cant see a cisco 2100 connected to a 2960

paul amaral · ‎01-05-2014

guys i have the following.

a cisco 2100 controller with vlan 1, 101-103 on it connected to a cisco 2960 with the same L2 vlans on and ( int vlan 1 with ip 192.168.254.101) these are connected via trunk and the trunk is up. The 2960 then connects to a cisco 500 which has (int vlan 1 with ip 192.168.254.100). everything uses 192.168.254.1 as the gateway which is the cisco ASA connected to the 500 via trunk. If i remove the 2960 and connect the 2100 directly to it via trunk it work however adding the 2960 and connecting the 2100 i stop being able to ping it. The weird thing is i see arp packets it but i just cant ping the 2100. Eventually i will remove the cat 500 but for now this needs to work and im not sure what is going on.

any advise is welcome.

p

Richard Burts · ‎01-05-2014

p

I am having some difficulty in understanding whether you believe that the problem is with the 2960 or with the 500. Perhaps you can provide some clarification of the problem?

But in the meantime I will assume that the issue is on the 2960 and will start from that point. Can you post the output of show vlan from the 2960? Also the output of show interface trunk from the 2960 would be helpful.

HTH

Rick

HTH

Rick

paul amaral · ‎01-05-2014

Rick/Leo

turns out the issue was due to the native vlan. The cisco ASA was configured for dot1q trunking however it seems like the ASA when when doing dot1q needs to see the native vlan 1 id however the cisco 2960 was sending it untagged as expected and the ASA was rejecting the packets. The funny thing is i had never used a cat 500 before but it was also set for native vlan 1 but it looks like the 500 tags the native vlan unlike all other cat switches i ever worked with, the cat 500 doesnt even have cli so its not your standard switch,

So the issue was the ASA was looking for tagged native vlan packets over the dot1q trunk while the 2960 was sending untagged vlan as expected but im not sure why the cat 500 was setup the same way as the 2960 yet it seems like it sends native vlan tagged,

so this is all set now thanks for the reply guys,

Richard Burts · ‎01-06-2014

p

I am glad that you were able to resolve the issue. Thank you for posting back to the forum and letting us know what the problem turned out to be. I am a bit surprised that it turned out to be needing to tag frames in the native vlan and glad that you figured that our.

HTH

Rick

HTH

Rick

paul amaral · ‎01-06-2014

Rich

this is a little weird because the cat 500 which i never worked with before shows vlan 1 as native however that works with the ASA with no issues, so i suspect that whoever put that switch there got lucky and somehow even thought on the 500 the native vlan is 1 the cat 500 still tags the vlan which traditional switches dont. I believe when doing router on a stick to a router that native vlan works perfect untagged however the the ASA it seems like it wants to see a tag for the native vlan.

p

cadet alain · ‎01-06-2014

Hi,

On the ASA the physical interface takes care of untagged traffic not the subinterfaces.

Regards

Alain

Don't forget to rate helpful posts.

Richard Burts · ‎01-06-2014

Alain

Thanks. This is a helpful observation and reminds me of something that I should have remembered (but obviously did not). So +5.

HTH

Rick

HTH

Rick

Leo Laohoo · ‎01-05-2014

What is a "cisco 500"? I am not aware of this?

This is not the AP512 is it? Because if it is, then don't bother wasting your time because the AP512 will NEVER join a WLC because they are incompatible.