09-20-2007 06:54 AM - edited 03-05-2019 06:36 PM
I'm taking over a configuration from another admin and he currently has the trunk port also in a vlan from my understanding you can't have a trunk port in a vlan, besides the vlan 1, is that correct?
09-20-2007 07:16 AM
Hi Bob
Could you send a config copy to illustrate what you mean.
Trunk links do have a native vlan which if you do not change it from the default is vlan 1 but you can change this to be any vlan you choose. Is this what you mean ?
Jon
09-20-2007 09:41 AM
The port is configured as so:
interface FastEthernet0/13
switchport access vlan 7
switchport trunk allowed vlan 1,11,1001-1005
switchport mode access
speed 100
duplex full
I didn't think you could put a trunked port in a vlan because it's allowing all vlans through and by doing so your only allowing that vlan to be trunked.
Thanks..
09-20-2007 09:46 AM
That trunk command is really not doing anything =the way it is .
09-20-2007 10:00 AM
So if we have no ported preforming the trunk funtion, correct?
09-20-2007 10:02 AM
Bob
That port is not trunking. We can not speak to any other ports and whether or not they are trunking until we see more of the config.
HTH
Rick
09-20-2007 10:23 AM
You can check the operational status of the port whether its trunking or not by running the comamnd
show int fast 0/13 trunk
show interface fast 0/13 switchport
As others have already pointed out , this port is *not* trunking the way its configured. The port is just in vlan 7 and is configured as an access port.
09-20-2007 11:25 AM
Ok that sounds about right, but what I'm curious about is how they are commuicating between vlans then. There are no other ports trunked and no default gateway set. Below is the complete config.
Switch2#show run
Building configuration...
Current configuration : 4171 bytes
!
! Last configuration change at 14:02:50 EDT Thu Sep 13 2007
! NVRAM config last updated at 14:02:50 EDT Thu Sep 13 2007
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
!
hostname Switch2
!
enable secret xxx
!
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
ip subnet-zero
!
no ip domain-lookup
cluster standby-group clusername
!
cluster commander-address 000b.be68.f880 member 1 name kygovsw1 vlan 7
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 3
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/2
switchport access vlan 3
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/3
switchport access vlan 5
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/4
switchport access vlan 7
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/5
switchport access vlan 6
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/6
switchport access vlan 6
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/7
switchport access vlan 4
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/8
switchport access vlan 7
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/9
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 8
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/11
switchport access vlan 2
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/12
switchport access vlan 9
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/13
switchport access vlan 7
switchport trunk allowed vlan 1,11,1001-1005
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/14
switchport access vlan 4
switchport mode access
speed auto 100
duplex full
!
interface FastEthernet0/15
switchport access vlan 2
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/16
switchport access vlan 3
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/17
switchport access vlan 4
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/18
switchport access vlan 5
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/19
switchport access vlan 6
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/20
switchport access vlan 7
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/21
switchport access vlan 8
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/22
switchport access vlan 9
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/23
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 11
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip redirects
no ip route-cache
shutdown
!
interface Vlan7
ip address 10.x.x.x 255.255.255.0
no ip route-cache
standby ip 10.x.x.x
standby preempt delay sync 0
standby name ClusterName
ip redirect
!
ip http server
09-20-2007 11:59 AM
If thats the complete config I would say they can't be talking between the vlans and are isolated. It looks like they tried to cluster the switch once but i think you still have to have a trunk between the switches in order for it to work . I have only seen clustering a couple times and it stinks trying to find devices within the cluster so we stay away from it . If you do a "show int trunk" does anything show up ? You could have a trunk on the gig ports as this looks to be a 2950 or something like that and the default port settings on those is dynamic desirable which would create a trunk without configuring anything.
09-20-2007 12:08 PM
The gig ports are at default config. If this is a recentish switch they will be "desirable" for trunking, so two similar switches, with the gig ports left at default and connected together will form a trunk.
Is anything connected to the gig ports?
Also bear in mind that it is possible to plug in a multi interface router to several lan ports in different VLANs and either bridge or route between them.
Paul.
09-20-2007 12:11 PM
Bob
Thanks for posting the config of the switch. For the most part it is an obvious config of a layer 2 switch. All of the FastEthernet interfaces are configured as access ports. It contains multiple VLANs, it has a single SVI which functions as its management address. It has no routing or default route information. It goes beyond simple layer 2 switch with the configuration of cluster parameters. Who/what is the cluster commander? Are the interfaces Gig0/1 and Gig0/2 used to connect to the cluster?
HTH
Rick
09-20-2007 01:02 PM
When I do a show int trunk I get the following results:
Port Mode Encapsulation Status Native vlan
Gi0/1 desirable 802.1q trunking 1
Gi0/2 desirable 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/1 1-4094
Gi0/2 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1-14
Gi0/2 1-14
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1-14
Gi0/2 1-14
switch2#
I'm not in front of the switches so I can't say excatly how they are connected, this is only my second week. The comment about this being a possible default setting with the 2950s I'm curious if he didn't set a default route or trunk port on the new switches, a 3560s, then I'm assuming I'm going to be seeing major issues, right? I should probably post the new config, which I haven't touched yet..
Paul...You had said "Also bear in mind that it is possible to plug in a multi interface router to several lan ports in different VLANs and either bridge or route between them" From my understanding the firewall, which contains sever interfaces is plugged into these switches, however without a default gateway how would they know to go to a specific interface?
09-20-2007 01:13 PM
The new switch config is attached: Please keep in mind I haven't touched anything on it and I'm totally inheriting this. Basically we have two 3560 switches replacing 4 2950 switches. The previous admin was trying to simply copy the 2950 configs to the new 3560?s. I?m pretty sure that would work very well, considering what I?m seeing on the 2950 switch.
09-20-2007 01:36 PM
Bob
This config looks even more like a straight forward layer 2 switch config. It has a number of interfaces configured as access ports and assigned in several different VLANs. It has one active SVI configured as its management interface. There is not sign of layer 3 operation on this switch. It does have some interfaces not configured and if they were connected switch to switch they could be functioning as trunks even though they are not explicitly configured as trunks.
It is not clear to me exactly what the topology with the old switches was or what the new topology will be. Certainly there had to be something connected (probably on a trunk port - though possibly on several access ports) which was providing the layer 3 intervlan routing. In the configs that we have seen so far it is not clear what will be providing the intervlan routing. In these configs stations in any particular VLAN can talk to other stations in that VLAN but can not talk to anything in any other VLAN.
I wonder if the output of show cdp neighbor might provide some insight about what is connected to what.
HTH
Rick
09-20-2007 05:44 PM
As far as I'm aware there isn't suppose to be any L3 configured in these switches, not that it wouldn't help matters but but the current topology is 4 switches connecting several servers and a couple of clustered firewalls. Again I'm inheriting this so I'm not sure but I would image the firewalls would be doing the intervlan routing, which I image could be causing more traffic on those devices then necessary. The new topology will be simply to replace those 4 switches with these 2 new 3560s. I assume my best option would be to create a couple of trunk ports to connect the switches for intervlan routing and then simply connect my firewalls as they have been for access from the outside in and vice versues. I've copied the show cdp neighbor of the current switches.
Switch2#show cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
Switch1 Gig 0/1 132 S I WS-C2950T-Gig 0/1
Switch4 Gig 0/2 163 S I WS-C2950T-Gig 0/1
Switch#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide