Beginners Question - How to trunk VLAN - Metro Ethernet

Answered Question
Apr 15th, 2010

I have two campuses.  Both with a 6513 switch,  both 6513s have multiple VLANs alerady created on them for different reasons.  These two campuses are connected with a Metro Ethernet.   The port that connects the two switches together is defined as a router port like this


Campus A


interface GigabitEthernet3/1
description Metro Ethernet Campus A
ip address 180.7.151.221 255.255.255.0


Campus B


interface GigabitEthernet3/1

description Metro Ethernet Campus B
ip address 180.7.151.222 255.255.255.0


The Campus A 6513 hs two VLANs that I want to trunk to Campus B.  These VLANs are two DMZ VLANs trunked to the 6513 from our ASA firewall.


How would I do that and maintain a layer 3 conection between these two switches?


Something like this????


Campus A


interface GigabitEthernet3/1
no description Metro Ethernet Campus A
no ip address 180.7.151.221 255.255.255.0

vlan 20
name DMZA
!
vlan 50

name DMZB


interface GigabitEthernet3/1
description Trunk Connection
switchport
switchport trunk encapsulation dot1q
switchport access vlan 151
switchport trunk native vlan 151
switchport trunk allowed vlan 20,50,151
switchport mode trunk


interface Vlan151
ip address 180.7.151.221 255.255.255.0
ip pim sparse-dense-mode


Campus B


interface GigabitEthernet3/1
no ip address 180.7.151.222 255.255.255.0

vlan 20
name DMZA
!
vlan 50
name DMZB


interface GigabitEthernet3/1
description Trunk Connection

switchport
switchport trunk encapsulation dot1q
switchport access vlan 151
switchport trunk native vlan 151
switchport trunk allowed vlan 20,50,151
switchport mode trunk


interface Vlan151
ip address 180.7.151.222 255.255.255.0


All help greatly appreciated............

Correct Answer by Jon Marshall about 6 years 10 months ago

srroeder wrote:


Thanks for the quick reply,


I thought that is what I was doing,,,,


remove the layer 3 definitions...


interface GigabitEthernet3/1
no description Metro Ethernet Campus A
no ip address 180.7.151.221 255.255.255.0


add the vlans..........


vlan 20
name DMZA
!
vlan 50

name DMZB


change the physical port to a layer 2 trunk port.....


interface GigabitEthernet3/1
description Trunk Connection
switchport
switchport trunk encapsulation dot1q
switchport access vlan 151
switchport trunk native vlan 151
switchport trunk allowed vlan 20,50,151
switchport mode trunk


create a virtual layer 3 port so I can still route.........


interface Vlan151
ip address 180.7.151.221 255.255.255.0
ip pim sparse-dense-mode


correct??  does the switchport config look correct?


Thanks

Sorry, it was because you left the routed config for gi3/1 in your example, i thought you were trying to use them both at the same time.


Your switchport config is not quite correct -


1) you should use a new vlan for your native vlan. By new i mean not used for anything else. You need to create the vlan at L2 but you don't need a L3 vlan interface for this vlan. This is recommended best practice. So lets use vlan 999 as an example. No end devices should be allocated into this vlan.


2) you don't need a "switchport access vlan .." line if the port is going to be a trunk.


So your config for gi3/1 would look like -


interface GigabitEthernet3/1
description Trunk Connection
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 20,50,151
switchport mode trunk


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Thu, 04/15/2010 - 12:20

You can't configure a link as both L3 and a L2 trunk however you can change the link to a trunk and then move the IP addresses assigned to the routed ports to L3 vlan interfaces.


This looks like what you are doing in your config but obviously if you assign the IPs to vlan 151 interface then you must remove it from the physical port ie. gi3/1.


So you would need to remove this config from each switch -


interface GigabitEthernet3/1
no description Metro Ethernet Campus A
no ip address 180.7.151.221 255.255.255.0


the link will now be a L2 trunk link and not a routed link but you can still route across it.


Jon

srroeder Thu, 04/15/2010 - 12:29

Thanks for the quick reply,


I thought that is what I was doing,,,,


remove the layer 3 definitions...


interface GigabitEthernet3/1
no description Metro Ethernet Campus A
no ip address 180.7.151.221 255.255.255.0


add the vlans..........


vlan 20
name DMZA
!
vlan 50

name DMZB


change the physical port to a layer 2 trunk port.....


interface GigabitEthernet3/1
description Trunk Connection
switchport
switchport trunk encapsulation dot1q
switchport access vlan 151
switchport trunk native vlan 151
switchport trunk allowed vlan 20,50,151
switchport mode trunk


create a virtual layer 3 port so I can still route.........


interface Vlan151
ip address 180.7.151.221 255.255.255.0
ip pim sparse-dense-mode


correct??  does the switchport config look correct?


Thanks

Correct Answer
Jon Marshall Thu, 04/15/2010 - 12:39

srroeder wrote:


Thanks for the quick reply,


I thought that is what I was doing,,,,


remove the layer 3 definitions...


interface GigabitEthernet3/1
no description Metro Ethernet Campus A
no ip address 180.7.151.221 255.255.255.0


add the vlans..........


vlan 20
name DMZA
!
vlan 50

name DMZB


change the physical port to a layer 2 trunk port.....


interface GigabitEthernet3/1
description Trunk Connection
switchport
switchport trunk encapsulation dot1q
switchport access vlan 151
switchport trunk native vlan 151
switchport trunk allowed vlan 20,50,151
switchport mode trunk


create a virtual layer 3 port so I can still route.........


interface Vlan151
ip address 180.7.151.221 255.255.255.0
ip pim sparse-dense-mode


correct??  does the switchport config look correct?


Thanks

Sorry, it was because you left the routed config for gi3/1 in your example, i thought you were trying to use them both at the same time.


Your switchport config is not quite correct -


1) you should use a new vlan for your native vlan. By new i mean not used for anything else. You need to create the vlan at L2 but you don't need a L3 vlan interface for this vlan. This is recommended best practice. So lets use vlan 999 as an example. No end devices should be allocated into this vlan.


2) you don't need a "switchport access vlan .." line if the port is going to be a trunk.


So your config for gi3/1 would look like -


interface GigabitEthernet3/1
description Trunk Connection
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 20,50,151
switchport mode trunk


Jon

Actions

This Discussion