RE: Mgmt Interface 3550 in separate vlan REVISITED +
From: Dean Whitley (dean.whitley@epscorp.com)
Date: Wed Sep 25 2002 - 12:39:29 GMT-3
Has anyone tried the following on the ISL router
"bridge bridge-group protocol {ieee | dec | vlan-bridge}"
try using the "bridge 1 protocol vlan-bridge"
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Chris Hugo
Sent: Wednesday, September 25, 2002 2:50 AM
To: Larry Roberts; Steve Lown; bsivasub@cisco.com;
bwilliams175@comcast.net; ccielab@groupstudy.com
Subject: Re: Mgmt Interface 3550 in separate vlan REVISITED +
clarification on Native VLAN
Larry I used that command. I'm sorry I didn't mention that.
So my question is what is the implications if we leave that command out on a
trunk port that is connected to a one-arm router. Security? Functionality?
With the command left out it works fine. I also tried disabling fast-switch
as in the doc Larry pointed out. That didn't work.
Any Ideas Team,,,,
Larry Roberts wrote: Chris,
I don't think it is a bug. The native vlan must match on 802.1q trunks. On
the router use the following command to set the native vlan "encapsulation
dot1q 40 native". Check out the following link for more information.
http://www.cisco.com/warp/public/473/50.shtml
Sincerely,
Larry Roberts
CCIE #7886 (R&S / Security)
----- Original Message -----
From: "Chris Hugo"
To: "Steve Lown" ; ;
;
Sent: Tuesday, September 24, 2002 9:09 PM
Subject: RE: Mgmt Interface 3550 in separate vlan REVISITED + clarification
on Native VLAN
> Hi All,
> I labbed up Steve's issue almost exactly (I used dot1q instead). I had the
same problem!
> I took out this line and wham-o it worked
> switchport trunk native vlan 40 <------extracted from 3550
> Yes, my management vlan was still in 40. On my router I had a couple subs
20,40. We don't need this. IS THAT OK?
> Now when I trunk to another switch if I leave the line switchport trunk
native vlan 40 out and put it in the remote switch my switches refuse to
establish a trunk to each other. This one makes cent$
> So I read up on this command and I was still confused why does it break
one-armed routers? Could it be a bug????? This one does not makes cent$
> thanx,
> chris hugo
> Steve Lown wrote:I am trying to setup a bridge on a router with an isl
trunk to a 3550. I
> have been asked to set a management interface on the switch on vlan 40,
and
> I am trying to bridge via IRB on the router between the switch and the
> ethenet, vlan 30. I have no connectivity between the switch and the
router.
> Here are some configs:
>
> switch:
>
> hostname 3550
> !
> interface FastEthernet0/12
> switchport trunk encapsulation isl
> switchport trunk native vlan 40
> switchport trunk allowed vlan 10,20,30,40,1002-1005
> switchport mode trunk
> no ip address
> !
> !
> interface Vlan40
> ip address 145.1.36.100 255.255.255.0
> !
> ip default-gateway 145.1.36.6
> ip classless
> ip http server
> !
> end
>
> router:
> hostname R6
> !
> bridge irb
> !
> interface FastEthernet3/0.30
> encapsulation isl 30
> no ip redirects
> bridge-group 1
> !
> interface FastEthernet3/0.40
> encapsulation isl 40
> no ip redirects
> bridge-group 1
> !
> interface BVI1
> ip address 145.1.36.6 255.255.255.0
> !
> bridge 1 protocol ieee
> bridge 1 route ip
> bridge 1 route ipx
> !
>
> end
>
>
>
> >From: "Balaji Siva"
> >To: "Bruce Williams" , "Steve Lown"
> >,
> >Subject: RE: Mgmt Interface 3550 in separate vlan
> >Date: Sat, 21 Sep 2002 17:59:43 -0400
> >
> >the problem description fro steve for me wasn't clear..but anyway,
> >
> >all vlans are allowed on a trunk by default so you don't need to make the
> >management vlan as native vlan if you don't have to... you can ofcourse
> >explictly allow the management vlan on a trunk..
> >
> >
> >B
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> >Bruce Williams
> >Sent: Saturday, September 21, 2002 5:30 PM
> >To: Steve Lown; ccielab@groupstudy.com
> >Subject: RE: Mgmt Interface 3550 in separate vlan
> >
> >
> >That happened to me too, while I was doing a lab. I made the VLAN of the
> >management interface the native VLAN of the trunk so that it would be
> >included in VLANs allowed to traverse the trunk.
> >
> >switch(config-if)#switchport trunk native vlan xx.
> >
> >It worked for me, but there must be another way.
> >
> >Bruce
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> >Steve Lown
> >Sent: Saturday, September 21, 2002 3:51 PM
> >To: ccielab@groupstudy.com
> >Subject: Mgmt Interface 3550 in separate vlan
> >
> >
> >I am trying to set up a practice lab where the management interface is of
> >the switch is set in its own vlan and is included in the allowed trunks
on
> >a
> >port to a router. I find when I enter a vlan on a separate vlan from
vlans
> >that have the command switchport access vlan XX, no connectivity is
> >established. The cat5 is easy to setup, you just put the sc0 interface in
> >the vlan number you want and set the ip address in the network of the
vlan
> >you want connectivity. Any suggestions as to how to set this up on the
> >3550? Thank you for your input.
> >
> >
> >_________________________________________________________________
> >Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
>
>
>
> _________________________________________________________________
> Join the world�s largest e-mail service with MSN Hotmail.
> http://www.hotmail.com
>
>
> ---------------------------------
> Do you Yahoo!?
> New DSL Internet Access from SBC & Yahoo!
---------------------------------
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
This archive was generated by hypermail 2.1.4
: Mon Oct 07 2002 - 07:44:03 GMT-3