The ports on my SG200-08 are configured as follows:
Port 1; VLAN 1+4; trunk Port 2; VLAN 4; access Port3-8; VLAN 1; access
The config for Port 1 looks as follows: "switchport trunk allowed vlan add 1,4". The problem I want to point out here arises right after rebooting the switch; in the running config, the aforementioned line is now present as "switchport trunk allowed vlan add 4", i.e., VLAN 1 is missing in the trunk. The problem is reproducible every time I reboot the switch. At this moment, I assume it to be a bug in the firmware. This is a problem for me, since the switch's management VLAN is 1 and it gets its IP address (DHCP) over VLAN 1 as well.
I have attached my startup config to this thread, as well as the running config exported right after reboot. In both of them, I've sanitized the rows on user accounts.
Does anyone recognize this problem? Any suggestions on how to fix it?
From looking at your config it looks like VLAN 1 is probably your default VLAN. Since it is the default condition it won't show up in your startup config. I am not quite sure why it shows up before a reboot, but unless this is causing you a problem it is normal behavior. It is similar to how your VLAN 1 access ports don't show switchport access vlan 1.
From your config VLAN 1 will be the untagged VLAN on port 1, so you can test by plugging in a PC and seeing it it can still access the web GUI.
If it is causing some problems let me know and I will set this up and test it when I am back in the office tomorrow. One thing you may want to try is defaulting the switch and manually reconfiguring, especially if your configuration is from before you upgraded to the latest firmware.
Hope that helps and thank you for choosing Cisco,
Christopher Ebert - Advanced Network Support Engineer
Thanks for your answer. You're right in concluding the VLAN 1 is my default VLAN. The problem is that the switch should contact my DHCP server over VLAN 1 and since the traffic on port 1 is not tagged, the traffic DHCP request will never reach my DHCP server. As a consequence, the switch always ends up with its factory default IP address (192.168.1.254) instead of the IP address assigned by the DHCP server. And yes, that's a problem
So to summarize, when I configure tagged access for VLAN 1 on port 1 and write this to the startup config, it is indeed present in the startup config afterwards. However, the switch ignores this upon reboot, causing VLAN 1 on port 1 to feature untagged access.
By the way, I completely set up the switch from scratch after restoring the config to factory defaults. It would be great if you could try to reproduce the issue and hopefully come with a fix. In case you need more information, please don't hesitate to contact me.
By default, trunk ports do not tag the native VLAN.
This is per spec for 802.1Q
Some switches allow you to change this behavior.
Cisco IOS switches have the command: vlan dot1q tag native, to implement tagging the native VLAN.
This switch most likely does not have this capability.
Your DHCP server should not be tagged and it doesn't need to be trunked to serve clients in other VLANs.
If you want your DHCP server to simply hand out addresses for other VLANs, you can use a DHCP relay agent or in Cisco IOS, the ip-helper command.
Otherwise, if you want your DHCP server to work on a trunked port, you have to configure it to be a trunk in the operating system. This is possible with most Intel NICs through device manager in Windows.
If I understand correctly you'd like VLAN 1 and 4 to be tagged on port 1. In that case you can use port mode General and set both of those VLANs as tagged. However, I am not sure this will resolve the problem. If your DHCP server is on VLAN 1, then connecting it to an access port for VLAN 1 or a Trunk port with VLAN 1 untagged should result in the switch pulling a DHCP address from the server.
What exactly is plugged into port 1? Is it the DHCP server? Because if so FratianiD is correct, it is pretty unusual to have the server on a trunk link, since most PCs do not understand tagging, or if they do they will only tag for one VLAN. Trunking to the server is not going to make it handle DHCP for both VLANs without changes to the NIC, assuming it is capable of that. How is the server's NIC configured?
Thanks for your replies. It's not the case that I have a DHCP server physically connected to port 1 and that it receives tagged frames. Instead, I use port 1 as a trunk and at 'the other end of the line' there's a group of hosts, among which is my DHCP server.
To fix my issue, I've set VLAN 1 as the default VLAN on port 1 (so untagged). I wasn't aware of the 802.1q spec stating that trunk ports shouldn't tag the default VLAN. My managed HP switch allows me to do so, by the way.
As an improvement to the firmware of the SG200 switches, I would say that are warning message should appear before saving a config in which the default VLAN has a tagged membership on the trunk port (as that configuration is lost after reboot, anyway). This avoids people to expect that it would work, while the switch completely ignores that configuration after reboot.
Introduction:Topology Diagram:Configuration Overview:Related
Information: Introduction: This document describes how to connect SG300
with Catalyst switch via STP. Spanning Tree Protocol (STP) is a Layer 2
protocol that runs on mainly on switches. The spec...
The Sx500 Series Stackable Switches offers different port features. You
can add security to a port, make the port more energy efficient, map a
VLAN to a port, make a port available or not to a specific network
portion, and so forth. The next set of articl...
On a technical level, Cisco 300 Series is far superior to the HP 1910
and 2530 products. This document provides evidence that Cisco has >100
features not supported by the HP platforms. Check this out and decide
for yourselves. Notes (2/5/2014):- Informati...