Switch port in both Vlan and Trunked..

Unanswered Question
Sep 20th, 2007

I'm taking over a configuration from another admin and he currently has the trunk port also in a vlan from my understanding you can't have a trunk port in a vlan, besides the vlan 1, is that correct?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 09/20/2007 - 07:16

Hi Bob


Could you send a config copy to illustrate what you mean.


Trunk links do have a native vlan which if you do not change it from the default is vlan 1 but you can change this to be any vlan you choose. Is this what you mean ?


Jon

bob.mckinley Thu, 09/20/2007 - 09:41

The port is configured as so:


interface FastEthernet0/13

switchport access vlan 7

switchport trunk allowed vlan 1,11,1001-1005

switchport mode access

speed 100

duplex full


I didn't think you could put a trunked port in a vlan because it's allowing all vlans through and by doing so your only allowing that vlan to be trunked.


Thanks..

glen.grant Thu, 09/20/2007 - 09:46

That trunk command is really not doing anything =the way it is .

Richard Burts Thu, 09/20/2007 - 10:02

Bob


That port is not trunking. We can not speak to any other ports and whether or not they are trunking until we see more of the config.


HTH


Rick

szahid Thu, 09/20/2007 - 10:23

You can check the operational status of the port whether its trunking or not by running the comamnd


show int fast 0/13 trunk

show interface fast 0/13 switchport


As others have already pointed out , this port is *not* trunking the way its configured. The port is just in vlan 7 and is configured as an access port.

bob.mckinley Thu, 09/20/2007 - 11:25

Ok that sounds about right, but what I'm curious about is how they are commuicating between vlans then. There are no other ports trunked and no default gateway set. Below is the complete config.


Switch2#show run

Building configuration...


Current configuration : 4171 bytes

!

! Last configuration change at 14:02:50 EDT Thu Sep 13 2007

! NVRAM config last updated at 14:02:50 EDT Thu Sep 13 2007

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log datetime

service password-encryption

service sequence-numbers

!

hostname Switch2

!

enable secret xxx

!

clock timezone EST -5

clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

ip subnet-zero

!

no ip domain-lookup

cluster standby-group clusername

!

cluster commander-address 000b.be68.f880 member 1 name kygovsw1 vlan 7

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

!

!

!

interface FastEthernet0/1

switchport access vlan 3

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/2

switchport access vlan 3

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/3

switchport access vlan 5

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/4

switchport access vlan 7

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/5

switchport access vlan 6

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/6

switchport access vlan 6

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/7

switchport access vlan 4

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/8

switchport access vlan 7

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/9

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 8

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/11

switchport access vlan 2

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/12

switchport access vlan 9

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/13

switchport access vlan 7

switchport trunk allowed vlan 1,11,1001-1005

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/14

switchport access vlan 4

switchport mode access

speed auto 100

duplex full

!

interface FastEthernet0/15

switchport access vlan 2

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/16

switchport access vlan 3

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/17

switchport access vlan 4

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/18

switchport access vlan 5

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/19

switchport access vlan 6

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/20

switchport access vlan 7

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/21

switchport access vlan 8

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/22

switchport access vlan 9

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/23

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/24

switchport access vlan 11

switchport mode access

speed 100

duplex full

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

no ip redirects

no ip route-cache

shutdown

!

interface Vlan7

ip address 10.x.x.x 255.255.255.0

no ip route-cache

standby ip 10.x.x.x

standby preempt delay sync 0

standby name ClusterName

ip redirect

!

ip http server

glen.grant Thu, 09/20/2007 - 11:59

If thats the complete config I would say they can't be talking between the vlans and are isolated. It looks like they tried to cluster the switch once but i think you still have to have a trunk between the switches in order for it to work . I have only seen clustering a couple times and it stinks trying to find devices within the cluster so we stay away from it . If you do a "show int trunk" does anything show up ? You could have a trunk on the gig ports as this looks to be a 2950 or something like that and the default port settings on those is dynamic desirable which would create a trunk without configuring anything.

paul.matthews Thu, 09/20/2007 - 12:08

The gig ports are at default config. If this is a recentish switch they will be "desirable" for trunking, so two similar switches, with the gig ports left at default and connected together will form a trunk.


Is anything connected to the gig ports?


Also bear in mind that it is possible to plug in a multi interface router to several lan ports in different VLANs and either bridge or route between them.


Paul.

