This one's got me banging my head against a wall… likely a simple answer, but I've tried everything I know. I heard the internet's a smart place. 🙂
Have an SG300-28MPP connected to a clients' Catalyst (unsure of model, but it's recent). Have LAG1 (ports 11-12) set up to pass VLAN 75; works great. Port 25 on the SG300 is configured as a trunk, with VLANs 72 and 73 tagged.
Client's switch is configured with 75 tagged on the LAG, 72 and 73 tagged on the single-link trunk. No LACP on the LAG.
Something has changed on my end that causes port 25 to pass no traffic on either VLAN. (Within the last 24 hours I've been resolving a multicast issue… can't figure out what I may have done there that would affect this.)
Config appears below, with unrelated ports and security stuff removed.
Many thanks for any wisdom you can lend!
config-file-header switch0001 v1.4.1.3 / R800_NIK_1_4_194_194 CLI v1.0 set system mode router file SSD indicator encrypted @ ssd-control-start ssd config ssd file passphrase control unrestricted no ssd file integrity control ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0 ! bridge multicast filtering vlan database default-vlan vlan 71 exit vlan database vlan 1,61,72-75 exit voice vlan state disabled voice vlan oui-table add 0001e3 Siemens_AG_phone________ voice vlan oui-table add 00036b Cisco_phone_____________ voice vlan oui-table add 00096e Avaya___________________ voice vlan oui-table add 000fe2 H3C_Aolynk______________ voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone voice vlan oui-table add 00d01e Pingtel_phone___________ voice vlan oui-table add 00e075 Polycom/Veritel_phone___ voice vlan oui-table add 00e0bb 3Com_phone______________ bonjour interface range vlan 1 mac access-list extended "Excess Traffic Filter" exit hostname OR-AV-SW-1-2 no passwords complexity enable username cisco password encrypted 3c0af1ccfaed6250e3fd6106e00561467fb746f3 privilege 15 ip telnet server ! interface vlan 1 no ip address dhcp ! interface vlan 61 name BGM ! interface vlan 71 ip address 192.168.1.3 255.255.255.0 ! interface vlan 72 name Control ip address 192.168.10.3 255.255.255.0 ! interface vlan 73 name Audio ip address 192.168.20.3 255.255.255.0 bridge multicast mode ipv4-group bridge multicast ipv6 mode ip-group bridge multicast forward-all add gi27-28 ip igmp query-interval 30 ! interface vlan 74 name Video ip address 192.168.30.3 255.255.255.0 ip igmp query-interval 30 ! interface vlan 75 name Presenter ip address 192.168.40.3 255.255.255.0 ! // ports 1-10 omitted ! interface gigabitethernet11 description “WLAN A-1“ spanning-tree disable channel-group 1 mode on switchport mode general switchport general pvid 4095 ! interface gigabitethernet12 description “WLAN A-2“ spanning-tree disable channel-group 1 mode on switchport mode general switchport general pvid 4095 ! // ports 13-24 omitted ! interface gigabitethernet25 description “WLAN B-C” spanning-tree disable switchport trunk allowed vlan add 72-73 ! //ports 26-28 omitted ! interface Port-channel1 description “WLAN A Uplink" spanning-tree disable switchport mode general switchport general allowed vlan add 75 tagged switchport general pvid 4095 ! exit ip igmp snooping ip igmp snooping vlan 73 ip igmp snooping vlan 73 immediate-leave ip igmp snooping vlan 74 ip igmp snooping vlan 74 immediate-leave ip igmp snooping vlan 73 static 224.0.0.251 interface gi1,gi3,gi5,gi9,gi25,gi27-28 ip igmp snooping vlan 73 static 224.0.1.129 interface gi1,gi3,gi5,gi9,gi25,gi27-28 ip igmp snooping vlan 73 static 239.255.255.250 interface gi1,gi3,gi5,gi9,gi25,gi27-28 ip igmp snooping vlan 73 static 239.255.255.255 interface gi1,gi3,gi5,gi9,gi25,gi27-28 no ip igmp snooping querier ip igmp snooping vlan 73 querier version 3 ip igmp snooping vlan 73 querier ip igmp snooping vlan 74 querier version 3 ip igmp snooping vlan 74 querier ip default-gateway 192.168.10.1 encrypted ip ssh-client key rsa key-pair ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- Comment: RSA Private Key *** ---- END SSH2 PRIVATE KEY ---- ---- BEGIN SSH2 PUBLIC KEY ---- Comment: RSA Public Key *** ---- END SSH2 PUBLIC KEY ---- . encrypted ip ssh-client key dsa key-pair ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- Comment: DSA Private Key *** ---- END SSH2 PRIVATE KEY ---- ---- BEGIN SSH2 PUBLIC KEY ---- Comment: DSA Public Key *** ---- END SSH2 PUBLIC KEY ---- . encrypted crypto key import rsa ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- Comment: RSA Private Key *** ---- END SSH2 PRIVATE KEY ---- ---- BEGIN SSH2 PUBLIC KEY ---- Comment: RSA Public Key *** ---- END SSH2 PUBLIC KEY ---- . encrypted crypto key import dsa ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- Comment: DSA Private Key *** ---- END SSH2 PRIVATE KEY ---- ---- BEGIN SSH2 PUBLIC KEY ---- Comment: DSA Public Key *** ---- END SSH2 PUBLIC KEY ---- . encrypted crypto certificate 1 import -----BEGIN RSA ENCRYPTED PRIVATE KEY----- *** -----END RSA PRIVATE KEY----- -----BEGIN RSA PUBLIC KEY----- *** -----END RSA PUBLIC KEY----- -----BEGIN CERTIFICATE----- *** -----END CERTIFICATE----- . encrypted crypto certificate 2 import -----BEGIN RSA ENCRYPTED PRIVATE KEY----- *** -----END RSA PRIVATE KEY----- -----BEGIN RSA PUBLIC KEY----- *** -----END RSA PUBLIC KEY----- -----BEGIN CERTIFICATE----- *** -----END CERTIFICATE----- .
Best Answer
"Port 25 on the SG300 is configured as a trunk, with VLANs 72 and 73 tagged."
This does not make sense to me. Frames are tagged based on the access port they came from, not by a trunk port.
default-vlan vlan 71why? Why did you change this from default of vlan 1? Put that back / undo that (say default-vlan default).All the physical interfaces that you show us are described as
WLAN. We need to see the trunk physical interfaces.