VLAN Project and Native VLAN

Discussion in 'Cisco' started by mlp128@sfx.liverpool.sch.uk, Jul 13, 2007.

  1. Guest

    Hi All

    Our school network consists of 420 PCs, 16 switches (mixture of 3750
    3550 2900 2950)

    Up to now everything was on VLAN 1 - Native.

    Our objective is to move everything to VLAN 2, then start to create
    smaller VLANs to break up the broadcast domain.

    We tested VLAN 2 and VLAN 3 a few days ago and could ping from PC on
    VLAN 2 to a PC on VLAN 3.

    Yesterday we changed all the switch ports to VLAN 2 everything went
    OK. We then managed to get a few PCs on VLAN 3 to receive their IP
    addresses (using IP-HELPER) from the DHCP server on VLAN 2.

    However now when we try to ping from a PC on VLAN3 to a host on VLAN 2
    we don't get a reply. We can get a reply from a host on VLAN 1, Which
    by our reckoning, should still be the native VLAN and we should not be
    able to see anythng on it from another VLAN. It is almost as though
    VLAN 2 has become the native VLAN.

    When we execute SHOW VLAN, VLAN 1 is listed as default.

    Can anyone offer any ideas as to what may be happening here?


    Cheers
    Mark Phillips
    , Jul 13, 2007
    #1
    1. Advertising

  2. Trendkill Guest

    On Jul 13, 5:06 am, wrote:
    > Hi All
    >
    > Our school network consists of 420 PCs, 16 switches (mixture of 3750
    > 3550 2900 2950)
    >
    > Up to now everything was on VLAN 1 - Native.
    >
    > Our objective is to move everything to VLAN 2, then start to create
    > smaller VLANs to break up the broadcast domain.
    >
    > We tested VLAN 2 and VLAN 3 a few days ago and could ping from PC on
    > VLAN 2 to a PC on VLAN 3.
    >
    > Yesterday we changed all the switch ports to VLAN 2 everything went
    > OK. We then managed to get a few PCs on VLAN 3 to receive their IP
    > addresses (using IP-HELPER) from the DHCP server on VLAN 2.
    >
    > However now when we try to ping from a PC on VLAN3 to a host on VLAN 2
    > we don't get a reply. We can get a reply from a host on VLAN 1, Which
    > by our reckoning, should still be the native VLAN and we should not be
    > able to see anythng on it from another VLAN. It is almost as though
    > VLAN 2 has become the native VLAN.
    >
    > When we execute SHOW VLAN, VLAN 1 is listed as default.
    >
    > Can anyone offer any ideas as to what may be happening here?
    >
    > Cheers
    > Mark Phillips


    Is vlan2 trunked all the way back to the router? Can the router who
    owns vlan2's network ping the vlan2 devices? Can it (via an extended
    ping command) ping other vlans (1 & 3)? Can those other vlan
    interfaces ping vlans 2s? Sounds like a layer 3 issue due to a layer
    2 problem, but thats just an initial guess without more information.

    Lastly, just because its a native VLAN does not mean that nothing else
    can route in or out, that is totally controlled by your
    configuration. In most configurations that I have seen, the native
    vlan is completely accessible by others.
    Trendkill, Jul 13, 2007
    #2
    1. Advertising

  3. Guest

    Thanks for your reply.

    My colleague is away for a while so this project needs to take a back
    seat. After I posted the last message, we found that after altering
    the default routes we had more joy.

    We will check everything you mentioned in your post; I was very
    interested to read what you said about the native VLAN being
    accessible by others, and will draw my colleague's attention to this.

    Many Thanks
    mark


    On 13 Jul, 12:21, Trendkill <> wrote:
    > On Jul 13, 5:06 am, wrote:
    >
    >
    >
    > > Hi All

    >
    > > Our school network consists of 420 PCs, 16 switches (mixture of 3750
    > > 3550 2900 2950)

    >
    > > Up to now everything was onVLAN1 -Native.

    >
    > > Our objective is to move everything toVLAN2, then start to create
    > > smaller VLANs to break up the broadcast domain.

    >
    > > We testedVLAN2 andVLAN3 a few days ago and could ping from PC on
    > >VLAN2 to a PC onVLAN3.

    >
    > > Yesterday we changed all the switch ports toVLAN2 everything went
    > > OK. We then managed to get a few PCs onVLAN3 to receive their IP
    > > addresses (using IP-HELPER) from the DHCP server onVLAN2.

    >
    > > However now when we try to ping from a PC on VLAN3 to a host onVLAN2
    > > we don't get a reply. We can get a reply from a host onVLAN1, Which
    > > by our reckoning, should still be thenativeVLANand we should not be
    > > able to see anythng on it from anotherVLAN. It is almost as though
    > >VLAN2 has become thenativeVLAN.

    >
    > > When we execute SHOWVLAN,VLAN1 is listed as default.

    >
    > > Can anyone offer any ideas as to what may be happening here?

