN 13 either via VTP or manual configuration as per your original post.



belenkym89 Wed, 02/07/2007 - 08:42

What you've just described is pretty much what I have. What should the native vlan on the trunk port be, or does it matter as long as they match up on both ends? I've also contacted the TAC and have been on the phone with them for over 3 hours and I still don't have a resolustion.

This is strange because, as I understand it, this should work and is a standard in any NW design.

I must be missing something very obvious. And will probably kick myself when the solution surfaces.

Do you have any ideas?

glen.grant Wed, 02/07/2007 - 09:38

This may be a dumb question but did you go into the vlan database on the 3524 and create your layer 2 vlans there and also set whether you want vtp as client or transparentand the vtp domain names match . Make sure all layer 2 vlans are set on both sides by doing the "show vlan " command , you should see all your vlans and they should show as active with ports assigned to them except trunk port will not show up .Also check your trunks to make sure they are up and working and the correct vlans allowed. Also on the 3524 verify your default gateway is pointed to the 6509 HSRP virtual address .Also you should not have portfast turned on for the uplinks .

Jon Marshall Wed, 02/07/2007 - 09:43


The native vlan can be any vlan, Cisco recommend vlan 999. Both ends of the trunk should have the same native vlan.

You should not have spanning-tree portfast on trunk links even if there isn't a loop.

You don't show it but i presume you have vlan 1 interfaces on your 6500 switches ?

What does the output of "sh int trunk" on your switches show ?



This Discussion