Cat3750... multiple native vlans?

Hey techies.

Just got asked something that I've never even heard of before... I'll try to describe our setup.

All of our servers are dual homed... one to production switches and the core, the other to a backup switch stack, which connects to the backup array (completely layer 2 and non-routable).

The native vlan on the production side is 999, while vlan 1 has been kept in the backup lan. So far so good.

We added a couple IBM Blade Centers recently, and the backup side is the issue. The cisco 2950 built into the Center has eight ports... 4 go to production, and 2 to backup.

Because it's a switch that now connects the backup and production lans, I'm trying to not allow vlan 1 to reach the 2950.

So, here's the question... can I leave vlan 1 as the native vlan for the entire 3750 backup stack, but take one port and change the native vlan to, say, 2? Providing I add vlan 2 to the allowed list on the trunk to the backup array... am I okay?

Further, for those of you with IBM BC's (since the 2950 is half cisco and half proprietary IBM), can I assign 999 as the native vlan on half of the ports, but vlan 2 as native on a couple?

I appreciate any insights,
Mike

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

bighornsheep

Not sure if I got this right, when you say native vlan, do you mean your mgmt vlan? ie. the SVI: Interface vlan xxx or do you mean the native vlans you've defined on the dot1q trunks?

The native vlans for dot1q trunks can be configured on a per-link basis, the trunk on the 2950 going to the core can have vlan 999 as the native vlan while the trunk to the backup segment can use vlan 1 by default without config modifications.

Switch(config-if)#switchport trunk native vlan <vlan id>

If you're talking about management vlan, then pruning is your friend or enemy. For the trunk to the core, make sure mgmt vlan isn't pruned, by default, 999 would be prune eligible. As for "not allowing vlan 1" to reach vlan 999, the 2950 can only have one SVI active at a time, so unless there's a router for those two segments, they shouldn't route.

mikearama

bighornsheep wrote:

The native vlans for dot1q trunks can be configured on a per-link basis, the trunk on the 2950 going to the core can have vlan 999 as the native vlan while the trunk to the backup segment can use vlan 1 by default without config modifications.

That's what I needed bro... thanks kindly. I thought the native vlan was global... but if it's per-link, I'm good to go. Gonna configure it tonight. I feel better already.

mikej412

bighornsheep wrote:

The native vlans for dot1q trunks can be configured on a per-link basis

Perfect 10! Nailed it and stuck the landing!