Native vlan

Unanswered Question
Apr 30th, 2008

Hi

Im trying to get a hold on the concept of native vlan's.

Im fooling around on my 2 2950' and my 3550 defining (without any problems) "switchport trunk native vlan 100" on all 3 switches (getting some native vlan mismatch status along the way).

I end up all 3 switches describing vlan 100 as the native vlan upon a "show int trunk" command.

I am plugged into Fa0/1 on the 3550 via telnet and, then, when i type "int Fa0/1 - switchport access vlan 100" i completely loose all connectivity. Why is that?

Why cant i access the switches on this defined (native) vlan 100 from port Fa0/1 on the 3550? ? ?

I looking forward to a deeper understanding...

Best rgds

/Jan V

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 04/30/2008 - 09:00

Jan

Sorry but what do you mean by "plugged into Fa0/1 on the 3550 via telnet".

Do you mean that fa0/1 is in a different vlan to start with and your PC is connected into fa0/1.

Could you provide some more details in terms of the IP address of your PC, the vlans, vlan interfaces and IP addresses.

Is your 3550 acting as a L2 or L3 switch.

Jon

towli Wed, 04/30/2008 - 09:43

Hi

My pc is 192.168.1.100 /24 gtw is 192.168.1.1 /24

3550 is L3 ip 192.168.1.35 /24

switches are 192.168.1.201 + 202 / 24

My pc is connected to Fa0/1 of the 3550

I bellieve my question is better formulated as "How do i change the management Vlan on my setup"... Actually i bellieve that is what i was/am trying to do ;)

Still i cant find any solution to this...

Best rgds

/Jan - Denmark

jim_berlow Wed, 04/30/2008 - 10:13

Not sure I completely understand what you are doing. Maybe some of the confusion that you are having is that the management interface configuration is different between the 2900's and the 3550. Basically on the 2900's there is a management interface command to set the ip address, right? Remember that the 2900's are only L2 switches (they don't route between vlans).

On the 3550 you can have multiple management interfaces (if you will) which we now call "Switched Virtual Interfaces" or SVIs. So to configure a "management" ip address on the 3550, you enter something like the following:

3550(config)# vlan 1

3550(config-vlan)# name

3550(config)# int vlan 1 <- or what vlan you are using

3550 (config-if)# ip address 192.168.1.1 255.255.255.0

3550 (config-if)# no shut

Now try to ping. I think this is what you are trying to do, but I am not sure. This will also allow your pc to hit ip addresses on other vlans. Is this what you are wanting to do?

towli Wed, 04/30/2008 - 10:55

Hello again

Its so kind of you trying to help me!

What i am trying to understand, is how to make the management vlan (default vlan1) change (to vlan 100 for instance) but i bellieve this can not be done.

Thanks for your time, i am beyond reach in this matter i can tell :)

/Jan

Jon Marshall Wed, 04/30/2008 - 10:59

Jan

There is nothing special about the management vlan, you can make the management vlan any vlan you want. Vlan 1 is the default vlan and it will always be used for control traffic such as CDP/PaGP etc. but it certainly doesn't have to be the management vlan.

You can have the management vlan be the native vlan if you so choose but it's up to you. The management vlan is purely the vlan you use to access the switch to manage it.

As for you changing the vlan on int fa0/1. If you change the vlan you will probably have to change the IP address and default-gateway of the PC as well.

Jon

Jon

I think the problem has to do with the difference between the "Management Vlan" and the "Native VLAN".

The Native vlan is used to pass all "non-tagged" traffic over trunks.

The Management vlan is simply a separate vlan you are using to telnet, ssh, or "manage" the switch from.

You cannot delete or renumber vlan 1, because certain traffic (like CDP) flows over that vlan.

If you would like to "manage" your switch from vlan 100, then do the following:

conf t

interface vlan 1

no ip address

shutdown

interface vlan 100

ip address xxx.xxx.xxx.xxx 255.xxx.xxx.xxx

no shut

end

You have disabled management access from vlan 1 and created a new interface on VLAN 100 which allows you to manage the switch. You can only have ONE interface vlan active at one time. This defines the "Management VLAN".

rsvensson Wed, 06/25/2008 - 12:22

For starters, if you are connecting directly to the Fa0/1 port with your PC, you do not want to use native VLANs. Native VLANs are used on trunk links and not access links, and end machines are not supposed to connect to trunk links. Therefore, you should be issuing the following commands on the port instead:

en

conf t

int fa0/1

switchport mode access

switchport access vlan 100

end

This will put the port into access mode on VLAN 100. However, you WILL lose connectivity, because your computer is configured to access the GW on VLAN 1. In order to access the switch using the same port (fa0/1) you have to make a GW for the machine to talk to on VLAN 100. Since you are using a Layer 3 switch you can do this on the switch with these commands:

en

conf t

vlan 100

name Management VLAN

exit

int vlan 100

ip address 192.168.x.1 255.255.255.0

no shut

exit

NOTE: you must put this information in prior to issuing the "switchport access vlan 100" command in order to be able to access the switch again from the same port.

Next, on your computer change the GW to that of the VLAN 100 IP address on the switch and change the subnet mask to match as well. Also, change the IP address to one that is within the network range (if using the above configuration the range would be 192.168.x.2 - 192.168.x.254). Next wait for the LED on the port to turn from Amber to green and try to ping the GW. If you get a response, you have now set up Fa0/1 to access vlan 100 and you machine to be able to access the switch.

Now if you are trying to do just a management VLAN, then you would not set any port to access vlan 100, but instead ensure that the trunks between switches have VLAN 100 allowed on the trunks (by default all VLANs 1-1005, not sure of the high number, are allowed). Furthermore, you would set the IP address of VLAN 100 on each switch within the subnet previously configured and not have any computers on the subnet. Instead, you would use a routing mechanism to allow you to communicate with the Management VLAN from another subnet.

Hope this helps,

--Richard

If you are connected to the switch on f0/0, and it is set to default VLAN 1, then that means that the IP that you are connecting to the switch on is also on VLAN 1. If you then change f0/0 to be vlan 100, then you are no longer on the same VLAN as the management IP of the switch.

You need to be consoled in to make this change. Console in and change f0/0 to vlan 100. Then remove the VLAN 1 routed interface.

no int vlan 1

and then create interface vlan 100 and put your management IP on it..

int vlan 100

ip address blah blah..

Now you should be able to plug in and telnet to the box again.

towli Thu, 06/26/2008 - 10:30

I thank you all for the replies.

I am beggining to get a hold of it!

/T

Actions

This Discussion