mmercaldi
asked on
cisco 2940 switch issue
I current have a 2940 switch connected to my cisco 881 router. I have 2 issues, for some reason whenever I enable trunking on a port the port light does not light up when it is connected to a trunk port on my cisco 881 and I cannot have vlan 10 and 50 up on the same time. Vlan 10 and 50 were created on my cisco 881 router. Any idea how to fix these iisues?
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
!
vtp domain GRADY
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 10,50
!
interface FastEthernet0/1
switchport access vlan 50
!
interface FastEthernet0/2
!
interface FastEthernet0/3
switchport access vlan 50
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface GigabitEthernet0/1
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,10,50,1002-1005
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan2
no ip address
no ip route-cache
!
interface Vlan10
no ip address
no ip route-cache
shutdown
!
interface Vlan50
ip address 50.0.0.10 255.255.255.0
no ip route-cache
!
ip http server
!
line con 0
line vty 5 15
!
!
end
Switch(config-if)#
Spanning tree should not be an issue, since we're only talking about one link.
A couple of questions to consider:
Do the 881 implement 802.1Q trunking? (The 2940 only use 802.1Q, not ISL)
Is the speed and duplex modes compatible? (Autonegotiating could fail, do a 'show int status' to verify)
If you could post the router port configuration, it should be very helpful.
If by "I cannot have vlan 10 and 50 up on the same time" you mean that you cannot have both Switched Virtual Interfaces (SVI's, the 'inteface vlan x' part of the config) active ON THE SWITCH, the answer is that you're not supposed to. The 2940 is a Layer2 switch, and, as such, will only allow you to have one SVI (and IP address) active at the same time.
A couple of questions to consider:
Do the 881 implement 802.1Q trunking? (The 2940 only use 802.1Q, not ISL)
Is the speed and duplex modes compatible? (Autonegotiating could fail, do a 'show int status' to verify)
If you could post the router port configuration, it should be very helpful.
If by "I cannot have vlan 10 and 50 up on the same time" you mean that you cannot have both Switched Virtual Interfaces (SVI's, the 'inteface vlan x' part of the config) active ON THE SWITCH, the answer is that you're not supposed to. The 2940 is a Layer2 switch, and, as such, will only allow you to have one SVI (and IP address) active at the same time.
ASKER
here is my router config
crypto pki certificate chain TP-self-signed-1180740580
certificate self-signed 01
30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313830 37343035 3830301E 170D3130 30323031 31383131
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31383037
34303538 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BDA9 EB6E7BF1 647984DC F95D057A 42A482FC 9B4C297F B83F42CD 44699958
50E8D2C4 1EDD52ED 6CD4C8B6 2B7D8854 CDC0FC3A 0015D374 70F56CAB 99DBB00B
3137515E 106667EB 745F0AA8 B58C3C50 8B55F078 59ED097C 9158D506 24F41D67
8461527E 0373D4FF 7C1773DB 818B8802 FB2C7B09 BCC02AAE 67A1D114 4201A0BC
1B630203 010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603
551D1104 0E300C82 0A6D6572 63726F75 74657230 1F060355 1D230418 30168014
9F768D13 75DEBCFC BC859725 95A68056 3AD92304 301D0603 551D0E04 1604149F
768D1375 DEBCFCBC 85972595 A680563A D9230430 0D06092A 864886F7 0D010104
05000381 81004C97 6A52BF96 94C10D75 D1B4F21C 16E83B82 82E2DFCA 31EC664C
877EBA90 5B2BC26C EC75F790 F3EBA272 0743A037 6A8C2918 3B6F5D69 43DE2958
A794C60D B8BCADA4 346284BF C4C428DA 96623CB1 36A4ACCB 8E2571D5 DCA5CD9B
796D791B C410D98B 8DC259B3 0E366F03 85047B83 4E3B8B8E E661D87F 84A844BD
4B8A3AC8 D53E
quit
ip source-route
!
!
!
ip dhcp pool DATA
network 50.0.0.0 255.255.255.0
dns-server 50.0.0.1 4.2.2.2
default-router 50.0.0.1
!
ip dhcp pool CABLE
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.10.10.1
!
!
ip cef
ip domain name mercdomain
ip name-server 4.2.2.1
ip name-server 4.2.2.2
ip ddns update method dyndnsupdate
HTTP
add http://mercxi:merc84@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 10 0 0 0
interval minimum 9 0 0 0
!
no ipv6 cef
!
!
multilink bundle-name authenticated
license boot module c880-data level advipservices
!
!
username mercxi privilege 15 secret 5 $1$oc/Z$ifBjqktNFq7dZCxP3Jq9Z.
!
