4402 to 3750G Lag/trunk

Unanswered Question
Oct 16th, 2008

I have configured a 3750G with a trunk port to connect to my prod network. I have configured gi 1/0/1 and 2 as a channel group to connect to my 4402. After following all documentation that I have found, I still cannot connect to the 4402 throught the management interface.

here is the configs for the 3750G:

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk


interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on


interface GigabitEthernet1/0/2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on


interface GigabitEthernet1/0/24

description Lab Switch fa:0/6

switchport trunk encapsulation dot1q

switchport mode trunk

speed 100

duplex full


interface Vlan1

no ip address



interface Vlan19

ip address 10.x.19.5


ip default-gateway 10.x.19.1

Here is the output from the 4402

Interface Name Port Vlan Id IP Address Type Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

ap-manager LAG untagged 10.x.19.11 Static Yes No

management LAG untagged 10.x.19.10 Static No No

service-port N/A N/A 10.x.18.100 Static No No

virtual N/A N/A Static No No

STP Admin Physical Physical Link Link Mcast

Pr Type Stat Mode Mode Status Status Trap Appliance POE

-- ------- ---- ------- ---------- ---------- ------ ------- --------- -------

1 Normal Forw Enable 1000 Full 1000 Full Up Enable Enable N/A

2 Normal Forw Enable 1000 Full 1000 Full Up Enable Enable N/A

Any help would be greatly appreciated

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jeff.kish Thu, 10/16/2008 - 10:15

You have a native VLAN mismatch. Your controller's management interface is "untagged", and your Port-Channel is configured (by default) to VLAN 1 as the native.

Since it's advised that you leave your management interface untagged, let's change your Port-Channel to support VLAN 19 as your native vlan. Perform the following configuration change:

int po1

switchport trunk native vlan 19

int range gig1/0/1 - 2

switchport trunk native vlan 19

This should solve your problem. Good luck!

orochi_yagami Wed, 10/29/2008 - 02:19

Hi, i'm encounter the same problem as above and managed to resolve it by configure the native vlan on the switch trunk to other vlan instead of default vlan 1, and it works!!!

But i'm still trying to figure out the logical of this...



jeff.kish Wed, 10/29/2008 - 06:29

The thing you need to keep in mind is the concept of tagging. A trunk link adds a special tag to every packet that includes a VLAN number. The exception to this is the native VLAN, for which no tag is added. In other words, if a switchport receives an untagged packet, it reasonably assumes that this packet is on the native VLAN.

This is why it's so important to make sure that both ends have the same native VLAN. If they do not have the same native VLAN, traffic will literally change VLANs when going across the trunk. The access point, for example, might say "This packet is on VLAN 5, but since it's the native VLAN I won't tag it." The switch will receive it and say, "This is untagged, so it must be on the native VLAN, which is VLAN 1." Your packet just went from VLAN 5 to VLAN 1.

When configuring an access point for multiple VLANs, the GUI gives you an option of making the VLAN you configured the native. I think it's easy for a lot of people to check this when it's your "primary" VLAN, which seems reasonable to do. However, unless you configure this same VLAN to be native on the switchport to which the AP connects, you'll have problems as described above.

orochi_yagami Wed, 10/29/2008 - 18:39

Hi Jeff,

My case was that both the AP-Manager and the Management interface were assigned to VLAN1, and on my catalyst switch trunk end, as you said, the native VLAN trunking was VLAN 1. So what you mean is, when the switch receive a frame from VLAN 1 and travel across the trunk, it's not tag. But my AP-manager and Management can only recognize the VLAN 1 tag frame, so this cause the problem that the connectivity cannot be establish isn't?

Another thing, i read some post said that the best practice for AP-Manager and Management interface to "Untagged", but couldn't find any articles about this. Just wonder is this a more efficient setup?



jeff.kish Thu, 10/30/2008 - 06:11

That's correct. By setting them to VLAN 1, they had no way of knowing where an untagged packet was supposed to go. So they were likely dropping the untagged packets.

And yes, untagged is the best configuration for the management and AP manager interfaces.

orochi_yagami Thu, 10/30/2008 - 07:55

Yep, get it works since i re-assigned the AP-Manager and Management int to "unassigned".

Thanks for help.Will rate u Man!!!


This Discussion