Trunk help

Answered Question
Nov 18th, 2008

Hi,


I have a Cisco ASA firewall and for it's sub-interfaces/VLAN's (not sure which) I have a 3750 switch with many VLAN's.


From the 3750's FastEthernet1/0/2 port I have an old 3560 switch:


interface FastEthernet1/0/1

Description Trunk to ASA

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,6-9,300

switchport mode trunk

!

interface FastEthernet1/0/2

description WebServers

switchport access vlan 6


What I want to do is add a fresh VLAN to this 3560 switch. It will be VLAN 10 and I can see the port is not a trunk port so will I have to make this a trunk port and allow vlan 6 and 10 through?


The 3560's port is:


interface GigabitEthernet0/1

description Trunk

switchport access vlan 6


I just want to expand on this switch really so the ASA can utilise a few my VLAN's


Thanks

Correct Answer by Edison Ortiz about 8 years 3 months ago

.) I am getting a second 3750 to stack with the first, I've made the first the master and set the prioity to 5 I will also provision it with ws-c3750-48ts, but I guess this will not effect the trunk to the 3560?


Correct, it shouldn't affect your current working configuration.


Can't telnet to this 3560, would I need to give this an IP of one of the vlan ranges?




Correct, you need to create a switch virtual interface in the 3560. Since you have Vlan 6 in the switch, just do the following:


interface vlan 6

ip address [choose an available IP from Vlan 6 ] + [subnet]


If you want to reach this SVI from another subnet, then you need to have the following:


no ip routing

ip default-gateway [gateway for Vlan6]


HTH,


__


Edison.


Please rate helpful posts


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
satish_zanjurne Tue, 11/18/2008 - 06:37



Hi,


I am not sure but you want the trunk configuration !!!


1.You just need to add/modify the trunk configuration on Catalyst 3750 Fa1/0/1,Fa1/0/2 port and Catalyst 3560 Gi0/1 port


2.On Catalyst 3750 side modify configuration


interface FastEthernet1/0/1

Description Trunk to ASA

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,6-9,10,300

switchport mode trunk


interface FastEthernet1/0/2

description WebServers

switchport trunk encapsulation dot1q

switchport mode trunk


3.On Catalyst 3550 side modify configuration


interface GigabitEthernet0/1

description Trunk

switchport trunk encapsulation dot1q

switchport mode trunk



Take downtime to do this activity..


HTH..rate if helpful..

whiteford Tue, 11/18/2008 - 07:05

This is what I thought, thanks for the confirmation.


Both switches are in VTP server mode, so I guess all VLAN's on the 3750 with pass to the 3560 switch as there is no "allow vlan" on the trunk?


Also when I add this will there be downtime?

satish_zanjurne Tue, 11/18/2008 - 07:14



Yes!!! there will be downtime...so do this activity in maintenance window only..


HTH...rate if helpful..

whiteford Tue, 11/18/2008 - 08:00

So I just the reconfigured port will down itself to make the change then bring its;ef back up, so maybe 20-30 seconds downtime?


I'm thinking after work.

Edison Ortiz Tue, 11/18/2008 - 08:37

Both switches are in VTP server mode,


Before making this change, verify both switches are part of the same VTP domain and if so, they should have the same configuration revision.


If they have the same VTP domain name but the configuration revision does not match, the switch with the higher configuration revision will overwrite the one with the lower configuration revision.


This is a vital step in order to avoid losing any Vlan information in your network.


HTH,


__


Edison.

whiteford Tue, 11/18/2008 - 08:43

Will this happen if both are in VTP server mode?


3750:


sh vtp status

VTP Version : 2

Configuration Revision : 14

Maximum VLANs supported locally : 1005

Number of existing VLANs : 15

VTP Operating Mode : Server

VTP Domain Name :

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x51 0x01 0xF2 0xDB 0xB6 0xCB 0x01 0x20

Configuration last modified by 0.0.0.0 at 10-31-93 02:41:01



3560:


sh vtp status

VTP Version : running VTP1 (VTP2 capable)

Configuration Revision : 1

Maximum VLANs supported locally : 1005

Number of existing VLANs : 6

VTP Operating Mode : Server

VTP Domain Name :

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x9B 0x4D 0x21 0xF6 0xC3 0x00 0x29 0x23

Configuration last modified by 0.0.0.0 at 3-1-93 00:48:41


Edison Ortiz Tue, 11/18/2008 - 08:50

It seems the 3560 only has the 5 default Vlans and Vlan 6 on its database.


1) I recommend changing the 3560 to VTP Client


2) You need to have a VTP Domain name for Vlan propagation between switches.


3) Create all Vlans in the 3750.


HTH,


__


Edison.

whiteford Wed, 11/19/2008 - 03:31

Hi,


This is all setup and working. I set the 3750 as the server mode and the 2560 as client etc.


I extended a VLAN from the 3750 to the 3560 to test and it worked, hopefully this looks ok?


3750


#sh vtp st

VTP Version : 2

Configuration Revision : 15

Maximum VLANs supported locally : 1005

Number of existing VLANs : 15

VTP Operating Mode : Server

VTP Domain Name : CBSO

VTP Pruning Mode : Disabled

VTP V2 Mode : Enabled

VTP Traps Generation : Disabled

MD5 digest : 0x40 0x05 0xC8 0x7D 0x0B 0xBD 0x84 0x13

Configuration last modified by 1.2.3.4 at 12-3-93 20:28:47

Local updater ID is 1.2.3.4 on interface Vl2 (lowest numbered VLAN interface found)



3560:


#sh vtp status

VTP Version : running VTP2

Configuration Revision : 15

Maximum VLANs supported locally : 1005

Number of existing VLANs : 15

VTP Operating Mode : Client

VTP Domain Name : CBSO

VTP Pruning Mode : Disabled

VTP V2 Mode : Enabled

VTP Traps Generation : Disabled

MD5 digest : 0x40 0x05 0xC8 0x7D 0x0B 0xBD 0x84 0x13

Configuration last modified by 1.2.3.4 at 12-3-93 20:28:47


Any other useful commands let me know :)


The only other 2 issues I have are:


1.) I am getting a second 3750 to stack with the first, I've made the first the master and set the prioity to 5 I will also provision it with ws-c3750-48ts, but I guess this will not effect the trunk to the 3560?


2.) Can't telnet to this 3560, would I need to give this an IP of one of the vlan ranges?




Correct Answer
Edison Ortiz Wed, 11/19/2008 - 04:40

.) I am getting a second 3750 to stack with the first, I've made the first the master and set the prioity to 5 I will also provision it with ws-c3750-48ts, but I guess this will not effect the trunk to the 3560?


Correct, it shouldn't affect your current working configuration.


Can't telnet to this 3560, would I need to give this an IP of one of the vlan ranges?




Correct, you need to create a switch virtual interface in the 3560. Since you have Vlan 6 in the switch, just do the following:


interface vlan 6

ip address [choose an available IP from Vlan 6 ] + [subnet]


If you want to reach this SVI from another subnet, then you need to have the following:


no ip routing

ip default-gateway [gateway for Vlan6]


HTH,


__


Edison.


Please rate helpful posts


Actions

This Discussion