1. Home
  2. Cisco Systems
  3. VLAN Project and Native VLAN

VLAN Project and Native VLAN

Hi All

Our school network consists of 420 PCs, 16 switches (mixture of 3750

3550 2900 2950)

Up to now everything was on VLAN 1 - Native.

Our objective is to move everything to VLAN 2, then start to create smaller VLANs to break up the broadcast domain.

We tested VLAN 2 and VLAN 3 a few days ago and could ping from PC on VLAN 2 to a PC on VLAN 3.

Yesterday we changed all the switch ports to VLAN 2 everything went OK. We then managed to get a few PCs on VLAN 3 to receive their IP addresses (using IP-HELPER) from the DHCP server on VLAN 2.

However now when we try to ping from a PC on VLAN3 to a host on VLAN 2 we don't get a reply. We can get a reply from a host on VLAN 1, Which by our reckoning, should still be the native VLAN and we should not be able to see anythng on it from another VLAN. It is almost as though VLAN 2 has become the native VLAN.

When we execute SHOW VLAN, VLAN 1 is listed as default.

Can anyone offer any ideas as to what may be happening here?

Cheers Mark Phillips

Reply to
mlp128
Loading thread data ...

Is vlan2 trunked all the way back to the router? Can the router who owns vlan2's network ping the vlan2 devices? Can it (via an extended ping command) ping other vlans (1 & 3)? Can those other vlan interfaces ping vlans 2s? Sounds like a layer 3 issue due to a layer

2 problem, but thats just an initial guess without more information.

Lastly, just because its a native VLAN does not mean that nothing else can route in or out, that is totally controlled by your configuration. In most configurations that I have seen, the native vlan is completely accessible by others.

Reply to
Trendkill

Thanks for your reply.

My colleague is away for a while so this project needs to take a back seat. After I posted the last message, we found that after altering the default routes we had more joy.

We will check everything you mentioned in your post; I was very interested to read what you said about the native VLAN being accessible by others, and will draw my colleague's attention to this.

Many Thanks mark

completely accessible by others.

Reply to
mlp128

Check to see which switches support VTP, then configure them all into a single VTP domain, as much as posible and configure one single 3750 as the VTP Server (The rest as Client).

You can then manage the VLANs themselves centrally.

So, create a new VLAN 2 centrally.

If your 3750 also does your routing - easy peasy, just put the default GW for each subnet onto its VLAN interface on this switch.

Otherwise you need to trunk each VLAN to your router. Switch: switchport trunk encapsulation dot1q switchport mode trunk

Router: interface ethernet0/0 ip address

interface ethernet0/0.1 encapsulation dot1q 2 ip address

Now you need to trunk the VLANs to each switch.

Switch on each side: switchport trunk encapsulation dot1q switchport trunk native vlan 1 switchport trunk allowed vlan 1, 2 switchport mode trunk

If switches are daisy-chained off other switches, you need to ensure the VLAN required at the far end is trunked TO the intermediate switch, then FROM the intermediate switch to the next one in line. Needless to say, each switch needs the VLAN to exist on it, either by VTP or manually.

For ease of management, trunk your VLANs to the switches that need them. Alternatively, patching a switch into anbother switches port configured as "Sw Access VLAN 2" will mean that the switch will simply have VLAN2 as the default VLAN on all its Access ports. [ie, watch out for mis-matches opf VLANs between switchports - it'll work, but might confuse you]

Reply to
Arthur Brain

Thanks for the help.

We think the problems were down to the VTP server needing a restart. All seems OK now. Your comments have certainly helped me to understand this subject a lot better, as it is my colleague who is the "Expert"

Many Thanks Mark

Reply to
mlp128

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.