extending 2 vlans across a trunk using native vlan

sunny7sunny7 Registered Users Posts: 7 ■□□□□□□□□□
I would like to know, how the below achived please?

PC1---switchportaccess-vlan10-SWITCH A=Trunk=SWITCH B swichportacess-vlan20--PC2

How do I make PC1 talks to PC2 ? will the below config do the trick?

on SWITCH A trunk port:
switchport mode trunk
switchport trunk allowed vlan X,Y
switch port access vlan 10
swich port native vlan 10

on SWITCH B trunk port:
switchport mode trunk
switchport trunk allowed vlan X,Y
switch port access vlan 20
swich port native vlan 20

will the config works?, do I also allow vlan 10 on A's trunk and allow vlan 20 on B's trunk ( with vlans X, Y) ?

thank youicon_sad.gif

Comments

  • Ryan82Ryan82 Member Posts: 428
    The above config will not allow PC1 and PC2 to talk. They belong to different vlan's and need a layer 3 device to route between the vlan's be it a switched virtual interface or a router.

    Typically on each switches trunk port you will define the same native vlan and you will define it as a vlan that is not actually used in your network. This is a security mechanism to prevent whats known as vlan hopping. If you don't you will get constant cdp messages telling you about a native vlan mismatch.

    The 'switchport trunk allowed vlan' is for limiting vlan propagation. If host PC1 was on switch 1 and host PC2 was on switch 2 but both of the hosts belonged to vlan 10, in order for them to communicate across the trunk link you would have to have 'switchport trunk allowed vlan 10' defined on each trunk interface. By default all vlans are allowed across trunks but if you started defining the allowed vlans such as in your config, then that is what you would need to do.

    Here is a good link to learn about trunking: 802.1Q Trunking Between Catalyst Switches Running CatOS and Cisco IOS System Software - Cisco Systems

    Here is a link to learn about how to make devices in two different vlans talk to each other: Configuring InterVLAN Routing and ISL/802.1Q Trunking on a Catalyst 2900XL/3500XL/2950 Switch Using an External Router - Cisco Systems

    Hope this helps
  • sunny7sunny7 Registered Users Posts: 7 ■□□□□□□□□□
    thank you very much for the reply, I don't want to use a router, needed to extend the L2 connection between few switches, the both edge switches manged by different company and can't/without ne-number the vlan, thought of using the native vlan to get a way with the problem.
    So having:

    on switch A trunk port:
    switchport mode trunk
    switchport trunk allowed vlan X,Y,..
    switchport access vlan 10

    on switch B trunk port:
    switchport mode trunk
    switchport trunk allowed vlan X,Y,..
    switchport access vlan 20

    will this do the trick?

    thank you
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    CDP may complain if it's not disabled, but if you have mismatched native VLANs on the 802.1q trunks you will effectively combine those two VLANs into one network. If the PCs in VLAN 10 on the one switch are on the same IP subnet as the PCs in VLAN 20 at the other switch, they should be able to talk.

    If the purpose of the trunk is just to let PCs in VLAN 10 on one switch talk to PCs in VLAN 20 on the other switch, then you'd limit the VLANs allowed across the trunk to just the native VLAN on that switch.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • sunny7sunny7 Registered Users Posts: 7 ■□□□□□□□□□
    Yes, both PCs will be in the same ip subnet, but will also need to allow another vlan (X) on the trunk, which matches on both switches.
    that was the reason, I had
    switchport trunk allowed vlan X...

    So still not sure, which config I need on the trunks

    config 1
    ======
    switchport trunk allowed vlan X
    switchport mode trunk
    switchport access vlan 10 !!! will be 20 on the other end of the trunk
    switchport native vlan 10 " " "

    config 2
    ======
    switchport trunk allowed vlan X
    switchport mode trunk
    switchport access vlan 10 !!! will be 20 on the other end of the trunk

    config 3
    ======
    switchport trunk allowed vlan 10, X !! will be 20 allowed on the other
    switchport mode trunk
    switchport access vlan 10 !!! will be 20 on the other end of the trunk
    switchport native vlan 10 " " "

    Which of the above 3 config will work/best?

    thnak you very much
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    What kind of switches?

