Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

setup a switch port for 2 vlans

hi there,

I'm trying to setup a port on a catalyst 3750 so it will pass traffic for 2 vlans. It connects to a (watchguard) firewall which I've configured with a primary IP (for vlan 27) and a secondary IP (for vlan 29).

However I can't seem to find the correct commands to enter on the cisco switch port (I've tried a variety). Can anyone help?

Cheers,

Al

FYI the current configuration is...

interface FastEthernet1/0/38

description ## Connection to WG vlan27 and vlan 29 ##

switchport trunk encapsulation dot1q

switchport trunk native vlan 27

switchport trunk allowed vlan 27,29

switchport mode trunk

switchport nonegotiate

no logging event link-status

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

priority-queue out

mls qos trust cos

auto qos voip trust

no mdix auto

spanning-tree portfast

spanning-tree bpduguard enable

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Super Bronze

setup a switch port for 2 vlans

Hi Alain,

The suggestion I provided is for the 3750 side of the connection.  I am not sure if the watchguard is capable to do dot.1q. According to this PDF it is, If not, then as you noted it is not going to work.

http://www.watchguard.com/help/docs/edge/10/v101edgeuserguide.pdf

Thanks,

Reza

setup a switch port for 2 vlans

Hi,

I looked at the watchguard document and it support 802.1Q
Why dont you use the same trunking method at both ends.


Please rate the helpfull posts.
Regards,
Naidu.

8 REPLIES
Community Member

setup a switch port for 2 vlans

I should add that the above works for vlan27 (i.e. I can ping the firewall) but not for vlan 29.

Hall of Fame Super Silver

Re: setup a switch port for 2 vlans

You need to have both the Layer 2 (VLAN) and Layer 3 (network) settings matching up on both the switch and firewall. I suspect you may not be negotiating a trunking protocol and are thus sending frames untagged to the firewall on Vlan 27 (as a result of the 'switchport trunk native vlan 27' line). Thus when you address a Layer 3 IP from the range served up on Vlan 29 you get no reply.

Hope this helps.

VIP Super Bronze

setup a switch port for 2 vlans

To make a port a trunk port, these are the only commands you need:

interface FastEthernet1/0/38

description ## Connection to WG vlan27 and vlan 29 ##

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 27,29

switchport mode trunk

so, test with this config and provide the results.

HTH

Purple

setup a switch port for 2 vlans

Hi reza,

I don't think it will work if he doesn't do 802.1Q on the Watchguard which he isn't doing now.

Regards.

Alain

Don't forget to rate helpful posts.
VIP Super Bronze

setup a switch port for 2 vlans

Hi Alain,

The suggestion I provided is for the 3750 side of the connection.  I am not sure if the watchguard is capable to do dot.1q. According to this PDF it is, If not, then as you noted it is not going to work.

http://www.watchguard.com/help/docs/edge/10/v101edgeuserguide.pdf

Thanks,

Reza

Community Member

setup a switch port for 2 vlans

Thanks for all the replies. I really appreciate your help.

Are you guys saying that if the watchguard doesn't support dot1q then it won't work? Is there a way to pass traffic from both vlans untagged?

The watchguard is an XTM505 btw.

Cheers again,

Al

setup a switch port for 2 vlans

Hi,

I looked at the watchguard document and it support 802.1Q
Why dont you use the same trunking method at both ends.


Please rate the helpfull posts.
Regards,
Naidu.

Community Member

setup a switch port for 2 vlans

Thanks guys. I setup vlan tagging on the watchguard and got this working.

Cheers again,

Al

1908
Views
0
Helpful
8
Replies
CreatePlease to create content