Trunks

Unanswered Question
Feb 10th, 2008
User Badges:

I have setup a port on a 2960 switch that is attaced to my firewall. Everything works fine. My desktop can still see the firewall and get to the internet until I change the mode and vlan of the switch port my desktop is connected to. Then I cannot see the firewall or get to the internet. The client and the firewall are on the same subnet.

My understanding was that trunked ports allowed vlan traffic from any vlan.

What am I missing?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Sun, 02/10/2008 - 14:52
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Trunk ports allows you to carry multiple Vlan information on a single link. If the firewall and your desktop are not 'trunk aware', there is not need to configure trunking on those switchports.


When configuring trunking the default Vlan changes to Vlan 1, if that's not your access-vlan, then that's the reason you are no longer able to reach either device.


You can change your native Vlan to match your access-vlan with the command switchport trunk native vlan


HTH,


__


Edison.

mattbashahara Sun, 02/10/2008 - 19:35
User Badges:

Hi Edison

Sorry for not being clearer. I have the port to the firewall configured as a trunk (I am going to pass multiple vlans to it) not the port to the desktop. I thought that even thought I changed the desktop to access vlan 34 that it could still access the firewall since the firewall was on a trunk port even thought the native vlan for the trunk was vlan 1


Thanks for the help

Edison Ortiz Sun, 02/10/2008 - 20:45
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You need to verify the trunking configuration between the switch and the firewall. I haven't played much with firewall these days but if you can post the config, I can (or someone else on this board) figure out what's wrong with it.


The switchport is rather easy


interface fx/x

switchport trunk encapsulation do1tq

switchport mode trunk



That's what you entered at the switch, right?


Also, can the workstation ping other devices on Vlan34?

Are you planning to route between Vlans?

What device are you planning to use for routing between Vlans? Remember, the Firewall can't route between Vlans, it forwards traffic from one interface to another after inspection.


__


Edison.

aijaz802 Sun, 02/10/2008 - 23:19
User Badges:
  • Bronze, 100 points or more

Hi,


What type/make of firewall is this? Is it aware of dot1q/ISL trunk protocol.


I think you should have a Layer 3 device to allow inter vlan routing and to reach firewall from multiple vlan PCs.


In the first instance it worked becoz the firewall port and desktop port all are in default access vlan 1. When u changed the desktop vlan from default to vlan34 it wont work, even though u kept the desktop n firewall IP in same subnet.



Rate if it helps...


Regards,

*aijaz*

Actions

This Discussion