Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I'm having issues with a cisco SG550X-24 switch.
The switch is showing 100U as an administrative VLAN but not an operation VLAN. I'm unsure why this is, and plugging into this port doesn't work. The switch functions normally and other ports work fine.
Screenshot of config page attached:
cisco vlan config
1 and 19 are configured exactly and same, port 19 works fine with 100U but port 1 doesn't.
Any ideas? Is there a setting I'm missing that disables the port or VLAN?
Thanks
config-file-header
CB-BR-Radon233
v2.5.5.47 / RTESLA2.5.5_930_364_286
CLI v1.0
file SSD indicator encrypted
#
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink te
unit-type unit 2 network gi uplink te
unit-type unit 3 network gi uplink te
unit-type unit 4 network gi uplink te
unit-type unit 5 network gi uplink te
unit-type unit 6 network gi uplink te
unit-type unit 7 network gi uplink te
unit-type unit 8 network gi uplink te
unit-type-control-end
!
port jumbo-frame
vlan database
vlan 2,69,100,201
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
link-flap prevention disable
no boot host auto-config
no boot host auto-update
bonjour interface range vlan 1
hostname IMS-CB-BR-Radon233
no passwords complexity enable
username root password encrypted 777f99c04f34de13899c397960ac60d7548cfeb4 privilege 15
username cisco password encrypted ffd1c8e37222f7a9f61aec3e1179e951695fdeba privilege 15
ip ssh server
snmp-server location CB-BR-Radon233
snmp-server contact
clock timezone J 0 minutes 0
!
interface vlan 1
ip address 192.168.1.233 255.255.255.0
no ip address dhcp
!
interface vlan 2
name Phone
!
interface vlan 69
name Dirty
!
interface vlan 100
name Admin
ip address 192.168.100.233 255.255.255.0
!
interface vlan 201
name Mocap
!
interface GigabitEthernet1/0/1
no switchport
switchport access vlan 100
switchport trunk native vlan 100
!
interface GigabitEthernet1/0/3
storm-control broadcast level 10
storm-control multicast level 10
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode trunk
switchport trunk allowed vlan 1
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
!
interface GigabitEthernet1/0/4
storm-control broadcast level 10
storm-control multicast level 10
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode trunk
switchport access vlan 2
switchport trunk allowed vlan 1
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
!
interface GigabitEthernet1/0/7
storm-control broadcast level 10
storm-control multicast level 10
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode trunk
switchport trunk allowed vlan 1
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
!
interface GigabitEthernet1/0/11
storm-control broadcast level 10
storm-control multicast level 10
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode trunk
switchport access vlan 2
switchport trunk allowed vlan 1
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
!
interface GigabitEthernet1/0/12
channel-group 1 mode auto
!
interface GigabitEthernet1/0/13
switchport mode trunk
switchport access vlan 100
switchport trunk allowed vlan none
!
interface GigabitEthernet1/0/19
switchport access vlan 100
switchport trunk native vlan 100
!
interface GigabitEthernet1/0/24
channel-group 1 mode auto
!
interface TenGigabitEthernet1/0/1
channel-group 2 mode auto
!
interface TenGigabitEthernet1/0/2
channel-group 2 mode auto
!
interface TenGigabitEthernet1/0/3
spanning-tree link-type point-to-point
switchport mode trunk
switchport trunk allowed vlan 1-2,69,100,201
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface Port-Channel1
description EthTrunk
spanning-tree link-type point-to-point
switchport mode trunk
switchport general allowed vlan add 2,69,100,201 tagged
switchport general allowed vlan add 1 untagged
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface Port-Channel2
description X1Trunk
switchport mode trunk
!
exit
assuming you're using the same device and the same ethernet-cable when connecting to port 1 and port 19, correct?
would you mind to SSH into the switch and collect a "show run" for port 1 and 19?
...ok, with the config provided:
this is weird, port 1 is configured as routed port but the vlan-settings are still there.
my first try would be:
(in the ssh shell)
conf t
interface GigabitEthernet1/0/1
switchport
end
that should fix the vlan-membership.
a good practice for end-user-facing interfaces would be to add:
conf t
interface GigabitEthernet1/0/1
spanning-tree portfast
spanning-tree bpduguard enable
end
Related
I have an application, which send periodically TCP/IP packets from a master to a slave with Time Sensitive Networking, which is implemented inside tc-taprio in Linux. Every manual tells me that I need to create a new virtual Network Interface with some VLAN ID. But actually I
Is there a way to create a virtual Interface with a VLAN ID set to 0? Or not to set a VLAN ID at all?
English wikipedia describes the VLAN ID 0 with: VLAN not set.
VLAN IDs 0x000 and 0xfff (0 and 4095) are reserved and cannot be used. Many implementations use VLID 0 for 'untagged'.
How can clear "no switchport" command from cisco devices interface?
Just go into interface mode and write "switchport".
Example:
conf t
interface Gi1/0/15
switchport
end
wr
I am working on insert vlan tags for some client macs on outgoing packets via native vlan. I have tried nh_hooks IN, OUT and Forward but didnt get any success.
What i want is either i can add tag to packet from client to native vlan and then send it via same vlan or is it possible that i can forward native vlan packet from some client based on MAC to tagged vlan interface?
Any suggestion in netlink code or kernel level code? or is it possible to do that via ebtables based on MAC?
