Re: Cisco 3560 - behavior

Everybody learnt/remembered/suggested something!! Its great isn't it!!

On 11 April 2011 21:01, Steve Di Bias <sdibias_at_gmail.com> wrote:
> I pasted the wrong debug for the first one, should have been
> 3w3d: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), routed via RIB
> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), len 100, sending
> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), len 100, sending full
> packet.
> 3w3d: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), routed via RIB
> Even still the traffic was blocked...
> On Mon, Apr 11, 2011 at 12:58 PM, Steve Di Bias <sdibias_at_gmail.com> wrote:
>>
>> Narbik & Muzammil I stand corrected, so thank you for pointing that out.
>> To lab this up I followed Narbik's advice and created an SVI on the switch
>> for VLAN 100 with an IP address of 1.1.1.2/24.
>> Of course my pings to 1.1.1.1 failed as you can see here
>> Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
>> 3w3d: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), routed via
>> RIB
>> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan12), len 100, sending.
>> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan12), len 100, encapsulation
>> failed
>> Once I added the "native" keyword to the routers sub-interface my pings
>> were successful
>> 3w3d: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), routed via
>> RIB
>> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), len 100, sending
>> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), len 100, sending full
>> packet
>> 3w3d: IP: s=1.1.1.1 (Vlan100), d=1.1.1.2, len 100, rcvd 1
>> I'm not ashamed to say I was incorrect in my answer, and I wasn't
>> intentionally making fun of the original poster, however I would have
>> expected him to have at least researched it or tested this in a lab
>> environment first.
>> If it came off that way I do apologize
>> Happy labbing!
>>
>>
>>
>>
>> On Mon, Apr 11, 2011 at 12:20 PM, Narbik Kocharians <narbikk_at_gmail.com>
>> wrote:
>>>
>>> Totally agreed, you can actually test it by labbing it up. All you need
>>> is a router and a switch.
>>> Configure the router with:
>>>
>>> Int F0/0
>>> No shut
>>> Int F0/0.1
>>> Encap dot 100
>>> ip addr 1.1.1.1 /24
>>>
>>> Configure the switch with:
>>> Int F0/1 ------ Let's say this is the port that he router is connected to
>>> swi mode acc
>>> swi acc v 100
>>> no shut
>>>
>>> Once you test it, you will never forget it.
>>> To send untagged frames, just add the "Native" keyword.
>>>
>>> On Mon, Apr 11, 2011 at 12:13 PM, Muzammil Malick <malickmuz_at_gmail.com>
>>> wrote:
>>>>
>>>> So are you saying that an access port today will accept tagged traffic
>>>> as long as it is tagged with the vlan assigned to the access port?
>>>>
>>>> This is contradictory to the documentation and everything else I have
>>>> read.
>>>>
>>>> I had always understood that any tagged traffic will be dropped
>>>> regardless?
>>>>
>>>> On 11 April 2011 20:04, Steve Di Bias <sdibias_at_gmail.com> wrote:
>>>> > Of course, nobody knows everything, so fair enough.
>>>> >
>>>> >
>>>> >
>>>> > The behavior today would be to forward any untagged frames or frames
>>>> > tagged
>>>> > with a vlan id of the access vlan while denying everything else.
>>>> >
>>>> >
>>>> >
>>>> > This wasn't always the case however, and I believe that older OS
>>>> > versions
>>>> > will actually forward the tagged frames as well.
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > On Mon, Apr 11, 2011 at 11:39 AM, Stephen Robinson <
>>>> > stephen.robinson_at_qtzl.com> wrote:
>>>> >
>>>> >> Sounds like none of you know the answer either... HaHAHa....
>>>> >>
>>>> >> Better to make fun than be productive... :)
>>>> >>
>>>> >>
>>>> >>
>>>> >> Jagdeesh - sorry for the ridicule of my peers. I speculate (but do
>>>> >> not
>>>> >> know) that you could not pass a vlan tag on an access port but I'm
>>>> >> not
>>>> >> sure
>>>> >> if it would drop or if it would just strip the tag.
>>>> >>
>>>> >> Steve-Max-JP care to step up and try to answer?
>>>> >>
>>>> >>
