Cisco 3750 native vlan VLAN1 doesn't work in a Trunked configuration
You've blocked vlan 1 traffic. Add it to your allowed vlans on the trunk port:
switchport trunk allowed vlan 1,10,11,102
Despite the fact that vlan 1 is the native vlan, it's still being evaluated for whether it's allowed through the port (which is why the vlan interface is showing as down; no port on the switch is able to deal with traffic for the vlan).
Related videos on Youtube
07 : 59
05 : 39
26 : 18
02 : 11
04 : 00
David Mackintosh
Updated on September 18, 2022Comments
-
David Mackintosh over 1 year
I have two devices here, a Netscreen SSG520 and a Cisco 3750.
#show ver Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2007 by Cisco Systems, Inc.The Cisco is currently being used as the central router. It has an IP interface defined on VLAN1. The revision of IOS is the one recommended to us by Cisco to cover some other oddities we have uncovered in the switch's behavior.
Right now my Netscreen has only an untagged interface. The Cisco treats this as VLAN1, and it works.
I want to add tagged interfaces to the netscreen (I need to remove the Cisco from routing certain VLANs for reasons I won't go into here). So the first thing I do is define the Cisco interface as trunked:
interface GigabitEthernet1/0/1 description Netscreen SSG520 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,11,102 switchport mode trunkNow, when I plug in my netscreen, the Cisco reports all the "trunk allowed" VLAN interfaces are UP. It does not report the interface on VLAN1 as up. And the expected traffic does not flow between the Cisco and the Netscreen. Neither can ping the other.
If I plug the Netscreen into an access port defined as so:
interface GigabitEthernet1/0/11 description castor...the Cisco then reports VLAN1 as up, both devices can ping each other, and traffic can flow between the Cisco and the Netscreen properly.
I have even tried defining the VLANs as tagged sub-interfaces on the Netscreen, and while the tagged VLANs work, VLAN1 does not.
I've played with the
switchport trunk native vlan 1command and theno switchport trunk native vlancommand and the switch still does not use VLAN1 on that interface.I already have a
no shutdowncommand in the definition for interface vlan1; the fact that when the netscreen is plugged into the access port the VLAN comes up proves that.For various reasons (mostly involving history) we can't just not use VLAN1.
I've spent the last two hours trying to get these devices to talk to each other the way I want them.
So.
How do I get the Cisco to recognize, and use, VLAN1 when I have a trunk defined?
-
Admin almost 13 yearsPerhaps the Cisco switch is adding tagging to the frames on VLAN1 and/or Netscreen is discarding frames when you're enabling tagging on each end? Have you tried tagging VLAN1 on each end and seeing if traffic is passed then?
-
-
David Mackintosh almost 13 yearsI tried that. The cisco won't add vlan 1 to the list of 'trunk allowed'. However, even if I do add it, that means that vlan 1 would be tagged on the port, which would conflict with the native vlan. (Note the cisco refused to add vlan 1 to the list of 'trunk allowed' even after setting the native vlan to a vid that isn't on this list.)
-
ravi yarlagadda almost 13 years@David The native vlan is never tagged unless you've entered the
vlan dot1q tag nativecommand (do you have this? it's global for the switch). Thetrunk allowed vlancommand has no bearing on what vlan is tagged or not; it's a filter of what's allowed in the port, not a determination of what should be tagged. What error are you seeing when you attempt to add vlan 1 to the allowed list? Here's a nice little youtube video demonstrating that the native vlan needs to be in the allowed list.
