Configuring 3750 Vlan routing

bgibson · ‎03-17-2008

I am trying to get some 3750 switches to act as external VLAN routing devices. For some reason, however, I am unable to get my VLAN trunks to properly VLANs.

Here is my config...

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname DC2-ExtranetDMZ

!

boot-start-marker

boot-end-marker

!

username rancid privilege 15 password 7 13231E0A181F08783C

no aaa new-model

switch 1 provision ws-c3750e-24td

switch 2 provision ws-c3750e-24td

system mtu routing 1500

vtp mode transparent

ip subnet-zero

ip routing

no ip domain-lookup

!

password encryption aes

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 148,1492,1498,3570

!

vlan 3609

name Paldaz

!

interface FastEthernet0

no ip address

!

interface GigabitEthernet1/0/1

description ***Connection to DC2-ISG2000-A***

switchport access vlan 148

spanning-tree portfast

!

interface GigabitEthernet1/0/2

spanning-tree portfast

!

interface GigabitEthernet1/0/24

description ***Connection to DS-3 via Ethernet****

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1492,1498,3270,3570,3609

switchport mode trunk

spanning-tree portfast

interface GigabitEthernet2/0/1

description ***Connection to DC2-ISG2000-B***

switchport access vlan 148

spanning-tree portfast

!

interface Vlan1

no ip address

!

interface Vlan148

description ***VLAN connection for firewalls***

ip address 10.148.148.253 255.255.255.252

!

interface Vlan1492

description

ip address 10.148.148.33 255.255.255.248

!

interface Vlan1498

description

ip address 10.148.148.49 255.255.255.248

!

interface Vlan3570

description

ip address 10.148.148.41 255.255.255.248

!

interface Vlan3609

description

ip address 10.148.148.1 255.255.255.224

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.148.148.254

ip http server

VLAN 148 is the upstream router connection to my network. The other VLAN interfaces are customer VLANs coming in on port G1/0/24.

Any idea what I am missing?

Jason Fraioli · ‎03-17-2008

I don't think you want to portfast your trunks, but I could be mistaken.

bgibson · ‎03-17-2008

I removed that to no avail.

When I switch the port to access mode I then see MAC addresses pop up.

Richard Burts · ‎03-17-2008

Brian

I have looked at what you posted and I am having trouble understanding quite what the problem is. Can you clarify what your problem is?

If you have a port that is not learning a MAC address when configured as a trunk and it does learn the MAC when configured as an access port then it suggests that the port is connected to some end station which does not understand or process trunking with tagged frames but does process untagged frames.

HTH

Rick

HTH

Rick

Edison Ortiz · ‎03-17-2008

On that case, add the native Vlan in the trunk configuration to match the access-vlan.

For instance, your current access vlan design

interface GigabitEthernet1/0/1

description ***Connection to DC2-ISG2000-A***

switchport access vlan 148

spanning-tree portfast

If you were to connect a device on this port then the trunk configuration would be.

!

interface GigabitEthernet1/0/24

description ***Connection to DS-3 via Ethernet****

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1492,1498,3270,3570,3609

switchport trunk native vlan 148

switchport mode trunk

spanning-tree portfast

Excluding the native Vlan from the configuration switchport will cause the attached device to run on Vlan1 for untagged packets.

HTH,

__

Edison.