Cisco 3750 native vlan VLAN1 doesn’t work in a Trunked configuration

cisconetscreenvlan

I have two devices here, a Netscreen SSG520 and a Cisco 3750.

#show ver
Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.

The Cisco is currently being used as the central router. It has an IP interface defined on VLAN1. The revision of IOS is the one recommended to us by Cisco to cover some other oddities we have uncovered in the switch's behavior.

Right now my Netscreen has only an untagged interface. The Cisco treats this as VLAN1, and it works.

I want to add tagged interfaces to the netscreen (I need to remove the Cisco from routing certain VLANs for reasons I won't go into here). So the first thing I do is define the Cisco interface as trunked:

interface GigabitEthernet1/0/1
 description Netscreen SSG520
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,11,102
 switchport mode trunk

Now, when I plug in my netscreen, the Cisco reports all the "trunk allowed" VLAN interfaces are UP. It does not report the interface on VLAN1 as up. And the expected traffic does not flow between the Cisco and the Netscreen. Neither can ping the other.

If I plug the Netscreen into an access port defined as so:

interface GigabitEthernet1/0/11
 description castor

…the Cisco then reports VLAN1 as up, both devices can ping each other, and traffic can flow between the Cisco and the Netscreen properly.

I have even tried defining the VLANs as tagged sub-interfaces on the Netscreen, and while the tagged VLANs work, VLAN1 does not.

I've played with the switchport trunk native vlan 1 command and the no switchport trunk native vlan command and the switch still does not use VLAN1 on that interface.

I already have a no shutdown command in the definition for interface vlan1; the fact that when the netscreen is plugged into the access port the VLAN comes up proves that.

For various reasons (mostly involving history) we can't just not use VLAN1.

I've spent the last two hours trying to get these devices to talk to each other the way I want them.

So.

How do I get the Cisco to recognize, and use, VLAN1 when I have a trunk defined?

Best Answer

You've blocked vlan 1 traffic. Add it to your allowed vlans on the trunk port:

switchport trunk allowed vlan 1,10,11,102

Despite the fact that vlan 1 is the native vlan, it's still being evaluated for whether it's allowed through the port (which is why the vlan interface is showing as down; no port on the switch is able to deal with traffic for the vlan).

Related Solutions

Cisco – vlan tagging on a cisco catalyst 3560

Once you've identified your exact requirements above:

Each VLAN needs to be created before traffic will pass:

Switch(config)# vlan [number]
Switch(config-vlan)# name [name]

For each trunk (>1 vlan) port, config as follows. Let's say 1000 is native (untagged) VLAN and 2000-2100 and 3000 are carried:

Switch(config)# int gi0/1
Switch(config-interface)# switchport mode trunk
Switch(config-interface)# switchport trunk allowed vlan 1000,2000-2100,3000
Switch(config-interface)# switchport trunk native vlan 1000

For each access (1 vlan, untagged) port, config as follows:

Switch(config)# int gi0/2
Switch(config-interface)# switchport mode access
Switch(config-interface)# switchport access vlan 1000

You can also specify and interface range: Switch(config)# int range gi0/1 - 10, gi1/1

And shorten commands if the keywords are still unique: Switch(config-interface)# sw tr na vl 1000

Cisco – VLAN trunking between Juniper EX -> Cisco Catalyst -> and Cisco Router

You stated that ports 3 and 42 were configured on the Catalyst switch, but then provided configurations for ports 46 and 48. The configuration you posted for port 46 should be applied to port 3 that connects to the EX2200. Your router's connection is unchanged, so hopefully we can assume that configuration is fine.

Now, on the EX2200, the following lines of code would be appropriate to do the following:

ge-0/0/0 - trunk allowing the same vlans as defined above on port 46

ge-0/0/6 - access port on VLAN80

set vlans vlan80 vlan-id 80
set vlans vlan82 vlan-id 82
set vlans vlan83 vlan-id 83
set vlans vlan93 vlan-id 93
set vlans vlan289 vlan-id 289
set interfaces ge-0/0/0 description uplink-to-catalyst 
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan80
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan82
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan83
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan93
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan289
set interfaces ge-0/0/6 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members vlan80

Some other suggestions for you:

1) Turn on LLDP on your switch so you can do a show lldp neighbors and see where your connections go.

2) Don't use RSTP for spanning tree on the juniper switch, it doesn't play nice with Cisco that well, use VSTP instead. If you end up with a ton of vlans, you might even need to use MSTP.

3) Turn off chassis alarm for the management ethernet if you're not using it.

On the EX2200:

delete protocols rstp
set protocols vstp vlan all bridge-priority 4k
set protocols lldp interface all
set chassis alarm management-ethernet link-down ignore

On the Catalyst (if it supports it)

lldp run

Best Answer

Related Solutions

Cisco – vlan tagging on a cisco catalyst 3560

Cisco – VLAN trunking between Juniper EX -> Cisco Catalyst -> and Cisco Router

Related Topic