Why wont switches pass traffic?
Sanis4life
Banned Posts: 60 ■■□□□□□□□□
in CCNP
Hey folks. I figured i would drop a question in here for people that like troubleshooting. We had a situation at work where we were trunking two switches. The downlink switch was not passing traffic correctly. Both switches were up and up. The downlink switch's data packet output was high, but packet input was very low. In fact, the packet input matched exactly what the broadcasts were. None of the computers were picking up an IP, nor could the default gateway be pinged.
You can assume everything globally is configured correctly.
What could it be!!!!??
You can assume everything globally is configured correctly.
What could it be!!!!??
Comments
-
Netstudent Member Posts: 1,693 ■■■□□□□□□□Maybe a VLAN to ip subnet mismatch, perhaps a vlan was disallowed from the trunk when it shouldn't ahve been. Could have been a duplex mismatch, or maybe a native vlan mismatch(you would have gotten a no no message if that happened though).
Could both sides have been configured as auto?
Was VTP involved?
A "show interface fa?/? trunk" on both link parters would help.
Thats almost like going to the Off Topic forum and posting "Why can't I renew my IP"There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1! -
Sanis4life Banned Posts: 60 ■■□□□□□□□□Well, you already answered it, but here is the config on one of the trunk ports. The other one goes through someone elses services.
interface GigabitEthernet3/5
description Uplink
switchport trunk native vlan 515
switchport trunk allowed vlan 3,515
switchport mode trunk
no cdp enable
end
Now, another question is why would the native vlan command be used? I dont see any reason someone would want to untag a vlan. -
nice343 Member Posts: 391Sanis4life wrote:Well, you already answered it, but here is the config on one of the trunk ports. The other one goes through someone elses services.
interface GigabitEthernet3/5
description Uplink
switchport trunk native vlan 515
switchport trunk allowed vlan 3,515
switchport mode trunk
no cdp enable
end
Now, another question is why would the native vlan command be used? I dont see any reason someone would want to untag a vlan.
the native vlan is used when there is voice on the network. The native Vlan untags the data network so that the voice network will be tagged since that is the most important traffic.
have you tried typingswitchport trunk encapsulation dot1q
My daily blog about IT and tech stuff
http://techintuition.com/ -
Netstudent Member Posts: 1,693 ■■■□□□□□□□yes thats one application of it's use. There are others I can think of. One big one is security. MOst networking people and hackers know about open standard technologies. Therefore they know how vlans work and that dot1q uses vlan 1 by default as a tagless frame. This can be exploited by a vlan hopping attack if you leave your native vlan as 1 and the attacker's VLAN is 1. So another reason would be to ensure security in the network by not using Vlan 1 for normal voice and data applications.
http://www.techexams.net/forums/viewtopic.php?t=26144
But dot1Q by nature has a native vlan. you don't have to use a native vlan at all. It may reduce some overhead on a data stream, by not inserting that 4 byte tag between the source and ether type fields, but the tradeoff is security and no priority bits. In smaller networks, I don't think it would be a big deal to use a tagless vlan, although I could be wrong on that. You never know where a hacker might sneak in.There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1! -
networker050184 Mod Posts: 11,962 Modnice343 wrote:the native vlan is used when there is voice on the network. The native Vlan untags the data network so that the voice network will be tagged since that is the most important traffic.
This is not the case with trunks between switches. I think you are confused with the special 802.1p trunk formed on a switch port configured for a voice and access vlan. The native vlan is usually pruned for security reasons.An expert is a man who has made all the mistakes which can be made. -
Sanis4life Banned Posts: 60 ■■□□□□□□□□Netstudent wrote:yes thats one application of it's use. There are others I can think of. One big one is security. MOst networking people and hackers know about open standard technologies. Therefore they know how vlans work and that dot1q uses vlan 1 by default as a tagless frame. This can be exploited by a vlan hopping attack if you leave your native vlan as 1 and the attacker's VLAN is 1. So another reason would be to ensure security in the network by not using Vlan 1 for normal voice and data applications.
http://www.techexams.net/forums/viewtopic.php?t=26144
But dot1Q by nature has a native vlan. you don't have to use a native vlan at all. It may reduce some overhead on a data stream, by not inserting that 4 byte tag between the source and ether type fields, but the tradeoff is security and no priority bits. In smaller networks, I don't think it would be a big deal to use a tagless vlan, although I could be wrong on that. You never know where a hacker might sneak in.
This is a good example as to why it could be used, but if a native Vlan is used and you have multiple VLANs going through a trunk port, how will data that is destined for VLAN 515, in this case, find its way if it is not tagged with VLAN information? -
dtlokee Member Posts: 2,378 ■■■■□□□□□□BEcause the native VLAN needs to match on both sides of the trunk, so if VLAN 515 is untagged, the other end receives it and sees that there is no tag (because the ethertype is unchanged) and will assign the frame to VLAN 515.The only easy day was yesterday!
-
Sanis4life Banned Posts: 60 ■■□□□□□□□□dtlokee wrote:BEcause the native VLAN needs to match on both sides of the trunk, so if VLAN 515 is untagged, the other end receives it and sees that there is no tag (because the ethertype is unchanged) and will assign the frame to VLAN 515.
Ah. So, the "switchport trunk native vlan 515 " command must be on both sides of the trunk lines in order for untagged traffic to know where to go. Cool. Thanks!
Edit:
I found a link on the cisco boards that gave an excellent discussion of native vlans.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbed45c