Layer 2 community vlan access between layer 2 and layer 3 switch

Unanswered Question
Jun 3rd, 2010

I have a layer 3 (3560g) with private vlan10( as primary with vlans100-161 as community vlans all mapped and associated.  All ports on this switch route/forward perfectly.  It is layer 2 switches (2960) connected downstream where I have the problem.  On those switches, you cannot create primary/secondary vlans.  So how do I get a port in vlan 100 on the 2960 to communicate with a port in vlan 100 on the 3650.  The switches are connected by dot1q trunk ports due to number of vlans/switches.  I cannot use an access port for every switch/vlan.  My understanding is that the layer3 switch expects communication for the secondary vlans to come thru the primary, but the layer 2s are presenting it with tagged ports via the trunks.

Essentially I'm trying to replace a layer 3 extreme 48si with this layer 3 cisco.  The extreme has no problem receiving layer 2 packets for subvlans.

Do I have a design issue?  It's a multiple tenant facility so I have a similar model to a service provider, but it's a non-profit so I have to work with what I got... the extremes are 9 years old.  what a tank.  but I have new donated ciscos......


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
chuck.flournoy Thu, 06/03/2010 - 15:15

To reiterate, these same 2960's when attached to the extreme via dot1q trunk links passing all but vlan1 as tagged-evrything works.  The layer 3 has a server vlan also, (192.168.101.x)

This is a 2 building campus with multiple floors- totalling 15 switches.  Different tenants can rent different combinations of rooms so I have to be able to move the vlans all over the buildings with the tenants.  In the old extreme world it was a matter of tagging all vlans to all trunks and simply untagging on the various access ports.

What am I missing?

many thanks in advance



This Discussion

Related Content