!
crypto isakmp policy 3
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group mercdecember
key merc84
pool ippool
acl 108
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set security-association idle-time 86400
set transform-set myset
reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthen
crypto map clientmap client configuration address initiate
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
archive
log config
hidekeys
!
!
!
class-map type inspect match-any intranet-internet-traffic
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any internet-intranet-traffic
match protocol tcp
match protocol udp
match protocol icmp
!
!
!
!
interface FastEthernet0
switchport access vlan 50
!
interface FastEthernet1
switchport access vlan 10
!
interface FastEthernet2
!
interface FastEthernet3
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,10,50,1002-1005
switchport mode trunk
!
interface FastEthernet4
ip ddns update hostname mercxi.kicks-ass.net
ip ddns update dyndnsupdate
ip address dhcp
ip access-group 103 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map clientmap
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip address 55.0.0.1 255.255.255.0
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport access vlan 50
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
no ip address
!
interface Vlan10
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan50
ip address 50.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool ippool 60.0.0.5 60.0.0.10
ip local pool new 65.0.0.2 65.0.0.10
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4 dhcp
no ip http server
no ip http secure-server
!
!
ip dns server
ip nat inside source static udp 50.0.0.100 88 interface FastEthernet4 88
ip nat inside source static udp 50.0.0.100 3074 interface FastEthernet4 3074
ip nat inside source static tcp 50.0.0.100 3074 interface FastEthernet4 3074
ip nat inside source route-map DATA interface FastEthernet4 overload
!
access-list 101 deny ip 50.0.0.0 0.0.0.255 60.0.0.0 0.0.0.255
access-list 101 deny ip 10.10.10.0 0.0.0.255 60.0.0.0 0.0.0.255
access-list 101 permit ip 50.0.0.0 0.0.0.255 any
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 103 permit ip any any
access-list 108 permit ip 50.0.0.0 0.0.0.255 60.0.0.0 0.0.0.255
access-list 108 permit ip 10.10.10.0 0.0.0.255 60.0.0.0 0.0.0.255
!
!
!
!
route-map DATA permit 10
match ip address 101
match interface FastEthernet4
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
password merc84
transport input all
!
scheduler max-task-time 5000
!
webvpn gateway gateway_1
ip interface FastEthernet4 port 443
ssl trustpoint TP-self-signed-1180740580
inservice
!
webvpn install svc flash:/webvpn/anyconnect-win-2.4.0202-k9.pkg sequence 1
!
webvpn context webvpn
ssl authenticate verify all
!
!
policy group defaultpolicy
functions svc-enabled
svc address-pool "new"
svc split include 50.0.0.0 255.255.255.0
svc split include 10.10.10.0 255.255.255.0
svc dns-server primary 50.0.0.1
default-group-policy defaultpolicy
aaa authentication list userauthen
gateway gateway_1
inservice
!
end
mercrouter#
I thought it was mentioned the port would not even light up when you connect the trunks. So if that's the case, the could the SVI being shut down cause the light to go out? If so, better to remove all SVI's instead of shutting them.
* Please configure each interface (Gi0/1 on switch, and Fa3 on router) with
speed 100
duplex full
* Connect the two ports with a cross-over cable.
* If it does not work, post the output of the "show interface status" command.
speed 100
duplex full
* Connect the two ports with a cross-over cable.
* If it does not work, post the output of the "show interface status" command.
ASKER
Brain that is correct the port lights do not light up when I connect the trunks. How do I remove the SVI's?
the switch is a layer 2 device and can only have one Vlan configured with an ip address and up.
when the port doesn't light up, how is the speed and duplex setting?
try to make use of the "switchport nonegotiate" command on the switch trunkport
when the port doesn't light up, how is the speed and duplex setting?
try to make use of the "switchport nonegotiate" command on the switch trunkport
to clarify
speed 100
duplex full
switchport nonegotiate
do s show interface on the switch to check that the port is not being set in " error disable" when u connect it to the router
speed 100
duplex full
switchport nonegotiate
do s show interface on the switch to check that the port is not being set in " error disable" when u connect it to the router
no interface vlan1
no interface vlan2
no interface vlan10
That'll leave 50. See if the light comes on after that.
no interface vlan2
no interface vlan10
That'll leave 50. See if the light comes on after that.
ASKER
I was just looking at my router and I found I am getting an err-disabled on my trunk port
ASKER
I was able to fix the trunk port by restarting the router however I need to have vlan 10 and 50, and vlan 2 is my native vlan for the trunks. How can I get around this issue?
you can have all the vlans but not with IP addresses. add your vlans in vlan-database. the only vlan that should be an interface is the one u use for management of the switch.
ASKER
right however if I have only vlan 10 and 50, if I bring vlan 50 up it takes vlan 10 down and if I bring vlan 10 up it takes vlan 50 down
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you post the config to the 881?