I have a Cisco 3750 connected to an ASA 5510 and two Cisco SG 300-28 switches. On each SG 300 I have a WAP that can do multiple SSIDs. I have configured the WAPs to use VLAN2 as the guest network VLAN. I have configured the WAP ports and the trunk ports on the SG 300s. The backed up SG 300s configs have the following settings
vlan database
vlan 2
exit
interface range ethernet g(24,27-28)
switchport trunk allowed vlan add 2
exit
interface vlan 2
name "Public Wifi"
exit
On the 3750 I have configured the trunk ports to the SG 300s and the ASA. The relevant settings (I think) are as follows
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1-3,5 priority 24576
interface GigabitEthernet1/0/8
description Trunk to HR Switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2
!
interface GigabitEthernet1/0/9
description Trunk to CS Switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2
!
!
interface GigabitEthernet1/0/46
description upling-to-FW
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2
!
interface Vlan2
description Guest
no ip address
!
and on the ASA I have
interface Ethernet0/1.2
vlan 2
nameif Guest
security-level 90
ip address 192.168.100.1 255.255.255.0
!
When I do a show vlan on the 3750 I see
3750#show vlan
VLAN Name Status Ports
---- --------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/23, Gi1/0/24, Gi1/0/26
Gi1/0/27, Gi1/0/28, Gi1/0/29
Gi1/0/30, Gi1/0/31, Gi1/0/32
Gi1/0/33, Gi1/0/34, Gi1/0/35
Gi1/0/36, Gi1/0/37, Gi1/0/38
Gi1/0/39, Gi1/0/40, Gi1/0/41
Gi1/0/42, Gi1/0/43, Gi1/0/44
Gi1/0/45, Gi1/0/46, Gi1/0/47
Gi1/0/48, Gi1/1/1, Gi1/1/4
2 Guest active
3 Xponet-subnet active Gi1/0/25
4 iscsi active Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22
5 VLAN0005 active
6 VLAN0006 active
VLAN Name Status Ports
---- --------------------------
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
--------------------------
Primary Secondary Type Ports
------- --------- ----------------- --------------------------
3750#
and when I do a show interface trunk I see
3750#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi1/1/2 auto 802.1q trunking 1
Gi1/1/3 auto 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1/2 1,5
Gi1/1/3 1,3
Port Vlans allowed and active in management domain
Gi1/1/2 1,5
Gi1/1/3 1,3
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1/2 1,5
Gi1/1/3 1,3
3750#
And when I show the VLAN interface I get
3750#show interfaces vlan 2
Vlan2 is up, line protocol is down
Hardware is EtherSVI, address is 503d.e5c0.9cc4 (bia 503d.e5c0.9cc4)
Description: Guest
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 1d02h, output 1d02h, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
262 packets input, 27488 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
15 packets output, 2898 bytes, 0 underruns
0 output errors, 3 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
So it looks like the trunking is not working properly. Do I have something configured wrong or could it be an IOS bug?
vlan database
vlan 2
exit
interface range ethernet g(24,27-28)
switchport trunk allowed vlan add 2
exit
interface vlan 2
name "Public Wifi"
exit
On the 3750 I have configured the trunk ports to the SG 300s and the ASA. The relevant settings (I think) are as follows
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1-3,5 priority 24576
interface GigabitEthernet1/0/8
description Trunk to HR Switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2
!
interface GigabitEthernet1/0/9
description Trunk to CS Switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2
!
!
interface GigabitEthernet1/0/46
description upling-to-FW
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2
!
interface Vlan2
description Guest
no ip address
!
and on the ASA I have
interface Ethernet0/1.2
vlan 2
nameif Guest
security-level 90
ip address 192.168.100.1 255.255.255.0
!
When I do a show vlan on the 3750 I see
3750#show vlan
VLAN Name Status Ports
---- --------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/23, Gi1/0/24, Gi1/0/26
Gi1/0/27, Gi1/0/28, Gi1/0/29
Gi1/0/30, Gi1/0/31, Gi1/0/32
Gi1/0/33, Gi1/0/34, Gi1/0/35
Gi1/0/36, Gi1/0/37, Gi1/0/38
Gi1/0/39, Gi1/0/40, Gi1/0/41
Gi1/0/42, Gi1/0/43, Gi1/0/44
Gi1/0/45, Gi1/0/46, Gi1/0/47
Gi1/0/48, Gi1/1/1, Gi1/1/4
2 Guest active
3 Xponet-subnet active Gi1/0/25
4 iscsi active Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22
5 VLAN0005 active
6 VLAN0006 active
VLAN Name Status Ports
---- --------------------------
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
--------------------------
Primary Secondary Type Ports
------- --------- ----------------- --------------------------
3750#
and when I do a show interface trunk I see
3750#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi1/1/2 auto 802.1q trunking 1
Gi1/1/3 auto 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1/2 1,5
Gi1/1/3 1,3
Port Vlans allowed and active in management domain
Gi1/1/2 1,5
Gi1/1/3 1,3
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1/2 1,5
Gi1/1/3 1,3
3750#
And when I show the VLAN interface I get
3750#show interfaces vlan 2
Vlan2 is up, line protocol is down
Hardware is EtherSVI, address is 503d.e5c0.9cc4 (bia 503d.e5c0.9cc4)
Description: Guest
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 1d02h, output 1d02h, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
262 packets input, 27488 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
15 packets output, 2898 bytes, 0 underruns
0 output errors, 3 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
So it looks like the trunking is not working properly. Do I have something configured wrong or could it be an IOS bug?
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 8 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.