I'm not sure you have entirely understood the posted query...

I have already set ports to VLAN's 1 and 2 as above and traffic is only passing over the trunk for the native VLAN and not tagged VLAN's.  Changing the native VLAN on the trunk reverses the problem (VLAN 1 working and 2 not and vice verse).

So to clarify on each switch.

Port Gi1 - Trunk mode allowing VLAN 1 native, VLAN2 tagged

Ports 2-3 on VLAN1

Ports 4-8 on VLAN2

In this configuration VLAN 1 passes traffic over the trunk but VLAN 2 does not

Port Gi1 - Trunk mode allowing VLAN 2 native, VLAN 1 tagged

Ports 2-3 on VLAN1

Ports 4-8 on VLAN2

In this configuration VLAN 2 passes traffic over the trunk but VLAN 1 does not

In both instances intra-switch traffic is consistent with devices being able to connect to other devices in their respective VLAN.

The switches are running the latest Firmware, I may try downgrading the firmware to see if this is a firmware bug but no one else seems to have reported this type of issue.

Thank you.

I checked and it looks pretty much the same as mine.

on switch 1 port 7 only is 2UP and port 8 is trunk (1 UP, 2 T) and switch 2 port 6 and 7 are UP and port 8 again trunk (1UP, 2T)

When you check MAC address table on each switch during the test do you see any misbehavior?

Also what is the protocol you are testing with?

Aleksandra

Hi,

When I check the dynamic mac-address report it shows all mac-addresses for the native VLAN that I have initiated traffic to, however it shows only the mac address for the local devices for the other VLAN.

For example if VLAN1 was native then it will see the mac-addresses for the router, NAS, other PC's etc. on the trunk port and on the port that the device is connected to.  For VLAN 2 it only shows the mac-address local to the switch.  I don't see any mac-address corruption and all traffic from a device on the non-native VLAN to another device on the non-native VLAN on the same switch works perfectly.

I've kept the testing fairly basic using ICMP and l2 discovery protocols using both directed and broadcast traffic.

It is as if the port is trying to act as an access port instead of a trunk, if this were a catalyst I would suspect a DTP issue or some type of filtering on the port but the config shows nothing like this being used.

I've since performed a downgrade and re-upgrade of the firmware, a full reboot to defaults, and even swapped the physical port used for trunking as well as creating additional VLAN's and trunking those with the same result.  I've even swapped devices from switch to switch to make sure it's not some odd NIC issue.

Interestingly though if I set my laptop NIC into VLAN mode and use tagged virtual interfaces for each VLAN this seems to allow traffic on the switch (not cross switch though) which brings me back to something specific in 1 or both switches with the trunk port.

If I set a mirror port up using the trunk as the source and pointing this to a wire shark collector will the switch correctly pass all traffic including the VLAN tags and any trunk negotiation packets to the mirror port on the SG200 series?  This may give some additional insight if so.

Hi Ultrique01,

Please note:

1. wireshark capture when done on Windows machine (not Linux) will be stripped off the tags - so would be not much use of it

2. MAC addresses for tagged vlan devices should be present on the switch mapped to those VLANs and if they are on native vlan (untagged) this would indicate some trunk configuration issue.

I would simplify the tests as much as possible and start with two hosts and two switches only. That would be easier  to narrow down the problem.

Regards,

Aleksandra

Hi Aleksandra,

The only mac-addresses displayed on the trunk are those for the current native VLAN, i.e. if VLAN1 is the naive then I only see mac-addresses for devices on VLAN1 and not for anything on VLAN2, this is expected due to the ICMP pings between each switch not being able to reach the other side of the trunk for VLAN2 even though it is set as tagged.  If the trunk is not passing the traffic properly (using the provided config) then I would not expect the ARP process to complete hence the lack of any mac-addresses for VLAN2 on the trunk port.

However as indicated if I place devices on VLAN2 on a single switch the traffic works perfectly on that switch.  This clearly points to a trunking issue but as you have reviewed my config and determined it should work as it was similar to your test config, however I have changed ports, network cables, and reset and firmware updated with the same result.  At this point I am considering the issue is hardware based but I do not have a spare switch to test this theory at present.

I currently have only 2 hosts and the 2 switches connected together as per the provided config, the traffic doesn't pass between the switches for the tagged VLAN on the trunk.

This is frustrating.  Please post the solution.  The solution is NEVER "Contact Tech Support".  What did tech support lead you to do?  What was the actual solution?

Hi Aleksandra,

I have reset the switches back to factory default and configured the switches again, only the basics have been configured and the result seems to be the same.  I have attached the configs to this post can you please check them against yours and see if there's something odd with them.

I've never had this issue connecting SG-300's and the larger SG200's so I am starting to think it might be one of the switches doing something strange, the lack of SSH access however excludes the possibility of proper testing.

Regards

Shaun

Hello Ultrique01,

Did you ever determine a solution to this issue?  I'm having a similar problem trunking between an SG200 and a Cisco ASA 5505.

Thanks,

Hi,

Unfortunately I never did get a solution to the problem directly cabling the SG200's together, Cisco did offer to take them back and try to work out the issue but as this was for a home network it didnt seem worth the hassle.  When connected to another Cisco device or my Netgear 10G switch the trunking works normally so I left it at that, I haven't had the same problem with anything other then the 8 Port SG200 switch.

The last time I setup a ASA with ROAS setup I came across this good article ( http://blog.braini.ac/?p=38 ) which worked well, however now I just implement L3 switches where possible as its just easier to route there and let the firewall handle basic NAT/VPN/Firewall.

Best of luck with the configuration!  

Hi, Just in case someone is still having a similar issue. I have gotten mine to work and this took me an hour to figure out.

Basically here is my config.

FW - Dell Sonicwall tz205 -

• MGMT Interface is Vlan 1 -
• Virtual Interface ( 10 and 20 )

SG-200 Port 1 -

• Trunk - Uplink to TZ205 Port 2 -
• Trunk - Meraki MR 42\

By Default, untagged frames will work out-of-the-box. To allow tagged 10 and 20 in my case. All Trunk ports must have tagged vlan added to them including the uplink going to the router/fw, mr42, or dhcp router (windows) if this is the case. I hope this helps