Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VLAN Project and Native VLAN

Reply
Thread Tools

VLAN Project and Native VLAN

 
 
mlp128@sfx.liverpool.sch.uk
Guest
Posts: n/a
 
      07-13-2007
Hi All

Our school network consists of 420 PCs, 16 switches (mixture of 3750
3550 2900 2950)

Up to now everything was on VLAN 1 - Native.

Our objective is to move everything to VLAN 2, then start to create
smaller VLANs to break up the broadcast domain.

We tested VLAN 2 and VLAN 3 a few days ago and could ping from PC on
VLAN 2 to a PC on VLAN 3.

Yesterday we changed all the switch ports to VLAN 2 everything went
OK. We then managed to get a few PCs on VLAN 3 to receive their IP
addresses (using IP-HELPER) from the DHCP server on VLAN 2.

However now when we try to ping from a PC on VLAN3 to a host on VLAN 2
we don't get a reply. We can get a reply from a host on VLAN 1, Which
by our reckoning, should still be the native VLAN and we should not be
able to see anythng on it from another VLAN. It is almost as though
VLAN 2 has become the native VLAN.

When we execute SHOW VLAN, VLAN 1 is listed as default.

Can anyone offer any ideas as to what may be happening here?


Cheers
Mark Phillips

 
Reply With Quote
 
 
 
 
Trendkill
Guest
Posts: n/a
 
      07-13-2007
On Jul 13, 5:06 am, (E-Mail Removed) wrote:
> Hi All
>
> Our school network consists of 420 PCs, 16 switches (mixture of 3750
> 3550 2900 2950)
>
> Up to now everything was on VLAN 1 - Native.
>
> Our objective is to move everything to VLAN 2, then start to create
> smaller VLANs to break up the broadcast domain.
>
> We tested VLAN 2 and VLAN 3 a few days ago and could ping from PC on
> VLAN 2 to a PC on VLAN 3.
>
> Yesterday we changed all the switch ports to VLAN 2 everything went
> OK. We then managed to get a few PCs on VLAN 3 to receive their IP
> addresses (using IP-HELPER) from the DHCP server on VLAN 2.
>
> However now when we try to ping from a PC on VLAN3 to a host on VLAN 2
> we don't get a reply. We can get a reply from a host on VLAN 1, Which
> by our reckoning, should still be the native VLAN and we should not be
> able to see anythng on it from another VLAN. It is almost as though
> VLAN 2 has become the native VLAN.
>
> When we execute SHOW VLAN, VLAN 1 is listed as default.
>
> Can anyone offer any ideas as to what may be happening here?
>
> Cheers
> Mark Phillips


Is vlan2 trunked all the way back to the router? Can the router who
owns vlan2's network ping the vlan2 devices? Can it (via an extended
ping command) ping other vlans (1 & 3)? Can those other vlan
interfaces ping vlans 2s? Sounds like a layer 3 issue due to a layer
2 problem, but thats just an initial guess without more information.

Lastly, just because its a native VLAN does not mean that nothing else
can route in or out, that is totally controlled by your
configuration. In most configurations that I have seen, the native
vlan is completely accessible by others.

 
Reply With Quote
 
 
 
 
mlp128@sfx.liverpool.sch.uk
Guest
Posts: n/a
 
      07-17-2007
Thanks for your reply.

My colleague is away for a while so this project needs to take a back
seat. After I posted the last message, we found that after altering
the default routes we had more joy.

We will check everything you mentioned in your post; I was very
interested to read what you said about the native VLAN being
accessible by others, and will draw my colleague's attention to this.

Many Thanks
mark


On 13 Jul, 12:21, Trendkill <(E-Mail Removed)> wrote:
> On Jul 13, 5:06 am, (E-Mail Removed) wrote:
>
>
>
> > Hi All

>
> > Our school network consists of 420 PCs, 16 switches (mixture of 3750
> > 3550 2900 2950)

>
> > Up to now everything was onVLAN1 -Native.

>
> > Our objective is to move everything toVLAN2, then start to create
> > smaller VLANs to break up the broadcast domain.

>
> > We testedVLAN2 andVLAN3 a few days ago and could ping from PC on
> >VLAN2 to a PC onVLAN3.

>
> > Yesterday we changed all the switch ports toVLAN2 everything went
> > OK. We then managed to get a few PCs onVLAN3 to receive their IP
> > addresses (using IP-HELPER) from the DHCP server onVLAN2.

>
> > However now when we try to ping from a PC on VLAN3 to a host onVLAN2
> > we don't get a reply. We can get a reply from a host onVLAN1, Which
> > by our reckoning, should still be thenativeVLANand we should not be
> > able to see anythng on it from anotherVLAN. It is almost as though
> >VLAN2 has become thenativeVLAN.

>
> > When we execute SHOWVLAN,VLAN1 is listed as default.

>
> > Can anyone offer any ideas as to what may be happening here?

