extending 2 vlans across a trunk using native vlan
I would like to know, how the below achived please?
PC1---switchportaccess-vlan10-SWITCH A=Trunk=SWITCH B swichportacess-vlan20--PC2
How do I make PC1 talks to PC2 ? will the below config do the trick?
on SWITCH A trunk port:
switchport mode trunk
switchport trunk allowed vlan X,Y
switch port access vlan 10
swich port native vlan 10
on SWITCH B trunk port:
switchport mode trunk
switchport trunk allowed vlan X,Y
switch port access vlan 20
swich port native vlan 20
will the config works?, do I also allow vlan 10 on A's trunk and allow vlan 20 on B's trunk ( with vlans X, Y) ?
thank you
PC1---switchportaccess-vlan10-SWITCH A=Trunk=SWITCH B swichportacess-vlan20--PC2
How do I make PC1 talks to PC2 ? will the below config do the trick?
on SWITCH A trunk port:
switchport mode trunk
switchport trunk allowed vlan X,Y
switch port access vlan 10
swich port native vlan 10
on SWITCH B trunk port:
switchport mode trunk
switchport trunk allowed vlan X,Y
switch port access vlan 20
swich port native vlan 20
will the config works?, do I also allow vlan 10 on A's trunk and allow vlan 20 on B's trunk ( with vlans X, Y) ?
thank you
Comments
-
Ryan82 Member Posts: 428The above config will not allow PC1 and PC2 to talk. They belong to different vlan's and need a layer 3 device to route between the vlan's be it a switched virtual interface or a router.
Typically on each switches trunk port you will define the same native vlan and you will define it as a vlan that is not actually used in your network. This is a security mechanism to prevent whats known as vlan hopping. If you don't you will get constant cdp messages telling you about a native vlan mismatch.
The 'switchport trunk allowed vlan' is for limiting vlan propagation. If host PC1 was on switch 1 and host PC2 was on switch 2 but both of the hosts belonged to vlan 10, in order for them to communicate across the trunk link you would have to have 'switchport trunk allowed vlan 10' defined on each trunk interface. By default all vlans are allowed across trunks but if you started defining the allowed vlans such as in your config, then that is what you would need to do.
Here is a good link to learn about trunking: 802.1Q Trunking Between Catalyst Switches Running CatOS and Cisco IOS System Software - Cisco Systems
Here is a link to learn about how to make devices in two different vlans talk to each other: Configuring InterVLAN Routing and ISL/802.1Q Trunking on a Catalyst 2900XL/3500XL/2950 Switch Using an External Router - Cisco Systems
Hope this helps -
sunny7 Registered Users Posts: 7 ■□□□□□□□□□thank you very much for the reply, I don't want to use a router, needed to extend the L2 connection between few switches, the both edge switches manged by different company and can't/without ne-number the vlan, thought of using the native vlan to get a way with the problem.
So having:
on switch A trunk port:
switchport mode trunk
switchport trunk allowed vlan X,Y,..
switchport access vlan 10
on switch B trunk port:
switchport mode trunk
switchport trunk allowed vlan X,Y,..
switchport access vlan 20
will this do the trick?
thank you -
mikej412 Member Posts: 10,086 ■■■■■■■■■■CDP may complain if it's not disabled, but if you have mismatched native VLANs on the 802.1q trunks you will effectively combine those two VLANs into one network. If the PCs in VLAN 10 on the one switch are on the same IP subnet as the PCs in VLAN 20 at the other switch, they should be able to talk.
If the purpose of the trunk is just to let PCs in VLAN 10 on one switch talk to PCs in VLAN 20 on the other switch, then you'd limit the VLANs allowed across the trunk to just the native VLAN on that switch.:mike: Cisco Certifications -- Collect the Entire Set! -
sunny7 Registered Users Posts: 7 ■□□□□□□□□□Yes, both PCs will be in the same ip subnet, but will also need to allow another vlan (X) on the trunk, which matches on both switches.
that was the reason, I had
switchport trunk allowed vlan X...
