We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Solved
Create a trunk link between a Cisco C3550 and a C2960G Catalyst Switch
Posted on 2013-06-17
Hi,
I'm trying to configure a trunk link between a Cisco C3550 (FastEthernet) and a C2960G (Gigabit) Catalyst switch, but I'm having issues. We have 5 subnets in our network infrastructure:
Subnet1: 172.16.0.0 255.255.255.192 - Production Mgmt Servers/devices
Subnet2: 192.168.0.0 255.255.255.0 - Production virtual servers
Subnet3: 172.16.0.64 255.255.255.192 - DR Mgmt Servers/devices
Subnet4: 192.168.100.0 255.255.255.0 - DR virtual servers
Subnet5: 192.168.1.0 255.255.255.0 - PCs/Laptops
The switch IPs are:
Prod-SW-01: 172.16.0.1
DR-SW-01: 172.16.0.65
I have configured 4 VLANs on each switch:
int vlan 100
int vlan 101
int vlan 200
int vlan 201
On the C2960G (Prod-SW-01), I have configured the downlink port as follows:
interface GigabitEthernet1/0/24
description Trunk to DR-SW-01
switchport trunk allowed vlan 100,101,200,201
switchport mode trunk
speed 100
duplex full
On the C3550 (DR-SW-01), I have configured the uplink port as follows:
interface FastEthernet1/0/24
description Trunk to Prod-SW-01
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,101,200,201
switchport mode trunk
speed 100
duplex full
From the C3550 switch (DR-SW-01), I can ping devices on VLAN 100 and 101.
From the C2960G on VLAN 100, I can ping telnet to the switch, but cannot ping any directly connected device on VLAN200 (172.16.0.64/26).
The only thing I can see that's different is that the C3550, being an older switch prompts me to configure a VLAN encapsulation type when I attempt to make a port a trunk. The C2960G does not require this. I'm not sure if this is the problem!
Any ideas how I should go about this, change this or troubleshoot this?
Thanks,
Fin
I'm trying to configure a trunk link between a Cisco C3550 (FastEthernet) and a C2960G (Gigabit) Catalyst switch, but I'm having issues. We have 5 subnets in our network infrastructure:
Subnet1: 172.16.0.0 255.255.255.192 - Production Mgmt Servers/devices
Subnet2: 192.168.0.0 255.255.255.0 - Production virtual servers
Subnet3: 172.16.0.64 255.255.255.192 - DR Mgmt Servers/devices
Subnet4: 192.168.100.0 255.255.255.0 - DR virtual servers
Subnet5: 192.168.1.0 255.255.255.0 - PCs/Laptops
The switch IPs are:
Prod-SW-01: 172.16.0.1
DR-SW-01: 172.16.0.65
I have configured 4 VLANs on each switch:
int vlan 100
int vlan 101
int vlan 200
int vlan 201
On the C2960G (Prod-SW-01), I have configured the downlink port as follows:
interface GigabitEthernet1/0/24
description Trunk to DR-SW-01
switchport trunk allowed vlan 100,101,200,201
switchport mode trunk
speed 100
duplex full
On the C3550 (DR-SW-01), I have configured the uplink port as follows:
interface FastEthernet1/0/24
description Trunk to Prod-SW-01
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,101,200,201
switchport mode trunk
speed 100
duplex full
From the C3550 switch (DR-SW-01), I can ping devices on VLAN 100 and 101.
From the C2960G on VLAN 100, I can ping telnet to the switch, but cannot ping any directly connected device on VLAN200 (172.16.0.64/26).
The only thing I can see that's different is that the C3550, being an older switch prompts me to configure a VLAN encapsulation type when I attempt to make a port a trunk. The C2960G does not require this. I'm not sure if this is the problem!
Any ideas how I should go about this, change this or troubleshoot this?
Thanks,
Fin
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
2-
2
- +2
8 Comments
You have access ports configured for the VLANs and active devices, or just IP addresses for the VLANs?
Can you post a sh run or sh int and sh vlan (sanitized)
I'm not sure if the 2960G supports ISL anymore, but would be the reason you do not get prompted to provide an encapsulation type on that switch.
Sounds like you dont have routing between the vlans...if you put a device in vlan 200 on each switch, can they talk to each other?
Can you post a sh run or sh int and sh vlan (sanitized)
I'm not sure if the 2960G supports ISL anymore, but would be the reason you do not get prompted to provide an encapsulation type on that switch.
Sounds like you dont have routing between the vlans...if you put a device in vlan 200 on each switch, can they talk to each other?