>
> > Cheers
> > Mark Phillips

>
> Is vlan2 trunked all the way back to the router? Can the router who
> owns vlan2's network ping the vlan2 devices? Can it (via an extended
> ping command) ping other vlans (1 & 3)? Can those othervlan
> interfaces ping vlans 2s? Sounds like a layer 3 issue due to a layer
> 2 problem, but thats just an initial guess without more information.
>
> Lastly, just because its anativeVLANdoes not mean that nothing else
> can route in or out, that is totally controlled by your
> configuration. In most configurations that I have seen, thenativevlanis completely accessible by others.



 
Reply With Quote
 
Arthur Brain
Guest
Posts: n/a
 
      07-19-2007

(E-Mail Removed) wrote:
> Thanks for your reply.
>
> My colleague is away for a while so this project needs to take a back
> seat. After I posted the last message, we found that after altering
> the default routes we had more joy.
>
> We will check everything you mentioned in your post; I was very
> interested to read what you said about the native VLAN being
> accessible by others, and will draw my colleague's attention to this.


Check to see which switches support VTP, then configure them all into
a single VTP domain, as much as posible and configure one single 3750
as the VTP Server (The rest as Client).

You can then manage the VLANs themselves centrally.

So, create a new VLAN 2 centrally.

If your 3750 also does your routing - easy peasy, just put the default
GW for each subnet onto its VLAN interface on this switch.

Otherwise you need to trunk each VLAN to your router.
Switch:
switchport trunk encapsulation dot1q
switchport mode trunk

Router:
interface ethernet0/0
ip address <Subnet 1>

interface ethernet0/0.1
encapsulation dot1q 2
ip address <Subnet 2>

Now you need to trunk the VLANs to each switch.

Switch on each side:
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1, 2
switchport mode trunk

If switches are daisy-chained off other switches, you need to ensure
the VLAN required at the far end is trunked TO the intermediate
switch, then FROM the intermediate switch to the next one in line.
Needless to say, each switch needs the VLAN to exist on it, either by
VTP or manually.

For ease of management, trunk your VLANs to the switches that need
them.
Alternatively, patching a switch into anbother switches port
configured as "Sw Access VLAN 2" will mean that the switch will simply
have VLAN2 as the default VLAN on all its Access ports.
[ie, watch out for mis-matches opf VLANs between switchports - it'll
work, but might confuse you]

 
Reply With Quote
 
mlp128@sfx.liverpool.sch.uk
Guest
Posts: n/a
 
      08-16-2007
On 19 Jul, 04:58, Arthur Brain <(E-Mail Removed)> wrote:
> (E-Mail Removed) wrote:
> > Thanks for your reply.

>
> > My colleague is away for a while so thisprojectneeds to take a back
> > seat. After I posted the last message, we found that after altering
> > the default routes we had more joy.

>
> > We will check everything you mentioned in your post; I was very
> > interested to read what you said about the nativeVLANbeing
> > accessible by others, and will draw my colleague's attention to this.

>
> Check to see which switches support VTP, then configure them all into
> a single VTP domain, as much as posible and configure one single 3750
> as the VTP Server (The rest as Client).
>
> You can then manage the VLANs themselves centrally.
>
> So, create a newVLAN2 centrally.
>
> If your 3750 also does your routing - easy peasy, just put the default
> GW for each subnet onto itsVLANinterface on this switch.
>
> Otherwise you need to trunk eachVLANto your router.
> Switch:
> switchport trunk encapsulation dot1q
> switchport mode trunk
>
> Router:
> interface ethernet0/0
> ip address <Subnet 1>
>
> interface ethernet0/0.1
> encapsulation dot1q 2
> ip address <Subnet 2>
>
> Now you need to trunk the VLANs to each switch.
>
> Switch on each side:
> switchport trunk encapsulation dot1q
> switchport trunk nativevlan1
> switchport trunk allowedvlan1, 2
> switchport mode trunk
>
> If switches are daisy-chained off other switches, you need to ensure
> theVLANrequired at the far end is trunked TO the intermediate
> switch, then FROM the intermediate switch to the next one in line.
> Needless to say, each switch needs theVLANto exist on it, either by
> VTP or manually.
>
> For ease of management, trunk your VLANs to the switches that need
> them.
> Alternatively, patching a switch into anbother switches port
> configured as "Sw AccessVLAN2" will mean that the switch will simply
> have VLAN2 as the defaultVLANon all its Access ports.
> [ie, watch out for mis-matches opf VLANs between switchports - it'll
> work, but might confuse you]


Thanks for the help.

We think the problems were down to the VTP server needing a restart.
All seems OK now.
Your comments have certainly helped me to understand this subject a
lot better, as it is my colleague who is the "Expert"

Many Thanks
Mark

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco C2900XL want ports to work on native vlan and switchport vlan paul1537 Cisco 0 05-15-2008 03:30 PM
Native, and management vlan "Vlan 1" Andy Cisco 1 09-21-2005 07:21 PM
native vlan mismatch on 2 2924 switches w/ only 1 vlan defined (same on both switches) avraham shir-el Cisco 4 07-20-2004 08:08 AM
HI, I have some question about native vlan and default vlan. PS2 gamer Cisco 1 05-28-2004 11:47 AM
Trunk Links (802.1q) And Native VLAN Amy L. Cisco 5 12-05-2003 12:48 PM



Advertisments