So still not sure, which config I need on the trunks
config 1
======
switchport trunk allowed vlan X
switchport mode trunk
switchport access vlan 10 !!! will be 20 on the other end of the trunk
switchport native vlan 10 " " "
config 2
======
switchport trunk allowed vlan X
switchport mode trunk
switchport access vlan 10 !!! will be 20 on the other end of the trunk
config 3
======
switchport trunk allowed vlan 10, X !! will be 20 allowed on the other
switchport mode trunk
switchport access vlan 10 !!! will be 20 on the other end of the trunk
switchport native vlan 10 " " "
Which of the above 3 config will work/best?
thnak you very much -
mikej412 Member Posts: 10,086 ■■■■■■■■■■What kind of switches?
You may need to set the trunk encapsulation with the switchport trunk encapsulation dot1q command if the switch supports ISL (and defaults to ISL).
Since it's going to be a trunk you'd probably use the switchport trunk native vlan n command to set the native VLAN for the trunk (10 on the one side, 20 on the other).
You've already got the switchport mode trunk command, so all that's left is your switchport trunk allowed vlan 10, X and (20 on the other side) to meet your requirements.:mike: Cisco Certifications -- Collect the Entire Set! -
sunny7 Registered Users Posts: 7 ■□□□□□□□□□yes, will have
switchport trunk encapsulation dot1q
The part I wasn't sure is whether I shoud use
switchport access vlan < >
as well
switchport trunk native vlan < >
So, you suggesting config 3?
thank you very much -
rakem Member Posts: 800yes, will have
switchport trunk encapsulation dot1q
The part I wasn't sure is whether I shoud use
switchport access vlan < >
as well
switchport trunk native vlan < >
So, you suggesting config 3?
thank you very much
no, you don't put
switchport mode trunk
and
switchport access vlan x
under the same interface, the interface is either a trunk or an access port.
Its easy dude. On the trunk ports just do this
switch mode trunk
switch trunk encap dot1q <--- Depending on the switch.
Thats it.
If you want to set a native VLAN on the trunks make it the same on both switches
switchport trunk native vlan x
on your access ports just assign the vlan
switchport access vlan 10
switchport host
Done.CCIE# 38186
showroute.net -
sunny7 Registered Users Posts: 7 ■□□□□□□□□□Thank you, but my question was inter-vlan communication ( L2 extention) with out using the router.
I need to make PC 1 in vlan 10 talks to PC 2 in vlan 20, both PCs are on same subnets, no router needed, there are multiple switches trunking between PC 1 and PC 2
thanks -
stuh84 Member Posts: 503You either put them in the same VLAN, or they dont communicate. InterVLAN communication (i.e. routing) is a function of Layer 3, not Layer 2.Work In Progress: CCIE R&S Written
CCIE Progress - Hours reading - 15, hours labbing - 1 -
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□You either put them in the same VLAN, or they dont communicate. InterVLAN communication (i.e. routing) is a function of Layer 3, not Layer 2.
That's what I was thinking...
Why do they need to be in different vlans? -
sunny7 Registered Users Posts: 7 ■□□□□□□□□□Vlan renumbering is not an option, this is a temporary fix for merging two companies, I understand it is not the stardard, but there is a way to let them talk, - I haven't got a lab to try this and get it working.
thank you. -
rakem Member Posts: 800Thank you, but my question was inter-vlan communication ( L2 extention) with out using the router.
I need to make PC 1 in vlan 10 talks to PC 2 in vlan 20, both PCs are on same subnets, no router needed, there are multiple switches trunking between PC 1 and PC 2
thanks
No offence mate but I think you need to do some research on the subject.
Devices in different VLANs can't communicate unless routing is involved. Doesn't matter if they are on the same subnet.CCIE# 38186
showroute.net -
mkomon Member Posts: 37 ■■□□□□□□□□No offence to anybody but I am quite scared to see such wrong posts from people going for their CCIEs.
Setting native VLAN to different VLANs on both ends of a trunk allows devices to communicate, as long as they reside in a common IP subnet.
Example:
PC A is in VLAN 10 of SW1,
PC B is in VLAN 20 of SW2.
