[c-nsp] 3560g switch - tagged vlans and untagged frames

Matthew Huff mhuff at ox.com
Tue Apr 9 15:56:36 EDT 2013 

I've started looking at this thread in mid-conversation, but I think that original config is correct. If you have "switchport mode trunk", the "switchport access-vlan ..." won't take effect. It will only use the access-vlan if the interface fails to trunk. If you are trunking a non-cisco switch, you should disable CDP and DTP via the following config. If this fails to work, then there may be some incompatibles with the dot1q protocol between switches, or some spanning tree issue.

 interface GigabitEthernet0/10
    description testing cisco vlans
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 6
    switchport trunk allowed vlan 6,306
    switchport mode trunk
    switchport access vlan 6
    switchport nonegotiate
    no cdp enable
 
 
 interface GigabitEthernet0/11
    description testing cisco vlans
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 7
    switchport trunk allowed vlan 7,306
    switchport mode trunk
    switchport access vlan 7
   switchport nonegotiate
    no cdp enable


----
Matthew Huff             | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC       | Phone: 914-460-4039

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Damian
> Higgins
> Sent: Tuesday, April 09, 2013 3:33 PM
> To: Mike
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
> 
> Hi Mike,
> 
> How about this scenario. Let's say you want a VLAN tagged on all the ports,
> but also want different untagged VLANs on those ports (e.g. port 10 tagged
> vlan 306 and untagged vlan 6, port 11 tagged vlan 306 and untagged vlan 7).
> So native VLAN is out of question here since all ports would be untagged in
> the same VLAN ID.
> 
> 
> Can you please test the following setup and tell me if it works? :
> 
> interface GigabitEthernet0/10
>    description testing cisco vlans
>    switchport trunk encapsulation dot1q
>    switchport trunk allowed vlan 306
>    switchport mode trunk
>    switchport access vlan 6
> 
> 
> interface GigabitEthernet0/11
>    description testing cisco vlans
>    switchport trunk encapsulation dot1q
>    switchport trunk allowed vlan 306
>    switchport mode trunk
>    switchport access vlan 7
> 
> 
> I don't have any cisco switches at the moment that I could do this test on,
> but I can tell you for sure that this setup is possibile on other switches
> (HP procurve for example, and they're way cheaper :)
> 
> Regards,
> 
> 
> 
> On Tue, Apr 9, 2013 at 8:21 PM, Mike
> <mike-cisconsplist at tiedyenetworks.com>wrote:
> 
> > On 04/08/2013 09:48 PM, sthaug at nethelp.no wrote:
> >
> >>         I would like to be able to accept both tagged and untagged frames
> >>> on my
> >>> 3560g. For the untagged frames, I'd like to be able to say these are a
> >>> member of some vlan - say 100 - otherwise I want to be able to allow
> >>> tagged frames from some list.
> >>>
> >>>         In testing, it doesn't appear that "switchport trunk native vlan
> >>> xxxx"
> >>> is doing the job; anything I send untagged is dropped and doesn't show
> >>> up in the switch mac address tables.  Here is my config:
> >>>
> >>>
> >> Similar configs work for us.
> >>
> >>
> >>
> >>> interface GigabitEthernet0/45
> >>>    description testing cisco vlans
> >>>    switchport trunk encapsulation dot1q
> >>>    switchport trunk native vlan 6
> >>>    switchport trunk allowed vlan 306
> >>>    switchport mode trunk
> >>>
> >>>
> >>> It it helps. I do also have dot1q native vlan tagging enabled.
> >>>
> >>>
> >> I believe you need to drop that - it tells the switch that the native
> >> VLAN should be tagged.
> >>
> >> Also, add the native VLAN to the list of allowed VLANs (so you'd get
> >> "switchport trunk allowed vlan 6,306" here).
> >>
> >>
> >
> >
> > I removed dot1q tag native and that seems to have worked. Unfortunately,
> > it caused other problems requiring me to set the native vlans on some ports
> > to something other than default. In the end it's working but I just don't
> > see why I can't say 'hey, got an untagged frame? throw it into this vlan
> > for me...'. Maybe I need more expensive switches.
> >
> > Thanks all.
> >
> > Mike-
> >
> > ______________________________**_________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/**mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-
> nsp>
> > archive at http://puck.nether.net/**pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-
> nsp/>
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list