2960 switchport trunk

Unanswered Question
Jun 7th, 2010

I am connecting a 2960-24LT-L to a 3750 via a Gigabit Ethernet port.  I have run the cisco-switch macro on my 2960 and I noticed it did not put the encapsulation dot1q after the switchport mode trunk command.  The Gigabit Ethernet port on the 3750 that I am uplinking to, does have the encapsulation dot1q after the switchport mode trunk command.  Do I need to add that to the 2960 port?  Could someone help explain the meaning behind the encapsulation dot1q as well?

Also on the 2960, when you attempt to bring up web interface, it repeatidly asks for user credentials over and over.  It does not state that you are entering incorrect login.

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.5 (4 ratings)
Mike Hendriks Mon, 06/07/2010 - 13:36

I'm no expert with 2960s, but I recall that the older 2950s used to only support 802.1q as the only option for a trunking protocol.  The 3750 may also support the Cisco proprietary ISL trunking protocol, which is why the distinction is made in the configuration on the 3750.

As for the web interface, it sounds certainly like you're not entering the right credentials.  I don't know the defaults for a 2960, but it could be 'cisco' and 'cisco'.

Hope that helps.

joealbergo Mon, 06/07/2010 - 14:26

3750 is the router correct?

With the 2960 on the interface that your trunking your not going to do the encap dot1q command.

You need to do the switchport mode trunk

------

(config-int)#switchport mode trunk

------

that script does not sound right. encap dot1q I thought was only for routers to encapsulate the traffic as 802.1q?

Also, did you set up the line vty 0 4 password? for the GUI?

fasteddye Mon, 06/07/2010 - 18:24

The 3750 it is uplinking to is just an edge switch at Layer 2.  That 3750 then is a direct connect to our 6509 core.  I used the macro apply cisco-switch command on the 2960 GI0/1 interface and it did set the interface to switchport mode trunk.

We use AAA authentication on all devices.  I have setup all the TACACS commands and it does let me use my credentials for telnet.  When I try to login in web interface, it just repeatidly asks for user login.  It never states that login we incorrect, just keeps asking.  Line vty 5 15 is set.

joealbergo Mon, 06/07/2010 - 18:41

I'm a noob here so I guess we will have to wait and hear from the pro's on this one.... sorry I couldn't help.

Leo Laohoo Mon, 06/07/2010 - 19:00

I have run the cisco-switch macro on my 2960 and I noticed it did not put the encapsulation dot1q after the switchport mode trunk command.  The Gigabit Ethernet port on the 3750 that I am uplinking to, does have the encapsulation dot1q after the switchport mode trunk command.  Do I need to add that to the 2960 port?  Could someone help explain the meaning behind the encapsulation dot1q as well?

Previous posts are correct.  The 2940/2950 and 2960 does not support ISL therefore the default (and only) setting is dot1q.  If your macro has the dot1q statement then, like me, disregard this error message.

Also on the 2960, when you attempt to bring up web interface, it repeatidly asks for user credentials over and over.  It does not state that you are entering incorrect login.

Depends on what is your enable password.
d_ferraro Tue, 06/08/2010 - 07:39

"The Gigabit Ethernet port on the 3750 that I am uplinking to, does havethe encapsulation dot1q after the switchport mode trunk command.  Do Ineed to add that to the 2960 port?  Could someone help explain themeaning behind the encapsulation dot1q as well?"

2960's use dot1q by default so this setting does not need to be configured. 3750's have 2 options for encapsulation so you will need to define that. Default configurations do not usually show up in the config. For instance when a switchport is configured for vlan1, it will not show up because that is the default.

Dot1q is a standard that encapsulates packets with the vlan information before sent over any trunked port. It will tag a packet with a vlan header from the port it was generated on, So if it was sent from a port that was switchport access vlan 1 then Dot1q would encapsulate that with a header that identifies it is destined for vlan 1.

To go a little deeper with this idea, when a packet is sent and the trunk does not know what vlan it came from it will tag it with its configured "native" vlan. By default the native vlan is vlan 1(you will not see this in the config because it is default). That could pose somewhat of a problem because by default Cisco management is vlan 1. So it is good practice to configure a trunk with a native vlan that does not exist. That way if someone was somehow injecting packets into your network hoping to get onto vlan 1 the packets would just be tagged with vlan xxx and would essentially go nowhere.

Actions

Login or Register to take actions

This Discussion

Posted June 7, 2010 at 12:57 PM
Stats:
Replies:6 Avg. Rating:4.5
Views:7590 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,730
4 7,083
5 6,742
Rank Username Points
165
82
70
69
55