[c-nsp] cisco-nsp Digest, Vol 54, Issue 8
Mark Tohill
Mark at u.tv
Thu May 3 10:02:21 EDT 2007
Marko/Stewart,
Thanks for the help.
I have disabled this command at the 6500 end and traffic being passed ok
and can ping the management address on 2950 (VLAN1).
I have misunderstood the meaning of 'vlan dot1q tag native'.
I think I picked this up from the Data Center SRND documents under
"Switching Architecture for the Server Farm" on CCO:
"When trunks are used, if the native VLAN is also assigned to an access
port, IEEE 802.1q use of the native VLAN on a port can cause problems.
To overcome this limitation you need to enforce VLAN
tagging on all trunked VLANs. To do this in Supervisor IOS use the vlan
dot1q tag native command.
The section "Layer 2 Security" provides additional information about
other important practices for
server farm security."
We will just have to get traffic off VLAN1 ASAP.
Thanks for your help.
Mark
------------------------------
Message: 8
Date: Thu, 3 May 2007 10:38:15 -0000
From: "Marko Milivojevic" <markom at vodafone.is>
Subject: Re: [c-nsp] 802.1q trunking from cat6509 to 2950T-24
To: <cisco-nsp at puck.nether.net>
Message-ID:
<57686799EB60454FA98AFEC4B5D461B50EE0D9 at ogsv02mxc.ITNET.IS>
Content-Type: text/plain; charset="iso-8859-1"
Why do you insist on tagging native VLAN? If there is no special reason
to do it, don't :-)
Solution for your problem is to make some other (unused) VLAN native on
the 2950. That way, it will tag VLAN 1 over the trunk.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mark Tohill
Sent: fimmtudagur, 3. ma? 2007. 09:38
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] 802.1q trunking from cat6509 to 2950T-24
Hi,
I am having difficulty establishing 802.1q trunk to 2950 switch.
I am only (initailly) trying to establish VLAN1 across trunk.
I have 'vlan dot1q tag native' configured on the 6509 side but I dont
have a similar command on 2950T-24 or a way to untag the native on a per
trunk
basis on the 6509.
Configs below:
6509:
!
vtp mode transparent
vlan dot1q tag native
!
interface GigabitEthernet1/14
description 802.1q Switch1 Access
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-599,601-4094
switchport mode trunk
switchport nonegotiate
no ip address
logging event link-status
2950T-24:
!
vtp mode transparent
!
interface GigabitEthernet0/1
description 802.1q<-->-6509-01[Gig1/14]
switchport trunk allowed vlan 1-599,601-4094
switchport mode trunk
switchport nonegotiate
no ip address
Am I missing something?
Thanks,
Mark
Mark Tohill
UTV Internet
T:+44 (0)28 90 262196
M:+44 (0)7786 278716
E:mark at u.tv <blocked::mailto:mark at u.tv>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list