>>>> >> BTW - a ccie number does not mean you know everything.... And who
>>>> >> better
>>>> >> to ask than other smart people like this list. even Narbik and
>>>> >> Scott
>>>> >> don't know everything (I mean... in theory there may be something
>>>> >> that
>>>> >> they don't know... Of course I can't prove it)
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >> > From: JB Poplawski <jb.poplawski_at_gmail.com>
>>>> >> > Reply-To: JB Poplawski <jb.poplawski_at_gmail.com>
>>>> >> > Date: Mon, 11 Apr 2011 13:09:07 -0500
>>>> >> > To: Max Pierson <nmaxpierson_at_gmail.com>
>>>> >> > Cc: Steve Di Bias <sdibias_at_gmail.com>, "Engr. Jagdeesh. K. Vasvani"
>>>> >> > <jk_vasvani_at_hotmail.com>, group-study <ccielab_at_groupstudy.com>
>>>> >> > Subject: Re: Cisco 3560 - behavior
>>>> >> >
>>>> >> > I just re-read that... yikes!
>>>> >> > JB
>>>> >> >
>>>> >> > On Mon, Apr 11, 2011 at 12:43 PM, Max Pierson
>>>> >> > <nmaxpierson_at_gmail.com>
>>>> >> wrote:
>>>> >> >>> Does your signature say CCIE?
>>>> >> >>
>>>> >> >> Lol, i was thinking the same thing. It must be from a pass4sure
>>>> >> >> cert
>>>> >> :)
>>>> >> >>
>>>> >> >> On Mon, Apr 11, 2011 at 12:18 PM, Steve Di Bias
>>>> >> >> <sdibias_at_gmail.com>
>>>> >> wrote:
>>>> >> >>
>>>> >> >>> Does your signature say CCIE?
>>>> >> >>> On Apr 11, 2011 9:59 AM, "Engr. Jagdeesh. K. Vasvani" <
>>>> >> >>> jk_vasvani_at_hotmail.com> wrote:
>>>> >> >>>> Dear Experts,
>>>> >> >>>> Would appreciate if anyone could help by clarifying below
>>>> >> >>>> queries:
>>>> >> >>>>
>>>> >> >>>>
>>>> >> >>>> 1. how would a cisco switch reacts when it receives a tagged
>>>> >> >>>> Frame on
>>>> >> an
>>>> >> >>>> Access Port.
>>>> >> >>>> 2. Does switch pass each & every frame b/w access ports in vlan
>>>> >> >>>> x,
>>>> >> where
>>>> >> >>> one
>>>> >> >>>> is configured with " switchport voice vlan x" and other with
>>>> >> "switchport
>>>> >> >>>> access vlan x"
>>>> >> >>>>
>>>> >> >>>>
>>>> >> >>>> REgards,
>>>> >> >>>>
>>>> >> >>>>
>>>> >> >>>>
>>>> >> >>>> Jagdeesh. K. Vasvani
>>>> >> >>>> CCIE# 28213 (R&S)
>>>> >> >>>>
>>>> >> >>>>
>>>> >> >>>> Blogs and organic groups at http://www.ccie.net
>>>> >> >>>>
>>>> >> >>>>
>>>> >>
>>>> >> _______________________________________________________________________
>>>> >> >>>> Subscription information may be found at:
>>>> >> >>>> http://www.groupstudy.com/list/CCIELab.html
>>>> >> >>>
>>>> >> >>>
>>>> >> >>> Blogs and organic groups at http://www.ccie.net
>>>> >> >>>
>>>> >> >>>
>>>> >> >>> _______________________________________________________________________
>>>> >> >>> Subscription information may be found at:
>>>> >> >>> http://www.groupstudy.com/list/CCIELab.html
>>>> >> >>
>>>> >> >>
>>>> >> >> Blogs and organic groups at http://www.ccie.net
>>>> >> >>
>>>> >> >>
>>>> >> >> _______________________________________________________________________
>>>> >> >> Subscription information may be found at:
>>>> >> >> http://www.groupstudy.com/list/CCIELab.html
>>>> >> >
>>>> >> >
>>>> >> > Blogs and organic groups at http://www.ccie.net
>>>> >> >
>>>> >> >
>>>> >> > _______________________________________________________________________
>>>> >> > Subscription information may be found at:
>>>> >> > http://www.groupstudy.com/list/CCIELab.html
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >>
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>> > --
>>>> > -Steve Di Bias
>>>> >
>>>> >
>>>> > Blogs and organic groups at http://www.ccie.net
>>>> >
>>>> >
>>>> > _______________________________________________________________________
>>>> > Subscription information may be found at:
>>>> > http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Narbik Kocharians
>>> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
>>> www.MicronicsTraining.com
>>> Sr. Technical Instructor
>>> Ask about our FREE Lab Voucher with our Boot Camps
>>> YES! We take Cisco Learning Credits!
>>> Training & Remote Racks available
>>>
>>
>>
>>
>> --
>> -Steve Di Bias
>
>
>
> --
> -Steve Di Bias

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 11 2011 - 21:05:42 ART