Re: Cisco 3560 - behavior

I pasted the wrong debug for the first one, should have been

3w3d: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), routed via RIB
3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), len 100, sending
3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), len 100, sending full
packet.
3w3d: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), routed via RIB

Even still the traffic was blocked...

On Mon, Apr 11, 2011 at 12:58 PM, Steve Di Bias <sdibias_at_gmail.com> wrote:

> Narbik & Muzammil I stand corrected, so thank you for pointing that out.
>
> To lab this up I followed Narbik's advice and created an SVI on the switch
> for VLAN 100 with an IP address of 1.1.1.2/24.
>
> Of course my pings to 1.1.1.1 failed as you can see here
>
> Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
>
> 3w3d: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), routed via RIB
> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan12), len 100, sending.
> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan12), len 100, encapsulation
> failed
>
> Once I added the "native" keyword to the routers sub-interface my pings
> were successful
>
> 3w3d: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), routed via RIB
> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), len 100, sending
> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), len 100, sending full
> packet
> 3w3d: IP: s=1.1.1.1 (Vlan100), d=1.1.1.2, len 100, rcvd 1
>
> I'm not ashamed to say I was incorrect in my answer, and I wasn't
> intentionally making fun of the original poster, however I would have
> expected him to have at least researched it or tested this in a lab
> environment first.
>
> If it came off that way I do apologize
>
> Happy labbing!
>
>
>
>
>
> On Mon, Apr 11, 2011 at 12:20 PM, Narbik Kocharians <narbikk_at_gmail.com>wrote:
>
>> Totally agreed, you can actually test it by labbing it up. All you need is
>> a router and a switch.
>> Configure the router with:
>>
>> Int F0/0
>> No shut
>> Int F0/0.1
>> Encap dot 100
>> ip addr 1.1.1.1 /24
>>
>> Configure the switch with:
>> Int F0/1 ------ Let's say this is the port that he router is connected to
>> swi mode acc
>> swi acc v 100
>> no shut
>>
>> Once you test it, you will never forget it.
>> To send untagged frames, just add the "Native" keyword.
>>
>> On Mon, Apr 11, 2011 at 12:13 PM, Muzammil Malick <malickmuz_at_gmail.com>wrote:
>>
>>> So are you saying that an access port today will accept tagged traffic
>>> as long as it is tagged with the vlan assigned to the access port?
>>>
>>> This is contradictory to the documentation and everything else I have
>>> read.
>>>
>>> I had always understood that any tagged traffic will be dropped
>>> regardless?
>>>
>>> On 11 April 2011 20:04, Steve Di Bias <sdibias_at_gmail.com> wrote:
>>> > Of course, nobody knows everything, so fair enough.
>>> >
>>> >
>>> >
>>> > The behavior today would be to forward any untagged frames or frames
>>> tagged
>>> > with a vlan id of the access vlan while denying everything else.
>>> >
>>> >
>>> >
>>> > This wasn't always the case however, and I believe that older OS
>>> versions
>>> > will actually forward the tagged frames as well.
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > On Mon, Apr 11, 2011 at 11:39 AM, Stephen Robinson <
>>> > stephen.robinson_at_qtzl.com> wrote:
>>> >
>>> >> Sounds like none of you know the answer either... HaHAHa....
>>> >>
>>> >> Better to make fun than be productive... :)
>>> >>
>>> >>
>>> >>
>>> >> Jagdeesh - sorry for the ridicule of my peers. I speculate (but do
>>> not
>>> >> know) that you could not pass a vlan tag on an access port but I'm
>>> not
>>> >> sure
>>> >> if it would drop or if it would just strip the tag.
>>> >>