If SW1 and SW2 are connected using a trunk, SW1 having native VLAN 10 and SW2 having native VLAN 20, then the PCs will communicate (if they share an IP subnet). This is basically a little bit extended scenario of interconnecting the switches using access ports in different VLANs.
Of course this is a very dirty trick that I would not like to have in my network, but it works and if it only serves for a short period of time, it may be an option.
Seen it, labbed it up. -
mikej412 Member Posts: 10,086 ■■■■■■■■■■Setting native VLAN to different VLANs on both ends of a trunk allows devices to communicate, as long as they reside in a common IP subnet.there are multiple switches trunking between PC 1 and PC 2:mike: Cisco Certifications -- Collect the Entire Set!
-
rakem Member Posts: 800No offence to anybody but I am quite scared to see such wrong posts from people going for their CCIEs.
Setting native VLAN to different VLANs on both ends of a trunk allows devices to communicate, as long as they reside in a common IP subnet.
The posts people have made here have been the correct way to implement inter-vlan routing. The advise that has been given is accurate and correct. Doing 'dirty tricks' to get stuff working is never a good idea in my opinion.
As you said it will work but its a horrible design. It's one of those things that someone would configure, it would work, then never get changed to a proper configuration. Then as the network grows it begins to be a problem, and changing it gets harder and harder since there will be outages and all that stuff.
In my experience its better to do it right the first time.
Different VLANs, same subnet, missmatched native VLANs...... yuck.CCIE# 38186
showroute.net -
burbankmarc Member Posts: 460Doing 'dirty tricks' to get stuff working is never a good idea in my opinion.
I've always heard that knowing the dirty tricks is essential in passing the CCIE lab. -
sunny7 Registered Users Posts: 7 ■□□□□□□□□□Thank you all,
yes it worked, having 2 different native vlans on each end of the trunk, just I needed to disable the spantree, but it was ok, as there isn't any resilient paths to that trunk- I used spantree bpdufilter on both ends.
And didn;t need switchport access vlan confg on the trunk, I believe that will not have any effect on a trunk ports. -
rakem Member Posts: 800burbankmarc wrote: »I've always heard that knowing the dirty tricks is essential in passing the CCIE lab.
Change dirty to handy and your probably right.
Doubt a the person who is marking a CCIE lab exam would give full marks to this type of configuration..... Unless the question specifically asked for it, which is unlikely.CCIE# 38186
showroute.net -
DevilWAH Member Posts: 2,997 ■■■■■■■■□□The Native VLAN missmatch was a lot harder to get working than I expected. It's was mentioned in part of the CCNA SECURITY CBT nuggets as part of the port security, "VLAN hopping attacks".
But actuly like you say there are a few things you need to disabable to get it running. I rember years back atempting this on some 3550's when I was first getting in to networking. Rember it taking days learning about all these CDP and STP thingis and how to disabale them to get it to work..
I do no so much about known the dirty stuff helping your CCIE, But running through the "dirty" configs in labs, I think does help you learn about how things are working in the background. "Can you do it " and "Should you do it" are totaly different things in networking.- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
mikej412 Member Posts: 10,086 ■■■■■■■■■■Doubt a the person who is marking a CCIE lab exam would give full marks to this type of configuration..... Unless the question specifically asked for it, which is unlikely.
I've had to go into "wobbly networks" and implement something new -- and my success is measured by my stuff working and the rest of the network not crashing down around it.:mike: Cisco Certifications -- Collect the Entire Set! -
jovan88 Member Posts: 393Setting native VLAN to different VLANs on both ends of a trunk allows devices to communicate, as long as they reside in a common IP subnet.
I'm going to have to try this one in the lab! -
accely Member Posts: 101of course it works. It's the simple fact that packets going on the native vlan are not tagged. SO if they leave SwitchA as native 10 (unmarked) and get to SwitchB (unmarked), SwitchB now assumes the native vlan of 20 and passes traffic to vlan 20.Progress: CCIE RS Lab scheduled for Jan. 2012
Equipment: Cisco 360 program racks