cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1052
Views
5
Helpful
16
Replies

Switch port in both Vlan and Trunked..

bob.mckinley
Level 1
Level 1

I'm taking over a configuration from another admin and he currently has the trunk port also in a vlan from my understanding you can't have a trunk port in a vlan, besides the vlan 1, is that correct?

16 Replies 16

Jon Marshall
Hall of Fame
Hall of Fame

Hi Bob

Could you send a config copy to illustrate what you mean.

Trunk links do have a native vlan which if you do not change it from the default is vlan 1 but you can change this to be any vlan you choose. Is this what you mean ?

Jon

The port is configured as so:

interface FastEthernet0/13

switchport access vlan 7

switchport trunk allowed vlan 1,11,1001-1005

switchport mode access

speed 100

duplex full

I didn't think you could put a trunked port in a vlan because it's allowing all vlans through and by doing so your only allowing that vlan to be trunked.

Thanks..

That trunk command is really not doing anything =the way it is .

So if we have no ported preforming the trunk funtion, correct?

Bob

That port is not trunking. We can not speak to any other ports and whether or not they are trunking until we see more of the config.

HTH

Rick

HTH

Rick

You can check the operational status of the port whether its trunking or not by running the comamnd

show int fast 0/13 trunk

show interface fast 0/13 switchport

As others have already pointed out , this port is *not* trunking the way its configured. The port is just in vlan 7 and is configured as an access port.

Ok that sounds about right, but what I'm curious about is how they are commuicating between vlans then. There are no other ports trunked and no default gateway set. Below is the complete config.

Switch2#show run

Building configuration...

Current configuration : 4171 bytes

!

! Last configuration change at 14:02:50 EDT Thu Sep 13 2007

! NVRAM config last updated at 14:02:50 EDT Thu Sep 13 2007

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log datetime

service password-encryption

service sequence-numbers

!

hostname Switch2

!

enable secret xxx

!

clock timezone EST -5

clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

ip subnet-zero

!

no ip domain-lookup

cluster standby-group clusername

!

cluster commander-address 000b.be68.f880 member 1 name kygovsw1 vlan 7

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

!

!

!

interface FastEthernet0/1

switchport access vlan 3

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/2

switchport access vlan 3

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/3

switchport access vlan 5

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/4

switchport access vlan 7

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/5

switchport access vlan 6

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/6

switchport access vlan 6

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/7

switchport access vlan 4

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/8

switchport access vlan 7

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/9

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 8

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/11

switchport access vlan 2

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/12

switchport access vlan 9

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/13

switchport access vlan 7

switchport trunk allowed vlan 1,11,1001-1005

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/14

switchport access vlan 4

switchport mode access

speed auto 100

duplex full

!

interface FastEthernet0/15

switchport access vlan 2

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/16

switchport access vlan 3

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/17

switchport access vlan 4

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/18

switchport access vlan 5

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/19

switchport access vlan 6

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/20

switchport access vlan 7

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/21

switchport access vlan 8

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/22

switchport access vlan 9

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/23

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/24

switchport access vlan 11

switchport mode access

speed 100

duplex full

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

no ip redirects

no ip route-cache

shutdown

!

interface Vlan7

ip address 10.x.x.x 255.255.255.0

no ip route-cache

standby ip 10.x.x.x

standby preempt delay sync 0

standby name ClusterName

ip redirect

!

ip http server

If thats the complete config I would say they can't be talking between the vlans and are isolated. It looks like they tried to cluster the switch once but i think you still have to have a trunk between the switches in order for it to work . I have only seen clustering a couple times and it stinks trying to find devices within the cluster so we stay away from it . If you do a "show int trunk" does anything show up ? You could have a trunk on the gig ports as this looks to be a 2950 or something like that and the default port settings on those is dynamic desirable which would create a trunk without configuring anything.

The gig ports are at default config. If this is a recentish switch they will be "desirable" for trunking, so two similar switches, with the gig ports left at default and connected together will form a trunk.

Is anything connected to the gig ports?

Also bear in mind that it is possible to plug in a multi interface router to several lan ports in different VLANs and either bridge or route between them.

Paul.

Bob

Thanks for posting the config of the switch. For the most part it is an obvious config of a layer 2 switch. All of the FastEthernet interfaces are configured as access ports. It contains multiple VLANs, it has a single SVI which functions as its management address. It has no routing or default route information. It goes beyond simple layer 2 switch with the configuration of cluster parameters. Who/what is the cluster commander? Are the interfaces Gig0/1 and Gig0/2 used to connect to the cluster?

HTH

Rick

HTH

Rick

When I do a show int trunk I get the following results:

Port Mode Encapsulation Status Native vlan

Gi0/1 desirable 802.1q trunking 1

Gi0/2 desirable 802.1q trunking 1

Port Vlans allowed on trunk

Gi0/1 1-4094

Gi0/2 1-4094

Port Vlans allowed and active in management domain

Gi0/1 1-14

Gi0/2 1-14

Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1-14

Gi0/2 1-14

switch2#

I'm not in front of the switches so I can't say excatly how they are connected, this is only my second week. The comment about this being a possible default setting with the 2950s I'm curious if he didn't set a default route or trunk port on the new switches, a 3560s, then I'm assuming I'm going to be seeing major issues, right? I should probably post the new config, which I haven't touched yet..

Paul...You had said "Also bear in mind that it is possible to plug in a multi interface router to several lan ports in different VLANs and either bridge or route between them" From my understanding the firewall, which contains sever interfaces is plugged into these switches, however without a default gateway how would they know to go to a specific interface?

The new switch config is attached: Please keep in mind I haven't touched anything on it and I'm totally inheriting this. Basically we have two 3560 switches replacing 4 2950 switches. The previous admin was trying to simply copy the 2950 configs to the new 3560?s. I?m pretty sure that would work very well, considering what I?m seeing on the 2950 switch.

Bob

This config looks even more like a straight forward layer 2 switch config. It has a number of interfaces configured as access ports and assigned in several different VLANs. It has one active SVI configured as its management interface. There is not sign of layer 3 operation on this switch. It does have some interfaces not configured and if they were connected switch to switch they could be functioning as trunks even though they are not explicitly configured as trunks.

It is not clear to me exactly what the topology with the old switches was or what the new topology will be. Certainly there had to be something connected (probably on a trunk port - though possibly on several access ports) which was providing the layer 3 intervlan routing. In the configs that we have seen so far it is not clear what will be providing the intervlan routing. In these configs stations in any particular VLAN can talk to other stations in that VLAN but can not talk to anything in any other VLAN.

I wonder if the output of show cdp neighbor might provide some insight about what is connected to what.

HTH

Rick

HTH

Rick

As far as I'm aware there isn't suppose to be any L3 configured in these switches, not that it wouldn't help matters but but the current topology is 4 switches connecting several servers and a couple of clustered firewalls. Again I'm inheriting this so I'm not sure but I would image the firewalls would be doing the intervlan routing, which I image could be causing more traffic on those devices then necessary. The new topology will be simply to replace those 4 switches with these 2 new 3560s. I assume my best option would be to create a couple of trunk ports to connect the switches for intervlan routing and then simply connect my firewalls as they have been for access from the outside in and vice versues. I've copied the show cdp neighbor of the current switches.

Switch2#show cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

Switch1 Gig 0/1 132 S I WS-C2950T-Gig 0/1

Switch4 Gig 0/2 163 S I WS-C2950T-Gig 0/1

Switch#

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco