VLAN Passthrough on 3560

Unanswered Question
Apr 29th, 2010

Hi all,

I have a problem I'm wrestling with, and hoping that someone with more Cisco-specific knowledge may help me find some direction with.

I have a network with a 3560G switch, a Sonicwall doing the routing, and an Intellinet (generic) wireless access point that supports 802.1q VLAN tagging. The 3560 is doing no routing that I know of, merely acting as a switch. The Intellinet AP has a private/secured SSID that uses its default (no VLAN tagging) transport, and this should and does talk to the wired LAN. I have set up a VLAN for public wireless access (unsecured) that should be kept out of the LAN and just put straight through to the Internet. The VLAN is defined on and routed by the Sonicwall device.

This appears to function correctly if I plug the AP directly into the Sonicwall and bypass the 3560. Once I put the switch back in the loop VLAN traffic does not pass. I was able to connect to the 3560 through the console port and review the port configurations. Port 48 (Interface Gi0/48? -- forgive me if some of my terminology is incorrect, I am pretty much a noob with Cisco stuff and am doing this from memory having left the site hours ago) is the uplink to the Sonicwall and was already configured to allow all VLAN traffic through. Port 1 is the port connected to the access point. It was not set up for trunking, I set it up for trunking (as well as trying switchport access vlan 50 to default all its traffic to the VLAN) and nothing makes it to the Sonicwall. I went back to trunking and when I left it today, had it set to allow trunking for all VLAN IDs. The private (default, no VLAN tagged) wireless was functional but the VLAN wireless traffic does not appear to pass through.

This is not a network that I set up, I have come into this just trying to add this functionality with equipment that is already in place. I have read some people say that the Cisco default setup is to pass through all VLAN traffic. Word from the network's owners is that there is nothing special about the configuration of the switch and I can set everything to default if need be. I have gone through the Cisco docs on setting up VLAN trunking and tried what I have seen there. Since I am doing no routing in the Cisco and just want this traffic to pass through, I did not pursue setting up the VLAN itself on the Cisco. I feel like this problem has gotten a little over my head, but I'm not afraid to learn what it takes to get it solved. I would appreciate any help or pointing in the right direction.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rahurao Fri, 04/30/2010 - 02:54

Hi Chris,

I understand the concern and i can say that you have used the correct terminology, only the port have checnged to interface from CATOS to IOS.:)

Now according to the concern:


Access Point-----------------------------gig0/1----3560g switch----gig 0/48-------------------------------------------Sonic firewall(layer3)=========internet.

Can you tell me if the access point can ping the management ip address of the switch? if so can you give me the output of traceroute for the same.

Also can we try configuring the interface gig 0/1 to trunk and then try tagging the traffic from the AP?

can you send me the outputs of show interface trunk from the switch?

That would be helpful to isolate the issue.

djslack12 Sat, 05/01/2010 - 00:01

Hi Rahul,

Got the problem solved; one of the ports/interfaces was not correctly set up for trunking and looking at it after taking a break solved it. Thank you for your help, though.


rahurao Sat, 05/01/2010 - 00:05

Hi Chris,

That is why i thought ! and that is why i asked for the output of "show interface trunk".

Great! that is working fine.



This Discussion

Related Content