VLAN Project and Native VLAN

Discussion in 'Cisco' started by mlp128, Jul 13, 2007.

  1. mlp128

    mlp128 Guest

    Hi All

    Our school network consists of 420 PCs, 16 switches (mixture of 3750
    3550 2900 2950)

    Up to now everything was on VLAN 1 - Native.

    Our objective is to move everything to VLAN 2, then start to create
    smaller VLANs to break up the broadcast domain.

    We tested VLAN 2 and VLAN 3 a few days ago and could ping from PC on
    VLAN 2 to a PC on VLAN 3.

    Yesterday we changed all the switch ports to VLAN 2 everything went
    OK. We then managed to get a few PCs on VLAN 3 to receive their IP
    addresses (using IP-HELPER) from the DHCP server on VLAN 2.

    However now when we try to ping from a PC on VLAN3 to a host on VLAN 2
    we don't get a reply. We can get a reply from a host on VLAN 1, Which
    by our reckoning, should still be the native VLAN and we should not be
    able to see anythng on it from another VLAN. It is almost as though
    VLAN 2 has become the native VLAN.

    When we execute SHOW VLAN, VLAN 1 is listed as default.

    Can anyone offer any ideas as to what may be happening here?

    Mark Phillips
    mlp128, Jul 13, 2007
    1. Advertisements

  2. mlp128

    Trendkill Guest

    Is vlan2 trunked all the way back to the router? Can the router who
    owns vlan2's network ping the vlan2 devices? Can it (via an extended
    ping command) ping other vlans (1 & 3)? Can those other vlan
    interfaces ping vlans 2s? Sounds like a layer 3 issue due to a layer
    2 problem, but thats just an initial guess without more information.

    Lastly, just because its a native VLAN does not mean that nothing else
    can route in or out, that is totally controlled by your
    configuration. In most configurations that I have seen, the native
    vlan is completely accessible by others.
    Trendkill, Jul 13, 2007
    1. Advertisements

  3. mlp128

    mlp128 Guest

    Thanks for your reply.

    My colleague is away for a while so this project needs to take a back
    seat. After I posted the last message, we found that after altering
    the default routes we had more joy.

    We will check everything you mentioned in your post; I was very
    interested to read what you said about the native VLAN being
    accessible by others, and will draw my colleague's attention to this.

    Many Thanks
    mlp128, Jul 17, 2007
  4. mlp128

    Arthur Brain Guest

    Check to see which switches support VTP, then configure them all into
    a single VTP domain, as much as posible and configure one single 3750
    as the VTP Server (The rest as Client).

    You can then manage the VLANs themselves centrally.

    So, create a new VLAN 2 centrally.

    If your 3750 also does your routing - easy peasy, just put the default
    GW for each subnet onto its VLAN interface on this switch.

    Otherwise you need to trunk each VLAN to your router.
    switchport trunk encapsulation dot1q
    switchport mode trunk

    interface ethernet0/0
    ip address <Subnet 1>

    interface ethernet0/0.1
    encapsulation dot1q 2
    ip address <Subnet 2>

    Now you need to trunk the VLANs to each switch.

    Switch on each side:
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 1
    switchport trunk allowed vlan 1, 2
    switchport mode trunk

    If switches are daisy-chained off other switches, you need to ensure
    the VLAN required at the far end is trunked TO the intermediate
    switch, then FROM the intermediate switch to the next one in line.
    Needless to say, each switch needs the VLAN to exist on it, either by
    VTP or manually.

    For ease of management, trunk your VLANs to the switches that need
    Alternatively, patching a switch into anbother switches port
    configured as "Sw Access VLAN 2" will mean that the switch will simply
    have VLAN2 as the default VLAN on all its Access ports.
    [ie, watch out for mis-matches opf VLANs between switchports - it'll
    work, but might confuse you]
    Arthur Brain, Jul 19, 2007
  5. mlp128

    mlp128 Guest

    Thanks for the help.

    We think the problems were down to the VTP server needing a restart.
    All seems OK now.
    Your comments have certainly helped me to understand this subject a
    lot better, as it is my colleague who is the "Expert"

    Many Thanks
    mlp128, Aug 16, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.