    You may need to set the trunk encapsulation with the switchport trunk encapsulation dot1q command if the switch supports ISL (and defaults to ISL).

    Since it's going to be a trunk you'd probably use the switchport trunk native vlan n command to set the native VLAN for the trunk (10 on the one side, 20 on the other).

    You've already got the switchport mode trunk command, so all that's left is your switchport trunk allowed vlan 10, X and (20 on the other side) to meet your requirements.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • sunny7sunny7 Registered Users Posts: 7 ■□□□□□□□□□
    yes, will have
    switchport trunk encapsulation dot1q

    The part I wasn't sure is whether I shoud use
    switchport access vlan < >
    as well
    switchport trunk native vlan < >

    So, you suggesting config 3?

    thank you very much
  • rakemrakem Member Posts: 800
    sunny7 wrote: »
    yes, will have
    switchport trunk encapsulation dot1q

    The part I wasn't sure is whether I shoud use
    switchport access vlan < >
    as well
    switchport trunk native vlan < >

    So, you suggesting config 3?

    thank you very much

    no, you don't put

    switchport mode trunk
    and
    switchport access vlan x

    under the same interface, the interface is either a trunk or an access port.

    Its easy dude. On the trunk ports just do this

    switch mode trunk
    switch trunk encap dot1q <--- Depending on the switch.

    Thats it.

    If you want to set a native VLAN on the trunks make it the same on both switches

    switchport trunk native vlan x

    on your access ports just assign the vlan

    switchport access vlan 10
    switchport host


    Done.
    CCIE# 38186
    showroute.net
  • sunny7sunny7 Registered Users Posts: 7 ■□□□□□□□□□
    Thank you, but my question was inter-vlan communication ( L2 extention) with out using the router.
    I need to make PC 1 in vlan 10 talks to PC 2 in vlan 20, both PCs are on same subnets, no router needed, there are multiple switches trunking between PC 1 and PC 2
    thanks
  • stuh84stuh84 Member Posts: 503
    You either put them in the same VLAN, or they dont communicate. InterVLAN communication (i.e. routing) is a function of Layer 3, not Layer 2.
    Work In Progress: CCIE R&S Written

    CCIE Progress - Hours reading - 15, hours labbing - 1
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    stuh84 wrote: »
    You either put them in the same VLAN, or they dont communicate. InterVLAN communication (i.e. routing) is a function of Layer 3, not Layer 2.

    That's what I was thinking...


    Why do they need to be in different vlans?
  • sunny7sunny7 Registered Users Posts: 7 ■□□□□□□□□□
    Vlan renumbering is not an option, this is a temporary fix for merging two companies, I understand it is not the stardard, but there is a way to let them talk, - I haven't got a lab to try this and get it working.icon_sad.gif

    thank you.
  • rakemrakem Member Posts: 800
    sunny7 wrote: »
    Thank you, but my question was inter-vlan communication ( L2 extention) with out using the router.
    I need to make PC 1 in vlan 10 talks to PC 2 in vlan 20, both PCs are on same subnets, no router needed, there are multiple switches trunking between PC 1 and PC 2
    thanks

    No offence mate but I think you need to do some research on the subject.

    Devices in different VLANs can't communicate unless routing is involved. Doesn't matter if they are on the same subnet.
    CCIE# 38186
    showroute.net
  • mkomonmkomon Member Posts: 37 ■■□□□□□□□□
    No offence to anybody but I am quite scared to see such wrong posts from people going for their CCIEs.

    Setting native VLAN to different VLANs on both ends of a trunk allows devices to communicate, as long as they reside in a common IP subnet.

    Example:
    PC A is in VLAN 10 of SW1,
    PC B is in VLAN 20 of SW2.
    If SW1 and SW2 are connected using a trunk, SW1 having native VLAN 10 and SW2 having native VLAN 20, then the PCs will communicate (if they share an IP subnet). This is basically a little bit extended scenario of interconnecting the switches using access ports in different VLANs.

    Of course this is a very dirty trick that I would not like to have in my network, but it works and if it only serves for a short period of time, it may be an option.

