VLAN trunking between Cisco 2950 and linux box[Fedora 9]

bangla · 07-03-2008, 08:42 AM

Hello,

I'm having trouble to configure these two. Let me know if there are any online resources, though I've tried.

Cisco 2950 is a 24 port switch.
I'd like make port 2 for trunking of vlan 2 and 5.
Here vlan 2 will have port 3, 4 and
vlan 5 will have port 5, 6, 7, 8.

Code:

interface FastEthernet0/2
 switchport access vlan 2
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2-10
 switchport mode trunk
 no ip address
interface FastEthernet0/3
 switchport access vlan 2
 switchport mode access
 no ip address
!
interface FastEthernet0/4
 switchport access vlan 2
 switchport mode access
 no ip address
!

interface FastEthernet0/5
 switchport access vlan 5
 switchport mode access
 no ip address
!
interface FastEthernet0/6
 switchport access vlan 5
 switchport mode access
 no ip address
!
interface FastEthernet0/7
 switchport access vlan 5
 switchport mode access
 no ip address
!
interface FastEthernet0/8
 switchport access vlan 5
 switchport mode access
 no ip address
!

interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 10.0.0.34 255.255.255.224
 no ip route-cache
!
interface Vlan5
 ip address 10.0.0.130 255.255.255.224
 no ip route-cache
 shutdown
!

I've added two vlan at eth1 of my linux box using following commands:
vconfig add eth1 2
vconfig add eth1 5

Code:

eth1.2    Link encap:Ethernet  HWaddr 00:E0:4C:56:29:9D  
          inet addr:10.0.0.33  Bcast:10.0.0.63  Mask:255.255.255.224

eth1.5    Link encap:Ethernet  HWaddr 00:E0:4C:56:29:9D  
          inet addr:10.0.0.129  Bcast:10.0.0.159  Mask:255.255.255.224

Now, from a host 10.0.0.35/27 connected to cisco2950 port 3, I can ping 10.0.0.34 but cannot reach 10.0.0.33 and

From linuxbox 10.0.0.33/27 I can't ping 10.0.0.34 or 10.0.0.35.
Interesting things is that I can see the packets trying from 10.0.0.35 using
tcpdump -i eth1

Little help will be highly appreciated.

Thanks.

grejon04 · 07-03-2008, 09:39 AM

what are the ip ranges for the vlans?

I'm not drawing a good picture of your network from your description...what is 10.0.0.34, 35, more info please?

bangla · 07-04-2008, 02:11 PM

I'd like to setup the following networks,
10.0.0.32/27 via lan 2,
10.0.0.128/27 via lan 5,

10.0.0.33 is the address of linux box vlan 2 interface,
10.0.0.34 is the address of cisco vlan 2,
10.0.0.35 is the address of a host connected to port 3 of cisco.

Let me know if I'm missing anything.

Thanks for your response.

grejon04 · 07-06-2008, 11:12 AM

Sorry for the slow response.

I'm not real familiar with subinterfaces for Linux NICs, but I did a little reading here and I think that trunking the vlans may be hindering what you're trying to do. Try this: leave the NIC as is, but turn the cisco port (2, I think) to an access port, and ping. Do this for both the vlans (let me know if you need help with the commands). If you are able to ping, then trunking is your problem.

I think that what you may need to do is route the packets to your NIC instead of trunking them, but I'm not 100% on that either.

bmarx · 07-06-2008, 01:18 PM

Your fastethernet0/2 port looks kind of strange to me. You seem to be setting it up as an access port and a trunk port:

interface FastEthernet0/2
switchport access vlan 2 // Operate as a static member of this vlan
switchport trunk native vlan 2
switchport trunk allowed vlan 2-10 // 2,5 might be better
switchport mode trunk // Force operation as a trunk
no ip address

I do not know what the outcome of this will be.

Also, you do not define the encapsulation type for the trunk, and cisco will favor their proprietary isl over the standards based dot1q, although my cisco book says that the catalyst 2950 does not support isl, but explicitly setting the encapsulation type might be a good idea.

Can you give some debugging info from some of the network devices? i.e.:

from the cisco device:
show vlan
show vlan id 2
show int fa0/2 trunk

from the linux device:
some of the data from
cat /proc/net/vlan/*

and to communicate between the 2 vlans, you will need routing statements such as:

ip route 10.0.0.32 255.255.255.224 vlan2
ip route 10.0.0.128 255.255.255.224 vlan5

scowles · 07-06-2008, 03:04 PM

As bmarx pointed out, the configuration of your trunked port looks strange. Plus, you are configuring vlan 2 as native, but yet you are configuring the linux side to expect vlan 2 tagged packets. In cisco IOS, a native vlan is transmitted un-tagged across the trunk. This would probably explain why you are not able to ping its IP address.

I would suggest changing the trunked port configuration to...

Code:

interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk

..and try your test again.

BTW: Did you notice vlan 5 is shutdown?

Also, I went through this type of setup awhile back in a lab environment. Checkout: this LQ link

bangla · 07-06-2008, 03:54 PM

Wow, Thanks to all of you. Happy to have lots of response. Though I've gone through a lot of pain.

I've found the missing point, "switchport nonegotiate" for the trunk port.

Just to inform, the 2950 does not accept
#neeswitchport trunk encapsulation dot1q
as it has only dot1q and forced.

switchport access vlan 2
trunk port working with the above conf. I've configures it as this port can also work as access port.

switchport trunk allowed vlan 2-10 // 2,5 might be better
2-10 also works perfectly.

I'll check the following entry though the packets are crossing through trunk port with existing conf:
p route 10.0.0.32 255.255.255.224 vlan2
ip route 10.0.0.128 255.255.255.224 vlan5

Thanks again.