Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Vlan hopping issue btw 2950 (Access) & Cat 6K (Distribution)

Cat 6K is the Distribution Switch & 2950 is the Access Switch

Cat 6K int Gig 8/16 --- 2950 Fa 0/1

Cat 6K's Gig 8/16 is configured as Access port for Vlan 212 (10.106.167.0/24)

2950 has all its ports in Vlan 1. So, all frames from 2950 is sent untagged to Cat 6K which then tags them as Vlan 212. [Don't ask me why, but this is how they do it in our labs]

The problem here is, hosts configured in one other Vlan i.e. Vlan 244 (10.106.238.0/24) when connected to the 2950 Access Switch, can ping its Gateway 10.106.238.1.

Can someone explain why/how this is happening?

  • LAN Switching and Routing
2 REPLIES
Hall of Fame Super Gold

Maybe Dynamic Trunking

Maybe Dynamic Trunking Protocol is enabled?

Hi @rmysored,The fact that

Hi @rmysored,

The fact that all frames from 2950 are sent untagged to Cat 6K and then Cat 6K tags them as VLAN 212 is because the port Gi8/16 is an access port. Take the following example (Please, see the attached figure first):

 - I have Sw1, Sw2 and PC1

 - Sw1 and Sw2 are connected via a trunk port (passing all the VLANs by default)

 - Sw2 is connecting PC1 via an access port in VLAN 10

  • When PC1 is sending frames to Sw2 it sends it untagged because PCs don't recognize tags and tipically they don't know in what VLAN they are
  • But when Sw2 is sending those frames (from PC1) to Sw1, Sw2 tags those frames as part of VLAN 10 because Sw2 is passing more VLANs to Sw1 via the trunk link and it has to recognize where the frames belongs to when they return back

In your case, Cat 6K is tagging the frames coming from the 2950 as part of VLAN 212 because its port facing the 2950 (an access port) is configured as part of that VLAN.

In the other hand, can you share the configurations of the Cat6K and 2950 for deeper investigations?

Hope to see your answers.

Rgrds,

Martin, IT Specialist

40
Views
0
Helpful
2
Replies