RE: Mgmt Interface 3550 in separate vlan REVISITED +

From: Larson, Chris (CLarson@usaid.gov)
Date: Wed Sep 25 2002 - 10:12:58 GMT-3

• Next message: Roberto Giana: "RE: Simulate Multicast traffic in the lab"
• Previous message: Reisner, Tim: "3550 BVI/router on a stick problem"
• Maybe in reply to: Chris Hugo: "RE: Mgmt Interface 3550 in separate vlan REVISITED +"
• Next in thread: Dean Whitley: "RE: Mgmt Interface 3550 in separate vlan REVISITED +"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This is interesting. I tried this between my 2900 and my router, but when I
try to aplly the bridge group to the subints on the ethernet of the router
the router complains that dot1q trunks cannot be part of a bridge group?

Everytime I see this people use ISL. Is that because of the bridging on
dot1q trunks, or did I do something else wrong that may have caused this.
Again, my router basically said no bridging on dot1q encapsulated
interfaces.

> -----Original Message-----
> From: Chris Hugo [SMTP:chrishugo@yahoo.com]
> Sent: Wednesday, September 25, 2002 2:50 AM
> To: Larry Roberts; Steve Lown; bsivasub@cisco.com;
> bwilliams175@comcast.net; ccielab@groupstudy.com
> Subject: Re: Mgmt Interface 3550 in separate vlan REVISITED +
> clarification on Native VLAN
>
> Larry I used that command. I'm sorry I didn't mention that.
> So my question is what is the implications if we leave that command out on
> a trunk port that is connected to a one-arm router. Security?
> Functionality? With the command left out it works fine. I also tried
> disabling fast-switch as in the doc Larry pointed out. That didn't work.
> Any Ideas Team,,,,
> Larry Roberts wrote: Chris,
>
> I don't think it is a bug. The native vlan must match on 802.1q trunks. On
> the router use the following command to set the native vlan "encapsulation
> dot1q 40 native". Check out the following link for more information.
>
> http://www.cisco.com/warp/public/473/50.shtml
>
> Sincerely,
> Larry Roberts
> CCIE #7886 (R&S / Security)
>
> ----- Original Message -----
> From: "Chris Hugo"
> To: "Steve Lown" ; ;
> ;
> Sent: Tuesday, September 24, 2002 9:09 PM
> Subject: RE: Mgmt Interface 3550 in separate vlan REVISITED +
> clarification
> on Native VLAN
>
>
> > Hi All,
> > I labbed up Steve's issue almost exactly (I used dot1q instead). I had
> the
> same problem!
> > I took out this line and wham-o it worked
> > switchport trunk native vlan 40 <------extracted from 3550
> > Yes, my management vlan was still in 40. On my router I had a couple
> subs
> 20,40. We don't need this. IS THAT OK?
> > Now when I trunk to another switch if I leave the line switchport trunk
> native vlan 40 out and put it in the remote switch my switches refuse to
> establish a trunk to each other. This one makes cent$
> > So I read up on this command and I was still confused why does it break
> one-armed routers? Could it be a bug????? This one does not makes cent$
> > thanx,
> > chris hugo
> > Steve Lown wrote:I am trying to setup a bridge on a router with an isl
> trunk to a 3550. I
> > have been asked to set a management interface on the switch on vlan 40,
> and
> > I am trying to bridge via IRB on the router between the switch and the
> > ethenet, vlan 30. I have no connectivity between the switch and the
> router.
> > Here are some configs:
> >
> > switch:
> >
> > hostname 3550
> > !
> > interface FastEthernet0/12
> > switchport trunk encapsulation isl
> > switchport trunk native vlan 40
> > switchport trunk allowed vlan 10,20,30,40,1002-1005
> > switchport mode trunk
> > no ip address
> > !
> > !
> > interface Vlan40
> > ip address 145.1.36.100 255.255.255.0
> > !
> > ip default-gateway 145.1.36.6
> > ip classless
> > ip http server
> > !
> > end
> >
> > router:
> > hostname R6
> > !
> > bridge irb
> > !
> > interface FastEthernet3/0.30
> > encapsulation isl 30
> > no ip redirects
> > bridge-group 1
> > !
> > interface FastEthernet3/0.40
> > encapsulation isl 40
> > no ip redirects
> > bridge-group 1
> > !
> > interface BVI1
> > ip address 145.1.36.6 255.255.255.0
> > !
> > bridge 1 protocol ieee
> > bridge 1 route ip
> > bridge 1 route ipx
> > !
> >
> > end
> >
> >
> >
> > >From: "Balaji Siva"
> > >To: "Bruce Williams" , "Steve Lown"
> > >,
> > >Subject: RE: Mgmt Interface 3550 in separate vlan
> > >Date: Sat, 21 Sep 2002 17:59:43 -0400
> > >
> > >the problem description fro steve for me wasn't clear..but anyway,
> > >
> > >all vlans are allowed on a trunk by default so you don't need to make
> the
> > >management vlan as native vlan if you don't have to... you can ofcourse
> > >explictly allow the management vlan on a trunk..
> > >
> > >
> > >B
> > >
> > >-----Original Message-----
> > >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > >Bruce Williams
> > >Sent: Saturday, September 21, 2002 5:30 PM
> > >To: Steve Lown; ccielab@groupstudy.com
> > >Subject: RE: Mgmt Interface 3550 in separate vlan
> > >
> > >
> > >That happened to me too, while I was doing a lab. I made the VLAN of
> the
> > >management interface the native VLAN of the trunk so that it would be
> > >included in VLANs allowed to traverse the trunk.
> > >
> > >switch(config-if)#switchport trunk native vlan xx.
> > >
> > >It worked for me, but there must be another way.
> > >
> > >Bruce
> > >
> > >-----Original Message-----
> > >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > >Steve Lown
> > >Sent: Saturday, September 21, 2002 3:51 PM
> > >To: ccielab@groupstudy.com
> > >Subject: Mgmt Interface 3550 in separate vlan
> > >
> > >
> > >I am trying to set up a practice lab where the management interface is
> of
> > >the switch is set in its own vlan and is included in the allowed trunks
> on
> > >a
> > >port to a router. I find when I enter a vlan on a separate vlan from
> vlans
> > >that have the command switchport access vlan XX, no connectivity is
> > >established. The cat5 is easy to setup, you just put the sc0 interface
> in
> > >the vlan number you want and set the ip address in the network of the
> vlan
> > >you want connectivity. Any suggestions as to how to set this up on the
> > >3550? Thank you for your input.
> > >
> > >
> > >_________________________________________________________________
> > >Chat with friends online, try MSN Messenger: http://messenger.msn.com
> >
> >
> >
> >
> > _________________________________________________________________
> > Join the worlds largest e-mail service with MSN Hotmail.
> > http://www.hotmail.com
> >
> >
> > ---------------------------------
> > Do you Yahoo!?
> > New DSL Internet Access from SBC & Yahoo!
>
>
> ---------------------------------
> Do you Yahoo!?
> New DSL Internet Access from SBC & Yahoo!

• Next message: Roberto Giana: "RE: Simulate Multicast traffic in the lab"
• Previous message: Reisner, Tim: "3550 BVI/router on a stick problem"
• Maybe in reply to: Chris Hugo: "RE: Mgmt Interface 3550 in separate vlan REVISITED +"
• Next in thread: Dean Whitley: "RE: Mgmt Interface 3550 in separate vlan REVISITED +"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:44:03 GMT-3