Richard Burts Thu, 09/20/2007 - 12:11

Bob


Thanks for posting the config of the switch. For the most part it is an obvious config of a layer 2 switch. All of the FastEthernet interfaces are configured as access ports. It contains multiple VLANs, it has a single SVI which functions as its management address. It has no routing or default route information. It goes beyond simple layer 2 switch with the configuration of cluster parameters. Who/what is the cluster commander? Are the interfaces Gig0/1 and Gig0/2 used to connect to the cluster?


HTH


Rick

bob.mckinley Thu, 09/20/2007 - 13:02

When I do a show int trunk I get the following results:


Port Mode Encapsulation Status Native vlan

Gi0/1 desirable 802.1q trunking 1

Gi0/2 desirable 802.1q trunking 1


Port Vlans allowed on trunk

Gi0/1 1-4094

Gi0/2 1-4094


Port Vlans allowed and active in management domain

Gi0/1 1-14

Gi0/2 1-14


Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1-14

Gi0/2 1-14

switch2#


I'm not in front of the switches so I can't say excatly how they are connected, this is only my second week. The comment about this being a possible default setting with the 2950s I'm curious if he didn't set a default route or trunk port on the new switches, a 3560s, then I'm assuming I'm going to be seeing major issues, right? I should probably post the new config, which I haven't touched yet..


Paul...You had said "Also bear in mind that it is possible to plug in a multi interface router to several lan ports in different VLANs and either bridge or route between them" From my understanding the firewall, which contains sever interfaces is plugged into these switches, however without a default gateway how would they know to go to a specific interface?

bob.mckinley Thu, 09/20/2007 - 13:13

The new switch config is attached: Please keep in mind I haven't touched anything on it and I'm totally inheriting this. Basically we have two 3560 switches replacing 4 2950 switches. The previous admin was trying to simply copy the 2950 configs to the new 3560?s. I?m pretty sure that would work very well, considering what I?m seeing on the 2950 switch.



Attachment: 
Richard Burts Thu, 09/20/2007 - 13:36

Bob


This config looks even more like a straight forward layer 2 switch config. It has a number of interfaces configured as access ports and assigned in several different VLANs. It has one active SVI configured as its management interface. There is not sign of layer 3 operation on this switch. It does have some interfaces not configured and if they were connected switch to switch they could be functioning as trunks even though they are not explicitly configured as trunks.


It is not clear to me exactly what the topology with the old switches was or what the new topology will be. Certainly there had to be something connected (probably on a trunk port - though possibly on several access ports) which was providing the layer 3 intervlan routing. In the configs that we have seen so far it is not clear what will be providing the intervlan routing. In these configs stations in any particular VLAN can talk to other stations in that VLAN but can not talk to anything in any other VLAN.


I wonder if the output of show cdp neighbor might provide some insight about what is connected to what.


HTH


Rick

bob.mckinley Thu, 09/20/2007 - 17:44

As far as I'm aware there isn't suppose to be any L3 configured in these switches, not that it wouldn't help matters but but the current topology is 4 switches connecting several servers and a couple of clustered firewalls. Again I'm inheriting this so I'm not sure but I would image the firewalls would be doing the intervlan routing, which I image could be causing more traffic on those devices then necessary. The new topology will be simply to replace those 4 switches with these 2 new 3560s. I assume my best option would be to create a couple of trunk ports to connect the switches for intervlan routing and then simply connect my firewalls as they have been for access from the outside in and vice versues. I've copied the show cdp neighbor of the current switches.


Switch2#show cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone


Device ID Local Intrfce Holdtme Capability Platform Port ID

Switch1 Gig 0/1 132 S I WS-C2950T-Gig 0/1

Switch4 Gig 0/2 163 S I WS-C2950T-Gig 0/1

Switch#


paul.matthews Thu, 09/20/2007 - 23:30

The firewall could certainly be passing traffic between VLANs - I am not sure I understand your question about default gatways though - the servers in the various VLANs would be configured with the firewall as the default gateway, otherwise they would not be able to get off the VLAN.

Kevin Dorrell Thu, 09/20/2007 - 23:38

You don't necessarily need a trunk to pass traffic on VLANs. It looks like you have lots of access ports on different VLANs. If each of these connects to another switch also having an access port in that VLAN, then the VLAN traffic will pass through. It just takes one access port for each VLAN you want to pass.


Really I need to see your network diagram to know if this is the case.


Kevin Dorrell

Luxembourg


Actions

This Discussion