From: ying c (bf5tgh1@yahoo.com)
Date: Sat Oct 05 2002 - 14:43:45 GMT-3
Hi,
Sorry about the old thread. Did anyone get the
consistent result when 3550 mgmt interface is in
different vlan? The 3550 I'm renting uses version
121-9.EA1c.bin code, I could ping BVI at the
router-on-the-stick, routers can ping each other
across different vlans but the 3550's mgmt vlan.
I've turned off ip route-cache, no native vlan on
3550, also tried both isl and dot1q but pretty much
got the samething - 3550 ping to different vlans
always fails. I haven't checked bug id that Chris
mentioned yet and not sure if upgrading IOS is the
only way to resolve this problem. If upgrade IOS is
not necessary, can someone tell me what I should do
differently than the regular steps? I have used 29xxXL
and cat5K before for the same thing and never had any
problems.
Thanks,
Chang
--- Dean Whitley <dean.whitley@epscorp.com> wrote:
> Has anyone tried the following on the ISL router
>
> "bridge bridge-group protocol {ieee | dec |
> vlan-bridge}"
>
> try using the "bridge 1 protocol vlan-bridge"
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com]On Behalf Of
> Chris Hugo
> Sent: Wednesday, September 25, 2002 2:50 AM
> To: Larry Roberts; Steve Lown; bsivasub@cisco.com;
> bwilliams175@comcast.net; ccielab@groupstudy.com
> Subject: Re: Mgmt Interface 3550 in separate vlan
> REVISITED +
> clarification on Native VLAN
>
>
> Larry I used that command. I'm sorry I didn't
> mention that.
> So my question is what is the implications if we
> leave that command out on a
> trunk port that is connected to a one-arm router.
> Security? Functionality?
> With the command left out it works fine. I also
> tried disabling fast-switch
> as in the doc Larry pointed out. That didn't work.
> Any Ideas Team,,,,
> Larry Roberts wrote: Chris,
>
> I don't think it is a bug. The native vlan must
> match on 802.1q trunks. On
> the router use the following command to set the
> native vlan "encapsulation
> dot1q 40 native". Check out the following link for
> more information.
>
> http://www.cisco.com/warp/public/473/50.shtml
>
> Sincerely,
> Larry Roberts
> CCIE #7886 (R&S / Security)
>
> ----- Original Message -----
> From: "Chris Hugo"
> To: "Steve Lown" ; ;
> ;
> Sent: Tuesday, September 24, 2002 9:09 PM
> Subject: RE: Mgmt Interface 3550 in separate vlan
> REVISITED + clarification
> on Native VLAN
>
>
> > Hi All,
> > I labbed up Steve's issue almost exactly (I used
> dot1q instead). I had the
> same problem!
> > I took out this line and wham-o it worked
> > switchport trunk native vlan 40 <------extracted
> from 3550
> > Yes, my management vlan was still in 40. On my
> router I had a couple subs
> 20,40. We don't need this. IS THAT OK?
> > Now when I trunk to another switch if I leave the
> line switchport trunk
> native vlan 40 out and put it in the remote switch
> my switches refuse to
> establish a trunk to each other. This one makes
> cent$
> > So I read up on this command and I was still
> confused why does it break
> one-armed routers? Could it be a bug????? This one
> does not makes cent$
> > thanx,
> > chris hugo
> > Steve Lown wrote:I am trying to setup a bridge on
> a router with an isl
> trunk to a 3550. I
> > have been asked to set a management interface on
> the switch on vlan 40,
> and
> > I am trying to bridge via IRB on the router
> between the switch and the
> > ethenet, vlan 30. I have no connectivity between
> the switch and the
> router.
> > Here are some configs:
> >
> > switch:
> >
> > hostname 3550
> > !
> > interface FastEthernet0/12
> > switchport trunk encapsulation isl
> > switchport trunk native vlan 40
> > switchport trunk allowed vlan
> 10,20,30,40,1002-1005
> > switchport mode trunk
> > no ip address
> > !
> > !
> > interface Vlan40
> > ip address 145.1.36.100 255.255.255.0
> > !
> > ip default-gateway 145.1.36.6
> > ip classless
> > ip http server
> > !
> > end
> >
> > router:
> > hostname R6
> > !
> > bridge irb
> > !
> > interface FastEthernet3/0.30
> > encapsulation isl 30
> > no ip redirects
> > bridge-group 1
> > !
> > interface FastEthernet3/0.40
> > encapsulation isl 40
> > no ip redirects
> > bridge-group 1
> > !
> > interface BVI1
> > ip address 145.1.36.6 255.255.255.0
> > !
> > bridge 1 protocol ieee
> > bridge 1 route ip
> > bridge 1 route ipx
> > !
> >
> > end
> >
> >
> >
> > >From: "Balaji Siva"
> > >To: "Bruce Williams" , "Steve Lown"
> > >,
> > >Subject: RE: Mgmt Interface 3550 in separate vlan
> > >Date: Sat, 21 Sep 2002 17:59:43 -0400
> > >
> > >the problem description fro steve for me wasn't
> clear..but anyway,
> > >
> > >all vlans are allowed on a trunk by default so
> you don't need to make the
> > >management vlan as native vlan if you don't have
> to... you can ofcourse
> > >explictly allow the management vlan on a trunk..
> > >
> > >
> > >B
> > >
> > >-----Original Message-----
> > >From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com]On Behalf Of
> > >Bruce Williams
> > >Sent: Saturday, September 21, 2002 5:30 PM
> > >To: Steve Lown; ccielab@groupstudy.com
> > >Subject: RE: Mgmt Interface 3550 in separate vlan
> > >
> > >
> > >That happened to me too, while I was doing a lab.
> I made the VLAN of the
> > >management interface the native VLAN of the trunk
> so that it would be
> > >included in VLANs allowed to traverse the trunk.
> > >
> > >switch(config-if)#switchport trunk native vlan
> xx.
> > >
> > >It worked for me, but there must be another way.
> > >
> > >Bruce
> > >
> > >-----Original Message-----
> > >From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com]On Behalf Of
> > >Steve Lown
> > >Sent: Saturday, September 21, 2002 3:51 PM
> > >To: ccielab@groupstudy.com
> > >Subject: Mgmt Interface 3550 in separate vlan
> > >
> > >
> > >I am trying to set up a practice lab where the
> management interface is of
> > >the switch is set in its own vlan and is included
> in the allowed trunks
> on
> > >a
> > >port to a router. I find when I enter a vlan on a
> separate vlan from
> vlans
> > >that have the command switchport access vlan XX,
> no connectivity is
> > >established. The cat5 is easy to setup, you just
> put the sc0 interface in
> > >the vlan number you want and set the ip address
> in
=== message truncated ===
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:39 GMT-3