Hey guys,
I’m new to Cisco IOS and, after configuring the basics on some inherited switches, I came across an issue with VLAN’s. I created a new one with an ID of 101 and set it up on 2 switches. When I assign it to a port on the second switch and also the port used for uplink, connectivity to that switch is lost. Now, I’m used to the Cisco SG switches with a GUI and what I’m guessing is happening here is that the ports I’m assigning are no longer carrying non-tagged traffic? Just a guess. I’ve read some stuff about trunk ports and such, but wanted to ask around here before trying something in a live environment. Basically I just need the two switches to carry both tagged and untagged traffic on all VLAN ports. At least that’s what I think I need, some guru may come in here and say that I’m doing this all backwards.
Thanks!
@Cisco
6 Spice ups
I’m sure you will get more informed replies than mine, but if I understand you correctly then yes, you need to designate your up-link as a trunk.
EDIT(clarification): I am not an expert, but our setup uses a Cisco router just behind the edge device to define the VLANs. On the switch itself we simply designate a trunk port, and it receives the VLAN data from upstream. On the switch is just something simple like this:
Interface GigabitEthernet1/0/1
description Uplink to NR-GIL G0/1
switchport trunk encapsulation dot1q
switchport mode trunk
EDIT: It looks like you may have created a duplicate post. Perhaps you can correct this.
Here’s an interesting article about the psychology around cellphone addiction and digital persuasion:
Another book I’ve been reading called Homo Deus: A Brief history of Tomorrow, discusses how the author believes that humans will eventually ‘merge’ with machine and that mobile devices like cell phones and tablets that are always connected could be a first psychological step towards that process (consider how dependant people of all ages have become on smart phones in less than 2 decades).
So…
You can then tag the other ports accordingly:
interface GigabitEthernet1/0/17
description NVR-GIL
switchport access vlan 4
speed 100
duplex full
spanning-tree portfast
Robert762
September 19, 2018, 1:08pm
4
The duplicate post has been removed.
1 Spice up
Thanks! I think I got the trunk set up and working.
1 Spice up
johnkazmal
November 22, 2018, 9:33pm
7
“When I assign it (VLAN 101) to a port on the second switch and also the port used for uplink, connectivity to that switch is lost.”
Assigning VLANs to switchports will cause a temporary line protocol state (layer 2) of down/up due to STP convergence.
For Trunk ports just remember that 1. Trunk ports have access to all VLANS by default, 2. Used to route traffic for multiple VLANs across the same physical link (generally between switches or phones), and 3. Encapsulation can be either 802.1q or ISL.
“what I’m guessing is happening here is that the ports I’m assigning are no longer carrying non-tagged traffic?”
Unless it is a Native VLAN it is going to be tagged. Both ISL (Inter-switch Link) and 802.1q (IEEE standard) tag each frame with the VLAN ID however 802.1q inserts an extra 4-byte (12 Bits) VLAN header into the original frames Ethernet header, supporting a theoretical maximum of 2^12 (4096) VLANs, but in actuality in only supports 4094 VLANs as 0 and 4095 are reserved. 802.1q does not add a header to frames in the Native VLAN, instead when the switch on the other side of the trunk receives a frame that does not have an 802.1q header, the receiving switch knows that frame is part of the Native VLAN, as such both switches must agree on which VLAN is the Native VLAN or else causing a mismatch. Here is a diagram of 802.1q tagging.
Also the main purpose of a Native VLAN is to support connections between devices that do not understand trunking.“Basically I just need the two switches to carry both tagged and untagged traffic on all VLAN ports.”
It is best practice to tag Native VLAN traffic for security purposes to prevent VLAN hopping. There are several ways to do this; one is to not use the Native VLAN on trunk ports on any access port where an attacker may be located by using switch(config-if-Et10)#switchport trunk native vlan [vlan-id], second is by using the global command switch(config)# vlan dot1q tag native switch(config-if-Et10)#switchport trunk native vlan tag . In case you are wondering what VLAN hopping looks like here is a diagram.
![\":slight_smile:\"](\"https://emoji.discourse-cdn.com/twitter/slight_smile.png?v=12\" "\\":slight_smile:\\"")
<\/p>\n