Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Packets not being tagged on trunk port

Please bear with me as I try to simply define my network and the issue I am suffering from (Actual IP addressing changed to protect the inocent).

I have 2960s switches stacked using the stacking modules and then interconnected using 10GB SFP modules. Each stack currently has a clearly defined role but we trunk VLAN's between stacks to allow the flexibility to have ports in any VLAN from any stack.

Workstation Stack

4 x switches interconnected on uplink ports. Native VLAN on all access ports VLAN5 (all gig ports are access ports). VLAN5 interface address 1923.168.5.240, VLAN2 interface 192.168.1.53

Trunk port carries VLAN's 2, 5 & 11 native VLAN2.

Default Gateway 192.168.1.240

Server Stack

2 x switches interconnected on uplink ports. Native VLAN on all access ports VLAN2, VLAN interface address 192.168.1.49.

Trunk port carries VLAN's 2, 5 & 11 native VLAN2.

Default Gateway 192.168.1.240

Coms Stack

Single switch interconnected on uplink ports. Native VLAN on all access ports VLAN2, VLAN interface address 192.168.1.240.

Trunk port carries VLAN's 2, 5 & 11 native VLAN2.

Default Gateway 192.168.1.1 (FW) provides access to Internet and DMZ.

VLAN2 subnet 192.168.1.0

VLAN5 subnet 192.168.5.0

VLAN11 subnet 192.168.11.0

The Problem is as follows:

from 3 of the switches in the workstation stack I can access all resources in VLANs 2, 5, 11 out to the DMZ and Internet. If I am connected to the switch that has the 10GB uplink port (lets call it SW1) I can only get to resources in VLANs 2 & 5, can't get to the Internet or DMZ or VLAN11. Why just this one switch?

Additional information:

If I configure a access port on SW1 to have a native VLAN 2, correctly configure my workstation in the 192.168.1.0 subnet I CAN gain access to all resources on my network, the DMZ and the Internet.

So I am thinking that for some reason the packets are not being tagged and when my access port is in VLAN5 the IP addressing is being allowed to bleed over subnets that the switches know about but that traffic is not getting back from resources beyond the firewall.

Help / suggestions much appreciated.

Everyone's tags (3)
2 REPLIES
Hall of Fame Super Bronze

Packets not being tagged on trunk port

I don't see any of the switch hosting SVI 11 thus I assume another Layer3 device is.

Verify this L3 devices has a route for .1.0 and .5.0 subnets pointing to your 2960 switches.

New Member

Packets not being tagged on trunk port

Thanks for joining the discussion. There is indeed another stack of switches dealing with VLAN 11 and its subnet. I didn't include detail as I was trying to keep the description simple. Layer 3 routing is all in place and working as from 3 of the 4 switches in the workstation stack I can access all resources on the network and Internet. It is only from SW1 (the switch in the Workstation Stack that has the 10G uplink) that I can can not get beyond 192.168.1.0. We have moved a working PC between switches in the stack, this goes from having complete access to limited access (and back again) so we know that the IP configuration on the workstaiton is correct.

Hope this helps clarify.

Jonathan

274
Views
0
Helpful
2
Replies
CreatePlease login to create content