VLAN tagging in Linux is accomplished by using subinterfaces, e.g. ip link add link eth0 name eth0.8 type vlan id 8 adds tagged VID 8 to eth0, creating the eth0.8 subinterface.
The native VLAN is the one that's not tagged on a trunk/port, so its VLAN ID elsewhere depends on whether and how the trunk endpoints (switches) tag the frames when forwarding.
On a VLAN trunk, the VID in the tag is the VLAN the frame is running in.
PC1 ---[SW1] ----[SW2] -----[SW3] ----PC3
[sw2] ---> PC2.
[sw2 also connect to PC2.
Assume SW2 is non-IEEE 802.1q switches that does not support VLAN. SW1, SW3 do support. All PC are in VLAN 10.
What the SW1/SW3 on the trunk port will send VLAN 10 packet as untagged packet so that PC2 can understand it. When SW1/SW3 receive any frame, it will classified it as VLAN 10.
The default native VLAN is VLAN 1.
1st mistake in question: native VLAN frame/packets are send and received untagged. (no 4 bytes VLAN header).
If I understand it correctly, To forward a native VLAN untagged to a tagged VLAN will be to configure SW1 native vlan to be VLAN 10 and SW3 native VLAN to Vlan 30. PC3 is in VLAN 30. The vlan 10 will get translated to VLAN 30.
So the vlan 10 in PC1 is the same as untagged frame in PC2 and vlan 30 in PC3.
I have a ASA 5505 in transparent mode with a Security plus licence
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 20 DMZ Unrestricted
Dual ISPs : Enabled perpetual
VLAN Trunk Ports : 8 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : 25 perpetual
Other VPN Peers : 25 perpetual
Total VPN Peers : 25 perpetual
Shared License : Enabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Enabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual
Whilst attempting to edit a vlan with the command: int vlan 7
I receive back ERROR: % Cannot allocate MAC address to interface
Is this related to the error message in the ASDM when clicking add new interface i receive the error message "You cannot have more than 3 vlans in your system"? And if so why do i get this message?
ASA Version 9.1(6)8
!
firewall transparent
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 3
shutdown
!
interface Ethernet0/3
switchport access vlan 4
shutdown
!
interface Ethernet0/4
switchport access vlan 5
shutdown
!
interface Ethernet0/5
switchport access vlan 6
shutdown
!
interface Ethernet0/6
switchport access vlan 7
!
interface Ethernet0/7
switchport access vlan 8
!
interface Vlan1
description Management Pc Connection
nameif inside
bridge-group 1
security-level 100
!
interface Vlan2
description Dead End - No Connection
nameif outside
bridge-group 1
security-level 0
!
interface Vlan8
description Management Pc Connection
nameif ManPc-HpILO
bridge-group 4
security-level 100
!
interface BVI1
description ASA Management Bridge Group
ip address
!
interface BVI3
description Vmware Bridge Group
ip address
!
interface BVI4
description HP ILO 4 Bridge Group
ip address
!
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
mtu ManPc-HpILO 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http inside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:e02cea00fefdea428cbbd8994f237335
: end
I was not aware that transparent mode does not quite share the licence allowance.
According to Cisco,
Security Plus License + Transparent Mode
3 active VLANs
(2 active VLANs in 1 bridge group, plus 1 active VLAN for failover)
I am very new to Cisco networking (haven't done any course either). I have been trying to learn a bit of networking myself and had no trouble in doing some of the basic stuff which i needed for my personal work. But i am planning to buy a new Cisco switch(a gigabit switch) and configure it to 2 different networks (1 being an internet and other being a separate network for a specific job). I want to configure the ports in such a way that the first few slots for normal internet and the rest for my other network. For example if its a Cisco 2950 48 port switch, the first 1-16 port for my local internet network and the ports from 17-32 for my other network. Can somebody give me a run down on how to achieve this? Sorry for such a long but basic question, i am just trying to save few $$ and learning something new. Any help would be appreciated. Cheers
You can just create the 2 different Vlans and Give the Access port to the 1st vlan with port 1 - 16 , And for Second vlan Give access port remaining Ports. As well you can also configure 2 different network on Single Switch .
Vlans can separate the network traffic away from each other. For Example
Int range gi 0/1 - 16
Desc Local Internet Network
Switchport access vlan 444
Switch port mode access
Int range gi 0/17 - 32
Desc Other Network
Switchport access vlan 555
Switch port mode access
Of course it depends on what you plug into the ports? depends on what type of switchport it is going to be.
Switch#configure terminal
Switch(config)#vlan 10
Switch(config-vlan)#name Local_Internet_Network
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name my_other_network
Switch(config-vlan)#exit
Switch(config)#interface range gigabitEthernet 0/1-16
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit
Switch(config)#interface range gigabitEthernet 0/17-32
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#exit
Switch(config)#exit
Switch#write memory
and check on trunk
The 2950 switch was a L2 switch only last time I checked so it will not be able to route between the VLANs. You may want to consider a small firewall in order to provide the layer 3 element (routing) and block any internet traffic from hitting your LAN. You can then also utilise a switch with this topology.
The respective switch VLANs for Internet and LAN would be connected to the relevant Internet /LAN firewall ports and your servers would be connected to the LAN. The switch management port should also be on the trusted LAN network or a dedicated management VLAN.