I think it is a layer 3 (routing) issue, but first of all make sure you configured your access ports with appropriate VLANs
So, VLAN200 is 172.16.0.64 subnet. Can you ping inside this subnet?
So, VLAN200 is 172.16.0.64 subnet. Can you ping inside this subnet?
As said, you have not told us what device is supposed to route between VLAN.
What IP address is the default gateway in each VLAN?
On what device is that IP address located?
What IP address is the default gateway in each VLAN?
On what device is that IP address located?
The 2960 is a pure L2 switch, so it cannot route. It needs the 3550 for that. The trunk you configured loks pretty much ok. The encapsulation command on the 3550 is ok as well because it matches with the default encapsulation dot1q on the 2960.
With show run and show vlan it probably would be evident what is missing. My guess is that you might have forgotten to add the VLAN to the vlan database. I personally prefer VTP transparent configuration so that I see all vlan in the config file of each switch. (It's easier to replace a switch as well.) It would look that way on both switches:
vtp transparent (on 3550)
vtp mode transparent (on 2960)
vtp domain <your-domain-name>
vlan 100
vlan 101
vlan 200
vlan 201
As you have five subnets and only four VLAN I assume that you run the management of the switches in VLAN1. This needs to be allowed on the trunk, otherwise no data is transferred:
switchport trunk allowed vlan add 1
Then you might need a default gateway on the 2960:
ip default-gateway 172.16.0.1
Finally did you switch on ip routing on the 3550 switch?
ip routing
With show run and show vlan it probably would be evident what is missing. My guess is that you might have forgotten to add the VLAN to the vlan database. I personally prefer VTP transparent configuration so that I see all vlan in the config file of each switch. (It's easier to replace a switch as well.) It would look that way on both switches:
vtp transparent (on 3550)
vtp mode transparent (on 2960)
vtp domain <your-domain-name>
vlan 100
vlan 101
vlan 200
vlan 201
As you have five subnets and only four VLAN I assume that you run the management of the switches in VLAN1. This needs to be allowed on the trunk, otherwise no data is transferred:
switchport trunk allowed vlan add 1
Then you might need a default gateway on the 2960:
ip default-gateway 172.16.0.1
Finally did you switch on ip routing on the 3550 switch?
ip routing
I'm out on site this morning, but when I get back to the office, I'll get sh runs of both switches and sh vlans.
There is a default gateway set that is pingable (192.168.0.220 - this is a core switch that is uplinked from the C2960g) .
I can ping a laptop that is directly connected to the C3550 on port 1. The laptops IP is 172.16.0.82/26.
I don't have 'IP routing' configured on the C3550.
There is a default gateway set that is pingable (192.168.0.220 - this is a core switch that is uplinked from the C2960g) .
I can ping a laptop that is directly connected to the C3550 on port 1. The laptops IP is 172.16.0.82/26.
I don't have 'IP routing' configured on the C3550.
Please send in the show run of the core switch as well and maybe a little drwaing on how you have connected allt the switches.
The default gateway IP address of your switches needs to be in the same subnet as their IP addresses.
The default gateway IP address of your switches needs to be in the same subnet as their IP addresses.
Apologies for the late allocation of points here - There were a number of issues with the network that I came across, mainly due to your suggestions and questions above.
The network was originally configured as follows:
Core Switch (C3550) -> Production Switch (C2960S) -> DR Switch (C3550)
When it should have been configured with the Core Switch routing directly to the Production and DR switches:
Core Switch (C3550) -> Production Switch (C2960S)
Core Switch (C3550) -> DR Switch (C3550)
This solved the routing issue as both Prod and DR switches then had the same gateway IPs.
I was a bit rusty with my networking and had lost the concept of layer 2 and layer 3 VLANs, but once you pointed that out I was able to troubleshoot accordingly.
The trunk ports VLANs were also configured incorrectly so your suggestions also help me resolve that issue.
Thank you.
The network was originally configured as follows:
Core Switch (C3550) -> Production Switch (C2960S) -> DR Switch (C3550)
When it should have been configured with the Core Switch routing directly to the Production and DR switches:
Core Switch (C3550) -> Production Switch (C2960S)
Core Switch (C3550) -> DR Switch (C3550)
This solved the routing issue as both Prod and DR switches then had the same gateway IPs.
I was a bit rusty with my networking and had lost the concept of layer 2 and layer 3 VLANs, but once you pointed that out I was able to troubleshoot accordingly.
The trunk ports VLANs were also configured incorrectly so your suggestions also help me resolve that issue.
Thank you.
Featured Post
Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually.
After setting up a router, find the network security…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month11 days, 6 hours left to enroll
618 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.