    >
    > > Cheers
    > > Mark Phillips

    >
    > Is vlan2 trunked all the way back to the router? Can the router who
    > owns vlan2's network ping the vlan2 devices? Can it (via an extended
    > ping command) ping other vlans (1 & 3)? Can those othervlan
    > interfaces ping vlans 2s? Sounds like a layer 3 issue due to a layer
    > 2 problem, but thats just an initial guess without more information.
    >
    > Lastly, just because its anativeVLANdoes not mean that nothing else
    > can route in or out, that is totally controlled by your
    > configuration. In most configurations that I have seen, thenativevlanis completely accessible by others.
    , Jul 17, 2007
    #3
  4. Arthur Brain Guest

    wrote:
    > Thanks for your reply.
    >
    > My colleague is away for a while so this project needs to take a back
    > seat. After I posted the last message, we found that after altering
    > the default routes we had more joy.
    >
    > We will check everything you mentioned in your post; I was very
    > interested to read what you said about the native VLAN being
    > accessible by others, and will draw my colleague's attention to this.


    Check to see which switches support VTP, then configure them all into
    a single VTP domain, as much as posible and configure one single 3750
    as the VTP Server (The rest as Client).

    You can then manage the VLANs themselves centrally.

    So, create a new VLAN 2 centrally.

    If your 3750 also does your routing - easy peasy, just put the default
    GW for each subnet onto its VLAN interface on this switch.

    Otherwise you need to trunk each VLAN to your router.
    Switch:
    switchport trunk encapsulation dot1q
    switchport mode trunk

    Router:
    interface ethernet0/0
    ip address <Subnet 1>

    interface ethernet0/0.1
    encapsulation dot1q 2
    ip address <Subnet 2>

    Now you need to trunk the VLANs to each switch.

    Switch on each side:
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 1
    switchport trunk allowed vlan 1, 2
    switchport mode trunk

    If switches are daisy-chained off other switches, you need to ensure
    the VLAN required at the far end is trunked TO the intermediate
    switch, then FROM the intermediate switch to the next one in line.
    Needless to say, each switch needs the VLAN to exist on it, either by
    VTP or manually.

    For ease of management, trunk your VLANs to the switches that need
    them.
    Alternatively, patching a switch into anbother switches port
    configured as "Sw Access VLAN 2" will mean that the switch will simply
    have VLAN2 as the default VLAN on all its Access ports.
    [ie, watch out for mis-matches opf VLANs between switchports - it'll
    work, but might confuse you]
    Arthur Brain, Jul 19, 2007
    #4
  5. Guest

    On 19 Jul, 04:58, Arthur Brain <> wrote:
    > wrote:
    > > Thanks for your reply.

    >
    > > My colleague is away for a while so thisprojectneeds to take a back
    > > seat. After I posted the last message, we found that after altering
    > > the default routes we had more joy.

    >
    > > We will check everything you mentioned in your post; I was very
    > > interested to read what you said about the nativeVLANbeing
    > > accessible by others, and will draw my colleague's attention to this.

    >
    > Check to see which switches support VTP, then configure them all into
    > a single VTP domain, as much as posible and configure one single 3750
    > as the VTP Server (The rest as Client).
    >
    > You can then manage the VLANs themselves centrally.
    >
    > So, create a newVLAN2 centrally.
    >
    > If your 3750 also does your routing - easy peasy, just put the default
    > GW for each subnet onto itsVLANinterface on this switch.
    >
    > Otherwise you need to trunk eachVLANto your router.
    > Switch:
    > switchport trunk encapsulation dot1q
    > switchport mode trunk
    >
    > Router:
    > interface ethernet0/0
    > ip address <Subnet 1>
    >
    > interface ethernet0/0.1
    > encapsulation dot1q 2
    > ip address <Subnet 2>
    >
    > Now you need to trunk the VLANs to each switch.
    >
    > Switch on each side:
    > switchport trunk encapsulation dot1q
    > switchport trunk nativevlan1
    > switchport trunk allowedvlan1, 2
    > switchport mode trunk
    >
    > If switches are daisy-chained off other switches, you need to ensure
    > theVLANrequired at the far end is trunked TO the intermediate
    > switch, then FROM the intermediate switch to the next one in line.
    > Needless to say, each switch needs theVLANto exist on it, either by
    > VTP or manually.
    >
    > For ease of management, trunk your VLANs to the switches that need
    > them.
    > Alternatively, patching a switch into anbother switches port
    > configured as "Sw AccessVLAN2" will mean that the switch will simply
    > have VLAN2 as the defaultVLANon all its Access ports.
    > [ie, watch out for mis-matches opf VLANs between switchports - it'll
    > work, but might confuse you]


    Thanks for the help.

    We think the problems were down to the VTP server needing a restart.
    All seems OK now.
    Your comments have certainly helped me to understand this subject a
    lot better, as it is my colleague who is the "Expert"

    Many Thanks
    Mark
    , Aug 16, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Amy L.
    Replies:
    5
    Views:
    29,682
    Francois Labreque
    Dec 5, 2003
  2. PS2 gamer
    Replies:
    1
    Views:
    1,002
    Ivan Ostres
    May 28, 2004
  3. avraham shir-el
    Replies:
    4
    Views:
    8,516
    avraham shir-el
    Jul 20, 2004
  4. Andy
    Replies:
    1
    Views:
    12,046
    Walter Roberson
    Sep 21, 2005
  5. paul1537
    Replies:
    0
    Views:
    1,717
    paul1537
    May 15, 2008
Loading...

Share This Page