Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Layer 2 community vlan access between layer 2 and layer 3 switch

I have a layer 3 (3560g) with private vlan10( as primary with vlans100-161 as community vlans all mapped and associated.  All ports on this switch route/forward perfectly.  It is layer 2 switches (2960) connected downstream where I have the problem.  On those switches, you cannot create primary/secondary vlans.  So how do I get a port in vlan 100 on the 2960 to communicate with a port in vlan 100 on the 3650.  The switches are connected by dot1q trunk ports due to number of vlans/switches.  I cannot use an access port for every switch/vlan.  My understanding is that the layer3 switch expects communication for the secondary vlans to come thru the primary, but the layer 2s are presenting it with tagged ports via the trunks.

Essentially I'm trying to replace a layer 3 extreme 48si with this layer 3 cisco.  The extreme has no problem receiving layer 2 packets for subvlans.

Do I have a design issue?  It's a multiple tenant facility so I have a similar model to a service provider, but it's a non-profit so I have to work with what I got... the extremes are 9 years old.  what a tank.  but I have new donated ciscos......


Everyone's tags (2)
Community Member

Re: Layer 2 community vlan access between layer 2 and layer 3 sw

To reiterate, these same 2960's when attached to the extreme via dot1q trunk links passing all but vlan1 as tagged-evrything works.  The layer 3 has a server vlan also, (192.168.101.x)

This is a 2 building campus with multiple floors- totalling 15 switches.  Different tenants can rent different combinations of rooms so I have to be able to move the vlans all over the buildings with the tenants.  In the old extreme world it was a matter of tagging all vlans to all trunks and simply untagging on the various access ports.

What am I missing?

many thanks in advance


CreatePlease to create content