>>> >> Steve-Max-JP care to step up and try to answer?
>>> >>
>>> >>
>>> >> BTW - a ccie number does not mean you know everything.... And who
>>> better
>>> >> to ask than other smart people like this list. even Narbik and
>>> Scott
>>> >> don't know everything (I mean... in theory there may be something
>>> that
>>> >> they don't know... Of course I can't prove it)
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> > From: JB Poplawski <jb.poplawski_at_gmail.com>
>>> >> > Reply-To: JB Poplawski <jb.poplawski_at_gmail.com>
>>> >> > Date: Mon, 11 Apr 2011 13:09:07 -0500
>>> >> > To: Max Pierson <nmaxpierson_at_gmail.com>
>>> >> > Cc: Steve Di Bias <sdibias_at_gmail.com>, "Engr. Jagdeesh. K. Vasvani"
>>> >> > <jk_vasvani_at_hotmail.com>, group-study <ccielab_at_groupstudy.com>
>>> >> > Subject: Re: Cisco 3560 - behavior
>>> >> >
>>> >> > I just re-read that... yikes!
>>> >> > JB
>>> >> >
>>> >> > On Mon, Apr 11, 2011 at 12:43 PM, Max Pierson <
>>> nmaxpierson_at_gmail.com>
>>> >> wrote:
>>> >> >>> Does your signature say CCIE?
>>> >> >>
>>> >> >> Lol, i was thinking the same thing. It must be from a pass4sure
>>> cert
>>> >> :)
>>> >> >>
>>> >> >> On Mon, Apr 11, 2011 at 12:18 PM, Steve Di Bias <sdibias_at_gmail.com
>>> >
>>> >> wrote:
>>> >> >>
>>> >> >>> Does your signature say CCIE?
>>> >> >>> On Apr 11, 2011 9:59 AM, "Engr. Jagdeesh. K. Vasvani" <
>>> >> >>> jk_vasvani_at_hotmail.com> wrote:
>>> >> >>>> Dear Experts,
>>> >> >>>> Would appreciate if anyone could help by clarifying below
>>> queries:
>>> >> >>>>
>>> >> >>>>
>>> >> >>>> 1. how would a cisco switch reacts when it receives a tagged
>>> Frame on
>>> >> an
>>> >> >>>> Access Port.
>>> >> >>>> 2. Does switch pass each & every frame b/w access ports in vlan
>>> x,
>>> >> where
>>> >> >>> one
>>> >> >>>> is configured with " switchport voice vlan x" and other with
>>> >> "switchport
>>> >> >>>> access vlan x"
>>> >> >>>>
>>> >> >>>>
>>> >> >>>> REgards,
>>> >> >>>>
>>> >> >>>>
>>> >> >>>>
>>> >> >>>> Jagdeesh. K. Vasvani
>>> >> >>>> CCIE# 28213 (R&S)
>>> >> >>>>
>>> >> >>>>
>>> >> >>>> Blogs and organic groups at http://www.ccie.net
>>> >> >>>>
>>> >> >>>>
>>> >>
>>> _______________________________________________________________________
>>> >> >>>> Subscription information may be found at:
>>> >> >>>> http://www.groupstudy.com/list/CCIELab.html
>>> >> >>>
>>> >> >>>
>>> >> >>> Blogs and organic groups at http://www.ccie.net
>>> >> >>>
>>> >> >>>
>>> _______________________________________________________________________
>>> >> >>> Subscription information may be found at:
>>> >> >>> http://www.groupstudy.com/list/CCIELab.html
>>> >> >>
>>> >> >>
>>> >> >> Blogs and organic groups at http://www.ccie.net
>>> >> >>
>>> >> >>
>>> _______________________________________________________________________
>>> >> >> Subscription information may be found at:
>>> >> >> http://www.groupstudy.com/list/CCIELab.html
>>> >> >
>>> >> >
>>> >> > Blogs and organic groups at http://www.ccie.net
>>> >> >
>>> >> >
>>> _______________________________________________________________________
>>> >> > Subscription information may be found at:
>>> >> > http://www.groupstudy.com/list/CCIELab.html
>>> >> >
>>> >> >
>>> >> >
>>> >> >
>>> >> >
>>> >> >
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >
>>> >
>>> > --
>>> > -Steve Di Bias
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> *Narbik Kocharians
>> *CCSI#30832, CCIE# 12410 (R&S, SP, Security)
>> www.MicronicsTraining.com <http://www.micronicstraining.com/>
>> Sr. Technical Instructor
>> *Ask about our FREE Lab Voucher with our Boot Camps*
>> YES! We take Cisco Learning Credits!
>> Training & Remote Racks available
>>
>>
>
>
> --
> -Steve Di Bias
>

-- 
-Steve Di Bias
Blogs and organic groups at http://www.ccie.net