    Seen it, labbed it up.
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    mkomon wrote: »
    Setting native VLAN to different VLANs on both ends of a trunk allows devices to communicate, as long as they reside in a common IP subnet.
    So you saw that's what sunny7 was asking about in their posts too? For a while there I was thinking I was seeing different posts than everyone else. icon_scratch.gif
    sunny7 wrote: »
    there are multiple switches trunking between PC 1 and PC 2
    In addition to CDP complaining about the mismatched native VLAN, with multiple switches you'd also want to watch for any spanning tree issues. If it's a simple topology with no loops or redundant links between the switches, there shouldn't be a problem. A more complex topology might require some more study and planning.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • rakemrakem Member Posts: 800
    mkomon wrote: »
    No offence to anybody but I am quite scared to see such wrong posts from people going for their CCIEs.
    Setting native VLAN to different VLANs on both ends of a trunk allows devices to communicate, as long as they reside in a common IP subnet.

    The posts people have made here have been the correct way to implement inter-vlan routing. The advise that has been given is accurate and correct. Doing 'dirty tricks' to get stuff working is never a good idea in my opinion.

    As you said it will work but its a horrible design. It's one of those things that someone would configure, it would work, then never get changed to a proper configuration. Then as the network grows it begins to be a problem, and changing it gets harder and harder since there will be outages and all that stuff.

    In my experience its better to do it right the first time.

    Different VLANs, same subnet, missmatched native VLANs...... yuck.
    CCIE# 38186
    showroute.net
  • burbankmarcburbankmarc Member Posts: 460
    rakem wrote: »
    Doing 'dirty tricks' to get stuff working is never a good idea in my opinion.

    I've always heard that knowing the dirty tricks is essential in passing the CCIE lab.
  • sunny7sunny7 Registered Users Posts: 7 ■□□□□□□□□□
    Thank you all,
    yes it worked,icon_thumright.gif having 2 different native vlans on each end of the trunk, just I needed to disable the spantree, but it was ok, as there isn't any resilient paths to that trunk- I used spantree bpdufilter on both ends.
    And didn;t need switchport access vlan confg on the trunk, I believe that will not have any effect on a trunk ports.
  • rakemrakem Member Posts: 800
    I've always heard that knowing the dirty tricks is essential in passing the CCIE lab.


    Change dirty to handy and your probably right.

    Doubt a the person who is marking a CCIE lab exam would give full marks to this type of configuration..... Unless the question specifically asked for it, which is unlikely.
    CCIE# 38186
    showroute.net
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    The Native VLAN missmatch was a lot harder to get working than I expected. It's was mentioned in part of the CCNA SECURITY CBT nuggets as part of the port security, "VLAN hopping attacks".

    But actuly like you say there are a few things you need to disabable to get it running. I rember years back atempting this on some 3550's when I was first getting in to networking. Rember it taking days learning about all these CDP and STP thingis and how to disabale them to get it to work.. :)

    I do no so much about known the dirty stuff helping your CCIE, But running through the "dirty" configs in labs, I think does help you learn about how things are working in the background. "Can you do it " and "Should you do it" are totaly different things in networking.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    rakem wrote: »
    Doubt a the person who is marking a CCIE lab exam would give full marks to this type of configuration..... Unless the question specifically asked for it, which is unlikely.
    You may have to do configurations to demonstrate your knowledge of a feature that would get you fired if you implemented it in real life. The CCIE R&S is NOT a best practices lab. And as it turns out, a lot of real networks usually aren't either unless you get the time and budget to build it right from the ground up.

    I've had to go into "wobbly networks" and implement something new -- and my success is measured by my stuff working and the rest of the network not crashing down around it.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • jovan88jovan88 Member Posts: 393
    mkomon wrote: »
    Setting native VLAN to different VLANs on both ends of a trunk allows devices to communicate, as long as they reside in a common IP subnet.

    I'm going to have to try this one in the lab!
  • accelyaccely Member Posts: 101
    of course it works. It's the simple fact that packets going on the native vlan are not tagged. SO if they leave SwitchA as native 10 (unmarked) and get to SwitchB (unmarked), SwitchB now assumes the native vlan of 20 and passes traffic to vlan 20.
    Progress: CCIE RS Lab scheduled for Jan. 2012
    Equipment: Cisco 360 program racks

Sign In or Register to comment.